scholarly journals Creation of a Software Model with a Graphical User Interface for simulating the processes of functioning of subsystems of information and cyber protection of Distributed Information Systems of Critical Infrastructures

2021 ◽  
Author(s):  
Ramaz Shamugia
Keyword(s):  
Information Systems ◽  
User Interface ◽  
Graphical User Interface ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Critical Infrastructures ◽  
Distributed Information ◽  
Software Model ◽  
Output Characteristics ◽  
Simulated Object

This article is dedicated to the development of a software model with a Graphical User Interface (GUI) to simulate the process of ensuring information and cyber security of information systems (IS) of Critical Infrastructure objects (CI) based on the analytical model developed by the author of this article. The specified software model with a GUI makes it possible, using the controls located on the main panel, to set the input parameters of the simulated object and observe its output characteristics using appropriate visualization elements such as special windows for displaying calculated numerical values of the main characteristics of the systems under study.

Measures for protection of the information systems of Ukraine’s critical infrastructures against cyberattacks

2020 ◽  
Vol 38 (38) ◽  
pp. 57-65
Author(s):  
Yurii Kohut
Keyword(s):  
Information Systems ◽  
Control Systems ◽  
Critical Infrastructure ◽  
Information Resources ◽  
Critical Infrastructures ◽  
Automated Control ◽  
Protective Measures ◽  
Critical Information ◽  
Direct Execution

The article deals with protective measures against cyberattacks of information systems of the critical infrastructures and highlights some features of the cyberattacks against the information resources of national authorities. The main objective of the article is to define the characteristics of cyberattacks and the elements of a plan to counter cyberattacks of the critical information facilities. It has been found that a professionally organized cyberattack consists of several phases related to targeting, intelligence, access to the system, direct execution of the attack, and destruction of evidence of unauthorized interference. The results show that to protect the critical infrastructure facilities from cyberattacks, developed and implemented national cybersecurity standards must be developed in Ukraine, in particular for automated control systems of critical infrastructure facilities.

scholarly journals Beyond Physical Threats: Cyber-attacks on Critical Infrastructure as a Challenge of Changing Security Environment – Overview of Cyber-security legislation and implementation in SEE Countries

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Ivana Cesarec
Keyword(s):  
European Union ◽  
Cyber Security ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Cyber Attack ◽  
Member States ◽  
Industrial Control Systems ◽  
Eu Member States ◽  
Cyber Threats

States, organizations and individuals are becoming targets of both individual and state-sponsored cyber-attacks, by those who recognize the impact of disrupting security systems and effect to people and governments. The energy sector is seen as one of the main targets of cyber-attacks against critical infrastructure, but transport, public sector services, telecommunications and critical (manufacturing) industries are also very vulnerable. One of most used example of cyber-attack is the Ukraine power grid attack in 2015 that left 230,000 people without power for up to 6 hours. Another most high profile example of a cyber-attack against critical infrastructure is the Stuxnet computer virus (first used on Iranian nuclear facility) which could be adapted to attack the SCADA systems (industrial control systems) used by many critical infrastructures in Europe.Wide range of critical infrastructure sectors are reliant on industrial control systems for monitoring processes and controlling physical devices (sensors, pumps, etc.) and for that reason, physical connected devices that support industrial processes are becoming more vulnerable. Not all critical infrastructure operators in all sectors are adequately prepared to manage protection (and raise resilience) effectively across both cyber and physical environments. Additionally there are few challenges in implementation of protection measures, such as lack of collaboration between private and public sector and low levels of awareness on existence of national key legislation.From supranational aspect, in relation to this papers topic, the European Union has took first step in defense to cyber threats in 2016 with „Directive on security of network and information systems“ (NIS Directive) by prescribing member states to adopt more rigid cyber-security standards. The aim of directive is to improve the deterrent and increase the EU’s defenses and reactions to cyber attacks by expanding the cyber security capacity, increasing collaboration at an EU level and introducing measures to prevent risk and handle cyber incidents. There are lot of other „supporting tools“ for Member States countries, such as European Union Agency for Network and Information Security – ENISA (which organize regular cyber security exercises at an EU level, including a large and comprehensive exercise every two years, raising preparedness of EU states); Network of National Coordination Centers and the European Cybersecurity Industrial, Technology and Research Competence Centre; and Coordinated response to major cyber security incidents and crises (Blueprint) with aim to ensure a rapid and coordinated response to large-scale cyber attacks by setting out suitable processes within the EU.Yet, not all Member States share the same capacities for achieving the highest level of cyber-security. They need to continuously work on enhancing the capability of defense against cyber threats as increased risk to state institutions information and communication systems but also the critical infrastructure objects. In Southeast Europe there are few additional challenges – some countries even don't have designated critical infrastructures (lower level of protection; lack of „clear vision“ of criticality) and critical infrastructures are only perceived through physical prism; non-EU countries are not obligated to follow requirements of European Union and its legislation, and there are interdependencies and transboundary cross-sector effects that needs to be taken in consideration. Critical infrastructure Protection (CIP) is the primary area of action, and for some of SEE countries (like the Republic of Croatia) the implementation of cyber security provisions just complements comprehensive activities which are focused on physical protection.This paper will analyze few segments of how SEE countries cope with new security challenges and on which level are they prepared for cyber-attacks and threats: 1. Which security mechanisms they use; 2. The existing legislation (Acts, Strategies, Plan of Action, etc.) related to cyber threats in correlation with strategic critical infrastructure protection documents. Analysis will have two perspectives: from EU member states and from non-EU member states point of view. Additionally, for EU member states it will be analyzed if there were any cyber security legislation before NIS directive that meets same aims. The aim of research is to have an overall picture of efforts in region regarding cyber-security as possibility for improvement thorough cooperation, organizational measures, etc. providing also some recommendations to reduce the gap in the level of cyber-security development with other regions of EU.

scholarly journals CYBER-SECURITY IN THE NEW ERA OF INTEGRATED OPERATIONAL – INFORMATIONAL TECHNOLOGY SYSTEMS

2021 ◽  
Vol 11 (1) ◽  
pp. 68-79
Author(s):  
Vlad Daniel Savin ◽  
Keyword(s):  
Information Technology ◽  
Cyber Security ◽  
Power Plants ◽  
New Technologies ◽  
Critical Infrastructure ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
Digital Revolution ◽  
The Right ◽  
Technology Systems

Digital Revolution has forced previously isolated networks of critical infrastructures to become more digitally integrated. Recent cyber-attacks, including Stuxnet and Wiper, have exposed a new set of cybersecurity vulnerabilities in this field. This new environment has forced previously isolated networks of critical infrastructures like utilities or power plants to become more digitally integrated. This paper offers a view into the most efficient current defense solutions. It also offers a glimpse into the need for the further development of new protection mechanisms developed on the emerging new technologies. The risks posed by the integration of Information Technology solutions with Operational Technology systems have been a key topic also at the latest World Economic Forum conference, where cyber-attacks of critical infrastructures were discussed in the context of the most significant risks for the upcoming decade. The findings of this paper are applicable to other industries. The paper aims to highlight that by initially understanding the vulnerabilities of the IT components and by taking the right cybersecurity preventive measures, critical infrastructure can be protected against these kinds of threats. The research framework behind this paper was directed towards analysing the cyber risks associated with the convergence between the Information Technology solutions with the Operational Technology systems of critical infrastructure.

scholarly journals Automation of Selection of a Pool of Graphical Interface Regression Tests for Multi Module Information Systems

2020 ◽  
pp. paper67-1-paper67-10
Author(s):  
Ilya Zarubin ◽  
Aleksander Filinskikh
Keyword(s):  
Information Systems ◽  
User Interface ◽  
Graphical User Interface ◽  
Synthetic Data ◽  
Selection Method ◽  
Regression Testing ◽  
Point Of View ◽  
Automated Testing ◽  
Data Generation ◽  
Regression Tests

Features of using the regression test selection method for automated testing of the graphical user interface in the development of information systems that consist of a set of modules are considered. The source of the need to create additional test environments required in the development of multi-module information systems that are using databases is specified. The three most popular approaches to organizing test environments – Copying, Scaling, and Scaling with synthetic data generation – are considered. The positive and negative sides are considered in terms of implementation, using, and resources spent on creating and maintaining resources, as well as in terms of the reliability of the results obtained in the process of testing models created using these approaches. The positive aspects of checking the quality of complex multi-module information systems from the point of view of the graphical user interface by various testing methods and, in particular, in the process of performing regression testing are presented. The positive aspects of using regression testing automation in conditions of lack of resources using various software platforms are indicated. The advantages of using the dynamic selection method for regression tests for automated testing are also given, as well as recommendations for implementing the selection method in existing and beginning projects.

A Game Theoretic Software Test-bed for Cyber Security Analysis of Critical Infrastructure

2017 ◽  
Vol 68 (1) ◽  
pp. 54 ◽  
Author(s):  
Monica Ravishankar ◽  
D. Vijay Rao ◽  
C. R. S. Kumar
Keyword(s):  
Cyber Security ◽  
Financial Services ◽  
Critical Infrastructure ◽  
Optimal Strategies ◽  
Belief Function ◽  
Critical Infrastructures ◽  
Cyber Warfare ◽  
Test Bed ◽  
Critical Data ◽  
Game Theoretic

<p class="p1">National critical infrastructures are vital to the functioning of modern societies and economies. The dependence on these infrastructures is so succinct that their incapacitation or destruction has a debilitating and cascading effect on national security. Critical infrastructure sectors ranging from financial services to power and transportation to communications and health care, all depend on massive information communication technology networks. Cyberspace is composed of numerous interconnected computers, servers and databases that hold critical data and allow critical infrastructures to function. Securing critical data in a cyberspace that holds against growing and evolving cyber threats is an important focus area for most countries across the world. A novel approach is proposed to assess the vulnerabilities of own networks against adversarial attackers, where the adversary’s perception of strengths and vulnerabilities are modelled using game theoretic techniques. The proposed game theoretic framework models the uncertainties of information with the players (attackers and defenders) in terms of their information sets and their behaviour is modelled and assessed using a probability and belief function framework. The attack-defence scenarios are exercised on a virtual cyber warfare test-bed to assess and evaluate vulnerability of cyber systems. Optimal strategies for attack and defence are computed for the players which are validated using simulation experiments on the cyber war-games testbed, the results of which are used for security analyses.</p>

scholarly journals Cyber Situational Awareness in Critical Infrastructure Protection

2020 ◽  
Vol 3 (1) ◽  
Author(s):  
Jouni Pöyhönen ◽  
Jyri Rajamäki ◽  
Harri Ruoslahti ◽  
Martti Lehto
Keyword(s):  
Decision Making ◽  
Situation Awareness ◽  
Cyber Security ◽  
Situational Awareness ◽  
Critical Infrastructure ◽  
Research Question ◽  
Cyber Attacks ◽  
Critical Infrastructures ◽  
The European Union ◽  
Domain Specific

The European Union promotes collaboration between authorities and the private sector, and the providers of the most critical services to society face security related obligations. In this paper, critical infrastructure is seen as a system of systems that can be subject to cyber-attacks and  other disturbances. Situational awareness (SA) enhances preparations for and decision-making during assessed and unforeseen disruptive incidents, and promoting Cyber effective situational  awareness (CSA) requires information sharing between the different interest groups. This research is constructive in nature, where innovative constructions developed as solutions  for domain-specific real world problems, while the research question is: “How can cyber  situational awareness protect critical infrastructures?” The Observe – Orient – Decide – Act (OODA) loop is examined as a way to promote  collaboration towards a shared situational picture, awareness and understanding to meet challenges of forming CSA in relation to risk assessment (RA) and improving resilience. Three levels of organizational decision-making are examined in relation a five-layer cyber structure of an organization to provide a more comprehensive systems view of organizational cyber security. Successful, crisis-management efforts enable organizations to sustain and resume operations, minimize losses, and adapt to manage future incidents, as many critical infrastructures typically lack resilience and may easily lose essential functionality when hit by an adverse event. Situation awareness is the main prerequisite towards cyber security. Without situation awareness, it is impossible to systematically prevent, identify, and protect the system from cyber incidents.

Sign in / Sign up

Export Citation Format

Share Document