Evolving Cyber Threats Research Articles

Adaptive edge security framework for dynamic IoT security policies in diverse environments

The rapid expansion of Internet of Things (IoT) technologies has introduced significant cybersecurity challenges, particularly at the network edge where IoT devices operate. Traditional security policies designed for static environments fall short of addressing the dynamic, heterogeneous, and resource-constrained nature of IoT ecosystems. Existing dynamic security policy models lack versatility and fail to fully integrate comprehensive risk assessments, regulatory compliance, and AI/ML (artificial intelligence/machine learning)-driven adaptability. We develop a novel adaptive edge security framework that dynamically generates and adjusts security policies for IoT edge devices. Our framework integrates a dynamic security policy generator, a conflict detection and resolution in policy generator, a bias-aware risk assessment system, a regulatory compliance analysis system, and an AI-driven adaptability integration system. This approach produces tailored security policies that adapt to changes in the threat landscape, regulatory requirements, and device statuses. Our study identifies critical security challenges in diverse IoT environments and demonstrates the effectiveness of our framework through simulations and real-world scenarios. We found that our framework significantly enhances the adaptability and resilience of IoT security policies. Our results demonstrate the potential of AI/ML integration in creating responsive and robust security measures for IoT ecosystems. The implications of our findings suggest that dynamic and adaptive security frameworks are essential for protecting IoT devices against evolving cyber threats, ensuring compliance with regulatory standards, and maintaining the integrity and availability of IoT services across various applications.

A Study on Network Anomaly Detection Using Fast Persistent Contrastive Divergence

As network technology evolves, cyberattacks are not only increasing in frequency but also becoming more sophisticated. To proactively detect and prevent these cyberattacks, researchers are developing intrusion detection systems (IDSs) leveraging machine learning and deep learning techniques. However, a significant challenge with these advanced models is the increased training time as model complexity grows, and the symmetry between performance and training time must be taken into account. To address this issue, this study proposes a fast-persistent-contrastive-divergence-based deep belief network (FPCD-DBN) that offers both high accuracy and rapid training times. This model combines the efficiency of contrastive divergence with the powerful feature extraction capabilities of deep belief networks. While traditional deep belief networks use a contrastive divergence (CD) algorithm, the FPCD algorithm improves the performance of the model by passing the results of each detection layer to the next layer. In addition, the mix of parameter updates using fast weights and continuous chains makes the model fast and accurate. The performance of the proposed FPCD-DBN model was evaluated on several benchmark datasets, including NSL-KDD, UNSW-NB15, and CIC-IDS-2017. As a result, the proposed method proved to be a viable solution as the model performed well with an accuracy of 89.4% and an F1 score of 89.7%. By achieving superior performance across multiple datasets, the approach shows great potential for enhancing network security and providing a robust defense against evolving cyber threats.

An Enhanced K-Means Clustering Algorithm for Phishing Attack Detections

Phishing attacks continue to pose a significant threat to cybersecurity, employing increasingly sophisticated techniques to deceive victims into revealing sensitive information or downloading malware. This paper presents a comprehensive study on the application of Machine Learning (ML) techniques for identifying phishing websites, with a focus on enhancing detection accuracy and efficiency. We propose an approach that integrates the CfsSubsetEval attribute evaluator with the K-Means Clustering algorithm to improve phishing detection capabilities. Our method was evaluated using datasets of varying sizes (2000, 7000, and 10,000 samples) from a publicly available repository. Simulation results demonstrate that our approach achieves an accuracy of 89.2% on the 2000-sample dataset, outperforming the traditional kernel K-Means algorithm, which achieved an accuracy of 51.5%. Further analysis using precision, recall, and F1-score metrics corroborates the effectiveness of our method. We also discuss the scalability and real-world applicability of our approach, addressing limitations and proposing future research directions. This study contributes to the ongoing efforts to develop robust, efficient, and adaptable phishing detection systems in the face of evolving cyber threats.

Snort Versus Suricata in Intrusion Detection

In the contemporary digital age, the increasing complexity and frequency of cyber threats underscore the need for efficient network intrusion detection systems (NIDS). This paper provides a comprehensive comparative analysis of two prominent NIDS, Snort and Suricata, focusing on their architecture, detection capabilities, and performance metrics. It explores the historical development, operational frameworks, and technological foundations of these systems, highlighting their respective benefits and limitations in different network environments. Snort, known for its extensive rule-based detection, and Suricata, which leverages multi-threading for high-speed traffic handling, are evaluated based on specific security requirements, including traffic volumes, processing speeds, and threat types. The paper also discusses future advancements in NIDS, particularly through the integration of machine learning and AI, to enhance predictive and adaptive capabilities. This analysis aims to inform cybersecurity professionals about the qualifications and capabilities of Snort and Suricata, providing insights for their effective deployment in modern network security infrastructures. The discussion on future trends emphasizes the importance of continuous improvement in NIDS to address evolving cyber threats)

Proactive cyber threat mitigation: Integrating data-driven insights with user-centric security protocols

In the rapidly evolving cybersecurity landscape, proactive threat mitigation has become essential for protecting sensitive data and systems from increasingly sophisticated attacks. The paper explores a holistic approach to enhancing cybersecurity by merging data-driven insights with user-centric security practices. This study highlights the limitations of traditional reactive security measures and advocates for a shift towards a proactive strategy that anticipates and addresses potential threats before they materialize. The research emphasizes the importance of leveraging data analytics to gain actionable insights into potential vulnerabilities and emerging threats. By analyzing large datasets from network traffic, user behavior, and historical incidents, organizations can identify patterns and anomalies that signal potential risks. These data-driven insights enable the development of more effective threat detection systems and predictive models that enhance an organization’s ability to respond swiftly to evolving cyber threats. In addition to data analytics, the study underscores the significance of integrating user-centric security protocols. Traditional security measures often overlook the human element, which can be a critical factor in both the efficacy of security measures and the overall risk profile. User-centric protocols focus on enhancing user awareness, implementing tailored security training, and promoting best practices in cybersecurity. This approach ensures that security measures are not only technologically sound but also aligned with user behavior and needs, reducing the risk of human error and improving overall security posture. The research also discusses practical implementation strategies for combining data-driven insights with user-centric protocols, including the use of advanced analytics tools, continuous user education, and adaptive security frameworks. Case studies demonstrate the benefits of this integrated approach, such as improved threat detection rates, reduced incident response times, and enhanced overall security resilience. In conclusion, this study presents a comprehensive framework for proactive cyber threat mitigation, emphasizing the synergy between data-driven analytics and user-centric security practices as a robust strategy for safeguarding against modern cyber threats. Keywords: Cyber Threat, Proactive, Data-Driven, User-Centric, Security Protocols

Exploring the nature of generative artificial intelligence in evolving cyber threats

The rapid advancement of Generative Artificial Intelligence (GenAI) has significantly impacted cybersecurity, presenting both opportunities and challenges. This study explores the evolving nature of cyber threats facilitated by GenAI, focusing on its dual role in enhancing security measures and creating sophisticated attack vectors. Through a comprehensive literature review, analyses were made on previous research focused on the applications of GenAI in cybersecurity, examining its potential to detect, prevent, and respond to threats and its vulnerabilities to exploitation by malicious actors. Utilizing qualitative research methodology, this study gathers insight from peer-reviewed articles, case studies, and expert interviews to reveal the implications of GenAI in the cybersecurity landscape. The findings reveal the complex interplay between GenAI's protective and adversarial capabilities, highlighting the need for continuous innovation and robust strategies to mitigate associated risks. The study concludes by positioning these insights within the broader context of cybersecurity and proposing directions for future research to address emerging challenges.

Advancing network security in fintech: Implementing IPSEC VPN and cisco firepower in financial systems

This review paper explores the critical importance of network security in the financial technology (fintech) sector, focusing on implementing IPSEC VPN and Cisco Firepower. IPSEC VPN provides secure communication through encryption, authentication, and data integrity, which is essential for protecting sensitive financial data. Cisco Firepower enhances network security with advanced threat detection and prevention capabilities. The paper discusses the challenges in deploying these technologies, including configuration complexity and integration with existing systems. Future trends in fintech security are also examined, highlighting the potential of AI-driven security measures, zero-trust architectures, and blockchain technology to address evolving cyber threats. Financial institutions can ensure robust security and operational resilience by adopting these strategies.

Machine Learning Approaches for Network Intrusion Detection: An Evaluation of their Efficacy in Bolstering Security

Abstract: In today's digital environment, securing networked systems is critical due to the increasing sophistication and frequency of cyberattacks. Network Intrusion Detection Systems (NIDS) are essential for detecting and addressing unauthorized and harmful activities within a network. NIDS function by continuously monitoring network traffic and analyzing data packets for signs of suspicious behavior or known attack patterns. This paper provides an in-depth examination of NIDS, focusing on the application of three machine learning algorithms—K Neighbors Classifier, Logistic Regression, and Random Forest Classifier—to create a robust model for network intrusion detection using the NSL-KDD dataset. Our findings highlight the superior performance of the Random Forest Classifier, which achieved an accuracy of 99.31%, proving its effectiveness in differentiating between normal and malicious traffic. The analysis of ICMP, TCP, and UDP protocols reveals unique attack patterns, underscoring the need for protocol-specific security measures. Additionally, the study emphasizes the importance of integrating NIDS with other security systems for a multi-layered defense strategy and the crucial role of skilled personnel in managing and interpreting NIDS alerts. The results advocate for ongoing innovation and adaptation in NIDS technologies and strategies to effectively counter evolving cyber threats

CGAN-based cyber deception framework against reconnaissance attacks in ICS

In recent years, Industrial Control Systems (ICSs) have faced increasing vulnerability to cyber attacks due to their integration with the Internet. Despite efforts to enhance cybersecurity, reconnaissance attacks remain a significant threat, prompting the need for innovative defensive strategies. This paper introduces a novel approach to strengthen the defensive capabilities of ICS networks against reconnaissance attacks using machine learning-driven cyber deception techniques. Leveraging Conditional Generative Adversarial Networks (CGANs), the proposed framework dynamically generates defensive network topologies to network shuffling and implement deception strategies, prioritizing system availability. Extensive simulations demonstrate the superior efficacy of the proposed framework in enhancing cybersecurity while minimizing computational overhead. By effectively mitigating reconnaissance attacks, this solution reinforces the resilience of ICS networks, safeguarding critical industrial infrastructure from evolving cyber threats. These findings underscore the significance of adopting machine learning-based cyber deception as a pragmatic security measure for protecting ICS networks in real-world industrial contexts.

Towards Human-AI Teaming to Mitigate Alert Fatigue in Security Operations Centres

Security Operations Centres (SOCs) play a pivotal role in defending organisations against evolving cyber threats. They function as central hubs for detecting, analysing, and responding promptly to cyber incidents with the primary objective of ensuring the confidentiality, integrity, and availability of digital assets. However, they struggle against the growing problem of alert fatigue, where the sheer volume of alerts overwhelms SOC analysts and raises the risk of overlooking critical threats. In recent times, there has been a growing call for human-AI teaming, wherein humans and AI collaborate with each other, leveraging their complementary strengths and compensating for their weaknesses. The rapid advances in AI and the growing integration of AI-enabled tools and technologies within SOCs give rise to a compelling argument for the implementation of human-AI teaming within the SOC environment. Therefore, in this article, we present our vision for human-AI teaming to address the problem of alert fatigue in the SOC. We propose the 𝒜 2 𝒞 Framework, which enables flexible and dynamic decision making by allowing seamless transitions between automated, augmented, and collaborative modes of operation. Our framework allows AI-powered automation for routine alerts, AI-driven augmentation for expedited expert decision making, and collaborative exploration for tackling complex, novel threats. By implementing and operationalising 𝒜 2 𝒞, SOCs can significantly reduce alert fatigue while empowering analysts to efficiently and effectively respond to security incidents.

Machine Learning for Threat Detection in Softwares

The paper examines the application of machine learning (ML) techniques in the field of cybersecurity with the aim of enhancing threat detection and response capabilities. The initial section of the article provides a comprehensive examination of cybersecurity, highlighting the increasing significance of proactive defensive strategies in response to evolving cyber threats. Subsequently, a comprehensive overview of prevalentonline hazards is presented, emphasizing the imperative for the development of more sophisticated methodologies to detect and mitigate such risks. The primary emphasis of this work is to the practical use of machine learning in the identification and detection of potential dangers inside real-world contexts. This study examines three distinct cases: the detection of malware, attempts to breach security, and anomalous behavior shown by software. Each case study provides a detailed breakdown of the machine learning algorithms and approaches employed, demonstrating their effectiveness in identifying and mitigating risks. The paper further discusses the advantages and disadvantages associated with employing machine learning techniques for threat detection. One advantage of this approach is its ability to facilitatethe examination of extensive datasets, identification of intricate patterns, and prompt decision-making. However, discussions also revolve around difficulties like as erroneous discoveries, adversarial attacks, and concerns over privacy.

Web Application Firewall (WAF) Design to Detect and Anticipate Hacking in Web-Based Applications

Data leakage cases have recently been rampant in Indonesia. One of the biggest is the leak of user data from BPJS Health in 2021, this data leak is certainly very detrimental to users. This research develops a Web Application Firewall (WAF) using ModSecurity and OWASP Core Rule Set to protect web applications from SQL Injection and XSS attacks. The methodology involves analyzing the functionality of the existing system using UML, with DVWA and WordPress as test objects. Results showed 100% SQL Injection and 99.8% XSS attack detection, with logs recording attacks in real-time. The findings emphasize the importance of WAF integration with web application built-in security, making significant contributions in the design and implementation of resilient WAFs, as well as improving resilience against evolving cyber threats.

Innovative solutions for critical infrastructure resilience against cyber-physical attacks

Critical infrastructure must withstand cyber and physical assaults in today's interconnected world. This study explores innovative strategies to shield these systems from cyber-physical threats. As networks become more connected, cyberattacks grow more sophisticated, making it imperative to safeguard sectors like transportation, energy, water, and information. The paper analyzes the present and future threat landscape, identifying vulnerabilities within critical infrastructures and proposing targeted mitigation strategies to enhance security. The research leverages AI and machine learning to develop detection tools that identify and predict cyber-physical attacks, enhancing response times and preventive measures. Additionally, resilience engineering and architecture are crucial in fortifying infrastructure, enabling it to withstand and recover from attacks while maintaining essential functions. The study also reviews legislation and policies surrounding infrastructure protection, pinpointing shortcomings and recommending improvements to bolster national security. Effective countermeasures against cyber-physical threats require collaboration and information sharing among government bodies, industry stakeholders, and educational institutions. These partnerships facilitate the exchange of knowledge, best practices, and tools to address threats efficiently. Furthermore, the paper highlights the importance of training programs that equip professionals with skills to integrate cyber and physical security defenses. Exploring the integration of blockchain, IoT, and autonomous technologies could further enhance the resilience of critical systems. These technologies foster secure communications and automated responses to incidents. Lastly, community awareness initiatives play a vital role in preparing for and mitigating cyber-physical attacks, ensuring that public readiness and resilience are maintained. This comprehensive approach aims to fortify critical infrastructure against evolving cyber threats, ensuring continuous operation and security.

The Offense-Defense Balance in Cyberspace

The study of cyber strategy and its implications for international security has become increasingly crucial, necessitating an examination of the unique challenges posed by the dynamic and stealthy nature of the cyber domain. This paper addresses whether offensive or defensive strategies prevail in cyberspace, especially in light of evolving technological landscapes and debates over cyber threats. By applying offense-defense theory from international relations, the research explores the nuanced relationship between offensive and defensive operations in cyberspace. Despite prevalent views favoring offense dominance, recent skepticism questions the severity of cyber threats and suggests a possible overemphasis on offensive operations. This paper systematically examines the core concepts, findings, and operational variables of offense-defense theory, providing clarity to the conceptual debates surrounding cyber conflict. Recognizing the unique characteristics of the cyber domain, it urges a careful consideration of biases that may distort judgments about offense dominance. The evolving nature of cyberspace and its potential for redesign introduces caution and underscores the need for a nuanced understanding of the offense-defense balance. The preliminary assessment concludes that the question of whether offense or defense "dominates" in cyberspace is overly simplistic. Given the intricate interactions of cyber capabilities, other coercive means available to states, and the dynamic evolution of cyber technology, this question can only be answered within specific contextual and chronological boundaries. Within such conditions, the state of the offense-defense balance is crucial to tactical and operational decision-making. At the strategic policymaking level, the more coherent question is how cyber technologies are shifting the balance of advantages between offense and defense in the overall military posture of states. In essence, this paper provides valuable insights into the ongoing discourse on cyber strategy, theoretical frameworks, and nuanced analyses to inform policy and strategic decision-making in the face of evolving cyber threats.

Intelligent Threat Detection—AI-Driven Analysis of Honeypot Data to Counter Cyber Threats

Security adversaries are rampant on the Internet, constantly seeking vulnerabilities to exploit. The sheer proliferation of these sophisticated threats necessitates innovative and swift defensive measures to protect the vulnerable infrastructure. Tools such as honeypots effectively determine adversary behavior and safeguard critical organizational systems. However, it takes a significant amount of time to analyze these attacks on the honeypots, and by the time actionable intelligence is gathered from the attacker’s tactics, techniques, and procedures (TTPs), it is often too late to prevent potential damage to the organization’s critical systems. This paper contributes to the advancement of cybersecurity practices by presenting a cutting-edge methodology, capitalizing on the synergy between artificial intelligence and threat analysis to combat evolving cyber threats. The current research articulates a novel strategy, outlining a method to analyze large volumes of attacker data from honeypots utilizing large language models (LLMs) to assimilate TTPs and apply this knowledge to identify real-time anomalies in regular user activity. The effectiveness of this model is tested in real-world scenarios, demonstrating a notable reduction in response time for detecting malicious activities in critical infrastructure. Moreover, we delve into the proposed framework’s practical implementation considerations and scalability, underscoring its adaptability in diverse organizational contexts.

Analysing Multidimensional Strategies for Cyber Threat Detection in Security Monitoring

The escalating risk of cyber threats requires continuous advances in security monitoring techniques. This survey paper provides a comprehensive overview of recent research into novel methods for cyber threat detection, encompassing diverse approaches such as machine learning, artificial intelligence, behavioral analysis and anomaly detection. Machine learning plays a central role in cyber threat detection, highlighting the effectiveness of deep neural networks in identifying evolving threats. Their adaptability to changing attack patterns is emphasized, underlining their importance for real-time security monitoring. In parallel, ensemble learning is explored, combining multiple models to improve overall detection accuracy and create a robust defense against a spectrum of cyber threats. The literature reviewed highlights the importance of behavioral analysis, with a novel approach that integrates user behaviour profiling with anomaly detection. This has proven effective in identifying suspicious activity within a network, particularly insider threats and stealthy attacks. Another behavioral framework using User and Entity Behavior Analytics (UEBA) is presented for enhanced anomaly detection, highlighting the importance of context-aware monitoring in improving threat detection accuracy. Collaborative defense mechanisms emerge as a major focus of the research papers reviewed, exploring the potential of sharing threat information between organisations to enhance collective security monitoring. Their findings underscore the importance of a collaborative approach to staying ahead of rapidly evolving cyber threats. Some types of cyber-attacks are also analysed in the context of a security operations centre (SOC) monitoring environment using a security information and event management (SIEM) tool - Splunk. In conclusion, this survey paper synthesizes recent advances in cyber threat detection methods in security monitoring that integrate machine learning, behavioral analysis, and collaborative defense strategies. As cyber threats continue to evolve, these novel methods provide valuable insights for researchers, practitioners, and organisations seeking to strengthen their cybersecurity defenses. This concise overview emphasises the multi-dimensional approach required to secure digital ecosystems, providing a concise yet comprehensive guide to modern cyber threat detection strategies.

A Review of IoMT Security and Privacy related Frameworks

The Internet of Medical Things (IoMT) integrates smart connectivity with healthcare, improving services but imposing cybersecurity and privacy concerns. Frameworks (such as EMRI, SaYo-Pillow, HL7, FHIR, HIMSS) and regulations (such as EU MDR) are in existence but need regular reviewing for enhancement. A crucial requirement to ensure assuring the security and privacy of the IoMT ecosystem is acceptable, standardized frameworks with effective mechanisms, regulations, and policies. The paper reviews recent IoMT frameworks, architectures, standards, and regulations, analysing deployed and proposed systems with the aim of identifying research areas to improve the realm of IoMT security and privacy. The paper assesses security and data privacy in healthcare through case studies by comparing attributes and discussing benefits and limitations. The analysis extends to geographic scopes that adopt these frameworks. Furthermore, it explores emerging technologies (such as using blockchain) in securing IoMT within specific frameworks. IoMT ecosystems faces significant security and privacy challenges due to inherent complexities, leading to evolving cyber threats. The vulnerabilities expose medical devices and patient data, risking patient safety and scrutinizing reputations of healthcare institutions. Despite promising technologies, the lack of tailored security measures, guidelines, and policies, coupled with adoption barriers, contributes to these concerns. There is a crucial need to develop specific research, standards, and policies for ensuring cybersecurity and data privacy in the IoMT. Collaboration among healthcare, government, and technology stakeholders is essential to establish effective regulations and best practices. The vulnerability of the healthcare sector, attributed to legacy devices and disjointed data systems, emphasizes the necessity for robust security risk assessment models to address challenges imposed within the rapidly evolving IoMT.

Enhancing Cybersecurity Posture through Dynamic Vulnerability Matching and Threat Intelligence Integration Precious

As the digital landscape continues to evolve, organizations face increasingly sophisticated cyber threats that challenge traditional cybersecurity measures. In response, this paper proposes a novel approach to bolstering cybersecurity posture by integrating dynamic vulnerability matching and threat intelligence. The proposed framework combines proactive identification of vulnerabilities within an organization's network with real-time threat intelligence feeds. Leveraging advanced analytics and machine learning algorithms, the system dynamically matches vulnerabilities to relevant threat intelligence, allowing for prioritized remediation efforts. This dynamic matching ensures that resources are allocated efficiently, focusing on mitigating the most imminent threats to the organization's security. Furthermore, the integration of threat intelligence enriches the vulnerability management process by providing contextual information about emerging threats, attack vectors, and adversary tactics. This contextual awareness enables organizations to anticipate and proactively defend against potential cyber attacks, thereby reducing the window of vulnerability and minimizing the impact of security breaches. Through empirical evaluation and case studies, we demonstrate the efficacy of the proposed framework in enhancing cybersecurity posture across diverse organizational environments. By empowering organizations to adaptively respond to evolving cyber threats, this approach enables them to stay ahead of adversaries and effectively safeguard their critical assets and data.

A Stakeholder Needs Analysis in Cybersecurity: A Systemic Approach to Enhancing Digital Infrastructure Resilience

The escalating complexity and sophistication of cyber threats necessitate advanced solutions that not only counteract these threats but also proactively adapt to the evolving needs of diverse stakeholders involved in digital infrastructures, such as telecom operators, cloud service providers, and end-users in sectors like healthcare and finance. This research addresses a crucial gap by focusing on a systemic, AI-powered approach to stakeholder needs analysis in cybersecurity. By aligning closely with stakeholder requirements, the proposed framework aims to offer dynamic, responsive cybersecurity solutions that enhance the resilience of digital infrastructures against evolving cyber threats. This research systematically maps the landscape of stakeholder needs in cybersecurity across different sectors through qualitative methods like interviews and focus groups, supplemented by data from the CyberSecDome project’s pilot cases and open calls. Requirements for an AI-driven framework are then formulated based on these data to identify patterns and predict stakeholder needs. The analysis reveals critical challenges faced by stakeholders, including limited threat intelligence sharing, insufficient automation in incident response, and regulatory hurdles related to data protection laws and evolving cybersecurity legislation. There is a strong interest in leveraging AI for enhanced intrusion detection, real-time threat intelligence sharing, and privacy-preserving information exchange.

Enhancing Cybersecurity in Smart Manufacturing: A Comprehensive Approach

The industry 4.0 defines a new era of much efficient and intelligent manufacturing processes that works in integration with other advanced technologies like AI, Big data, Block chain, etc. The smart manufacturing industry has remarkably evolved due to integration of advanced technologies like cyber-physical systems (CPS), Internet of Things (IoT), digital twins that makes up a highly connected infrastructure where data flows in real time. However, the involvement of these technologies has also significantly increased the exposure of manufacturing industry to the cyber threats. This article investigates several security challenges and major threats that are associated with the manufacturing industry. It evaluates various security implementations including digital twins, machine learning, and block chain based on their effectiveness, scalability, and feasibility in terms of security. Through a comprehensive literature review, case study analysis of notable cyberattacks and qualitative exploratory methods, this study explores the best line of defence against the cyber threats. Our findings highlight the critical role of robust and adaptive multiple line of defense mechanisms in mitigating cyber risks. The research concludes by emphasizing the need for an effective security strategy that combines advanced technological solutions with continuous employee education and proactive threat management to safeguard smart manufacturing processes against evolving cyber threats.