A discrete event simulation-based approach for managing cyber vulnerabilities in a full-service deep waterway port

Mimesh, Hebah Mohammed

13 December 2019

Deepwater sea ports are considered to be gateways for global trade and susceptible to a diverse range of risks, including natural disasters such as hurricane, storm, drought, as well as a course of events ranging from human error to malicious cyber-attack. To deal with cyber vulnerabilities, this study examines how cyber-attack to a given technology (e.g., Programmable Logic Controllers (PLC), Radio Frequency Identification Tags (RFID), Navigation Technologies, and others) impacts the overall port operations. We use Port of Pascagoula as testbed to visualize and validate the modeling results utilizing FlexSim software. Several sets of experiments are conducted to provide important managerial insights for decision makers. Results indicate that cyber-attack on technologies used by the port may significantly impact the port operations. In overall, cyber-attack has meaningful impacts on ports systems that may result in significant economic and operational loss as well as long-term security and sustainability for overall ports performances.

cyber-attack

vulnerabilities

ports

A Model for Cyber Attack Risks in Telemetry Networks

Shourabi, Neda Bazyar

10 1900

ITC/USA 2015 Conference Proceedings / The Fifty-First Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2015 / Bally's Hotel & Convention Center, Las Vegas, NV / This paper develops a method for analyzing, modeling and simulating cyber threats in a networked telemetry environment as part of a risk management model. The paper includes an approach for incorporating a Monte Carlo computer simulation of this modeling with sample results.

Risk Management

Cyber-attack

Monte Carlo simulation

Coercive instruments in the digital age : The cases of cyber-attacks against Estonia and Iran

Steiner, Hrafn

January 2014

In the wake of the cyber-attacks in 2007 against Estonia and in 2010 against Iran, academics have debated the character of cyberwar. This study applies the theories of coercive diplomacy to the cases of Estonia and Iran in order to explain cyber-attacks as instrument for coercive diplomacy. While the long term effects of the attacks have yet to be understood it is clear that cyber-attacks can, and will, become a serious threat against political decision-makers in times of conflict.

Coercive diplomacy

cyberwar

cyber-attack

Stuxnet

DDoS

hacktivist

A Military Planning Methodology for Conducting Cyber Attacks on Power Grid

Saglam, Mehmet

09 July 2014

Power grids are regarded as significant military targets and have been targeted with kinetic attacks in previous military operations. These attacks resulted in significant levels of physical destruction, which, in the long-term, both undermined the success of the operations and caused severe adverse effects on the human terrain. Since power grids have grown as a result of introducing advanced technologies, they have also become more dependent upon cyberspace and are thus exposed to cyber attacks. Since cyber attacks have demonstrated the ability to creating physical/nonphysical effects with surgical precision, they have emerged as a credible option for disrupting power operations for a reasonable duration. However, these types of attacks sometimes require complex coordination with entities from distinct fields for efficient planning; a lack of awareness of the global picture about how to conduct these attacks could result in miscalculations and cause a repeat of the same past failures. Motivated by this fact, this thesis holistically analyzes the steps involved in conducting cyber attacks on power grids for the purpose of gaining military superiority and provides a comparison for the capabilities, challenges, and opportunities of kinetic and cyber attacks. For the purpose of creating a comprehensive framework for this thesis, the following considerations have been incorporated: the analyses of goals, targets, solutions, and effects of previous military operations; the physical and cyber infrastructures of power grids; and the features, challenges, and opportunities of cyber attacks. To present the findings, this document has adopted a novel military methodology for both the cyber attack analysis and the comparison of the means. / Master of Science

Cyber Warfare

Power Grid

Cyber Attack

Kinetic Attack

Cyber Attack Modelling using Threat Intelligence. An investigation into the use of threat intelligence to model cyber-attacks based on elasticsearch and honeypot data analysis

Al-Mohannadi, Hamad

January 2019

Cyber-attacks have become an increasing threat to organisations as well as the wider public. This has led to greatly negative impacts on the economy at large and on the everyday lives of people. Every successful cyber attack on targeted devices and networks highlights the weaknesses within the defense mechanisms responsible for securing them. Gaining a thorough understanding of cyber threats beforehand is therefore essential to prevent potential attacks in the future. Numerous efforts have been made to avoid cyber-attacks and protect the valuable assets of an organisation. However, the most recent cyber-attacks have exhibited the profound levels of sophistication and intelligence of the attacker, and have shown conven- tional attack detection mechanisms to fail in several attack situations. Several researchers have highlighted this issue previously, along with the challenges faced by alternative solu- tions. There is clearly an unprecedented need for a solution that takes a proactive approach to understanding potential cyber threats in real-time situations. This thesis proposes a progressive and multi-aspect solution comprising of cyber-attack modeling for the purpose of cyber threat intelligence. The proposed model emphasises on approaches from organisations to understand and predict future cyber-attacks by collecting and analysing network events to identify attacker activity. This could then be used to understand the nature of an attack to build a threat intelligence framework. However, collecting and analysing live data from a production system can be challenging and even dangerous as it may lead the system to be more vulnerable. The solution detailed in this thesis deployed cloud-based honeypot technology, which is well-known for mimicking the real system while collecting actual data, to see network activity and help avoid potential attacks in near real-time. In this thesis, we have suggested a new threat intelligence technique by analysing attack data collected using cloud-based web services in order to identify attack artefacts and support active threat intelligence. This model was evaluated through experiments specifically designed using elastic stack technologies. The experiments were designed to assess the identification and prediction capability of the threat intelligence system for several different attack cases. The proposed cyber threat intelligence and modeling systems showed significant potential to detect future cyber-attacks in real-time. / Government of Qatar

Cyber-attack

Cyber-attack modelling

Cyber threat intelligence

Elasticsearch

Honeypots

Cloud services

Attack awareness

Object-based model

Three essays on international cyber threats: Target nation characteristics, international rivalry, and asymmetric information exchange

Mauslein, Jacob A.

January 1900

Doctor of Philosophy / Security Studies / Jeffrey J. Pickering / As the Internet is progressively integrated into industrial and defense-related networks around the globe, it is becoming increasingly important to understand how state and sub-state groups can use Internet vulnerabilities as a conduit of attack. The current social science literature on cyber threats is largely dominated by descriptive, U.S.-centric research. While this scholarship is important, the findings are not generalizable and fail to address the global aspects of network vulnerabilities. As a result, this dissertation employs a unique dataset of cyber threats from around the world, spanning from 1990 to 2011. This dataset allows for three diverse empirical studies to be conducted. The first study investigates the political, social, and economic characteristics that increase the likelihood of a state being targeted for cyber threats. The results show that different state characteristics are likely to influence the forms of digital attack targeting. For example, states that experience increases in GDP per capita and military size are more likely to be targeted for cyber attacks. Inversely, states that experience increases in GDP per capita and those that are more democratic are less likely to be targeted for cyber terrorism. The second study investigates the role that international rivalries play in cyber threat targeting. The results suggest that states in rivalries may have more reason to strengthen their digital security, and rival actors may be cautious about employing serious, threatening forms of cyber activity against foes because of concerns about escalation. The final study, based upon the crisis bargaining theory, seeks to determine if cyber threat targeting decreases private information asymmetry and therefore decreases conflict participation. Empirical results show that the loss of digital information via cyber means may thus illicit a low intensity threat or militarized action by a target state, but it also simultaneously increases the likelihood that a bargain may be researched, preventing full scale war by reducing the amount of private information held between parties.

Cyber attack

Cyber terrorism

Cyber espionage

Targeting

Interstate rivalry

Crisis bargaining

Political Science (0615)

Data Mining for Network Intrusion Detection : A comparison of data mining algorithms and an analysis of relevant features for detecting cyber-attacks

Petersen, Rebecca

January 2015

Data mining can be defined as the extraction of implicit, previously un-known, and potentially useful information from data. Numerous re-searchers have been developing security technology and exploring new methods to detect cyber-attacks with the DARPA 1998 dataset for Intrusion Detection and the modified versions of this dataset KDDCup99 and NSL-KDD, but until now no one have examined the performance of the Top 10 data mining algorithms selected by experts in data mining. The compared classification learning algorithms in this thesis are: C4.5, CART, k-NN and Naïve Bayes. The performance of these algorithms are compared with accuracy, error rate and average cost on modified versions of NSL-KDD train and test dataset where the instances are classified into normal and four cyber-attack categories: DoS, Probing, R2L and U2R. Additionally the most important features to detect cyber-attacks in all categories and in each category are evaluated with Weka’s Attribute Evaluator and ranked according to Information Gain. The results show that the classification algorithm with best performance on the dataset is the k-NN algorithm. The most important features to detect cyber-attacks are basic features such as the number of seconds of a network connection, the protocol used for the connection, the network service used, normal or error status of the connection and the number of data bytes sent. The most important features to detect DoS, Probing and R2L attacks are basic features and the least important features are content features. Unlike U2R attacks, where the content features are the most important features to detect attacks.

Data mining

machine learning

cyber-attack

NSL-KDD

fea-tures

DoS

Probing

R2L

U2R.

Cyberwar and International Law: An English School Perspective

Sinopoli, Anthony F.

01 January 2012

Cyberwar challenges future endeavors of state security. As technological capability has improved, and access to information has become more widespread the importance of the issue in today's ever-globalizing world grows each day. A primary objective is to evaluate the place of cyber-warfare against nation-states and any repercussions under an international law paradigm. Utilizing an English School perspective, emphasis will be applied to the argument that disruptive circumstances could come to fruition if international conventions are not created to bring consensus and order among nation-states on this subject. This study hypothesizes that a future application could be an agreement under international law, beyond current regional cooperative initiatives. Since cyber-related attack is a relatively new development, the issue lacks adequate historical context. In addition, since state behavior is a major contributor to the interpretation of international law, the matter is in need of a clear delineation of the norms that define the phenomena and what acceptable responses might entail. Case study analysis will highlight recent examples of state behavior and cyber-related attacks and sabotages.

cyber-attack

humanitarian law

informational infrastructure

information operations

international society

International Law

International Relations

Political Science

Cyberkonflikten i Ukraina : Cyberattacker som instrument i tvingande diplomati

Kolli, Johanna

January 2018

This paper aims to describe and explain the Russian use of cyberattacks in the Ukrainian conflict. Two major cyber events, BlackEnergy in 2015 and NotPetya in 2017, are analysed by the theoretical framework of coercive diplomacy developed by Daniel Byman and Matthew Waxman, as well as the theory of cyber coercion made by Daniel R. Flemming and Neil C. Rowe. This paper concludes that the Russian use of cyberattacks could be understood as an extension of their already widespread practice of coercive diplomacy as a foreign policy tool. The cyberattacks were developed to pressure the Ukrainian energy and economic sector, through destabilisation of the economic powerbase and the country as a whole. The cyber offenses are developed to push the Ukrainian politics from western influence back towards the Russian political orbit. This due to the political, economic, and power interests Russia finds in the post-soviet state of Ukraine.

cyber attack

cyber conflict

cyber coercion

coercive diplomacy

BlackEnergy

NotPetya

Ukraine

Russia

Political Science

Statsvetenskap

Behavioural observation for critical infrastructure security support

Hurst, William

January 2014

Critical infrastructures include sectors such as energy resources, finance, food and water distribution, health, manufacturing and government services. In recent years, critical infrastructures have become increasingly dependent on ICT; more interconnected and are often, as a result, linked to the Internet. Consequently, this makes these systems more vulnerable and increases the threat of cyber-attack. In addition, the growing use of wireless networks means that infrastructures can be more susceptible to a direct digital attack than ever before. Traditionally, protecting against environmental threats was the main focus of critical infrastructure preservation. Now, however, with the emergence of cyber-attacks, the focus has changed and infrastructures are facing a different danger with potentially debilitating consequences. Current security techniques are struggling to keep up to date with the sheer volume of innovative and emerging attacks; therefore, considering fresh and adaptive solutions to existing computer security approaches is crucial. The research presented in this thesis, details the use of behavioural observation for critical infrastructure security support. Our observer system monitors an infrastructure’s behaviour and detects abnormalities, which are the result of a cyber-attack taking place. By observing subtle changes in system behaviours, an additional level of support for critical infrastructure security is provided through a plug-in device, which operates autonomously and has no negative impact on data flow. Behaviour is evaluated using mathematical classifications to assess the data and detect changes. The subsequent results achieved during the data classification process were high and successful. Our observer approach was able to accurately classify 98.138 % of the normal and abnormal system behaviours produced by a simulation of a critical infrastructure, using nine data classifiers.

005.8