Implementace nástroje pro řízení kybernetické bezpečnosti / Implementation of a tool for cyber security management

Strachová, Zuzana

January 2021

The thesis is focused on the implementation of a software tool to increase the effectiveness of cyber security management. The tool is implemented in a company preparing to be classified as a part of critical information infrastructure. Based on the customer's requirements, a suitable cyber security management tool is selected. Subsequently, I propose a methodology for implementing the tool, which I immediately apply. The output of the work is an implemented tool, risk analysis and security documentation required by law.

Vliv kybernetického terorismu na americkou bezpečnostní politiku / The Influence of Cyber Terrorism Threat on the American Security Policy

Rezek, Tomáš

January 2015

(English) The aim of this dissertation is to answer the question of whether the U.S. security policy is influenced by the threat of cyber terrorism. The dissertation is divided into chapters that can be regarded as steps in a logical reasoning process. In the first chapter, cyber space is introduced and described to illustrate its importance and complexity. The next chapter analytically compares various definitions of terrorism, and partially rejects the initial hypothesis that cyber terrorism is not included in the general definition of terrorism. The following chapter statistically analyzes the available data on terrorist groups and terrorist attacks to empirically confirm the hypothesis that terrorism is still a real threat to American security. The analysis actually proves that the threat of terrorism has not decreased in relation to the number of terrorist groups. It also shows that the number of terrorist attacks against the U.S. targets has significantly decreased in the United States, while terrorist actions have been increasing constantly on a global level. The analysis shows that the success rate of terrorists attacks does not form a time series, and therefore each terrorist attack has to be examined individually to assess its success probability. The following analysis reviews the...

How to paint a picture : A discourse analysis of the media portrayal of hacker attacks against vital societal functions in Sweden

Galyas, Viktoria

January 2023

In our highly digitalized society, the dependence on digital solutions and systems is integral to the function of society. While digitalization has brought numerous benefits, it has also exposed society to vulnerabilities, making it susceptible to cyberattacks. The structure of vital societal functions, involving private subcontractors and long and digital supply chains. Along with the cooperation between public and private entities having inherent weaknesses it has created a vulnerable system. As vital societal functions bear the responsibility for public services and the protection of the personal information in their possession, it is crucial that they remain open to critical examination. Due to the complexity of cybersecurity and closely related subjects, the media plays an important role in conveying a nuanced depiction of the hacker attacks and establishing important connections to closely related discourses. This is essential for fostering critical examination and public debate, especially considering the assumed limited prior knowledge of the public. This thesis examines in what way cyberattacks against vital societal functions are portrayed in the Swedish media discourses and what connections to closely related discourses are being made. The focus is specifically on New Public Management, Public-Private Partnership, and Digital Supply Chains. Through a discourses analysis using an analytical framework inspired by Carol Bacchi, this thesis concludes that cyberattacks against vital societal functions are represented in a simplified way. The vital connections to other discourses are few and weak, resulting in a content-poor discourse that possibly hinders both critical examination and a public discussion on the subject.

cybersecurity

vital societal functions

critical infrastructure

New Public Management (NPM)

outsourcing

privatization

Public Private Partnership (PPP)

Digital Supply Chain (DSC)

discourse

discourse analysis

discursive connections

Bacchi

Sweden

Political Science

Statsvetenskap

Ensuring Safety and Security in the Era of Digital Water : A qualitative study on the implications following the digital transformation of the Swedish water industry / Digitaliseringens effekt på vattensektorn ur ett säkerhetsperspektiv : En kvalitativ studie av den svenska VA-sektorns digitala transformation

BJÄRKBY, SARAH, VÄRNLUND, FRIDA

January 2021

As water systems are critical infrastructures, their continuous service is essential for maintaining vital functions of society. During the past decades, a number of severe global challenges have put increasing pressure on the water systems, threatening the quality and availability of water. Digitalization is expected to play a fundamental role in managing these challenges, making the digital transformation of the water industry an imperative rather than a choice for water utility providers. However, the implementation of digital solutions also entails a number of challenges, risks and vulnerabilities to water systems. As such, water utility providers are faced with increased complexity and uncertainty, where the safety and security of the system is at stake. This thesis addresses the potential implications of a digital transformation of the water industry by exploring how digitalization affects the Swedish water sector from a safety and security perspective. By doing so, the thesis aims to enhance the understanding of how Swedish water utility providers can manage its ongoing digital transformation. The thesis consists of a qualitative research study where interviews with 16 representatives from the Swedish water industry contributed with a broad perception of the implications of the digital transformation. Theory on high reliability organizations and resilience was applied to obtain a deeper understanding of what the potential safety and security implications may entail for Swedish water utilities in managing and reaping the benefits of their digital transformation. The study finds that representatives from the Swedish water sector mainly view benefits related to the efficiency of their operations from their ongoing digital transformation, while the mentioned drawbacks are generally related to their organizational abilities in managing the emerging risks and increased level of complexity. With increasing digitalization, Swedish water utilities coincide with the high reliability organization theory to a higher extent, which emphasizes the increasing importance of employing bothtechnical reliability and organizational resilience practices. This thesis concludes that technical reliability has historically been well-managed and prioritized by utilities, whilst organizational resilience has become an increasingly important aspect to focus on with increasing digitalization. Hence, practices of organizational resilience, such as incorporating clear strategies, integrating work between divisions and increasing follow-up from disturbances, should be employed on a wider scale among water utilities. / Då vattensystem är kritisk infrastruktur är deras kontinuerliga funktion avgörande för att upprätthålla vitala funktioner i samhället. Under de senaste decennierna har ett antal allvarliga globala utmaningar ökat trycket på vattensystemen, vilket hotar vattnets kvalitet och tillgänglighet. Digitalisering anses vara avgörande för att hantera dessa utmaningar, vilket gör digitalisering av vattenindustrin till en nödvändighet snarare än ett val för VA-bolag. Att implementera digitala lösningar medför emellertid också ett antal utmaningar, risker och sårbarheter för vattensystem. VA-bolagen står således inför en ökad komplexitet och osäkerhet där systemsäkerheten står på spel. Denna uppsats behandlar de potentiella implikationer som kan uppstå av en digital transformation av vattenindustrin genom att undersöka hur digitalisering påverkar den svenska VA-sektorn ur ett säkerhetsperspektiv. Genom detta syftar uppsatsen till att öka förståelsen för hur svenska VA-bolag kan hantera sin pågående digitalisering. En kvalitativ forskningsstudie har genomförts där intervjuer med 16 representanter från den svenska VA-sektorn bidrog med en bred uppfattning om digitaliseringens implikationer för den svenska VA-sektorn. Teori om high reliability organizations och resiliens användes för att fördjupa förståelsen för vad de potentiella säkerhetsimplikationerna kan innebära för svenska VAbolag, både för hantering av riskerna och för att ta till vara på fördelarna med den digitala transformationen. Studien visar att representanter från den svenska VA-sektorn, i deras pågående digitalisering, huvudsakligen ser fördelar relaterade till effektiviteten i vattenproduktionen, medan de nämnda nackdelarna i allmänhet är relaterade till deras egna förmågor att hantera de framväxande riskerna och den ökade komplexiteten. Med ökad digitalisering kan svenska VA-bolag i högre utsträckning beskrivas med teori kring high reliability organizations, vilket medför en ökad vikt av att arbeta med både teknisk tillförlitlighet och organisatorisk resiliens. Teknisk tillförlitlighet har historiskt hanterats väl och prioriterats av VA-bolag, medan organisatorisk resiliens har blivit allt viktigare att fokusera på med ökad digitalisering. Därför drar denna uppsats slutsatsen att arbete med organisatorisk resiliens, såsom att införa tydliga strategier, integrera arbetet mellan avdelningar och öka uppföljningsarbetet efter störningar, bör utföras i större skala bland VA-bolag.

Digital transformation

Water 4.0

Water utilities

Swedish water industry

Critical infrastructure

Safety and security

Resilience

High reliability organizations

Digitalisering

Vattensystem

Water 4.0

VA-bolag

Svenska vattenindustrin

Kritisk infrastruktur

Säkerhet

Resiliens

High reliability organizations

Engineering and Technology

Teknik och teknologier

Dynamic Analysis of Levee Infrastructure Failure Risk: A Framework for Enhanced Critical Infrastructure Management

Lam, Juan Carlos

18 June 2012

Current models that assess infrastructure failure risk are "linear," and therefore, only consider the direct influence attributed to each factor that defines risk. These models do not consider the undeniable relationships that exist among these parameters. In reality, factors that define risk are interdependent and influence each other in a "non-linear" fashion through feedback effects. Current infrastructure failure risk assessment models are also static, and do not allow infrastructure managers and decision makers to evaluate the impacts over time, especially the long-term impact of risk mitigation actions. Factors that define infrastructure failure risk are in constant change. In a strategic manner, this research proposes a new risk-based infrastructure management framework and supporting system, Risk-Based Dynamic Infrastructure Management System (RiskDIMS), which moves from linear to non-linear risk assessment by applying systems engineering methods and analogs developed to address non-linear complex problems. The approach suggests dynamically integrating principal factors that define infrastructure failure risk using a unique platform that leverages Geospatial Information System services and extensions in an unprecedented manner. RiskDIMS is expected to produce results that are often counterintuitive and unexpected, but aligned to our complex reality, suggesting that the combination of geospatial and temporal analyses is required for sustainable risk-based decision making. To better illustrate the value added of temporal analysis in risk assessment, this study also develops and implements a non-linear dynamic model to simulate the behavior over time of infrastructure failure risk associated with an existing network of levees in New Orleans due to diverse infrastructure management investments. Although, the framework and RiskDIMS are discussed here in the context of levees, the concept applies to other critical infrastructure assets and systems. This research aims to become the foundation for future risk analysis system implementation. / Master of Science

systems engineering

system of systems

system dynamics

geospatial analysis

geographic information system

cloud computing

service-oriented architecture

Markov chains

infrastructure management

decision making

infrastructure failure

risk

levees

flood protection

critical infrastructure

網路恐怖主義與美國防治政策 / Cyberterrorism and the U.S. Prevention Policies

黃書賢, Huang, Shu Hsien

Unknown Date

網路恐怖主義（Cyberterrorism）為「網際網路」（Internet）與「恐怖主義」（terrorism）相互結合之產物，指恐怖份子為求引發嚴重破壞，並造成平民死傷，透過網際網路入侵國家關鍵基礎設施（critical infrastructures），並以之要脅政府或人民完成其政治性、宗教性或社會性目標。至2012年7月為止，對於網路恐怖主義相關議題之討論雖已持續約30年之久，然而各界對於網路恐怖主義之「定義」及「威脅性」兩項基本問題，仍然眾說紛紜，無法取得一致共識，而全球各地缺乏網路恐怖攻擊之實際案例之情況，亦使爭辯益加激烈。 　　在美國政府方面，經過2001年911事件的重大衝擊，其對於恐怖主義相關議題之敏感程度已大幅提高，並陸續制定多項反恐政策。美國是當前國際反恐行動的領導者，既為軍事與科技大國，同時也是諸多國際恐怖組織策劃攻擊之主要目標，有鑑於此，美國政府致力於防治網路恐怖主義，保護國內關鍵基礎設施不受侵襲，以維持社會安定及國家安全，其因應方式足以成為世界各國制定類似政策之重要參考對象。 　　本論文經由探討網路恐怖主義之基本意涵，比較「網路恐怖主義」、「網路犯罪」及「網路戰爭」三個概念之間的差異，嘗試針對網路恐怖主義形成明確之界定；接著綜整各界針對網路恐怖主義威脅性之爭論，以了解網路恐怖主義之真實威脅程度；最後觀察美國自柯林頓（Clinton）政府至今，有關防治網路恐怖主義政策之一系列發展、美國政府如何評估網路恐怖主義之威脅，以及在當前的政策架構之下，為保護國內關鍵基礎設施，其相對應之具體措施為何，試圖對於其整體政策建立客觀評價。 / Cyberterrorism, the convergence of “Internet” and “terrorism,” refers to the specific terrorist activities that were intended to cause massive destruction and casualties, proceeded by intruding the supervisory control and data acquisition (SCADA) systems of national critical infrastructures via the Internet. Even though the discussion of the related issues of Cyberterrorism has continued for nearly 30 years now, neither the definition nor the evaluation of potential threat concerning Cyberterrorism has been settled. No consensus has been achieved. Furthermore, the lack of actual cases of Cyberterrorism attack around the world makes the debates even more intense. After the significant impact of September 11, 2001, the U.S. government has substantially raised the degree of sensitivity of the issues related to terrorism and developed a number of counter-terrorism policies. As the leader of the Global War on Terror and the greatest Power in the world, the U.S. is also the main target of many terrorist groups. With its military and scientific capabilities, the practices of the U.S. government on preventing Cyberterrorism, protecting its domestic critical infrastructures from intrusion, and maintaining social stability and national security would be excellent examples to other nations for the development of their own policies. To clarify the explicit definition of Cyberterrorism, this research refined the basic meaning of Cyberterrorism and distinguished differences among three related concepts: Cyberterrorism, Cybercrime, and Cyberwar. Moreover, this research sought to induct major arguments brought up by scholars in many intense debates on the extent of Cyberterrorism threat. Last but not least, by observing development of the U.S. related policy frameworks, how the U.S. government evaluates the extent of Cyberterrorism threat, and the corresponding measures for protecting the U.S. domestic critical infrastructures, this research presented an objective assessment on the U.S. overall counter-Cyberterrorism policies.

網路恐怖主義

美國反恐政策

網路犯罪

網路戰爭

保護關鍵基礎設施

國土安全部

網路空間安全國家戰略

Cyberterrorism

U.S. Counter-Cyberterrorism Policies

Cybercrime

Cyberwar

Critical Infrastructure Protection