A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats

Munir, Rashid

January 2014

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically.

Online Dynamic Security Assessment Using Phasor Measurement Unit and Forecasted Load

January 2017

abstract: On-line dynamic security assessment (DSA) analysis has been developed and applied in several power dispatching control centers. Existing applications of DSA systems are limited by the assumption of the present system operating conditions and computational speeds. To overcome these obstacles, this research developed a novel two-stage DSA system to provide periodic security prediction in real time. The major contribution of this research is to develop an open source on-line DSA system incorporated with Phasor Measurement Unit (PMU) data and forecast load. The pre-fault prediction of the system can provide more accurate assessment of the system and minimize the disadvantage of a low computational speed of time domain simulation. This Thesis describes the development of the novel two-stage on-line DSA scheme using phasor measurement and load forecasting data. The computational scheme of the new system determines the steady state stability and identifies endangerments in a small time frame near real time. The new on-line DSA system will periodically examine system status and predict system endangerments in the near future every 30 minutes. System real-time operating conditions will be determined by state estimation using phasor measurement data. The assessment of transient stability is carried out by running the time-domain simulation using a forecast working point as the initial condition. The forecast operating point is calculated by DC optimal power flow based on forecast load. / Dissertation/Thesis / Masters Thesis Electrical Engineering 2017

Electrical engineering

Automation

Dynamic Security Assessment

Load Forecast

Phasor Measurement Unit

Time Domain

Transient Stability

Design and implementation of a framework for security metrics creation / Konstruktion och användning av ett ramverk för säkerhetsmetriker

Lundholm, Kristoffer

January 2009

Measuring information security is the key to unlocking the knowledge of how secure information systems really are. In order to perform these measurements, security metrics can be used. Since all systems and organizations are different, there is no single set of metrics that is generally applicable. In order to help organizations create metrics, this thesis will present a metrics creation framework providing a structured way of creating the necessary metrics for any information system. The framework takes a high level information security goal as input, and transforms it to metrics using decomposition of goals that are then inserted into a template. The thesis also presents a set of metrics based on a minimum level of information security produced by the Swedish emergency management agency. This set of metrics can be used to show compliance with the minimum level or as a base when a more extensive metrics program is created.

Information security

Metrics framework

Security assessment

Computer and Information Sciences

Data- och informationsvetenskap

Extending a Platform for IT-Security Exercises

Björn, Johan

January 2011

The Swedish Defence Research Agency, FOI, has developed a platform that is used to train and study IT-security. This platform was used during the cyber Baltic shield, an international cyber security exercise. During the exercise, a number of teams acting as system administrators, tried to secure and defend the system of a fictive power supply company. Another team acted as a terrorist organisation with the goal to compromise the systems of the power supply companies and shut down their power generators. FOI has also developed a security assessment method, named XMASS, which is implemented in a software tool called SANTA. This can be used to model a networked IT-system and get a picture of its current state of security. This thesis aims to integrate the tool, SANTA, with the platform for cyber security exercises to get the ability to visualise a system and analyse its security during an IT-security exercise. The thesis also identifies some problems with XMASS regarding how traffic mediators, for example firewalls, are modelled. A literature review is performed to get a picture of the current state of research on security assessment methods and leads to a proposition of a new model for traffic mediators.

IT-Security

IT-Security Assessment

IT-Security Exercise

Traffic Filtering

Firewalls

Computer and Information Sciences

Data- och informationsvetenskap

Vplyv regulácií ISO 27001 a SOX na riadenie bezpečnosti informácií podniku / Impact of regulations ISO 27001 and SOX on information security management in enterprises

Bystrianska, Lucia

January 2015

The master thesis has analytical character and focuses on information security issues in enterprises. The mail goal of this thesis is to evaluate the impact of implemented standard ISO/IEC 27001 and regulation by American law SOX to overall information security. In order to preform the analysis, two medium-sized companies from the segment of services were selected: the first one with ISO/IEC 27001 certification and the second one regulated by SOX. The structure of the thesis contributes gradually with its steps to meet the goal. The first three chapters provide a theoretical basis for the analysis of information security. They contain a summary of key processes and tools essential for ensuring the information security and are based on the best practices included within the latest standards and methodologies and on practical experience. These chapters provide the basis for an evaluation guidance including criteria groups and defined variants of implemented security, which is described in the fourth chapter. The analysis of information security and the impact of regulations is part of the fifth chapter of this document. The sixth chapter contains final assessment and comparison of the impact, which the regulations have on information security of the selected companies. The final chapter summarizes and evaluates the results achieved with regards to the goal.

Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal of ICT Modification

Šivák, Ivan

January 2020

This paper is focusing on the company analysis of Kolumbus PM. Moreover, the information system has been faced with deeper analysis. Finding the weaknesses of the information system and improvement suggestions was a major purpose. Prepared concept of changes leading to information system improvements is the result of this thesis.

Remedial Action Schemes Derived from Dynamic Security Assessment

GAO, XIANG

January 2012

Electric power is becoming more and more important in the modern world. Since most electric power utilizations should be supplied by the power transmission and distribution system, the security of power system is paid more and more heed to nowadays. All over the world, there are some trends to introduce the deregulated power system into the power system operation, and to increase the stability of electric power supply. As a result, making accurate predictions for the power system operating conditions is an important task for the current power system research. The research mainly interests in checking if the operating conditions are acceptable after contingencies. Dynamic Security Assessment (DSA) is proposed and studied under such context. One tool to implement the DSA is to create the Stability Indices (SI) system. The SI system is used to indicate the operating conditions for the power system. This master thesis project aims to develop the appropriate Remedial Actions Scheme (RAS) by using the SI system. The RAS is used against different instabilities. Firstly, all indices of the SI system are summarized. The summarization is based on theoretical study on to-date DSA researches. The indices of the SI system are able to predict power system operating conditions. They are also able to release the stress of DSA computing, and to reduce misclassification and failed-alarm. The SI system is computed by quantities of state variables from the components of the power system. Secondly, the functionalities of different remedial actions are clarified. Then, those remedial actions are used to develop the RAS. The RAS is developed according to the evaluation by the SI system. Using the SI system, different remedial actions are tested and evaluated. The results of evaluation are used to develop and categorize different RASs against different instabilities. After that, the RASs are analyzed, and qualities of RASs are ranked by the SI. In this way, more suitable RAS against each type of instability is developed. The results show the process of analysis is both fast and accurate. All analysis and evaluations are implemented by simulation software of PSS TMNETOMAC. The thesis has been implemented between cooperation of Royal Institute of Technology (KTH) in Sweden and Energy Sector of Siemens AG in Germany.

power system stability

dynamic security assessment

remedial action

Engineering and Technology

Teknik och teknologier

A Quantitative Security Assessment of Modern Cyber Attacks. A Framework for Quantifying Enterprise Security Risk Level Through System's Vulnerability Analysis by Detecting Known and Unknown Threats

Munir, Rashid

January 2014

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically

Hoeffding-Tree-Based Learning from Data Streams and Its Application in Online Voltage Security Assessment

Nie, Zhijie

05 September 2017

According to the proposed definition and classification of power system stability addressed by IEEE and CIGRE Task Force, voltage stability refers to the stability of maintaining the steady voltage magnitudes at all buses in a power system when the system is subjected to a disturbance from a given operating condition (OC). Cascading outage due to voltage collapse is a probable consequence during insecure voltage situations. In this regard, fast responding and reliable voltage security assessment (VSA) is effective and indispensable for system to survive in conceivable contingencies. This paper aims at establishing an online systematic framework for voltage security assessment with high-speed data streams from synchrophasors and phasor data concentrators (PDCs). Periodically updated decision trees (DTs) have been applied in different subjects of security assessments in power systems. However, with a training data set of operating conditions that grows rapidly, re-training and restructuring a decision tree becomes a time-consuming process. Hoeffding-tree-based method constructs a learner that is capable of memory management to process streaming data without retaining the complete data set for training purposes in real-time and guarantees the accuracy of learner. The proposed approach of voltage security assessment based on Very Fast Decision Tree (VFDT) system is tested and evaluated by the IEEE 118-bus standard system. / Master of Science / Voltage security is one of the most critical issues in the power systems operation. Given an operating condition (OC), Voltage Security Assessment (VSA) provides a tool to access whether the system is capable to withstand disturbances if there is one or more than one elements is not functioning appropriately on the power grid. Traditional methods of VSA require the knowledge of network topologies and the computational contingency analysis of various circumstances. With trained models, decision-tree-based VSA is able to assess the voltage security status by collectible measurements among the system in a real-time manner. The system topology may alter over and over by system operators in order to meet the needs of heavy load demand and power quality requirements. The proposed approach based on Very Fast Decision Tree (VFDT) system is capable of updating trained decision-tree models regarding to changes of system topology. Therefore, the updated decision-tree models is able to handle different system topology and to provide accurate security assessment of current OC again.

Power Systems Stability

Voltage Security Assessment

Machine Learning

Decision Trees

Hoeffding Trees

Container Line Supply Chain security analysis under complex and uncertain environment

Tang, Dawei

January 2012

Container Line Supply Chain (CLSC), which transports cargo in containers and accounts for approximately 95 percent of world trade, is a dominant way for world cargo transportation due to its high efficiency. However, the operation of a typical CLSC, which may involve as many as 25 different organizations spreading all over the world, is very complex, and at the same time, it is estimated that only 2 percent of imported containers are physically inspected in most countries. The complexity together with insufficient prevention measures makes CLSC vulnerable to many threats, such as cargo theft, smuggling, stowaway, terrorist activity, piracy, etc. Furthermore, as disruptions caused by a security incident in a certain point along a CLSC may also cause disruptions to other organizations involved in the same CLSC, the consequences of security incidents to a CLSC may be severe. Therefore, security analysis becomes essential to ensure smooth operation of CLSC, and more generally, to ensure smooth development of world economy. The literature review shows that research on CLSC security only began recently, especially after the terrorist attack on September 11th, 2001, and most of the research either focuses on developing policies, standards, regulations, etc. to improve CLSC security from a general view or focuses on discussing specific security issues in CLSC in a descriptive and subjective way. There is a lack of research on analytical security analysis to provide specific, feasible and practical assistance for people in governments, organizations and industries to improve CLSC security. Facing the situation mentioned above, this thesis intends to develop a set of analytical models for security analysis in CLSC to provide practical assistance to people in maintaining and improving CLSC security. In addition, through the development of the models, the thesis also intends to provide some methodologies for general risk/security analysis problems under complex and uncertain environment, and for some general complex decision problems under uncertainty. Specifically, the research conducted in the thesis is mainly aimed to answer the following two questions: how to assess security level of a CLSC in an analytical and rational way, and according to the security assessment result, how to develop balanced countermeasures to improve security level of a CLSC under the constraints of limited resources. For security assessment, factors influencing CLSC security as a whole are identified first and then organized into a general hierarchical model according to the relations among the factors. The general model is then refined for security assessment of a port storage area along a CLSC against cargo theft. Further, according to the characteristics of CLSC security analysis, the belief Rule base Inference Methodology using the Evidential Reasoning approach (RIMER) is selected as the tool to assess CLSC security due to its capabilities in accommodating and handling different forms of information with different kinds of uncertainty involved in both the measurement of factors identified and the measurement of relations among the factors. To build a basis of the application of RIMER, a new process is introduced to generate belief degrees in Belief Rule Bases (BRBs), with the aim of reducing bias and inconsistency in the process of the generation. Based on the results of CLSC security assessment, a novel resource allocation model for security improvement is also proposed within the framework of RIMER to optimally improve CLSC security under the constraints of available resources. In addition, it is reflected from the security assessment process that RIMER has its limitations in dealing with different information aggregation patterns identified in the proposed security assessment model, and in dealing with different kinds of incompleteness in CLSC security assessment. Correspondently, under the framework of RIMER, novel methods are proposed to accommodate and handle different information aggregation patterns, as well as different kinds of incompleteness. To validate the models proposed in the thesis, several case studies are conducted using data collected from different ports in both the UK and China. From a methodological point of view, the ideas, process and models proposed in the thesis regarding BRB generation, optimal resource allocation based on security assessment results, information aggregation pattern identification and handling, incomplete information handling can be applied not only for CLSC security analysis, but also for dealing with other risk and security analysis problems and more generally, some complex decision problems. From a practical point of view, the models proposed in the thesis can help people in governments, organizations, and industries related to CLSC develop best practices to ensure secure operation, assess security levels of organizations involved in a CLSC and security level of the whole CLSC, and allocate limited resources to improve security of organizations in CLSC. The potential beneficiaries of the research may include: governmental organizations, international/regional organizations, industrial organizations, classification societies, consulting companies, companies involved in a CLSC, companies with cargo to be shipped, individual researchers in relevant areas etc.