We would like to express our congratulations to our KTH colleagues, who have published their article entitled “Two Decades of Cyberattack Simulations: A Systematic Literature Review” in the Computers & Security (2022) journal.

 

The abstract is as follows:

Cyberattack simulations appear across multiple computer security domains and are interpreted in many different but equally viable ways. However, this makes the topic appear fragmented and inconsistent, making it challenging to identify and communicate relevant research. Therefore, this article contributes to a unified baseline by presenting the results of a systematic literature review. The review targeted attack simulations published between 1999 and 2019, specifically those exploring which specific steps result in successful attacks. The search initially produced 647 articles, later reduced to 11 key contributions. Despite being scattered across application domains, their general aims, contributions, and problem statements were remarkably similar. This was despite them generally not citing each other or a common body of work. However, the attack simulations differed in implementation details, such as modeling techniques, attacker decision-making, and how time is incorporated. How to construct a fully unified view of the entire topic is still somewhat unclear, particularly from the 11 articles. However, the results presented here should help orient practitioners and researchers interested in attack simulations regarding both present and future work. Particularly since, despite the seemingly implausible sample, the cumulative evidence suggests that attack simulations have yet to be pursued as a distinct research topic.

 

The complete article can be reviewed and found at the following link: https://doi.org/10.1016/j.cose.2022.102681

Workshop

As a participant in the 2nd ECSCI Workshop on Critical Infrastructure Protection, we cordially invite you to attend this event:

This workshop will present the different approaches to integrated cyber and physical security in different industrial sectors, such as energy, transport, drinking and wastewater, health, digital infrastructure, banking and financial market, space and public administration. The peculiarities of critical infrastructure protection in each one of these sectors will be discussed and addressed by the different projects of the ECSCI cluster that will present their outcomes, discussing the technical, ethical, and societal aspects as well as the underlying technologies.

Specifically, novel techniques will be presented for integrated security modelling, IoT security, artificial intelligence for securing critical infrastructures, distributed ledger technologies for security information sharing and increased automation for detection, prevention and mitigation measures.

The workshop will include keynote speeches, 23 projects presentations, roundtable and panel discussions, and thematic presentations. It is intended for scientists and experts in the field of critical infrastructure protection, CISOs, CIOs, CERTs, CSIRTs, CSOs, cyber and physical security experts representing the different sectors and policymakers for critical infrastructure protection.

Click here for more information: https://www.finsec-project.eu/second-ecsci-virtual-workshop

Heathcare

Our colleagues from NTUA published their article entitled “A Cybersecurity Culture Survey Targeting Healthcare Critical Infrastructures” in the MDPI’s Healthcare journal which can be found at the link: www.mdpi.com/2227-9032/10/2/327

The abstract is as follows:

Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel’s cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centers, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defense, while reducing the risk surface.

Congrats!

Our colleagues from CITY managed to publish their article entitled “Modelling Smart Grid IT-OT Dependencies for DDoS Impact Propagation”) in the Elsevier’s Computers & Security journal which can be found at the link: https://www.sciencedirect.com/science/article/pii/S0167404821003527

The abstract is as follows:

The traditional power network has now evolved into the smart grid, where cyber technology enables automated control, greater efficiency, and improved stability. However, this integration of information technology exposes critical infrastructure to potential cyber-attacks. Furthermore, the interdependent nature of the grid’s composite information and operational technology networks means that vulnerability extends across interconnected devices and systems. Therefore, a DDoS (Distributed Denial-of-Service) attack, which is relatively easy to deploy but potentially highly disruptive, can be used strategically against the smart grid with particularly egregious results. In this paper, we take inspiration from epidemiological modelling to propose a compromise propagation model, alongside a behavioural DDoS model, to explore how dependencies between the grid’s networks might influence the scale and impact of DDoS attacks. We found that the internal connectedness of a network amplifies the received impact of failures in an external network on which it is dependent. Furthermore, testing showed that alongside attack force, attack duration influences recovery times, due to both the quantity of resources consumed and the time needed to accumulate recoveries. The models were validated against simulations conducted with cyber-security providers L7 Defense, showing our approach to be a viable companion or alternative to traditional graph-based dependency models.

Congrats!

An example of corporate and industrial network integration.

Our partners from KTH got another publication, the chapter titled “Early detection and recovery measures for smart-grid cyber-resilience” is published in the book “Decision Support Systems and Industrial IoT in Smart Grid, Factories, and Cities” by IGI. The chapter discusses the vulnerabilities of smart grid and EPES systems. Since these need to be protected against cyberattacks, therefore, robust algorithms are needed for the efficient intrusion detection system (IDS). This chapter presents the classification of IDSs according to the source of audit data and detection methodologies. It also proposes a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. Moreover, security techniques such as anomaly detection, threat investigation through a highly automated DSS as well as incident response and recovery for smart grid systems are introduced. The proposed framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents. With respect to these classification methods, an overview and problems of existing schemes are presented. Industry best practices are also provided as part of Security information and event management (SIEM). The abstract is as follows:

The internet of things (IoT) has recently brought major technological advances in many domains, including the smart grid. Despite the simplicity and efficiency that IoT brings, there are also underlying risks that are slowing down its adoption. These risks are caused by the presence of legacy systems inside existing infrastructures that were built with no security in mind. In this chapter, the authors propose a method for early-stage detection of cyber-security incidents and protection against them through applicable security measures. This chapter introduces security techniques such as anomaly detection, threat investigation through a highly automated decision support system (DSS), as well as incident response and recovery for smart grid systems. The introduced framework can be applied to industrial environments such as cyber-threats targeting the production generator as well as the electricity smart meters, etc. The chapter also illustrates the framework’s cyber-resilience against zero-day threats and its ability to distinguish between operational failures as well as cyber-security incidents.