Approach To Ship’s It And Ot Systems Cybersecurity Improvement

Daily cyber-attacks on ships’ IT and OT systems are not a rare occurrence anymore. This has been taken into account in recent years and the IMO has issued directives and circulars with recommendations for increasing the cybersecurity of ship information systems as part of the overall ship security system. The effect of a successful cyber-attack of any kind, on elements of the ship’s IT and OT systems, can have a disastrous impact not only on the ship itself but also on the environment. While modern ships can be designed and all modern methods implemented to reduce and prevent the possibility of cyber-attacks onboard existing ships, it is not possible to achieve this security level and it is necessary to implement various solutions. At the same time, the ships’ crew is declining worldwide and most ships do not have IT officers or trained staff onboard to maintain the ship’s information systems. Because of that, the solutions that need to be put in place to increase the security of ship’s information systems must be easy to implement, use, and maintain. This article examines the need and some technical solutions that can be used to improve the cybersecurity of ship’s IT and OT systems in response to the existing cyber-attacks and threats in the global shipping and maritime industry.

Download Full-text

Cyber-Attack Penetration Test and Vulnerability Analysis

International Journal of Online Engineering (iJOE) ◽

10.3991/ijoe.v13i01.6407 ◽

2017 ◽

Vol 13 (01) ◽

pp. 125 ◽

Cited By ~ 6

Author(s):

Deris Stiawan ◽

Mohd. Yazid Idris ◽

Abdul Hanan Abdullah ◽

Fahad Aljaber ◽

Rahmat Budiarto

Keyword(s):

Information Systems ◽

Personal Information ◽

Vulnerability Analysis ◽

Cyber Attacks ◽

Security System ◽

Cyber Attack ◽

Penetration Test ◽

Network Systems ◽

Defense Systems ◽

Security Officers

<p class="Abstract">Hacking attempts or cyber-attacks to information systems have recently evolved to be sophisticated and deadly, resulting in such incidents as leakage of personal information and system destruction. While various security solutions to cope with these risks are being developed and deployed, it is still necessary to systematically consider the methods to enhance the existing security system and build more effective defense systems. Under this circumstance, it is necessary to identify the latest types of attacks attempted to the primary security system.<span lang="IN"> This paper analyzes cyber attack techniques as well as the anatomy of penetration test in order to assist security officers to perform appropriate self security assesment on their network systems. </span></p>

Download Full-text

The invisible hole of information on SMB's cybersecurity

Online Journal of Applied Knowledge Management ◽

10.36965/ojakm.2019.7(1)14-26 ◽

2019 ◽

Vol 7 (1) ◽

pp. 14-26

Author(s):

Ruti Gafni ◽

Tal Pavel

Keyword(s):

Mass Communication ◽

Cyber Attacks ◽

Communication Media ◽

Specific Information ◽

Exploratory Research ◽

Cyber Attack ◽

Public Attention ◽

Cyber Threats ◽

Accessible Information ◽

Types Of Information

Small and Medium Businesses (SMB) use Internet and computer-based tools in their daily processes, sometimes without being aware to the cyber threats, or without knowing how to be prepared in case of a cyber-attack, although they are a major target for cyber-attacks. Specific information about cybersecurity needed by SMBs, in order to cope with cyber threats, is not always available or easily accessible. In this study, a vast search of different types of information about SMBs’ cybersecurity was performed, in order to find whether a hole of accessible information exists in this area. This exploratory research covered general mass communication media channels, technological and professional cybersecurity websites, and academic journals, and found that indeed very few studies, articles and news items were published in this matter. Leveraging knowledge and awareness, diminishing the shame for reporting cyber-attacks, and increasing mass communication media interest and public attention, may be activities to cover this “invisible hole”.

Download Full-text

Cyber Security Analysis of Academic Services based on Domain Delivery Services and Support using Indonesian E-Government Ratings (PEGI)

Kinetik Game Technology Information System Computer Network Computing Electronics and Control ◽

10.22219/kinetik.v5i4.1083 ◽

2020 ◽

pp. 263-270

Author(s):

Imam Riadi ◽

Iwan Tti Riyadi Yanto ◽

Eko Handoyo

Keyword(s):

Higher Education ◽

Information Systems ◽

Information Service ◽

Information Services ◽

Security Evaluation ◽

Security Level ◽

Framework Analysis ◽

Academic Information ◽

Education Academic ◽

Academic Services

Safe academic services are the most important part of universities. The security of academic services is very important to maintain information optimally and safely. Along with the development of technology, academic information services are often misused by some irresponsible parties that can cause threats. To prevent these things from happening, it is necessary to know the extent of governance of higher education academic information system security by evaluating. So the research was conducted to determine the maturity of the security of Higher Education academic information service security by using the COBIT 5 framework in the DSS05 domain. The DSS05 domain in COBIT 5 is a good framework for use in implementing and evaluating the security of academic information services. Meanwhile, to determine the achievement of the evaluation of the security level of academic information systems, the Indonesian e-government ranking (PEGI) method is required. The combination of the COBIT 5 framework in the DSS05 domain using the PEGI method in academic information security service is able to provide a level of achievement in the form of Customer Value. The results of the COBIT 5 framework analysis of the DSS05 domain using the PEGI method get a score of 3.50 so that the quality of academic information service security evaluation achievement is at a very good level. At this level, universities are increasingly open to technological development. Higher education has applied the concept of quantification in every process, and has always been monitored and controlled for its performance in the security of academic information systems.

Download Full-text

The Structure of Cyber Attacks

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2020.01.06 ◽

2020 ◽

Vol 9 (1) ◽

pp. 43-52

Author(s):

Silviu-Elian MITRĂ

Keyword(s):

Mode Of Action ◽

Cyber Attacks ◽

Cyber Attack ◽

Computer Viruses ◽

Unique Mode ◽

External Sources

The objective of this portfolio is to ensure a good understanding of the topic of the complex and unique mode of action of cyber attacks, as well as the study of the ways in which they occur. The content of this portfolio includes from the beginning of computer viruses to the specific modern mechanisms of cyber attack undertaken by cybercriminals in order to cause detriment, but also theft or damage to certain information. Furthermore, this paper also provides essential aspects regarding the protection methods that users must undertake so that they can prevent and at the same time face these dangers specific to our age. In the elaboration of this study, there were used both personal methods, by applying my own knowledge accumulated through the study, and accessing external sources containing information necessary to complete the insufficiently analyzed problems. In essence, the elaboration of this study ensured the coverage of all relevant domains and aspects that are based on the structure and conception of cyber attacks, as well as in the manner provided by their action and manifestation.

Download Full-text

Building a Cybersecurity Culture in the Industrial Control System Environment

International Journal of Information Security and Cybercrime ◽

10.19107/ijisc.2019.01.05 ◽

2019 ◽

Vol 8 (1) ◽

pp. 39-44

Author(s):

Claudia ARAUJO MACEDO ◽

Jos MENTING

Keyword(s):

Control System ◽

Control Systems ◽

Cyber Attacks ◽

Cyber Attack ◽

Industrial Control System ◽

Security Measures ◽

Industrial Control ◽

Industrial Control Systems ◽

System A ◽

Educational Processes

Cybersecurity in industrial control system environments has become a significant concern and is even more relevant in the context of critical infrastructures where control system disruption could have a profound impact on health, safety and the environment. This makes this type of system a major target for malicious activities. Notwithstanding an organization’s interest in protecting its industrial control systems against cyber-attacks, the implementation of security measures, whether technical, organizational or human, still faces resistance and is often seen as a constraint. Using the best technology to protect industrial control systems makes no sense if persons with access do not act attentively and protectively. Technical and human cybersecurity measures are intrinsically linked, and it is essential that all persons with access to these systems are fully aware of the inherent cyber risks. Organizations must also act so that staff receive appropriate training on how to keep systems continuously protected against cyber-attack when carrying out their daily tasks. These educational processes can contribute to building an effective cybersecurity culture fully reflective of management and staff attitudes, so that the availability, integrity and confidentiality of information in industrial control systems can be assured.

Download Full-text

SARCP - Exploiting Cyber-Attack Prediction Through Socially-Aware Recommendation

International Journal of Decision Support System Technology ◽

10.4018/ijdsst.286691 ◽

2022 ◽

Vol 14 (1) ◽

pp. 0-0

Keyword(s):

Social Network ◽

Real World ◽

Cyber Security ◽

Betweenness Centrality ◽

Cyber Attacks ◽

Experimental Results ◽

Cyber Attack ◽

Defence Mechanisms ◽

Network Measure ◽

Recommender Algorithm

In the domain of cyber security, the defence mechanisms of networks has traditionally been placed in a reactionary role. Cyber security professionals are therefore disadvantaged in a cyber-attack situation due to the fact that it is vital that they maneuver such attacks before the network is totally compromised. In this paper, we utilize the Betweenness Centrality network measure (social property) to discover possible cyber-attack paths and then employ computation of similar personality of nodes/users to generate predictions about possible attacks within the network. Our method proposes a social recommender algorithm called socially-aware recommendation of cyber-attack paths (SARCP), as an attack predictor in the cyber security defence domain. In a social network, SARCP exploits and delivers all possible paths which can result in cyber-attacks. Using a real-world dataset and relevant evaluation metrics, experimental results in the paper show that our proposed method is favorable and effective.

Download Full-text

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

International Journal of Cloud Applications and Computing ◽

10.4018/ijcac.2017070103 ◽

2017 ◽

Vol 7 (3) ◽

pp. 59-75 ◽

Cited By ~ 2

Author(s):

Akashdeep Bhardwaj ◽

Sam Goundar

Keyword(s):

Data Center ◽

Denial Of Service ◽

Cyber Attacks ◽

Cyber Attack ◽

Ddos Attacks ◽

Design Data ◽

Application Performance ◽

Server Virtualization ◽

Security Officers ◽

Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

Download Full-text

ACTUAL PROBLEMS OF MARITIME SAFETY AND MODERN WAYS OF ENSURING THE SHIP SECURITY

Municipal economy of cities ◽

10.33042/2522-1809-2021-6-166-204-210 ◽

2021 ◽

Vol 6 (166) ◽

pp. 204-210

Author(s):

O. Melnyk ◽

S. Onyshchenko ◽

O. Lohinov ◽

V. Okulov ◽

I. Pulyaev

Keyword(s):

Relevant Information ◽

Current Control ◽

Professional Experience ◽

Maritime Industry ◽

Maritime Safety ◽

Safety Requirements ◽

Passenger Traffic ◽

Ship Security ◽

And Control

Maritime security in recent decades has always been a separate issue, one that has been acute for both shipowners and crews of seagoing vessels. It has been marked by periods of relative stability and periods of emerging and growing threats, from the days of the sailing fleet to the era of ironclad steam shipbuilding. Certainly, it is difficult to overestimate the significant role of the scientific community, which has long investigated this problem, revealing its theoretical and practical sides. The professional experience of maritime industry specialists has also sufficiently served to ensure that systematic interest in the issue has provided the basis for the development of strategies and integrated approaches that ensure the safety of vessels and crews at modern levels. Without the latest advances in maritime safety, shipping, as an industry, would not be able to achieve the current level of reliability in ensuring shipboard processes. Every generation of mankind has prioritized maritime safety, contributing to improving its standards and stressing the importance of continuous development of the theoretical framework. At least more than twenty million tons of cargo and more than five hundred thousand passengers move daily by water transport, so the concept of maritime safety extends not only to the safety of life at sea, the safety of vessels and the safety of cargo, but also to the prevention of maritime accidents and pollution. The increasing share of maritime and river transport in international freight and passenger traffic has led to the need for increased maritime safety requirements due to the technical upgrading of maritime transport. This process is based on the principles of current control over the process of vessel operation and prompt acquisition of necessary data and relevant information during the voyage, anticipated route and control over the state of work parameters of technical means of the vessel, but the key aspect of safety is assessment of existing threats and development of ways and methods of ensuring vessel safety.

Download Full-text

Cyber Attacks on Critical Infrastructure

Civil and Environmental Engineering ◽

10.4018/978-1-4666-9619-8.ch018 ◽

2016 ◽

pp. 448-465

Author(s):

Ana Kovacevic ◽

Dragana Nikolic

Keyword(s):

Control Systems ◽

Cyber Security ◽

Critical Infrastructure ◽

Cyber Attacks ◽

Cyber Attack ◽

Future Directions ◽

Infrastructure Systems ◽

Cyber Threats ◽

Scada Systems ◽

Insight Into

We are facing the expansion of cyber incidents, and they are becoming more severe. This results in the necessity to improve security, especially in the vulnerable field of critical infrastructure. One of the problems in the security of critical infrastructures is the level of awareness related to the effect of cyberattacks. The threat to critical infrastructure is real, so it is necessary to be aware of it and anticipate, predict, and prepare against a cyber attack. The main reason for the escalation of cyberattacks in the field of Critical Infrastructure (CI) may be that most control systems used for CI do not utilise propriety protocols and software anymore; they instead utilise standard solutions. As a result, critical infrastructure systems are more than ever before becoming vulnerable and exposed to cyber threats. It is important to get an insight into what attack types occur, as this may help direct cyber security efforts. In this chapter, the authors present vulnerabilities of SCADA systems against cyber attack, analyse and classify existing cyber attacks, and give future directions to achieve better security of SCADA systems.

Download Full-text

Enhanced Security In Cloud With Multi-Level Intrusion Detection System

International Journal of Computer and Communication Technology ◽

10.47893/ijcct.2015.1265 ◽

2015 ◽

pp. 9-12

Author(s):

M. KUZHALISAI ◽

G. GAYATHRI

Keyword(s):

Cloud Computing ◽

Intrusion Detection ◽

Large Scale ◽

Detection System ◽

Computing System ◽

Cyber Attacks ◽

Security Level ◽

Security Service ◽

Cloud Computing System ◽

System Resource

Cloud computing is a new type of service which provides large scale computing resource to each customer. Cloud Computing Systems can be easily threatened by various cyber attacks, because most of Cloud computing system needs to contain some Intrusion Detection Systems (IDS) for protecting each Virtual Machine (VM) against threats. In this case, there exists a tradeoff between the security level of the IDS and the system performance. If the IDS provide stronger security service using more rules or patterns, then it needs much more computing resources in proportion to the strength of security. So the amount of resources allocating for customers decreases. Another problem in Cloud Computing is that, huge amount of logs makes system administrators hard to analyse them. In this paper, we propose a method that enables cloud computing system to achieve both effectiveness of using the system resource and strength of the security service without trade-off between them.

Download Full-text