A security analysis in a life science environment : a case study / En säkerhetsanalys inom life science : en fallstudie

Gripenstedt, Daniel, Öberg, Joakim

January 2021

The cyber-threat against life-science is much larger today than just a couple of years back. Companies within the field have valuable information from example R& Din pharmaceuticals, biotech, personal data of vulnerable patients or medical devices and that is something attackers are very much aware of. Lab equipment have generally been disconnected from the internet to protect their data even more but the benefits a company would gain in diagnostics and support could outweigh it. In this paper a fictional environment with lab instruments, control units and databases is set up based on a real system used by Company X. A security analysis for the system is conducted with the goal to identify and analyse potential threats and risks. This was done by first study relevant literature along with meetings with representatives from Company X. The security analysis is made with a threat model called Yacraf which includes six different phases, the process was easy to follow and resulted in potential ways how an attacker could gain access to the system. The results also show different protection scenarios for these attacks and how Company X could implement preventive measures in advance. If Company X where to implement such a remote control system a first step would be to educate the employees to recognize common cyber-threats and only set up the remote connection when needed. / Cyberhotet mot life science är mycket större idag än för bara ett par år tillbaka. Företag sitter på värdefull information från exempel forskning och utveckling inom läkemedel, bioteknik, personuppgifter om utsatta patienter eller medicintekniska produkter och det är något som hackare är mycket medvetna om. Labutrustning har i allmänhet kopplats bort från internet för att skydda deras data ännu mer, men fördelar företag kan vinna på diagnistik och support skulle kunna uppväga det. I denna uppsats skapas en fiktiv miljö med laboratorieinstrument, styrenheter och databaser baserat på ett verkligt system som används av företag X. En säkerhetsanalys för systemet genomförs med målet att identifiera och analysera potentiella hot och risker. Detta gjordes genom att först studera relevant litteratur tillsammans med möten med företrädare för företag X. Säkerhetsanalysen är gjord med en hotmodell som heter Yacraf som innehåller sex olika faser, processen var lätt att följa och resulterade i potentiella sätt hur en angripare kunde vinna tillgång till systemet. Resultaten visar också olika skyddsscenarier för dessa attacker och hur Company X kunde genomföra förebyggande åtgärder i förväg. Om företag X skulle implementera ett sådant fjärrkontrollsystem skulle ett första steg vara att utbilda de anställda att känna igen vanliga cyberhot och bara ansluta fjärranslutningen vid behov.

Cyber-security in life-science

Cyberbiosecurity

Remote controlling software

Cyber-attacks

Threat modelling

Yacraf.

Cybersäkerhet inom life science

Fjärrstyrningprogram

Cyberattack

Hotmodellering

Yacraf

Computer and Information Sciences

Data- och informationsvetenskap

Zero-day-sårbarheter : Förbättrade möjligheter för Polisen att avvärja cyberhot

Långström, Pia

January 2023

Globaliseringen och digitalisering har drivit på utvecklingen av cyberhot och innebär en ökad säkerhetsrisk. Cyberangrepp sker dagligen i Sverige av hotaktörer som utgörs av främmande makt, svensk och internationell organiserad brottslighet samt fristående aktörer. Branschen omsätter enorma belopp och det har uppstått en ny marknad av cyberbrottstjänster, Crime-as-a-Service (CaaS). Det svenska teknikförsprånget innebär att hotaktörer även använder Sverige som en testmarknad för okända, zero-day, digitala säkerhetshål. Cyberhotet är en utmaning för kriminologin, kriminalpolitiken och brottsbekämpning eftersom cyberdomänen sträcker sig utanför nationella polis- och rättsväsenden samtidigt som den brottsliga verksamheten sker på de krypterade delarna av internet, darkweb. Dessutom finns det begränsat med kriminologiska teorier på cyberområdet vilket i sin tur försvårar utvecklingen av policy för att avvärja cyberhotet. Kriminologer och brottsförebyggande aktörer har tenderat till att fastna i ett globalt perspektiv trots att cyberhotet har en lokal förankring. Genom en kvalitativ innehållsanalys undersöker uppsatsen hur brottsförebyggande aktörer uppfattar utvecklingen av cyberbrottsligheten genom att analysera svenska policydokument på cybersäkerhetsområdet med förankring i EU-policy utifrån Dick Hobbs och Katja Frankos teorier om så kallad glokalisering. Studien indikerar att den svenska policyutvecklingen på cyberhotsområdet nyligen rivstartat med etableringen av Nationellt cybersäkerhetscenter (NCSC) och införandet av Budapestkonvention. Resultatet tyder på att svenska brottsförebyggande aktörer inkorporerar ett glokalt perspektiv som drivs på av Polisen i jakten på hotaktörerna. Den kriminologiska forskningen på cyberhotsområdet är begränsad och uppsatsen är ett första steg för en ökad förståelse av cyberhotet ur ett svenskt policyperspektiv. Studien identifierar även en riktning för nästa steg av empirisk forskning och utveckling av kriminologisk teori för att analysera säkerhetshot och brottslighet i cyberdomänen med hjälp av nätverksteori.

Budapestkonventionen

crime-as-a-service (CaaS)

cyberattack

cyberbrott

cyberhot

darkweb

Europol

främmande makt

Försvarsmakten

hotaktörer

internet

Nationellt cybersäkerhetscenter (NCSC)

organiserad brottslighet

Polisen

policy

zero-day

Social Sciences

Samhällsvetenskap

REMEDIAL ACTIONS AGAINST CYBERATTACKS TARGETING SMART POWER SYSTEMS

Naderi, Ehsan

01 May 2023

Information and communication technologies are being implemented more than ever in the power industry in order to make smarter power grids, termed as cyber-physical power systems (CPPSs). Along with the privileges of such modern power networks like reducing the total operation cost for end-use customers, they may be negatively affected by cyberattacks, above all false data injection (FDI) attacks as they are easier to be performed. As a case in point, an adversary can detour security systems, penetrate into the cyber layer of a typical CPPS, and manipulate the information, finally leading to security threats. Although prevention and detection mechanisms are significant tools to be utilized by power system operators to improve the reliability of such systems against cyberattacks, they cannot ensure the security of power grids since some FDI attacks might be designed to bypass the detection stage. Hence, a more powerful tool will be required, which is called remedial action scheme (RAS), to be implemented by power system operators to recover the targeted power grid in a timely manner. Toward this end, different RAS frameworks are presented in this dissertation in transmission, distribution, and microgrid levels to highlight the effectiveness of such reaction mechanisms in case of cyber threats targeting modern power systems. In the transmission level, optimal power flow (OPF) integrated with thyristor controlled series capacitor (TCSC) have been utilized to design a RAS to mitigate the negative impacts of FDI attacks, resulting in system congestion or power outages. In the distribution level, system operators take advantage of static VAR compensator (SVC) through solving a customized version of distribution feeder reconfiguration (DFR) problem to mitigate voltage violations in the form of overvoltages and undervolatges, caused by FDI cyberattacks. In light of the fact that some FDI attacks bypass the employed detection methods, it is crucial to prepare in advance for such scenarios. Hence, in this dissertation, a real-world framework is also proposed for mitigating false data injection (FDI) attacks targeting a lab-scale wind/PV microgrid and resulting in power shortage. The proposed RAS is developed as a hardware-in-the-loop (HIL) testbed within the cyber-physical structure of the smart microgrid. Finally, as a prerequisite of the proposed intelligent RAS, which is able to be used on different levels of a CPPS, power system operator is being in attacker’s shoe to scrutinize different scenarios of cyberattacks to make an initial archive set. The design of such mechanisms incorporates long-short-term memory (LSTM) cells into a deep recurrent neural network (DRNN) for the processing of archived data, termed intelligent archive framework (IAF), identifying the proper reaction mechanisms for different FDI cyberattacks. To react to cyberattacks for which similar pre-investigated remedial measures were not saved in the IAF, a power flow analysis is considered to a) examine the interdependency between transmission and distribution sectors and b) generate appropriate RASs in real time.

Deep Learning

False Data Injection (FDI) Cyberattack

Hardware-in-the-Loop (HIL)

Lab-Scale Microgrid

Remedial Action Scheme (RAS)

Smart Transmission/Distribution System

Increasing Effectiveness of U.S. Counterintelligence: Domestic and International Micro-Restructuring Initiatives to Mitigate

Ferguson, Cody J.

20 August 2012

Approved for public release; distribution is unlimited. / Cyberespionage is a prolific threat that undermines the power projection capacity of the United States through reduced economic prowess and a narrowing of the technical advantage employed by the American military. International attempts to limit hostile cyber activity through the development of institutions, normative patterns of behavior, or assimilation of existing laws do not provide the American national security decision maker with a timely or effective solution to address these threats. Unfortunately, the stove-piped, redundant and inefficient nature of the U.S. counterintelligence community does not deliver a viable alternative to mitigating cyberespionage in an effective manner. Instituting a domestic and international micro-restructuring approach within the Department of Defense (DoD) addresses the need for increased effectiveness within an environment of fiscal responsibility. Domestic restructuring places emphasis on developing a forcing mechanism that compels the DoD counterintelligence services to develop joint approaches for combating cyberespionage by directly addressing the needs of the Combatant Commands. International restructuring places an emphasis on expanding cybersecurity cooperation to like-minded nations and specifically explores the opportunity and challenges for increased cyber cooperation with Taiwan. This approach recognizes that Taiwan and the United States are both negatively affected from hostile cyber activity derived from within the People’s Republic of China.

Counterintelligence

Reform

Restructuring

Effectiveness

Counterespionage

Counter-espionage

Cyberespionage

Cyber-espionage

Cybersecurity

Cyber-security

Cyberattack

Cyber-attack

Taiwan

Naval Criminal Investigative Service

NCIS

AFOSI

Law Enforcement

Micro-restructing

Skydd och incidentrespons inom IT-säkerhet : En studie kring utvecklingen av ransomware / Protection and incident response within IT-security: A study about the development of ransomware

Ericson, Christoffer, Derek, Nick

January 2023

Cybersäkerhet är ett konstant växande hot mot organisationer, genom det ständigt ökade digitaliserade samhället, dock finns tecken på att medvetenheten hos organisationer ökar vad gäller cyberattacker och cybersäkerhet. Cyberattacker kan skapa konsekvenser som kan förhindra organisationens verksamhet. Detta lägger grunden till arbetet, att se hur försvarsförmågan har utvecklats. I värsta fall medför en cyberattack konsekvenser som kan äventyra en organisations överlevnadsförmåga. I och med det nya hotet ransomware, där hotaktören krypterar offrets filer och sedan kräver en lösensumma, har konsekvenserna kraftigt kommit att bli mer fatala. Metoderna för ransomware utvecklas av hotaktörerna vilket kan bidra till mer än bara ekonomiska konsekvenser för organisationen. Mot ransomware gäller i stort samma skyddsåtgärder som mot alla former av cyberattacker, däremot finns en del särskilt viktiga aspekter som belyses i detta arbete, till exempel implementering av backups, adekvat dataskydd samt god Patch Management (d.v.s. protokoll för att åtgärda sårbarheter i programvara). I arbetet sammanställs en branschkonsensus för hur organisationer skall arbeta gentemot cyberattacker, specifikt ransomwareattacker. Detta har gjorts genom en litteratur- och kvalitativ intervjustudie, som sedan har analyserats och diskuterats. Intervjustudien har genomförts hos organisationer som bedöms lämpliga för detta då de dagligen arbetar med cybersäkerhet. En av rekommendationerna är att ha en bra backuprutin, där man skapar, distribuerar och testar dessa. Genom arbetet belyses även hur god patch management bör implementeras. Slutligen presenteras även en ny metod, Ransomware 3.0 där hotaktörer stjäl en organisations IT-miljö för att sedan radera denna lokalt hos organisationen och sedan säljer tillbaka denna, som används av hotaktörerna, som hittills varit okänd, där vidare forskning bör vidtas. / Cybersecurity is a constantly growing threat against organisations due to the increasingly digitalisation of society, although there are signs that the consciousness at organisations has increased regarding cyberattacks and cybersecurity. Cyberattacks can create consequences that can restrain an organisations operations. This creates the foundation for this study, to see how the defence capabilities has developed. A cyberattack can, in the worst case scenario, threaten an organisations ability to survive. In regards to the new threat, ransomware, where the threat actor encrypts the victim’s files and demands a ransom, the consequences can be fatal. The new methods associated with ransomware, where the threat actor also exfiltrates the victim’s files, strongly impact the organisations ability to operate. This could lead to economic consequences, as well as damages towards stakeholder relations. Most protective measures applies towards ransomware, however there are some especially important aspects that are presented in this paper, such as implementation of backups, sufficient data protection as well as good Patch Management (protocol to patch vulnerabilities in software). In this paper, an industry consensus on how organisations should work against cyberattacks, especially ransomware, is compiled. This was performed through a litterature and a qualitative interview study. Both studies has been analysed and discussed.The interview study has been accomplished by interviewing appropriate organisations that work with cyber security daily. One of the recommendations is to have a good backup protocol, which implies creating, distributing and testing these backups. This paper also presents how a good patch management should be implemented. Finally, this paper presents a new method, Ransomware 3.0 where the threat actor steals an organisations IT environment, and then destroys the local copy at the organisation to then sell it back, that is used by the threat actors, that is still uncommon knowledge, where continued research have to be conducted.

IT-security

Cyber Security

Data Security

IT Attack

Cyber Attack

Data Exfiltration

Ransomware

Backup

Encryption

Patch Management

Risk Management

Incident Response

Compliance.

IT-säkerhet

Cybersäkerhet

Datasäkerhet

IT-angrepp

Cyberattack

Dataläcka

Ransomware

Backup

Kryptering

Patch Management

Riskhantering

Incidentrespons

Regelefterlevnad.

Engineering and Technology

Teknik och teknologier

Cyberattaques et droit international public : de la négociation entre États à l’intégration des acteurs privés pour parvenir à la cyberpaix

Baudin, Laura

01 1900

Le cyberespace a radicalement changé la donne sur le plan de la sécurité internationale, modifiant la représentation que nous pouvions avoir de la guerre. Nous assistons aujourd’hui à une nouvelle forme de conflit où l’information constitue à la fois un support d’action, mais également un actif sensible qu’il convient de maitriser. L’encadrement des comportements dans le cyberespace est donc devenu de facto un impératif pour maintenir sa stabilité. C’est ainsi que de nombreuses initiatives ont été amorcées tant par les États (par exemple avec la création du groupe d’experts gouvernementaux en charge des progrès des technologies de l’information et des communications dans un contexte de sécurité internationale), que par les acteurs privés (normes alternatives en tout genre). Cependant, leur convergence n’est que partielle leurs positionnements géopolitiques et stratégiques divergents considérablement. Alors que les États veulent préserver leur marge de manœuvre dans le cyberespace, les acteurs privés souhaiteraient quant à eux assurer la continuité et le développement de leurs activités par la création d’un cadre juridique contraignant les comportements étatiques. Notre travail de recherche vise ainsi à trouver une solution au clivage entre ces différents acteurs. Selon nous, peu importe les perceptions et les désirs de chacun ; si un encadrement juridique du cyberespace doit voir le jour en droit international, celui-ci ne pourra aboutir sans le concours des États et des acteurs privés qui doivent donc collaborer. Cependant, il est essentiel de ne pas s’abandonner dans une quête de l’idéal, et ce en adoptant une démarche pragmatique ancrée dans la réalité. La régulation du cyberespace étant multiple en ce sens où chaque acteur est la source d’un flux normatif précis (réglementation étatique et régulation technique), il convient de trouver le moyen de faire coïncider leurs approches, tout en conservant la place de chacun dans l’ordre international pour éviter tensions et conflits. Dans notre travail de recherche, nous avons fait le choix de présenter notre argumentation en quatre temps. Il s’agit tout d’abord de rappeler les spécificités du cyberespace faisant de lui un lieu de conflits à part entière (Chapitre 1). Dans un second temps, nous expliquerons cette volonté des États de vouloir rendre à tout prix applicable aux cyber-attaques, un droit international pourtant inadapté aux défis techniques posés par ces nouvelles armes (Chapitre 2). Les acteurs privés étant les grands experts du réseau, nous étudierons dans un troisième temps les initiatives normatives qu’ils ont su mettre en place, celles-ci venant d’ailleurs concurrencer le travail de réflexion mené par les États (Chapitre 3). Finalement, nous arriverons à la conclusion que la cyberpaix ne sera réellement possible que si trois éléments sont réunis : la corégulation, l’internormativité et la confiance entre les États et les acteurs privés (Chapitre 4). / Cyberspace has radically changed international security, altering our understanding of warfare. Today, we are witnessing a new form of conflict in which information is both a medium for action and a sensitive asset that must be controlled. In order to maintain the stability of cyberspace, it has de facto become imperative to regulate actions in cyberspace. For this reason, many initiatives have been started by States (for example, the Group of Governmental Experts in the Field of Information and Telecommunications in the Context of International Security) and by private actors (various alternative norms). However, their convergence is only partial, as their geopolitical and strategic positions diverge considerably. While States want to preserve their room for maneuver in cyberspace, private actors would like to ensure the continuity and development of their activities by creating a legal framework which constrains the behavior of States. This research project seeks to find a solution to the divide between these different actors. From our point of view, regardless of one's perceptions and desires, a legal framework for cyberspace in international law will see the light of day only if States and private actors cooperate. However, it is essential that we do not abandon ourselves to a quest for the ideal and adopt a pragmatic approach that is rooted in reality. Because the regulation of cyberspace is animated by multiple sources of norms stemming from different actors (state regulation and technical rules), it is necessary to find a way to make their approaches coincide, while preserving everyone's place in the international order to avoid tensions and conflicts. In our research, we have chosen to present our argument in four chapters. We first recount the features of cyberspace that make it a place of conflict in its own right (Chapter 1). Second, we explain the desire of States to apply international law to cyber-attacks, although it is ill-suited to the technical challenges posed by these new weapons (Chapter 2). Third, given that private actors are the major experts of the network, we will examine the normative initiatives that they put in place and that compete with the work carried out by States (Chapter 3). Finally, we will come to the conclusion that cyberpeace will be possible only if three elements are brought together: coregulation, internormativity, and trust between States and private actors (Chapter 4).

cyberattaque

cyberespace

cyberpaix

droit international public

encadrement juridique

applicabilité

adaptabilité

analogie

États

acteurs privés

GAFAM-BATX

groupe d’experts gouvernementaux

ONU

corégulation

internormativité

pluralisme

cyberattack

cyberpeace

public international law

legal framework

enforceability

adaptability

analogy

States

private actors

group of governmental experts

UN

co-regulation

internormativity

pluralism

DESIGN AND DEVELOPMENT OF A REAL-TIME CYBER-PHYSICAL TESTBED FOR CYBERSECURITY RESEARCH

Vasileios Theos (16615761)

03 August 2023

<p>Modern reactors promise enhanced capabilities not previously possible including integration with the smart grid, remote monitoring, reduced operation and maintenance costs, and more efficient operation. . Modern reactors are designed for installation to remote areas and integration to the electric smart grid, which would require the need for secure undisturbed remote control and the implementation of two-way communications and advanced digital technologies. However, two-way communications between the reactor facility, the enterprise network and the grid would require continuous operation data transmission. This would necessitate a deep understanding of cybersecurity and the development of a robust cybersecurity management plan in all reactor communication networks. Currently, there is a limited number of testbeds, mostly virtual, to perform cybersecurity research and investigate and demonstrate cybersecurity implementations in a nuclear environment. To fill this gap, the goal of this thesis is the development of a real-time cyber-physical testbed with real operational and information technology data to allow for cybersecurity research in a representative nuclear environment. In this thesis, a prototypic cyber-physical testbed was designed, built, tested, and installed in PUR-1. The cyber-physical testbed consists of an Auxiliary Moderator Displacement Rod (AMDR) that experimentally simulates a regulating rod, several sensors, and digital controllers mirroring Purdue University Reactor One (PUR-1) operation. The cyber-physical testbed is monitored and controlled remotely from the Remote Monitoring and Simulation Station (RMSS), located in another building with no line of sight to the reactor room. The design, construction and testing of the cyber-physical testbed are presented along with its capabilities and limitations. The cyber-physical testbed network architecture enables the performance of simulated cyberattacks including false data injection and denial of service. Utilizing the RMSS setup, collected information from the cyber-physical testbed is compared with real-time operational PUR-1 data in order to evaluate system response under simulated cyber events. Furthermore, a physics-based model is developed and benchmarked to simulate physical phenomena in PUR-1 reactor pool and provide information about reactor parameters that cannot be collected from reactor instrumentation system.</p>

advanced nuclear reactors

I&C Architecture

Cybersecurity

Digital Twin (DT)

Penetration Testing

Cyberattack

Nuclear Reactor

PUR-1

Industrial Control System (ICS)