A White Hat Study of a Nation's Publicly Accessible Critical Digital Infrastructure and a Way Forward

The developed society depends on many critical infrastructure processes, such as power generation, water treatment, many types of manufacturing, and smart buildings. These processes need control and the automation industry has embraced the Internet to connect all these controls. However, the controlling devices thus opened to the world do not always have adequate safeguards to withstand malicious users. Many automation systems have default passwords or known and unknown backdoors. Also, often those systems are not updated to close security weaknesses found after original installation. The authors argue that while the industry is familiar with the notion of safety of equipment and processes, it has not focused enough on IT security. Several years ago the Shodan search engine showed how easy it is to find these control devices on the Internet. The authors followed this research line further by targeting one nation's IP address space with Shodan and found thousands of control systems, many of which represent models and versions with known vulnerabilities. Their first contribution is presenting these findings and analyzing their significance. Their study started in 2012 and the most recent results are from the end of 2015. To gain further knowledge, they have built a prototype scanner capable of finding industrial control systems. This lets the authors evaluate the possibility of performing routine scans to gauge the vulnerability of a nation. Their second contribution is to present a template for a national Internet scanning program. The authors discuss the technology, performance, and legality of such a program. Based on their findings and analysis they argue that nations should continuously monitor their own Internet address space for vulnerabilities. The authors' findings indicate that the current level of vulnerabilities is significant and unacceptable. Scanning a nation's critical infrastructure can be done in minutes, allowing them to keep a tight control of vulnerabilities. Yet, in addition, the authors need to extend current legislation and the rights of government officials to bring more security in national critical infrastructures; this discussion is their third contribution. The cyber-space has become a playing field for criminals, terrorists and nation states, all of which may have a motive to disrupt the daily life of a nation, and currently causing such disruptions is too easy.

Determinants of Terrorism in South Asia

Terrorist activities in the post-Paris Peace Treaties have emerged as one of the most perilous agendas that are troubling the world economies and political figures in securing their nations and regions. Several socio-economic factors were evidenced to be the crucial factors in determining terrorist activities all around the world. The present article strives to identify the significance of several socio economic factors, namely, refugee population, access to good sanitation facilities, youth unemployment rate, percentage of education expenditure to GDP, percentage of military expenditure to GDP, per capita GDP and political stability in the panel of seven South Asian countries and China for the period 2002-2016. By applying both static and dynamic panel models, the article observes that all of the selected variables explain the terrorism index with expected signs. The article thus prescribes that the governments of the selected countries should concentrate on allocating their budgets on the improvements of sectors underlying the associated indicators.

Research on Digital Forensics Based on Uyghur Web Text Classification

This paper mainly discusses the use of mutual information (MI) and Support Vector Machines (SVMs) for Uyghur Web text classification and digital forensics process of web text categorization: automatic classification and identification, conversion and pretreatment of plain text based on encoding features of various existing Uyghur Web documents etc., introduces the pre-paratory work for Uyghur Web text encoding. Focusing on the non-Uyghur characters and stop words in the web texts filtering, we put forward a Multi-feature Space Normalized Mutual Information (M-FNMI) algorithm and replace MI between single feature and category with mutual information (MI) between input feature combination and category so as to extract more accurate feature words; finally, we classify features with support vector machine (SVM) algorithm. The experimental result shows that this scheme has a high precision of classification and can provide criterion for digital forensics with specific purpose.

Tourism, Terrorism, Morality, and Marketing

A short time after the January 2015 Paris attacks, the city was quiet, perhaps too quiet. Associated press reporters noted that the tourists have simply gone. In a mid –January news article by Thomas Adamson perhaps summed up the situation best when it stated: “Among the tourists who were still braving visits, many took comfort in the extra security presences. With 10,000 troops deployed across the country including 6,000 in the Paris region alone, the security operation put in motion after the attacks is the most extensive in French soil in recent history The (Bryan Texas) Eagle, page A-3, January 19, 2015). The dearth of tourists however was short lived, as the French were able to assure the world that they had taken full control of the situation, employed some ten thousand troops to sensitive locales, and have given the impression that the terrorist attacks were an anomaly. The terrorism attacks in many parts of Europe remind us that terrorism is as much about purposeful negative marketing as it is about death and destruction.

Cybercrime as a Threat to Zimbabwe's Peace and Security

The purpose of this study was to understand the effects of cybercrime to Zimbabwe's peace and security. In the 21st century, cybercrime has become an international threat. This has necessitated many states to enact legislation and other measures to curb cybercrime. Primary data was gathered through key informant interviews, while documentary search was used to review scholarly literature on the subject. Key informants for the study were drawn from institutions that deal in combating cybercrime. Zimbabwe does not have adequate and effective legislative instruments to combat cybercrime. Cybercrime is a threat to peace and security as it can be used to bring down critical infrastructure and disrupt communication networks of the country. Some of the measures identified to curbing cybercrime include prevention and awareness, training and development, development of new technology and introduction of new laws, and updating of current and introduction of new legislations.

Managing Organized Crime

This chapter describes the way in which organised crime networks are structured and operate. Every general manager, no matter which kind of business he/she deals with, has to transform the daily chaos of events and decisions into an orderly way of sizing up the firm's position in its environment. At first, this chapter focuses on organised crime networks: how they are shaped and how they differ from others business. Secondly, how such a structure protects itself from exterior threats and how it moves and operates in a market among other legal and illegal firms and networks.

Distributed System Implementation Based on “Ants Feeding Birds” Algorithm

Evolving technologies are intricately woven into the fabric of social and institutional systems. With the invent of “Internet of Everything (IoE)” concept it is realistic now to employ animals and or humans to transmit details electronically. IoE concepts with sensor technology can prove wonders in any domain for that matter starting from eFarming, eHealth, eCare and what not. Humans can transform electronics by using various eConnected gadgets also motivated due to or based on “Nature Inspired Algorithms”. The confluence of IT, psychology with non-IT systems will be part of new generation's life. Such collaborative concept can be implemented practically with the help of “Cloud-to-Dew-Computing” based technologies. To include so many concepts together, it is essential to concentrate also on Cyber Security and Risk associated with such conceptual implementation. Dew-Computing at root levels will take care of Cyber Security effectually. Dew-Computing being backend support of Distributed System, can process multiple entities resourcefully. “Animal Data Interchange Standards” are very well considered innovative business opportunity these days and for years to come. These standards have started their work focusing on the Dairy related animal standard. Every dairy animal should enjoy life to remain healthy and more productive. Incremental Learning about Animal Life Data and Animal Identification, behavior, seasonal-changes, health etc. can be easily achieved with IoE.

Detecting Synchronization Signal Jamming Attacks for Cybersecurity in Cyber-Physical Energy Grid Systems

The transformation of the traditional power grid into a cyber physical smart energy grid brings significant improvement in terms of reliability, performance, and manageability. Most importantly, existing communication infrastructures such as LTE represent the backbone of smart grid functionality. Consequently, connected smart grids inherit vulnerabilities associated with the networks including denial of service attack by means of synchronization signal jamming. This chapter presents cybersecurity in cyber-physical energy grid systems to mitigate synchronization signal jamming attacks in LTE based smart grid communications.

Quantifying Decision Making in the Critical Infrastructure via the Analytic Hierarchy Process (AHP)

In this paper, we examine the benefits of a more quantifiable way to make decisions that enable senior leaders to better manage disruption of and attacks on the critical infrastructure. Most of the decisions have been made using intuition and in some cases unrelated experiences and have not particularly worked to the benefit of the sectors' performance and stability. Much of this is due to the history of the logic control systems and networks that were fairly isolated and much better protected. Attempts to reduce costs and secure many of the benefits of IP-based environments have unfortunately now also introduced some of the vulnerabilities indicative of IP-based systems into the logic environments. Senior leaders have not been used to these new ‘hybrid' information technology/operational technology (IT/OT) environments which though creating new opportunities also introduce new challenges. The unique nature of the critical infrastructure in which it is over 80%-owned by the private sector, often regulated by the federal government, and serves the interests and demands of the public, creates a non-trivial challenge at many different levels. More trust and cooperation between the three elements of society is surely a desired interest by the key stakeholders, but there are many concerns in terms of over-regulation, costs, and loss of intellectual property that have consistently sustained a level of discomfort between the three communities in terms of the priorities and self-serving interests of each other. The challenges of the low asymmetry entry and attribution within the cyber domain have raised the profile of many actors who would not even have previously registered in the ‘noise' on a trouble or problem scale. Now, the ability to determine those responsible, as well as, almost any actor having the ability to present a challenge to the environment have changed many of the dynamics in terms of how senior leaders must now operate and manage the appropriate systems and networks. Hence, for obvious reasons, senior leaders are much more cautious in their approach to decision making because of the potential consequences. This is especially true because cyber assets, though so valuable can be also so vulnerable. In this study, we will discuss a method that moves decision from a less arbitrary to a more data-centric, quantifiable approach that drives leadership to better and quicker decisions.

SCADA Systems Cyber Security for Critical Infrastructures

Past cyber-attacks on Supervisory Control and Data Acquisition (SCADA) Systems for Critical infrastructures have left these systems compromised and caused financial and economic problems. Deliberate attacks have resulted in denial of services and physical injury to the public in certain cases. This study explores the past attacks on SCADA Systems by examining nine case studies across multiple utility sectors including transport, energy and water and sewage sector. These case studies will be further analysed according to the cyber-terrorist decision-making theories including strategic, organisational and psychological theories based on McCormick (2000). Next, this study will look into cyber-terrorist capabilities in conducting attacks according to Nelson's (1999) approach that includes simple-unstructured, advance-structured and complex-coordinated capabilities. The results of this study will form the basis of a guideline that organisations can use so that they are better prepared in identifying potential future cybersecurity attacks on their SCADA systems.