Gamifying Attack Path Reporting : Preliminary design of an educational cyber security game

Misnik, Anna, Zakko, Shafeek

January 2022

With rapid digitalization and technical growth, the IT systems that we are using are becoming extremely complicated and intertwined. This created as a result, more challenging security problems that get complicated alongside the systems, and the need for advanced solutions to prevent the exploitation of systems vulnerabilities. Cloud computing services are one of the infrastructures in most need for complex security systems for mitigating and preventing possible threats. Education in cyber security field is obligated to maintain continuous innovation and advancement to meet the market needs of cyber security specialists. The options available today for educating about cyber security are mostly part of the traditional teaching approaches. To supplement the cyber security field with more educational solutions, our project studies the pattern of attack graphs and maps them to design a simple 2D video game level that presents an educational hacking game and evaluates the different design aspects and their matching for the prespecified requirement. The outcome of the project is a Minimum Viable Product (MVP) in the form of a testable demo level of the game. The produced MVP connects cyber security aspects within cloud computing to its own objects. The game’s graphical and level design had the biggest focus in the project, functionality was not largely implemented. The MVP is to be developed further in future work to implement a full functioning design. / IT-system som används blir extremt komplicerade och sammanflätade på grund av snabb digitalisering och teknisk tillväx. Detta orsakade mer utmanande säkerhetsproblem och därför behov av avancerade lösningar för att förhindra exploatering av systemsårbarheter blir mer aktuellt. Molntjänster är en av de infrastrukturer med det största behovet av komplexa säkerhetssystem för att mildra och förebygga möjliga hot. Utbildning inom cybersäkerhetsområdet är skyldig att upprätthålla kontinuerliga innovationer och framsteg för att möta marknadens behov för cybersäkerhetsspecialister. För att förse cybersäkerhetsområdet med fler pedagogiska lösningar, studerar vårt projekt mönster för attackgrafer och kartlägger dem. Resultatet blir ett enkel 2D-videospel presenterat i form av ett pedagogiskt hackingspel som utvärderar de olika designaspekterna och deras matchning med det förspecificerade kravet. Resultatet av projektet är en Minsta Lönsamma Produkt (MLP), nämligen ett körbart demo av potentiella spelet. Den producerade MLP:n kopplar cybersäkerhetsaspekter inom molntjänster till sina objekter. Spelets grafiskdesign och banadesign hade det största fokuset i projektet, funktionaliteten var inte till stor del implementerad. MVP:n borde utvecklas vidare i framtida arbeten i syfte att implementera en fullständig körbar design för produkten.

Gamification

Cyber Security Education

Game Design

Meta Attack Language

Attack Simulations

Hacking

Spelifiering

Cybersäkerhetsutbildning

Spel Design

Meta Attack Språk

Attacksimuleringar

Dataintrång

Computer and Information Sciences

Data- och informationsvetenskap

GoatFarm : Generated hacking scenarios made for learning / GoatFarm : Genererade hacking scenarion skapade för lärande

Nöteberg, Thea, Hulthén, Jonas

January 2022

Cloud computing is the concept of enabling access to computational resources from anywhere and from any device. Many companies are seeing the benefits of cloud computing and are migrating over to the cloud. However, migrating to the cloud raises customer-related security risks. To mitigate the risk of a data breaches companies need to learn how to defend against hackers and one of the tools that can increase knowledge surrounding cloud security is CloudGoat. CloudGoat gives the defender hands-on hacking experience by providing a handful of hacking challenges. The problem with CloudGoat is that the hacking challenges are all manually created. The hacking community is always evolving. Therefore, this report proposes GoatFarm, a tool to automatically assemble hacking challenges from predefined cloud resources. One of the scenarios presented in CloudGoat was picked as a starting point. The chosen hacking challenge was modified multiple times and when a hacking challenge with a achievable goal was created the modification was saved. Goatfarm managed to generate two new hacking challenges. The generated hacking challenges was manually verified by reaching the goal of the generated hacking challenge. Since the generated hacking challenges had an achievable goal, they can be used as a learning experience. However, this report only managed to generate two new hacking challenges. Further work could generate more hacking challenges to create a complete learning experience. The verification could also be more effective by using a tool to assess the generated hacking challenges automatically. / Molntjänster är ett koncept som möjliggör åtkomst till dataresurser från var som helst och från vilken enhet som helst. Många företag ser fördelarna med molntjänster och migrerar över till molnet. Att migrera till molnet innebär däremot kundrelaterade säkerhetsrisker. För att minska risken för dataintrång måste företag lära sig att försvara sig mot hackare och ett av verktygen som kan öka kunskapen kring molnsäkerhet är CloudGoat. CloudGoat ger försvararen en praktisk hackingupplevelse genom att tillhandahålla en handfull hackningsutmaningar. Problemet med CloudGoat är att alla hackningsutmaningar skapas manuellt. Hacking kunskapen utvecklas hela tiden. Därför föreslår denna rapport GoatFarm, ett verktyg för att automatiskt sammanställa hackningsutmaningar från fördefinierade molnresurser. Ett av scenarierna som presenteras i CloudGoat valdes som utgångspunkt. Den valda hackningsutmaningen modifierades flera gånger och när en hackningsutmaning med ett uppnåeligt mål skapades sparades modifieringen. Goatfarm lyckades generera två nya hackningsutmaningar. De genererade hackningsutmaningarna verifierades manuellt genom att nå målet med hackningsutmaningen. Eftersom de genererade hackningsutmaningarna har ett uppnåeligt mål kan de användas i lärande ändamål. Den här rapporten lyckades dock bara generera två nya hackningsutmaningar. Ytterligare arbete bör generera fler hackningsutmaningar för att skapa en komplett inlärningsupplevelse. Verifieringen kan också bli mer effektiv genom att använda ett verktyg för att automatiskt bedöma de genererade hackningsutmaningarna.

CloudGoat

hacking challenges

cloud computing

generated

learning by hacking

cyber security

AWS

CloudGoat

hackingutmaningar

molntjänster

generering

lärande av hacking

cyber säkerhet

AWS

Computer and Information Sciences

Data- och informationsvetenskap

Hur åtgärdar offentliga aktörer deras cybersäkerhet efter att ha blivit utsatta för cyberattacker? / How do public actors address their cyber security after cyber attacks against them?

Mohammed Abdu, Mohammed, Alsaif, Anas

January 2023

Digitization has been a growing phenomenon in today's society where organizations, individuals and society at large are affected by it. In pace with the emerging use of digitization,a realization of the relevance of cyber security in the public sector has increased, but not to a sufficient extent. Cyber security is about processes used to protect personal information and important data in organizations. Cyber security also includes knowledge of cyberattacks, where actors attack an organization's data most often for financial reasons. Cyber attacks have affected the public sector in several countries. The study focuses on known cyber attacks around the world that are related to public actors in healthcare, transport and electricity supply,among others. The study's analysis compares implemented measures after the incidents based on a cyber risk assessment framework. The survey shows that increased investments, new and clear work routines, training for employees and continuous testing of computer systems are important measures for the prevention of cyber attacks. The mentioned main actions that are common between the studied actors are supported by the theoretical frame of reference. This is because frameworks linked to cyber attacks also point out that investments, clear work routines and monitoring of systems contribute to protection against cyber attacks. / Digitalisering har varit ett växande fenomen i dagens samhälle där organisationer, individer och samhället i stort påverkas av det. Med takt av den framväxande användningen av digitalisering, har en realisering av cybersäkerhetens relevans inom den offentliga sektorn ökat, men inte i tillräcklig stor omfattning. Cybersäkerhet handlar om processer som används för att skydda personlig information och viktiga data i organisationer. Cybersäkerhet omfattar också kunskap om cyberattacker, där aktörer angriper en organisations data oftast för ekonomiska skäl. Cyberattacker har påverkat den offentliga sektorn i flera länder. Studien fokuserar på kända cyberangrepp runt om i världen som är relaterade till offentliga aktörer inom bland annat sjukvård, transport och elförsörjning. Studiens analys jämför genomförda åtgärder efter incidenterna utifrån ett ramverk om cyberriskbedömning. Undersökningen visar att ökade investeringar, nya och tydliga arbetsrutiner, utbildning till medarbetare ochkontinuerliga testningar av datasystem är viktiga åtgärder för förebyggande av cyberattacker.De nämnda huvudsakliga åtgärderna som är gemensamma mellan de studerade aktörerna stödjas av den teoretiska referensramen. Detta eftersom ramverk kopplade till cyberattacker påpekar också att investeringar, tydliga arbetsrutiner och övervakning av system, bidrar till skydd mot cyberattacker.

Cyber attacks

Cyber security

Cyber risk management framework

Public sector

Nyckelord: Cyberattacker

Cybersäkerhet

Cyber risk management framework

Offentlig sektor.

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

Data-Driven Policies for Manufacturing Systems and Cyber Vulnerability Maintenance

Roychowdhury, Sayak

12 October 2017

No description available.

Industrial Engineering

Operations Research

Operations Research

Scheduling

Automotive Manufacturing

Stamping

Genetic Algorithm

Cyber security

Cyber vulnerability maintenance

Выявление аномалий технологического процесса на примере макета очистной установки воды SWaT (Secure Water Treatment) : магистерская диссертация / Identification of technological process anomalies using the example of a mock-up of a SWaT (Secure Water Treatment) water treatment plant

Жериборова, Е. В., Zheriborova, E. V.

January 2023

Цель работы – анализ моделей машинного обучения, направленных на обнаружение аномалий на промышленных предприятиях, использующих автоматизированные системы управления технологическим процессом, а также выявление причин аномалий. Объектом исследования является выявление аномалий во время работы технологического оборудования, агрегатов, установок, отдельных производств – выявление атак на датчик или группу датчиков. Рассматриваются основные модели машинного обучения, позволяющие выявлять аномалии, которые могут возникать при попытках внешнего воздействия, так и при технологических неисправностях промышленного производства. Рассмотрена модель – AutoEncoder. Оценена точность предсказания применяемой модели ML. / The purpose of the work is to analyze machine learning models aimed at detecting anomalies at industrial enterprises using automated process control systems, as well as identifying the causes of anomalies. The object of the study is to identify anomalies during the operation of technological equipment, units, installations, individual industries - identifying attacks on a sensor or group of sensors. The main models of machine learning are considered, allowing to identify anomalies that can arise during attempts of external influence, as well as during technological malfunctions of industrial production. The model considered is AutoEncoder. The prediction accuracy of the applied ML model is assessed.

АНОМАЛИИ

ПОИСК АНОМАЛИЙ

КИБЕРБЕЗОПАСНОСТЬ

AUTOENCODER

MASTER'S THESIS

ANOMALIES

SEARCHING FOR ANOMALIES

CYBER SECURITY

AUTOENCODER

Environmentally aware vulnerability prioritisation within large networks : A proposed novel method

Lenander, Marcus, Tigerström, Jakob

January 2022

Background. Software vulnerabilities are a constant threat to organisations, businesses, and individuals. Keeping all devices patched from security software vulnerabilities is complex and time-consuming. Companies must use resources efficiently to ensure that the most severe security vulnerability is prioritised first. Today’s state-of-the-art prioritisation method only relies on the severity of the vulnerability without its environmental context. We propose a novel method that automatically prioritises the vulnerabilities in a device based on its environmental information, such as role and criticality. Objectives. This thesis aims to analyse to what extent vulnerabilities can be prioritised based on the environmental information of the device. Furthermore, we investigate the possibility of automatically estimating the role and criticality of a device and to what extent they can more accurately reflect the severity of the vulnerabilities present in the device. Methods. The proposed novel method uses environmental information found by a vulnerability scanner. Based on this information, the method estimates the role of the device. The role is then used by the method to estimate the criticality of the device. Based on the criticality and environmental information, a new vulnerability score is calculated for each vulnerability, and the list is reprioritised based on the latest score. We further apply an experimental study to analyse the assessment of the method against experts' assessment. Results. The experimental study indicates that the method performs slightly better than the state-of-the-art method. The proposed novel method estimated the primary role with an accuracy of 100% and the secondary role with an accuracy of 71.4%. The method's criticality assessment has a moderate agreement with the experts' criticality assessment. Overall, the method's reprioritised vulnerability lists correlate almost perfectly with the experts' vulnerability lists. Conclusions. Considering the environmental information during the prioritisation of vulnerabilities is beneficial. We find that our method performs slightly better than the state-of-the-art method. The proposed method needs further improvements to give a better criticality estimation. However, more research is required to claim that system administrators could benefit from using the proposed method when prioritising vulnerabilities. / Bakgrund. Sårbarheter i programvara är ett konstant hot mot organisationer och företag såväl som till privatpersoner. Att se till att enheterna är säkra är en komplex och tidskrävande uppgift. Det är därför viktigt att prioritera den tiden som finns dit där den gör mest nytta, det vill säga att åtgärda den allvarligaste sårbarheten först. Den allra bästa sårbarheter prioriterings metoden baseras på allvarlighetsgraden utan att ta hänsyn till sårbarhetens miljömetrik. Därav föreslår vi en ny prioriterings metod som automatiskt prioriterar sårbarheterna baserat på en enhets miljömetrik så som roll och kritikalitet. Syfte. Syftet med detta arbetet är att avgöra i vilken utsträckning det går att prioritera sårbarheter baserat på des miljömetrik. Utöver detta ska vi även undersöka huruvida man kan automatiskt uppskatta en enhets roll och kritikalitet för att bättre reflektera sårbarhetens allvarlighetsgrad. Metod. Den föreslagna metoden använder sig av sammanhangs information som tillhandahålls av en sårbarhets scanner. Utifrån denna information kommer enhetens roll att uppskattas. Den estimerade rollen kommer då användas av metoden för att bestämma enhetens kritikalitet. Baserat på kritikaliteten och sammanhangs informationen kommer en ny allvarlighetsgrad beräknas för all sårbarheter.  Listan av sårbarheter kommer omprioriteras med hänsyn till de senast beräknade allvarlighetsgraderna. Ett experiment utförs sedan för att analysera huruvida bra den nya prioriterings metoden är och för att validera resultatet kommer det jämföras mot experters prioritering. Resultat. Den experimentella studien indikerar på att vår metod presterar lite bättre än den den allra bästa sårbarheter prioriterings metoden. Den föreslagna metoden kan uppskatta den primära rollen med en träffsäkerhet på 100% och sekundära rollen med 71.4% träffsäkerhet. Metodens uppskattning av kritikaliteten är måttlig överensstämmande med den av experternas uppskattning. Överlag korrelerar metodens prioritiseringlista bättre med experternas än vad den allra senaste prioritiserings metoden gör. Slutsats. Genom att ta hänsyn till en enhets miljömetrik vid beräkningen av sårbarhetens allvarlighetsgrad får man ett bättre resultat än om den inte skulle varit med i beräkningen. Vi ser att vår metod fungerar bättre över lag än av den allra senaste prioritiserings metoden gör. Den föreslagna metoden behöver forskas mer på för att säkert kunna säga att den är användbar.

Software vulnerability management

vulnerability prioritisation

CVSS

environmental metrics

cyber security

Hantering av sårbarhet i programvara

prioritering av sårbarheter

CVSS

Miljömetrik

cybersäkerhet

Computer Sciences

Datavetenskap (datalogi)

How Secure is Verisure’s Alarm System?

Hamid, Lars-Eric, Möller, Simon

January 2020

Security is a very important part of today’s society.Verisure is the leader in home alarm systems with 30 years ofexperience. In this project, we aim to evaluate how secure theiralarm system is from a software perspective. The system wasbought in January 2020. After an initial threat modeling, followedby penetration testing it turns out that the alarm system is not assecure as Verisure markets. We could find several security flawsin the system. Some of them let an attacker block the system,and others yield full control without the user’s knowledge. Thereare also a couple of vulnerabilities that could be exploited bypeople without any special knowledge regarding hacking or thesystem in general. / Säkerhet är en mycket viktig del i dagens samhälle. Verisure är ledande inom hemmalarmsystem med 30 års erfarenhet. I det här projektet utvärderar vi hur säkert deras larmsystem är från ett mjukvaruperspektiv. Systemet köptes i januari 2020. Efter en inledande hotmodellering och följande penetrationstester visar det sig att larmsystemet inte är lika säkert som Verisure marknadsför. Vi kunde under projektets gång hitta flera säkerhetsbrister i systemet. Några av dessa gör att en angripare kan blockera systemet och andra ger full kontroll utan användarnas vetskap. Det finns också ett par sårbarheter som kan utnyttjas av människor utan någon speciell kunskap om hacking eller systemet i allmänhet. / Kandidatexjobb i elektroteknik 2020, KTH, Stockholm

Alarm system

Cross-site request forgery

Cyber-security

Denial of Service

Hacking

Internet of Things

Verisure

Elektroteknik och elektronik

Hybrid Ensemble Methods: Interpretible Machine Learning for High Risk Aeras / Hybrida ensemblemetoder: Tolkningsbar maskininlärning för högriskområden

Ulvklo, Maria

January 2021

Despite the access to enormous amounts of data, there is a holdback in the usage of machine learning in the Cyber Security field due to the lack of interpretability of ”Black­box” models and due to heterogenerous data. This project presents a method that provide insights in the decision making process in Cyber Security classification. Hybrid Ensemble Methods (HEMs), use several weak learners trained on single data features and combines the output of these in a neural network. In this thesis HEM preforms phishing website classification with high accuracy, along with interpretability. The ensemble of predictions boosts the accuracy with 8%, giving a final prediction accuracy of 93 %, which indicates that HEM are able to reconstruct correlations between the features after the interpredability stage. HEM provides information about which weak learners trained on specific information that are valuable for the classification. No samples were disregarded despite missing features. Cross validation were made across 3 random seeds and the results showed to be steady with a variance of 0.22%. An important finding was that the methods performance did not significantly change when disregarding the worst of the weak learners, meaning that adding models trained on bad data won’t sabotage the prediction. The findings of these investigations indicates that Hybrid Ensamble methods are robust and flexible. This thesis represents an attempt to construct a smarter way of making predictions, where the usage of several forms of information can be combined, in an artificially intelligent way. / Trots tillgången till enorma mängder data finns det ett bakslag i användningen av maskininlärning inom cybersäkerhetsområdet på grund av bristen på tolkning av ”Blackbox”-modeller och på grund av heterogen data. Detta projekt presenterar en metod som ger insikt i beslutsprocessen i klassificering inom cyber säkerhet. Hybrid Ensemble Methods (HEMs), använder flera svaga maskininlärningsmodeller som är tränade på enstaka datafunktioner och kombinerar resultatet av dessa i ett neuralt nätverk. I denna rapport utför HEM klassificering av nätfiskewebbplatser med hög noggrannhet, men med vinsten av tolkningsbarhet. Sammansättandet av förutsägelser ökar noggrannheten med 8 %, vilket ger en slutgiltig prediktionsnoggrannhet på 93 %, vilket indikerar att HEM kan rekonstruera korrelationer mellan funktionerna efter tolkbarhetsstadiet. HEM ger information om vilka svaga maskininlärningsmodeller, som tränats på specifik information, som är värdefulla för klassificeringen. Inga datapunkter ignorerades trots saknade datapunkter. Korsvalidering gjordes över 3 slumpmässiga dragningar och resultaten visade sig vara stabila med en varians på 0.22 %. Ett viktigt resultat var att metodernas prestanda inte förändrades nämnvärt när man bortsåg från de sämsta av de svaga modellerna, vilket innebär att modeller tränade på dålig data inte kommer att sabotera förutsägelsen. Resultaten av dessa undersökningar indikerar att Hybrid Ensamble-metoder är robusta och flexibla. Detta projekt representerar ett försök att konstruera ett smartare sätt att göra klassifieringar, där användningen av flera former av information kan kombineras, på ett artificiellt intelligent sätt.

Interpretability

Machine Learning

Sparse Data

Ensemble

Cyber Security

High Risk Sectors

Tolkbarhet

Maskininlärning

Gles Data

Ensemblemetoder

Cybersäkerhet

Högriskområden

Other Mathematics

Annan matematik

A Risk Based Approach to Intelligent Transportation Systems Security

Bakhsh Kelarestaghi, Kaveh

11 July 2019

Security threats to cyber-physical systems are targeting institutions and infrastructure around the world, and the frequency and severity of attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Wireless Sensors Networks, Vehicle-to-everything communication (V2X), Dynamic Message Signs (DMS), and Traffic Signal Controllers are among major Intelligent Transportation Systems (ITS) infrastructure that has already been attacked or remain vulnerable to hacking. ITS has been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in travel demand. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices such as DMS are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is due to their location. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. There may be room for improvement by policymakers and program managers when considering critical infrastructure vulnerabilities. With cybersecurity issues escalating every day, road users' safety has been neglected. This dissertation overcomes these challenges and contributes to the nascent but growing literature of Intelligent Transportation System (ITS) security impact-oriented risk assessment in threefold. • First, I employ a risk-based approach to conduct a threat assessment. This threat assessment performs a qualitative vulnerability-oriented threat analysis. The objective is to scrutinize safety, security, reliability, and operation issues that are prompted by a compromised Dynamic Message Signs (DMS). • Second, I examine the impact of drivers' attitudes and behaviors on compliance, route diversion behavior, and speed change behavior, under a compromised DMS. We aim to assess the determinants that are likely to contribute to drivers' compliance with forged information. To this extent, this dissertation evaluates drivers' behavior under different unauthentic messages to assess in-depth the impact of an adversarial attack on the transportation network. • Third, I evaluate distracted driving under different scenarios to assess the in-depth impact of an adversarial attack on the transportation network. To this extent, this dissertation examines factors that are contributing to the manual, visual, and cognitive distractions when drivers encountering fabricated advisory information at a compromised DMS. The results of this dissertation support the original hypothesis and indicate that with respect to the forged information drivers tend to (1) change their planned route, (2) become involved in distracting activities, and (3) change their choice speed at the presence of a compromised DMS. The main findings of this dissertation are outlined below: 1. The DMS security vulnerabilities and predisposing conditions allow adversaries to compromise ITS functionality. The risk-based approach of this study delivers the impact-likelihood matrix, which maps the adverse impacts of the threat events onto a meaningful, visual, matrix. DMS hacking adverse impacts can be categorized mainly as high-risk and medium-risk clusters. The safety, operational (i.e., monetary losses) and behavioral impacts are associated with a high-risk cluster. While the security, reliability, efficiency, and operational (i.e., congestion) impacts are associated with the medium-risk cluster. 2. Tech friendly drivers are more likely to change their route under a compromised DMS. At the same time, while they are acquiring new information, they need to lowering their speed to respond to the higher information load. Under realistic-fabricated information, about 65% of the subjects would depart from their current route. The results indicate that females and subjects with a higher driving experience are more likely to change their route. In addition, those subjects who are more sensitive to the DMS's traffic-related messages and those who use DMS under congested traffic condition are more likely to divert. Interestingly, individuals with lower education level, Asians, those who live in urban areas, and those with trouble finding their direction in new routes are less likely to pick another route rather the one they planned for. 3. Regardless of the DMS hacking scenarios, drivers would engage in at least one of the distractive activities. Among the distractive activities, cognitive distraction has the highest impact on the distracted driving likelihood. Meaning, there is a high chance that drivers think of something other than driving, look at surrounding traffic and scenery, or talk to other passengers regarding the forged information they saw on the DMS. Drivers who rely and trust in technology, and those who check traffic condition before starting their trips tend to become distracted. In addition, the result identified that at the presence of bogus information, drivers tend to slow down or stop in order to react to the DMS. That is, they would either (1) become involved in activities through the means of their phone, (2) they would mind wander, look around, and talk to a passenger about the sign, and (3) search for extra information by means of their vehicle's radio or internet. 4. Females, black individuals, subjects with a disability, older, and those with high trust in DMS are less likely to ignore the fabricated messages. In contrary, white, those who drive long hours, and those who see driving as a tedious task are more likely to ignore the bogus messages. Drivers who comply with traffic regulations and have a good driving record are likely to slow down under the tampered messages. Furthermore, female drivers and those who live in rural areas are more likely to slow down under fabricated advisory information. Furthermore, this dissertation identifies that planning for alternative route and involvement in distractive activities cause speed variation behaviors under the compromised DMS. This dissertation is the first to investigate the adverse impact of a compromised DMS on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities. Broader impacts of this study include (1) to systematically raising awareness among policy-makers and engineers, (2) motivating further simulations and real-world experiments to investigate this matter further, (3) to systematically assessing the adverse impact of a security breach on transportation reliability and safety, and drivers' behavior, and (4) providing insights for system operators and decision-makers to prioritize the risk of a compromised DMS. Additionally, the outcome can be integrated with the nationwide connected vehicle and V2X implementations and security design. / Doctor of Philosophy / Security threats are targeting institutions and infrastructure around the world, and the frequency and severity of security attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Intelligent Transportation Systems have been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in traffic volume. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices, such as dynamic message signs, are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is that of their location in public. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. This study is the first to investigate the adversarial impact of a compromised message sign on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities.

Intelligent Transportation Systems

Cyber Security

Cyber-Physical Systems

Vulnerability Assessment

Attack Tree

Dynamic Message Sign

Risk Assessment

Impact Assessment

Travelers Behavior

Distracted Driving

Speed Variation

Route Divergence

Toward a Decision Support System for Measuring and Managing Cybersecurity Risk in Supply Chains

Baker, Wade Henderson

03 April 2017

Much of the confusion about the effectiveness of information security programs concerns not only how to measure, but also what to measure — an issue of equivocality. Thus, to lower uncertainty for improved decision-making, it is first essential to reduce equivocality by defining, expanding, and clarifying risk factors so that metrics, the "necessary measures," can be unambiguously applied. We formulate a system that (1) allows threats to be accurately measured and tracked, (2) enables the impacts and costs of successful threats to be determined, and (3) aids in evaluating the effectiveness and return on investment of countermeasures. We then examine the quality of controls implemented to mitigate cyber risk and study how effectively they reduce the likelihood of security incidents. Improved control quality was shown to reduce the likelihood of security incidents, yet the results indicate that investing in maximum quality is not necessarily the most efficient use of resources. The next manuscript expands the discussion of cyber risk management beyond single organizations by surveying perceptions and experiences of risk factors related to 3rd parties. To validate and these findings, we undertake in an in-depth investigation of nearly 1000 real-world data breaches occurring over a ten-year period. It provides a robust data model and rich database required by a decision support system for cyber risk in the extended enterprise. To our knowledge, it is the most comprehensive field study ever conducted on the subject. Finally, we incorporate these insights, data, and factors into a simulation model that enables us study the transfer of cyber risk across different supply chain configurations and draw important managerial implications. / Ph. D.

cybersecurity

cyber security

information security

cyber risk

information risk

risk modeling

risk management

security metrics

decision support systems

supply chain management

supply chain risk

supply chain information sharing