Cybersecurity Perspective Research Articles

True-chaotic substitution box based on Boolean functions

With the exponential increase in communication sector, the risk of information management also increases. Although there is enormous input from the cybersecurity perspective, still a lot must be done. The substitution box is the most vital component in symmetric encryption algorithms, and various proposals have been presented using chaos. Unfortunately, the full potential of chaos in constructing substitution boxes has not been exploited before. In this paper, we have constructed strong and robust substitution boxes based on Boolean functions incorporating chaos. First, we have developed a new algebraic structure based on the Boolean functions. Second, we have incorporated logistic chaotic map with the proposed algebraic structure to construct strong and robust true-chaotic S-Boxes. Third, the constructed S-Boxes are tested against statistical and security analysis including linear and differential cryptanalysis to demonstrate their strength and robustness. The simulation results and analysis demonstrated that the constructed substitution boxes can resist well-known attacks. Finally, we have done the comparative analysis for statistical, security and cryptanalysis with other well-known works to demonstrate the superiority of our work.

Cyberinsights: COVID-19 and What It Means for Cybersecurity.

First and foremost, I would like to express my thanks and gratitude to all healthcare staff on the frontlines, be it the physicians and nurses caring for patients or technical staff maintaining equipment1 and information technology (IT) infrastructure. This has been a challenge very few of us have experienced in our lifetime. As I am writing this column in early April, I am very well aware that by the time it will get published, we will have been through much worse.But this being a cybersecurity column, I wanted to specifically look at how COVID-19 has affected and, in the future, will affect cybersecurity.For one, our crisis is the attackers' opportunity—be it from political or financial motivation. Some are specific attacks exploiting the current situation; others are general trends that get exasperated by it.In a sense, the situation we find ourselves in is a cumulation of many complex risk tradeoffs. We need to rapidly expand our care delivery capacity and shift to new models of care to reduce infection risk to providers and patients. Clearly, this is the single most important objective right now, and we need to accept the fact that as we do so, we are increasing our cyber risks. Right now, we really don't have a choice; it is as simple as that.We have the option to maximize our defenses or even go on the offensive,15 but considering the circumstances, our ability to focus on cybersecurity is limited. As the saying goes, you go to war with the cybersecurity you got—the war has begun, and it is exposing systemic weaknesses that we don't have time to address right now.Rapid development and deployment of sorely needed medical devices invites vulnerabilities, though many of these crisis-targeted devices are much simpler than their traditional brethren16 and may not even be network connected or software based.The general heightened level of activity and focus on the medical crisis will lead to lower defenses. For example, simply from being distracted, human error is more likely (e.g., falling for a phishing email, not properly putting up a network firewall). New and more complex information-sharing requirements will require an improvised approach and we may use means of electronic communication that we otherwise would prefer not to—and as a result, mistakes will happen.17 And if you feel you need to post a photo of your crazy busy hospital on social media, or if the local television station shows up, please remove those password stickers from your monitors.Furthermore, now more than ever, we are living amidst the convergence of physical security and cybersecurity. Devices are more exposed, devices get handled by many more people, networks get deployed hastily, telehealth and work-from-home infrastructures get deployed rapidly. In short, traditional boundaries and controls are no longer present, thereby creating opportunities for adversaries to take advantage.The need for information, both among health professionals and the general public, is an opportunity for disinformation, misinformation, and traps (e.g., fake websites). That is the human side of the attack surface, and we already are seeing it being exploited as well (e.g., by a malicious website mimicking John's Hopkins disease tracker18).We live in scary times, indeed. Healthcare workers have been carrying the brunt of this crisis. Yet, we need to admit that we have let them down and that our lack of preparedness, proper crisis management, and availability of emergency equipment (from personal protective equipment to ventilators) has made the situation worse than it needed to be. Let's make sure that history does not repeat itself and that we learn from this experience—certainly from an infectious disease and public health perspective, but also from a cybersecurity perspective.In my opinion, here the key changes we need to make once we are past this crisis (again, from a cybersecurity perspective—certainly, we will need to learn much more from this):COVID-19 has exposed the financial, care delivery, capacity, logistical, planning, and preparedness shortcomings of our healthcare and public health system. I believe we will emerge from this crisis bruised but with the opportunity to improve. We have the opportunity to learn from this, and this learning should, among many things, also lead to a better and proactive approach to cybersecurity.

Distributed Event-Based Control for Thermostatically Controlled Loads Under Hybrid Cyber Attacks.

In building-microgrid communities, renewable generation and time-varying load usually cause power fluctuations, which influence the ancillary support to the main grid. Thermostatically controlled loads (TCLs) can be utilized to compensate such power variations due to their aggregated and controllable power consumptions. Meanwhile, one basic requirement for the users' side of TCLs is to realize the fair sharing of power states and comfort states. This article proposes a distributed event-based control strategy, where information of neighboring TCLs is exchanged only when a dynamic event-triggered condition is satisfied, and thus it intelligently determines the necessary transmission frequency to save communication resources. From a cybersecurity perspective, the communication network of TCLs may be subject to hybrid attacks, for example, denial-of-service (DoS) and false data-injection (FDI) attacks. During DoS attack intervals, no information can be communicated even through the event-triggered condition is satisfied. Furthermore, the control inputs may also be tampered by FDI attacks. By utilizing the Lyapunov stability and hybrid control theories, sufficient conditions regarding the attack parameters are derived such that fair sharing of power states and comfort states of all involved TCLs can be achieved exponentially. The exclusion of Zeno behaviors is proved and a corollary for ideal communication situations is also deduced. Finally, simulation examples with various attack parameters are conducted to verify the effectiveness of the main results.

A General View of Industry 4.0 Revolution From Cybersecurity Perspective

The broad network and high-level data sharing that comes with Industry 4.0 will rapidly increase the companies' cyber security demands. Therefore, large corporations need a risk management system and security strategy tailored to cigarette safety and is committed to improving operational safety and protection so that their operations and earnings are not adversely affected. In order to protect products, data and intellectual property against unauthorized and unauthorized persons, companies must absolutely take cyber security measures and continuously improve existing security systems to comply with Industry 4.0.This paper aims to address which type of problems enterprises should handle against cyber-attacks and illustrate how governments take precaution and refer this issue at their policy documents in the era of industry 4.0. The digitalization of production has paved the way for an ever increasing existence of concepts such as Big Data, Cloud Computing, 3-D Printing, Augmented Reality, and Internet of Things in production. With the emergence of these concepts, the need for cyber security is also becoming crucial. This paper underlines many issues by comparing modern history of ICSs and future smart factories. Some problems also addressed with case studies.

Malware Classification for Cyber Physical System (CPS) based on Phylogenetics

Nowadays, the sectors most commonly targeted by malwares across the world are manufacturing, oil and gas, and education. Malwares such as BlackEnergy2 and Triton have the ability to cause severe, life-threatening damages to an organization and critical infrastructure systems such as oil and gas. Security researchers and practitioners are looking for efficient solutions to mitigate such malware attacks. Therefore, this paper presents a malware cyber physical system (CPS) classification to detect attacks. This classification is inspired by phylogenetics, borrowed from the biological area in terms of evolutionary relationships among biological organisms. As for the cyber security perspective, it discovers the evolution ancestry of malware genes. This malware classification approach includes malware behavior, mode of attack and connected assets in the network. It can detect numerous forms of malware attacks based on correlation. The research is beneficial for CPS developers, suppliers and contractors, government agencies which regulate and govern utility operations, and the National Cyber Security Center (NCSC) which is responsible for protecting CPS.

Addressing Industry 4.0 Cybersecurity Challenges

Awareness is building on how managers should be involved in Industry 4.0 cybersecurity. This awareness and concern derives from heavy dependence of integrated information systems and technology for Industry 4.0. Manufacturing companies rely on data to run their operations. The Internet of Things is exponentially increasing the number of entry points for organizations to defend from nefarious actors. Complex digital value chains expose firms to risks beyond their direct control. The potential damage of cyberattacks is substantial in terms of continuity of business operations, theft of confidential information, and reputational harm. Even with this mounting sense of urgency, there is increasing confusion on what needs to be done and how. C-suite executives and entrepreneurs are puzzled due to the complexity of issues and concerns. Cybersecurity professionals, for their part, often fail to make the issue relevant and accessible to non-technical stakeholders. In this paper, we clarify why Industry 4.0 requires an evolving cybersecurity perspective. We identify where current approaches fall short and what emerging practices are gaining relevance. Our analysis is based on discussions with senior executives and an extensive literature review of academic papers and practical reports.

Maritime Cyber Security Analysis – How to Reduce Threats?

Maritime cyber security management requires a holistic approach as there is an increase in complexity, digitalization, and automation of systems in maritime industry. Numerous interconnected systems between ship and shore, which are in need of a special focus in the internet environment, are increasing on daily basis. Nowadays one of the major concerns in maritime computing is vulnerability to cyber-attacks. In maritime industry, cyber incidents can lead to loss of life, loss of control over ships or sensitive data, as well as ship and/or cargo hijacking. This paper therefore covers key problems of maritime industry from cyber security perspective and proposes solutions on how to eliminate or minimize them.

ВИЗНАЧЕННЯ ВИМОГ ЩОДО ПОБУДОВИ КОНЦЕПЦІЇ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ В УМОВАХ ГІБРИДНИХ ЗАГРОЗ.ЧАСТИНА 1

Current article provides the analysis of recent trends in realization of cyber threats and collects the basic requirements for development of information security concept in hybrid threats conditions. It covers the key tendencies of realization at cyber space of principles of hybrid war. Envisages that preconditions for occurrence of such hybrid wars constitute the interest of governmental agencies in information that might be used by opposing parties in world`s competition and political battles, as well the possibility of effective monetization of harmful impact at information and automated systems of companies. The article defines the necessity in adaptive development of directions in application of preventive actions at information and cyber security. It underlines the absence, at most cases, of strategy to ensure security of the key information systems considering the existing risks. Article emphasize that the information security concept in hybrid threats conditions shall consider the possibility of complete compromising of systems of information and cyber security in case of targeted attack at information resources of structural units of state, banking and private organizations. It considers the model structure of information security concept in hybrid threats conditions to ensure the effectiveness of functioning of information and automated systems of information and cyber security in conditions of limited financing. It provides structure and content of the concept of information security in hybrid threats conditions. Article defines that the information security concept at hybrid threats conditions shall cover the main tasks and objectives, and the general strategy for development of IT and system for managing of information security within the company. It formulates the requirements and basic approaches to its implementation. The article defines that the possible way to optimize the financial resources assigned for IT systems and information and cyber security systems according to the risks defined, might be the use of the best world practices, as well the strict coordination of requirements to ensure the informatization and digital transformation from business and development of coordinated regulatory requirements to the certain businesses from information and cyber security perspective.

Interbank Payment System Architecture from a Cyber Security Perspective

This paper outlines how a paradigm shift is required when approaching cyber risk management for interbank payment systems, which are affected by the growing interconnectedness of systems, the digitalization of financial services and continuously evolving cyber threats. In this scenario, cyber threats may derive from a wider number of actors, who are constantly active on the Internet and able to exploit an increasing number of vulnerabilities and attack vectors to achieve their goals. Financial institutions should therefore assume that specific cyber threats can overcome any defence. Firstly, the paper outlines the theoretical reasons for this necessary paradigm shift; secondly, it aims to highlight the importance of all the stakeholders in strengthening the cyber resilience of payment systems, in particular the central and enabling role of messaging service operators, by providing an analysis of a real case study - the recent Bangladesh Bank cyber fraud; and finally, the paper aims to encourage discussion on the new paradigm and the adequacy of current regulatory frameworks and supervisory approaches.

A Survey on User Profiling Model forAnomaly Detection in Cyberspace

In the face of escalating global Cybersecurity threats, having an automated forewarning system that can find suspicious user profiles is paramount. It can work as a prevention technique for planned attacks or ultimate security breaches. Significant research has been established in attack prevention and detection, but has demonstrated only one or a few different sources with a short list of features. The main goals of this paper are, first, to review the previous user profiling models and analyze them to find their advantages and disadvantages; second, to provide a comprehensive overview of previous research to gather available features and data sources for user profiling; third, based on the deficiencies of the previous models, the paper proposes a new user profiling model that can cover all available sources and related features based on the cybersecurity perspective. The proposed model includes seven profiling criteria for gathering user’s information and more than 270 features to parse and generate the security profile of a user.

Is cybersecurity eating internet governance? Causes and consequences of alternative framings

PurposeThe purpose of this paper is to clarify the relationship between cybersecurity governance and internet governance and to explore the effects of the current tendency for cybersecurity-related discourse to dominate and change the way we approach the established problems of internet governance.Design/methodology/approachThe paper demonstrates the centrality of internet connectivity to any definition of cyberspace and to cybersecurity, which clarifies the way internet governance and cybersecurity governance are interdependent. Drawing on classic notions of a security dilemma, the paper also argues for distinguishing between national cybersecurity and societal cybersecurity.FindingsMajor structural features of the governance problem in cybersecurity and internet governance are analogous. Joint production of internet services and cybersecurity makes them heavily interdependent. This means that cybersecurity governance and internet governance models need to be compatible, and the approach we take to one will influence how we approach the other.Originality/valueThe interdependence of cybersecurity governance and internet governance has not been carefully examined before, and the relationship is not well understood. These two strands of thinking about cyberspace governance have not been properly connected. This paper bridges the gap and makes policymakers more aware of the potential tensions between a cybersecurity perspective and an internet governance perspective.

Clipper Meets Apple vs. FBI—A Comparison of the Cryptography Discourses from 1993 and 2016

This article analyzes two cryptography discourses dealing with the question of whether governments should be able to monitor secure and encrypted communication, for example via security vulnerabilities in cryptographic systems. The Clipper chip debate of 1993 and the FBI vs. Apple case of 2016 are analyzed to infer whether these discourses show similarities in their arguments and to draw lessons from them. The study is based on the securitization framework and analyzes the social construction of security threats in political discourses. The findings are that the arguments made by the proponents of exceptional access show major continuities between the two cases. In contrast, the arguments of the critics are more diverse. The critical arguments for stronger encryption remain highly relevant, especially in the context of the Snowden revelations. The article concludes that we need to adopt a more general cyber security perspective, considering the threat of cyber crime and state hacking, when debating whether the government should be able to weaken encryption.

On Understanding the Existence of a Deep Torrent

Nowadays, a great part of Internet content is not reachable from search engines. Studying the nature of these contents from a cyber security perspective is of high interest, as they could be part of many malware distribution processes, child pornography or copyrighted material exchange, botnet command and control messages, and so on. Although the research community has put a lot of effort into this challenge, most of the existing works are focused on contents that are hidden in websites. However, there are other relevant services that are used to keep and transmit hidden resources, such as P2P protocols. In the present work, we suggest the concept of Deep Torrent to refer to those torrents available in BitTorrent that cannot be found by means of public websites or search engines. We present an implementation of a complete system to crawl the Deep Torrent and evaluate its existence and size. We describe a basic experiment crawling the Deep Torrent for 39 days, in which an initial estimation of its size is 67 percent of the total number of resources shared in the BitTorrent network.

Advancing Beyond Predictive to Anticipatory Risk Analytics: CyberFinance: Why Cybersecurity Risk Analytics must Evolve to Survive 90% oemerging Cyber Financial Threats, and, What You Can Do About It?

Current research presented at the 2016 New York State Cybersecurity Conference (June 8-9, 2016) advances further on our Computational Quantitative Risk Analytics and Computational Quantitative Finance and Cybersecurity innovation research selected for 35 Top-10 SSRN Rankings over 2015-2016 and recent invited research presentations at the 2016 Princeton Quant Trading Conference, 2015 Princeton Quant Trading Conference, and, the 2015 Chief Security Officers and CxO Summit, and research paper selected for the 2015 New York Cyber Security & Engineering Technology Association Conference.It draws on our 20-year scholarly and applied research and practices applied and shared by worldwide firms and governments on advancing beyond computerized models of predictive analytics based upon historical data to ‘anticipation of surprise’ for an interconnected cyber world increasingly characterized by growing uncertainty, extreme events, and black swans. (Starting from, for example, our CIO Magazine interview of September 15, 1999, and/ our ‘Expert Systems with Applications’ journal research paper: Expert Systems for Knowledge Management: Crossing the Chasm between Information Processing and Sense Making of 2001 inspired by the communication of 1995 on the design of next-generation self-adaptive complex systems with the Genetic Algorithms pioneer Professor Dr. John Holland while he was at Santa Fe Institute.)It recognizes data (i.e., ‘data in transit’, ‘data in use’, and, ‘data at rest’ from today’s Network and Computer Cyber Security perspective) as the ‘currency’ of the globally networked cyber era. Control and ownership of data – including ‘identity’, ‘intellectual property’, ‘money’, ‘value’, ‘valuations’, ‘prices’, ‘payments’, and ‘transactions’ – characterize the new discipline of Cyber Finance pioneered by our above research. ‘Data driven decision making’ by human-machine systems powered by AI, algorithms, data science, and, machine learning is increasingly subject to human-tech vulnerabilities and exposures to growing threats. Paradigmatic shift in understanding and applying Cybersecurity in terms of Cyber Risk Management requires advancing beyond ‘naive’ choice and application of ‘inappropriate’ models [by humans and/or machines] based on outdated, inaccurate, and incorrect assumptions. Blind and unquestioning reliance upon inappropriate risk models that exponentially underestimate risk is the sure-fire recipe for global financial disasters that can and will pale the severity of impact of the global financial crisis of 2008-2009. A case in point is our recent correction of the computational risk analytics and modeling foundation of cyber risk loss assessment by the global cyber risk insurance industry which had [incorrectly] chosen VaR (Value-at-Risk) as the model for predictive assessment for cyber risk loss assessment. We proposed alternative robust models, methods, and measures, while clearly demonstrating why VaR is inappropriate for Cybersecurity risk assessment as well as for Cyber Finance risk modeling given inherent systemic risks, tail risks, and endogenous risks characterizing the Cyber-Finance contexts.Advances in computational, quantitative, and statistical technologies, models, and methodologies for risk management are necessary for the world wherein decisions and actions occur at warp-speed enabled by sophisticated algorithms, machine learning, and, cognitive computing technologies. With primary focus of risk analysis across industries such as Finance fragmented across Application and Presentation layers (Layers 6 and 7) and Physical and Data Link layers (Layers 1 and 2), risks [and vulnerabilities] are increasingly concentrated in the Session, Transport, and Network layers (Layers 3, 4, and, 5) and associated telecom network protocols and cryptographic protocols. That specific emphasis of 10% risk focus and the 90% hidden and latent risk depicted our ‘iceberg of risk analytics’ which was one of the themes of the invited presentation at the 2015 Princeton Quant Trading Conference.Based upon our analysis of the Finance, Cybersecurity, and Cyber-Finance practices, we foresee rising catastrophic risks and extreme events across domains of Cyber Finance practice consistent and synchronous with similar current observations by top Finance experts and Hedge Fund managers (such as Bill Gross and George Soros) in Finance. Further advancing upon our research focus beyond theoretical Risk Modeling to pragmatic Uncertainty Modeling and Uncertainty Management; beyond Bayesian and Quasi-Bayesian VaR; beyond frequentist Null-Hypothesis Significance Testing to Bayesian Inference methodologies and related Markov Chain Monte Carlo Models; beyond Probability theory models to Imprecise Probability models based upon Bayesian Nets and Credal Nets, and, Possibility theory based Fuzzy Sets and Fuzzy Logic; and emerging focus on Quantum Computing, the current presentation outlines specific Extreme Risks and Catastrophic Risk models suitable for modeling emerging risks in Cybersecurity and Cyber Finance Risk Management.

Assuring a Cybersecurity Perspective within Engineering Technology and Computer Science and the Economies they Uphold

Online, connected and mobile systems are creating the foundation of a digitally-enabled economy. However, the cybersecurity risks inherent to this economy are currently shouldered by an overburdened cybersecurity profession, labouring under a well-known skills gap in the field. In response, (ISC)2 has joined forces with the Council for Professors and Heads of Computing (CPHC) – and more than 30 universities – to publish and support a new set of Curriculum Guidelines on Cybersecurity for UK undergraduate computing courses, covering five themes: information and risk; threats and attacks; cybersecurity architecture and operations; secure systems and products; and cybersecurity management. Incorporation of these themes will, it is hoped, develop graduates committed to more robust design and computing practices, while also exposing students to cybersecurity as a career. The initiative was developed with the support of both the UK Cabinet Office and the Department for Business, Innovation and Skills. It is referenced within revised accreditation guidelines published in June by the BCS, the Chartered Institute for IT. In this study, the authors establish the guiding principles that defined the authors’ approach to this joint initiative, including some of the key governmental and industrial drivers.

Cyber Defense as a part of Hazard Mitigation: Comparing High Hazard Potential Dam Safety Programs in the United States and Sweden

Abstract Cyber security tends to only address the technical aspects of the information systems. The lack of considerations for environmental long-range implications of failed cyber security planning and measures, especially in the protection of critical infrastructure and industrial control systems, have created ecological risks that are to a high degree unaddressed. This study compares dam safety arrangements in the United States and Sweden. Dam safety in the United States is highly regulated in many states, but inconsistent over the nation. In Sweden dam safety is managed by self-regulation. The study investigates the weaknesses and strengths in these regulatory and institutional arrangements from a cyber security perspective. If ecological and environmental concerns were a part of the risk evaluation and risk mitigation processes for cyber security, the hazard could be limited. Successful environmentally-linked cyber defense mitigates the risk for significant damage to domestic freshwater, aquatic and adjacent terrestrial ecosystems, and protects ecosystem function.

Lightweight Acknowledgement-Based Method to Detect Misbehavior in MANETs

Due to an increasing number of cyberattacks globally, cybersecurity has become a crucial part of national security in many countries. In particular, the Digital Pearl Harbor has become a real and aggressive security threat, and is considered to be a global issue that can introduce instability to the dynamics of international security. Against this context, the cyberattacks that targeted nuclear power plants (NPPs) in the Republic of Korea triggered concerns regarding the potential effects of cyber terror on critical infrastructure protection (CIP), making it a new security threat to society. Thus, in an attempt to establish measures that strengthen CIP from a cybersecurity perspective, we perform a case study on the cyber-terror attacks that targeted the Korea Hydro & Nuclear Power Co., Ltd. In order to fully appreciate the actual effects of cyber threats on critical infrastructure (CI), and to determine the challenges faced when responding to these threats, we examine factual relationships between the cyberattacks and their responses, and we perform analyses of the characteristics of the cyberattack under consideration. Moreover, we examine the significance of the event considering international norms, while applying the Tallinn Manual. Based on our analyses, we discuss implications for the cybersecurity of CI in South Korea, after which we propose a framework for strengthening cybersecurity in order to protect CI. Then, we discuss the direction of national policies.

Applying Cyber Risk Management To Medical Device Design

Recent U.S. Food and Drug Administration (FDA) guidance recognizes that today’s medical devices face a host of cyberthreats. Medical device manufacturers, in turn, face the need to assess and mitigate cyber risks. By combining the cyber risk framework of the National Institute of Standards and Technology (NIST) with the existing International Organization for Standardization (ISO) 14971 Safety Risk Management (SRM) process, manufacturers can leverage proven best practices to make their devices safer and more effective. The cyberthreat to medical devices is based on two factors. First, increasingly faster and more efficient processors now enable full operating systems to run on small implant devices. Previously, only dedicated firmware could have been used. Second, modern hardware can readily connect to networks using wired and wireless protocols. Both factors offer markedly increased capability for patients, physicians, caregivers, and healthcare technology management (HTM) professionals, at the cost of opening unforeseen and unintended doorways into a device. Opening unintended doorways can compromise medical devices in three major areas of cybersecurity: confidentiality, integrity, and availability. Confidentiality refers to preserving authorized restrictions on information access and disclosure, including means for protecting patient privacy and corporate proprietary information. Integrity means guarding against improper information modification or destruction and includes ensuring information nonrepudiation and authenticity. Availability is ensuring timely and reliable access to and use of information. As embedded medical devices grow in complexity and ability, an end-to-end cybersecurity framework is needed to ensure that they achieve the confidentiality, integrity, and availability required for successful operation. Cybersecurity concerns have factored into medical device design for some time, but additional attention has been focused on the topic by recent FDA communications, including a recent guidance document and a safety communication. These documents, however, lack clear instructions on what needs to be considered and tested—a comprehensive standard could be years away. To ensure safety and effectiveness and reduce exposure to liability, device manufacturers need to be proactive in defining and applying cybersecurity controls for their medical devices. The problem facing medical device development teams is complex; it involves securing a device against an ever-growing number of cybersecurity threats while balancing usability, performance, and safety. A viable approach Applying Cyber Risk Management To Medical Device Design