MANAGERS’ PERCEIVED UNDERSTANDING AND INFLUENCE ON CYBERSECURITY READINESS : Identifying Barriers, Associated Risks, and Strategies

Egelrud, Andrea, Selberg, Jonas

January 2023

Organizations need to protect themselves from cyber threats and a variety of methods exist to mitigate these risks. Factors such as rapid digitalization, expedited by Covid-19, have only made cybersecurity threats a growing concern. Most research within the IS field has focused on technical methods to mitigate risk, leaving non-technical methods less explored. The aim of this study was to develop a deeper understanding of managers’, at different levels, perceived understanding, and influence to achieve cybersecurity readiness in order to identify barriers. Further, an objective was to develop possible strategies to mitigate identified risks associated with these barriers. To fulfill this aim, a case study was conducted at a municipality-owned organization who have taken the initiative to raise cybersecurity awareness. Six interviews were conducted with managers from both senior- and middle management, and cybersecurity governance documents were collected. In our findings, we identified three main themes with associated barriers to achieving cybersecurity readiness. These include barriers associated with (1) organizational and managerial factors, (2) pitfalls in communication, and (3) policy and instructions. The study contributes to an understanding of different barriers that managers at different levels might perceive and suggests possible strategies for mitigating the risks associated with said barriers.

Cybersecurity readiness

Cybersecurity threats

Cybersecurity governance

Cybersecurity management

Policy and Instructions

Information Systems, Social aspects

Cybersecurity for Networked Control System

Tang, Jiacheng

30 August 2022

No description available.

Electrical Engineering

Cybersecurity, Control System

Cybersecurity of Energy Hubs in Smart Grids

Pazouki, Samaneh

01 December 2023

Smart grid is about integration of distributed energy resources (DERs) into the energy systems, especially electricity grid. DERs include renewable energy resources such as wind and solar, energy storages such as electrical and thermal energy storage, demand response programs, smart homes, and electric vehicles with their charging stations. DERs have significant advantages such as reduction of operation costs, emission, and peak as well as the increase of reliability, resiliency, stability, and voltage profile in smart grids. They also prevent establishment of fossil fuel power plants and expansion of transmission lines by locating in electricity distribution grid and transmission lines. The advantages approve the financial, technical, and environmental effects of the DERs in smart grids. An operation/planning approach such as EHs/IEHs is required to utilization of DERs in the Smart Grid. EH is a super node in electricity power system which connects different energy networks such as gas, electricity, heating, or cooling. The EH can be developed by DERs for operation and planning purposes. The EHs can be located in different parts of the energy networks to form IEHs. Despite the significant advantages of utilization of DERs in EHs of Smart Grids, they should be utilized by information and communication technologies (ICTs), which results in Cyber-Physical Power Systems (CPPSs) vulnerable to different cyberattacks. The vulnerability of DERs in EHs of Smart Grid leads to jeopardizing the reliability, stability, and resiliency of power systems since integrity, confidentiality, or availability cyberattacks might bypass the detection systems to take control of DERs for malicious purposes such as congestion, cascading failure, blackout, undervoltage/overvoltage, or costs. In this research, some cyberattacks are modeled on DERs in EHs and IEHs of Smart Grid, and the vulnerabilities of DERs to the cyberattacks in the developed EHs/IEs are approved: First, an integrity cyberattack is modeled and applied to the DR program (time/incentive-based) in the developed EH in electricity distribution grid in order to control the performance of the EH and its negative effects on the grid. The attacker aims to manipulate the system by both raising peak demand and lowering customers' energy bills simultaneously. This strategy is designed to deceive customers into participating in falsified Demand Response (DR) programs, ultimately leading to an increase in the overall peak demands of the system which jeopardizes the reliability of the system. Second, an integrity FDI cyberattack is modeled and applied on the developed IEHs in transmission lines in order to control the performance of the IEH and its negative effects on the transmission lines. This cyberattack is modeled to manipulate the transmission lines energy demands in order to threaten reliability and stability of the system by bypassing detection systems. Finally, the attacker targets the developed EHs integrated by DERs by maximizing the costs associated with operation, emission, and energy not supplied costs. The attacker objective is to adversely affect the financial, technical, and environmental advantages of integration of DERs to the system. Hence, powerful remedial actions are required to alleviate the adverse effects of DERs, manipulated by attackers, in the developed EHs. Therefore, a remedial action is designed by min-max formulation in order to mitigate the adverse effects of DERs on financial, technical, and environmental terms. The remedial action reduces the imposed costs by changing the status of EH devices. The results highlight the role of DERs in reducing costs and emphasize the need for their proactive security measures in cyber-physical power systems.

Cybersecurity

Energy Hubs

Smart Grid

Cybersecurity Capabilities in a Critical Infrastructure Sector of a Developing Nation

Catota Quintana, Frankie

01 December 2016

When information technology is incorporated into the operations of financial critical infrastructure, it brings with it a range of cyber risks, and mitigating them requires that firms and regulators develop capabilities to foster protection. The sophistication of cyber threats to the financial sector has been growing rapidly. Developed nations have worked hard to improve their knowledge of these threats and establish strategies to respond accordingly. However, in developing nations, both the understanding of the risks posed by cyber threats and the ability to address those risks have been slower to evolve. Developing the needed cybersecurity capabilities in developing countries encounter challenges that need to be identified and addressed. In order to begin to do that, this thesis reports on three studies conducted in the context of Ecuador. The first study identifies and assesses incident experiences, challenges, barriers, and desired actions reported by financial security managers with the objective of identifying strategies to enhance incident response capabilities. The second study begins with the security incidents reported by the Ecuadorian financial stakeholders during the first study and assesses the potential effectiveness of the government policy that is intended to address IT risk in the financial sector. The third study explores the challenges that universities face in order to provide cybersecurity instruction to protect critical infrastructure and explores potential strategies to advance cybersecurity education at the university level. In support of this work we collected data from national practitioners involved in responding to security incidents and in developing cybersecurity skills. Sixty-one in-depth, semi-structured interviews across five cities were conducted (95% in person, the rest by telephone) with respondents who had good knowledge in the subjects. Respondents come mainly from: the financial sector (CISOs, risk and IT managers, security chiefs, security officers, authorities); telecommunications sector, especially ISPs (managers, directors, engineers, authorities); and academia (deans, directors, professors). We transcribed all the interviews, coded them and conducted qualitative text analysis. This research finds that (1) the financial sector is already facing risks driven by outsiders and insiders that lead to fraud and operational errors and failures. The main barriers to improving protection are small team size, network visibility, inadequate internal coordination, technology updating, lack of training, and lack of awareness. The sector has little community support to respond to incidents, and the national legal framework has not supported appropriate prosecution of cyber criminals; (2) the national IT risk management policy has reasonably covered most countermeasures related to reported security incidents. There are however, several areas of gap, one of the most important is network security, which can enable sophisticated malware attacks; (3) today the level of cybersecurity education is mostly elementary in Ecuador. Academic interviewees at only four of the thirteen universities studied expressed confidence that they can provide students with reasonable preparation. Ecuador needs to design a national cybersecurity plan that prioritizes protection for critical infrastructure and should support strategies that allow the country to enhance cybersecurity capabilities. Properly designed these initiatives should allow the nation to develop a core structure to confront current and emergent cyber challenges in the financial sector and other critical national operations, and build the human resources necessary to continue that effort.

capacity building

cybersecurity capabilities

cybersecurity education

cybersecurity policy

developing nations

incident response

Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs

Goode, Jodi

01 January 2018

Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities to organizations. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills, which allow for identification of security threats along with the proper course of action to mitigate such threats. In addition, awareness of the importance of cybersecurity, the responsibility of protecting organizational data, as well as of emerging cybersecurity threats is quickly becoming essential as the threat landscape increases in sophistication at an alarming rate. Security education, training, and awareness (SETA) programs can be used to empower employees, who are often cited as the weakest link in information systems (IS) security due to limited knowledge and lacking skillsets. Quality SETA programs not only focus on raising employee awareness of responsibilities in relation to their organizations’ information assets but also train on the consequences of abuse while providing the necessary skills to help fulfill these requirements. The main goal of this research study was to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two SETA program types (typical & socio-technical) and two SETA delivery methods (face-to-face & online). This study included a mixed method approach combining an expert panel, developmental research, and quantitative data collection. A panel of subject matter experts (SMEs) reviewed the proposed SETA program topics and measurement criteria for CCA per the Delphi methodology. The SMEs’ responses were incorporated into the development of two SETA program types with integrated vignette-based assessment of CCA and CyS, which were delivered via two methods. Vignette-based assessment provided a nonintrusive way of measurement in a pre- and post-assessment format. Once the programs had been reviewed by the SMEs to ensure validity and reliability, per the Delphi methodology, randomly assigned participants were asked to complete the pre-assessment, the SETA program, and then the post-assessment providing for the qualitative phase of the study. Data collected was analyzed using analysis of variance (ANOVA) and analysis of covariance (ANCOVA) to address the proposed research hypothesis. Recommendations for SETA program type and delivery method as a result of data analysis are provided.

Information technology Cybersecurity

cybersecurity countermeasures awareness

cybersecurity skills

security

security education

training

and awareness (SETA)

Computer Sciences

DEVELOPING TRAINING MATERIALS TO SUPPLEMENT THE INDIANA CYBERSECURITY SCORECARD

Madison Renae Thomas (11226636)

20 July 2022

<p> Cybersecurity is an important aspect of all businesses as well as the public sector. As information technology becomes more interconnected with our everyday lives, it opens more opportunities for network vulnerabilities and therefore more breach opportunities. Previous work within the State of Indiana has produced a cybersecurity scorecard but leaves those using the scorecard with no way to improve their scores. This research is conducted to help Indiana counties improve their cybersecurity practices with a limited budget. As well, this research and implementation guide will be accessible in a way that any employee at the county level, despite their cybersecurity knowledge, will have a solid foundation on where to begin to improve their score. The goal of this study is to develop a framework that identifies the weaknesses in an Indiana county's response to the Cybersecurity Scorecard and provides resources to improve their scores. The framework should identify the specific issues and give definitions or resources for the counties to use to improve their score. </p>

cybersecurity

information technology

cybersecurity education

computer science education

training

computer science training

cybersecurity training

Internetová a počítačová kriminalita / The principle of subsidiarity of criminal law

Čikovský, Jan

January 2013

The internet and computer criminality is a part of a cybercrime which is a very wide and relatively inhomogeneous category of criminal offences. The master's thesis focuses on criminal offences against confidentiality, integrity and availability of computer data and computer systems. These cyber attacks can endanger the cyber security at the national level and inflict immeasurable damage. In the present day, a Cybersecurity Act is being prepared in the Czech Republic whose goal is to respond to these attacks. Master's thesis examines especially penal aspects of this law. Moreover, a large space in the thesis is devoted to the recently ratified Convention on Cybercrime. Besides the two above-mentioned legal norms the master's thesis arises from the Czech and foreign legal regulation and case law, for which it uses literature available in the Czech, English or German language. With regard to the chosen topic, it has been necessary to use also considerable amount of a non-legal literature. The whole work is divided into six chapters. The first chapter provides a brief introduction into the topic and also short explanations of the basic terms. Chapter two provides questions about legitimacy and beneficial effect of a state regulation in the cyberspace which are of a partially philosophical character....

FinTech: The role of Perceived cybersecurity and Organizational trust

Laurent, David, Sinz, Robin

January 2019

Context: The advent of the Information and Communication Technologies mostly referred to “digitalization”; offers a new paradigm. Information technology is now perceived as a disruptive innovation capable of shaking up the traditional financial industry. On one side and as a result of the former trend, a new taxonomy emerged under the name of “FinTech” corresponding to the embracement of “digitalization”. FinTech is implicated in the process of disintermediation through innovation. On the other hand and due to the recent incidents at the macroeconomic level such as the 2008 financial crisis or even more recently the Snowden case; the regulatory environment is undergoing drastic changes. Even though the changing regulatory environment firstly acted as a catalyst by promoting the FinTech phenomenon into the spotlight, it inherently touched upon one of the prominent challenges of “FinTech”: to the extent Information Security. Along the line, the FinTech ecosystem which is symbolized by the “Always Available” expression conveys an explicit statement which is yet challenged by the threat of cyberattacks and emphasized by the duality between availability and security. The existing paradox reasserts the growing need for trust from a customer perspective.   Purpose: In this thesis, the authors aimed to investigate the information security and consumer trust challenges within the FinTech ecosystem by empirically testing the customer’s perceptions on the variables that are likely to affect technological adoption   Design/Methodology/approach: A cross sectional quantitative study was conducted with the distribution of a self-completion questionnaire to FinTech customers in Sweden. The designed conceptual model was built on the previous work of Stewart &amp; Jürjens (2018). Stewart and Jürjens (2018) extended the TAM model by considering: Data Security, Customer Trust, Value Added, User Design Interface and FinTech Promotion. In this thesis, the authors adapted Stewart and Jürjens model (2018) by redefining “Data Security” and “Customer Trust”. Three regressions have been performed: one binary logistic regression and two multiple regressions.   Findings: We first ran a principal component analysis in order to reduce dimensionality within our questionnaire. We performed a PCA with an oblique rotation which helped us to produce factor scores. Based on the binary logistic regression, we found out that only Perceived Usefulness and Device security was significantly affecting our respondent’s payment intention. The multiple regression intending to predict the respondent’s intention to use based the on the factor scores from the PCA, revealed that Perceived Usefulness, Usability &amp; ergonomics, Device security and Organizational trust were significant. Lastly, the final regression suggested that Overall trust and security were significantly affecting the respondent’s intention to use. In essence, it appeared that both dimensions are affecting the technological acceptance of users of mobile payment applications.   Research Limitations/implications: There are multiple limitations to our study, the first one being the use of a convenience sampling. Therefore, our results lack of generalizations. Yet, the results of our study confirm what the antecedents of customer’s intention to use mobile payment applications are, to the extent that both security and trust matter.

FinTech; Cybersecurity; TAM; Trust

Business Administration

Företagsekonomi

Control-flow Integrity for Real-time Embedded Systems

Brown, Nicholas

27 April 2017

As embedded systems become more connected and more ubiquitous in mission- and safety-critical systems, embedded devices have become a high- value target for hackers and security researchers. Attacks on real-time embedded systems software can put lives in danger and put our critical infrastructure at risk. Despite this, security techniques for embedded systems have not been widely studied. Many existing software security techniques for general purpose computers rely on assumptions that do not hold in the embedded case. This thesis focuses on one such technique, control-flow integrity (CFI), that has been vetted as an effective countermeasure against control-flow hijacking attacks on general purpose computing systems. Without the process isolation and fine-grained memory protections provided by a general purpose computer with a rich operating system, CFI cannot provide any security guarantees. This thesis explores a way to use CFI on ARM Cortex-R devices running minimal real-time operating systems. We provide techniques for protecting runtime structures, isolating processes, and instrumenting compiled ARM binaries with CFI protection.

real-time

embedded

CFI

ARM

cybersecurity

Evaluating the Effectiveness of Sybil Attacks Against Peer-to-Peer Botnets

Verigin, Adam Louis

18 December 2013

Botnets are networks of computers which have been compromised by malicious software which enables a remotely located adversary to control them and focus their collective power on specific tasks. Botnets pose a significant global threat, with tangible political, economic and military ramifications and have resultingly become a field of significant interest within the cyber-security research community. While a number of effective defence techniques have been devised for botnets utilizing centralized command and control infrastructures, few of these techniques are suitable for defending against larger-scale peer-to-peer (P2P) botnets. In contrast, the sybil attack, combined with index poisoning is an established defence technique for P2P botnets. During a sybil attack, fake bots (\ie sybils) are inserted into the botnet. These sybils distribute fake commands to bots, causing them not to carry out illicit activities. Bots also then unwittingly redistribute the fake commands to other bots in the botnet. This work uses packet-level simulation of a Kademlia-based P2P botnet to evaluate 1) the impact that the location of sybils within the underlying network topology can have on the effectiveness of sybil attacks and 2) several potential optimizations to the placement of sybils within the underlying network topology. / Graduate / 0537 / 0544 / 0984

botnet

cybersecurity

peer-to-peer

sybil attack