The Challenges in Leveraging Cyber Threat Intelligence / Utmaningarna med att bemöta cyberhot motunderrättelseinformation

Gupta, Shikha, Joseph, Shijo, Sasidharan, Deepu

January 2021

Today cyber attacks, incidents, threats, and breaches continue to rise in scale and numbers, as sophisticated attackers continuously break through conventional safeguards each day. Whether strategic, operational, or tactical, threat intelligence can be defined as aggregated information and analytics that feed the different pillars of any given company’s cybersecurity infrastructure. It provides numerous benefits, enabling improved prediction and detection of threats, empowering and informing organizations to make better decisions during as well as following any cyber attack and aiding them to develop a proactive cyber security posture. It helps provide actionable intelligence, which equips senior management to make timely actions and decisions that might otherwise have an impact on the company’s ability to keep ahead and defend against this growing sea of threats. Driving momentum in this area also helps reduce their reaction times, enabling a shift for organizations to become more proactive than reactive. Perimeter defenses seem to no longer suffice as threats are becoming more complex and escalating with no best practices and guidelines available for companies to follow after, during, or before the time of the threat and risk due to the multiple components involved, including the various standards and platforms. Sharing and analyzing threat data effectively requires standard formats, protocols, shared understanding of the relevant terminology, purpose, and representation. Threat intelligence and its analysis are seen as a vital component of cyber security and a tool that many companies cannot leverage and utilize fully. Securing today's organizations and businesses, therefore, will require a new approach. In our study with security executives working across multiple industries, we have identified the various challenges that prevent the successful adoption of threat intelligence and with the rising adoption of the multiple platforms, including issues related to data quality, absence of universal standard format and protocol, challenge enforcing data sharing based on CTI data attribute, lack of authentication and confidentiality preventing data sharing, missing API integration capability in conjunction with multi-vendor tools, lack of identification of tacticalIOCs, failure to define TTL value(s), lack of deep automation, analytical and visualization capabilities. Ensuring the right expertise and capabilities in these identified areas will help leverage threat intelligence effectively, help to sharpen the focus, and provide the needed competitive edge.

Threat Intelligence

Cyber Threat Intelligence

Computer Systems

Datorsystem

Gendering Cyber Warfare : A theoretical and exploratory paper addressing the research gap on the gendered aspects of cyber warfare

Abera Techan, Mahlet

January 2020

War is gendered. The scholarship of gender and war is comprehensive and multi-layered, yet there seems to be some difficulty to keep up with the new developments in technology and its involvement in warfare. It was only until a few years ago that a new method of warfare - cyber warfare, a form of hybrid warfare, emerged and got the spotlight in the discussions on new methods of warfare. However, as the literature is growing, and international organisations are producing policy and strategy documents on cyber warfare, there seems to be a research gap on the relation between gender and cyber warfare, more specifically the gendered aspects of cyber warfare. This thesis attempts to fill that research gap and intends to answer how cyber warfare may be gendered. This is be done by generally looking at the literature of “Gender and War” and “Gender and Cyber”, and Gunneriusson and Ottis (2013) categorisation of how cyberspace is used in military operations from a hybrid warfare perspective. Gunneriusson and Otitis’s categorisation focus on inter alia cyber-attacks on non-military targets, and the use of propaganda. The overview of the research on gender and cyber focus on the workforce within cyber related sectors and gender-based violence, and the overview of research on gender and war brings up numerous examples of the nexus between gender and war.  Based on the overview of the two fields of research along with Gunneriusson and Ottis categorisation this thesis comes to the conclusion that cyber warfare can be gendered. The purpose of the examples of cyber-attacks are the same when same attacks are conducted offline and these types of attack offline have the same effect online. The difference is that an attack through the cyberspace intensifies the consequences in comparison to when these same methods were used in other domains.

Gender

Cyber Warfare

Hybrid Warfare

Globalisation Studies

Globaliseringsstudier

New media art : immersion and the sacrifice of the body

Le Roux, Leandré

January 2016

New technologies, such as virtual reality, often draw to itself myths from other fields of interest and discourses. One such myth that has attached itself to virtual reality is the notion that virtual reality can provide a utopia for the mind, or true self, if the body can be cast off. It is this discarding of the body that my thesis aims to investigate in terms of Girardian sacrifice. Girard?s notion of sacrifice is built upon the observation of various cultures throughout history. It stands to reason that in our contemporary, digitally influenced, society, sacrifice, in some form, still persists. I argue that the body, when viewed as disposable, through the use of virtual reality, exhibits the same traits as the selected sacrificial victim. As the myth of a utopia for the mind, or true self, exists prior to the advent of virtual reality, traces of it, as well as the sacrifice I argue it entails, can be found in other texts as well. One such a text is The Chrysalids (Wyndham 1955). This text presents the reader with characters which I argue represent both the mind and body separately. The Chrysalids culminates in the characters representing the mind leaving for a utopian city whilst the character who, I argue, is most strongly associated with the body, Sophie Wender, is killed. It is also argued here in that the notion of abandoning the body is simply a myth since the inability to abandon the body is also discussed in terms of phenomenology, pointing out that the body can ultimately not be completely removed from the making of meaning. This phenomenological acknowledgement of the body, along with a critique The Chrysalids and cyber-utopia?s view of the body, forms the basis of my practical body of work. / Dissertation (MA)--University of Pretoria, 2016. / Visual Arts / MA / Unrestricted

Virtual reality

New media art

Cyberspace

Cyber-utopian myth

UCTD

Analysis of cyber security in smart grid systems

Masonganye, James

January 2017

Cyber security is a major concern due to global incidents of intrusion. The impact of the attacks on the electricity grid can be significant, resulting in the collapsing of the national economy. Electricity network is needed by banks, government security agencies, hospitals and telecommunication operators. The purpose of this research is to investigate the various types of cyber security threats, including ICT technologies required for safe operation of the smart grid to protect and mitigate the impact of cyber security. The modelling of cyber security using the Matlab/SimPowerSystem simulates the City of Tshwane power system. Eskom components used to produce energy, interconnect to the City of Tshwane power distribution substations and simulated using Simulink SimPowerSystem. / Dissertation (MEng)--University of Pretoria, 2017. / Electrical, Electronic and Computer Engineering / MEng / Unrestricted

UCTD

Cyber Security

Smart grid

SCADA

National Institute of Standard (NIST)

Smart Home Security Using Intrusion Detection and Prevention Systems

Nalubowa, Vivian Gloria

January 2019

As the connectivity of home devices elevates so does the volume and sophistication of cyber attacks consistently grow. Therefore, the need for network security and availability becomes more significant. Numerous sorts of countermeasures like firewalls and router-based packet filtering have been put in place, although these alone are not enough to brace the network from unauthorised access. One of the most efficient methods of stopping network adversaries is using Intrusion Detection and Prevention Systems (IDPS). The goal of an IDPS is to stop security attacks before they can be successfully carried out. In this paper, I looked at four network attacks namely; probing, denial of service, remote to user and user to root and improved their respective Snort rules to optimize processing time and capturing capacity using regular expressions and fast pattern. Snort with improved rules captured 100% of the attacks launched to the network while without the improved rules, Snort captured between 0% to 60% of the attacks launched to the network making an improvement of 40%.

Digital Forensics

cyber security

Intrusion Detection

Engineering and Technology

Teknik och teknologier

Meta-Adaptation Strategies for Adaptation in Cyber-Physical Systems / Meta-Adaptation Strategies for Adaptation in Cyber-Physical Systems

Huječek, Adam

January 2016

When designing a complex Cyber-Physical System it is often impossible to foresee all potential situations in advance and prepare corresponding tactics to adapt to the changes in dynamic environment. This greatly hurts the system's resilience and dependability. All kinds of trouble can rise from situations that lie beyond the expected "envelope of adaptability" from malfunction of one component to failure of the whole system. Self-adaptation approaches are typically limited in choosing a tactic from a fixed set of tactics. Meta-adaptation strategies extend the limits of system's inherent adaptation by creating new tactics at runtime. This thesis elaborates and provides implementations of selected meta-adaptation strategies for IRM-SA in jDEECo as well as their evaluation in a scenario based on a firefighter coordination case study. Powered by TCPDF (www.tcpdf.org)

NETWORK FEATURE ENGINEERING AND DATA SCIENCE ANALYTICS FOR CYBER THREAT INTELLIGENCE

Unknown Date

While it is evident that network services continue to play an ever-increasing role in our daily lives, it is less evident that our information infrastructure requires a concerted, well-conceived, and fastidiously executed strategy to remain viable. Government agencies, Non-Governmental Organizations (\NGOs"), and private organizations are all targets for malicious online activity. Security has deservedly become a serious focus for organizations that seek to assume a more proactive posture; in order to deal with the many facets of securing their infrastructure. At the same time, the discipline of data science has rapidly grown into a prominent role, as once purely theoretical machine learning algorithms have become practical for implementation. This is especially noteworthy, as principles that now fall neatly into the field of data science has been contemplated for quite some time, and as much as over two hundred years ago. Visionaries like Thomas Bayes [18], Andrey Andreyevich Markov [65], Frank Rosenblatt [88], and so many others made incredible contributions to the field long before the impact of Moore's law [92] would make such theoretical work commonplace for practical use; giving rise to what has come to be known as "Data Science". / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2020. / FAU Electronic Theses and Dissertations Collection

Cyber security

Computer security

Information infrastructure

Predictive analytics

Hur kan svensk strategi för cybersäkerhet analyseras? : en jämförelse mellan två olika cyberteorier

Nyström, Johan

January 2020

Forskningen inom cyberområdet är ett relativt nytt område och det finns en brist på cyberteorier som prövats på olika fall. Genom att jämföra de teorier som Bebber och Matania et al. har publicerat, hur en stats strategi avseende cybersäkerhet kan analyseras, kan bristen som identifierats kompletteras. Resultatet visar att både Bebber och Matania et al. kan användas i detta syfte och ger en god överblick över den svenska strategin avseende cybersäkerhet men med lite olika resultat. Resultatet är likväl samstämmigt avseende att den svenska strategin för cybersäkerhet utgår från ett passivt och robust cyberförsvar med en hög resiliens. Ett antal åtgärder har genomförts under 2019 och pågår fortfarande för att stärka den nationella cybersäkerheten. Inom Försvarsmakten finns det emellertid ett arbete att genomföra gällande att doktriner, planeringsmetoder och organisationsutveckling möter de framtida uppgifterna som ställs på cyberförsvaret.

säkerhetspolitik

strategi

cyber

cyberförsvar

cybersäkerhet.

Political Science

Statsvetenskap

Nuclear Safety related Cybersecurity Impact Analysis and Security Posture Monitoring

Gupta, Deeksha

05 April 2022

The Electrical Power Systems (EPS) are indispensable for a Nuclear Power Plant (NPP). The EPS are essential for plant start-up, normal operation, and emergency conditions. Electrical power systems are necessary not only for power generation, transmission, and distribution but also to supply reliable power for plant operation and control system during safe operation, Design Basis Conditions (DBC) and Design Extension Conditions (DEC). According to IAEA Specific Safety Guide SSG-34, EPS are essentially the support systems of many plant equipment. Electrical system, which supply power to plant systems important to nuclear safety, are essential to the safety of an NPP. In recent years, due to the digitization of Instrumentation and Control (I&C) systems, along with their enhanced accuracy, ease of implementing complex functions and flexibility, have been also exposed to sophisticated cyber threats. Despite physical separation and redundant electrical power supply sources, malicious cyber-attacks performed by insiders or outsiders might disrupt the power flow and result in an interruption in the normal operation of an NPP. Therefore, for the uninterrupted operation of a plant, it is crucial to contemplate cybersecurity in the EPS design and implementation. Considering multiple cyber threats, the main objectives of this research work are finding out security vulnerabilities in electrical power systems, simulating potential cyber-attacks and analyzing the impacts of these attacks on the electrical components to protect the electrical systems against these cyber-attacks. An EPS testbed at a small scale was set up, which included commercial I&C and electrical equipment significant for the cybersecurity analysis. The testbed equipment comprises of electrical protection relay (IEC 60255), controller, operating panel, engineering workstation computer, simulation model, etc. to monitor and control the power supply of one or more electrical equipment responsible for a regular operation in an NPP. Simulated cybersecurity attacks were performed using this testbed and the outcomes were examined in multiple iterations, after adding or changing security controls (cybersecurity countermeasures). Analyzing the cybersecurity and performing cyber-attacks on these systems are very advantageous for a real power plant to prepare and protect the plant equipment before any malicious attack happens. This research work conclusively presents cybersecurity analysis, including basic and sophisticated cyber-attack scenarios to understand and improve the cybersecurity posture of EPS in an NPP. The approach was completed by considering the process engineering systems (e.g. reactor core cooling systems) as attack targets and investigating the EPS specific security Defense-in-Depth (DiD) design together with the Nuclear Safety DiD concepts.:CHAPTER 1 INTRODUCTION 1.1 Motivation 1.2 Technical Background 1.3 Objectives of the Ph.D. Project 1.4 State of the Art in Science and Technology CHAPTER 2 FUNDAMENTALS OF CYBERSECURITY AND ELECTRICAL CONTROL AND PROTECTION CONCEPTS 2.1 Electrical Power System 2.2 Electrical Protection System 2.3 Cyber-Physical System 2.4 Industrial Control System 2.5 Safety I&C and Operational I&C Systems 2.6 Safety Objective Oriented Top-Down Approach 2.7 Cybersecurity Concept 2.8 Threat Identification and Characterization in NPP 2.8.1 Design Basis Threat 2.8.2 Attacker Profile 2.8.1 Reported Real-Life NPP Cyber-Attack Examples 2.9 Security Levels 2.10 Summary CHAPTER 3 CYBER-PHYSICAL PROCESS MODELING 3.1 Introduction 3.2 Single Line Diagrams of Different Operational Modes 3.3 Design 3.4 Block Diagram of Simulink Model 3.5 Implementation of Simulink Blocks 3.5.1 Power Generation 3.5.2 Grid Feed 3.5.3 House Load (Feed Water Pump) 3.6 OPC UA Communication 3.7 Summary CHAPTER 4 CYBER THREAT SCENARIOS FOR EPS 4.1 Introduction 4.2 Cyber-Physical System for EPS 4.3 Cyber Threats and Threat Sources 4.3.1 Cyber Threats 4.3.2 Threat Sources 4.4 Cybersecurity Vulnerabilities 4.4.1 Vulnerabilities in EPS 4.4.2 Vulnerabilities in ICS 4.5 Attacker Modeling 4.6 Basic Cyber Threat Scenarios for EPS 4.6.1 Scenario-1: Physical Access to Electrical Cabinets 4.6.2 Scenario-2: Modification of Digital Protection Devices 4.7 Potential Advanced Cyber Threat Scenarios for EPS 4.7.1 Scenario-1: Alteration of a Set-point of the Protection Relay 4.7.2 Scenario-2: Injection of Malicious Packets 4.7.3 Scenario-3: False Trip Command 4.7.4 Scenario-4: Availability Attack on Protection Relay or SCADA System 4.7.5 Scenario-5: Permanent Damage to Physical Component 4.7.6 Scenario-6: Protocol-wise Attack on Operator Panel 4.8 Threat Scenario for Simulink model 4.9 Summary CHAPTER 5 EPS TESTBED DESCRIPTION 5.1 Introduction 5.2 Basic Industrial Automation Architecture 5.3 Need for Testbeds 5.4 Proposed EPS Testbed 5.4.1 Testbed Architecture 5.4.2 Testbed Implementation 5.5 EPS Physical Testbed Applications 5.5.1 Modeling and Simulation of Power System Faults 5.5.2 Modeling of Cyber-Attacks 5.6 Summary CHAPTER 6 EXPERIMENTAL AND IMPACT ANALYSIS OF CYBER THREAT SCENARIOS 6.1 Outline 6.2 Normal Operation and Control 6.3 Possibilities to Cause Failure in the Primary or Secondary Cooling Systems 6.4 Implementation of Cybersecurity Threat Scenarios 6.4.1 Alteration of a Relay Set-Point during Plant Start-Up Phase 6.4.2 Alteration of a Controller Set-Point during Normal Operation Phase 6.4.3 Availability Attack on Control and Protection System 6.4.4 Severe Damage to a Physical Component due to Overcurrent 6.5 Experimentally Assessed Cyber-attacks 6.6 Summary CHAPTER 7 SUMMARY AND OUTLOOK REFERENCES SCIENTIFIC PUBLICATIONS GLOSSARY

info:eu-repo/classification/ddc/621.3

ddc:621.3

Autonomic Zero Trust Framework for Network Protection

Durflinger, James

05 1900

With the technological improvements, the number of Internet connected devices is increasing tremendously. We also observe an increase in cyberattacks since the attackers want to use all these interconnected devices for malicious intention. Even though there exist many proactive security solutions, it is not practical to run all the security solutions on them as they have limited computational resources and even battery operated. As an alternative, Zero Trust Architecture (ZTA) has become popular is because it defines boundaries and requires to monitor all events, configurations, and connections and evaluate them to enforce rejecting by default and accepting only if they are known and accepted as well as applies a continuous trust evaluation. In addition, we need to be able to respond as quickly as possible, which cannot be managed by human interaction but through autonomous computing paradigm. Therefore, in this work, we propose a framework that would implement ZTA using autonomous computing paradigm. The proposed solution, Autonomic ZTA Management Engine (AZME) framework, focusing on enforcing ZTA on network, uses a set of sensors to monitor a network, a set of user-defined policies to define which actions to be taken (through controller). We have implemented a Python prototype as a proof-of-concept that checks network packets and enforce ZTA by checking the individual source and destination based on the given policies and continuously evaluate the trust of connections. If an unaccepted connection is made, it can block the connection by creating firewall rule at runtime.

Zero Trust

Autonomous Computing

IoT

Network Security

Cyber Security