Development of a cyber security risk model using Bayesian networks

Shin, Jinsoo; Son, Han Seong; Ur, Rahman Khalil; Heo, Gyunyoung

doi:10.1016/j.ress.2014.10.006

Cited by 82 publications

(38 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In short, we find that ICT systems essentially consist of a layered ecosystem of technologies and hardware that have many security vulnerabilities whose source or number may be impossible to assess (e.g. Shin et al, 2015;Trippel et al, 2017). Under these circumstances, the state of cyber security can be described as being in a ''shameful state of unpreparedness'' (Arquilla, 2017, p. 10).…”

Section: The Problem Of Software For Iotmentioning

confidence: 99%

Mapping the Values of IoT

Nicolescu

Huth

Radanliev³

et al. 2018

Journal of Information Technology

View full text Add to dashboard Cite

We investigate the emerging meanings of ''value'' associated with the Internet of Things. Given the current political economy, we argue that the multiple meanings of ''value'' cannot be reduced to a single domain or discipline, but rather they are invariably articulated at the juxtaposition of three domains: social, economic, and technical. We analyse each of these domains and present domain challenges and cross-domain implications -drawing from an interdisciplinary literature review and gap analysis across sources from academia, business, and governments. We propose a functional model that aggregates these findings into a value-driven logic of the emerging global political economy enabled by digital technology in general and IoT in particular. These conceptual contributions highlight the critical need for an interdisciplinary understanding of the meaning of ''value'', so that IoT services and products will create and sustain such concurrent meanings during their entire lifecycle, from design to consumption and retirement or recycling.

show abstract

Section: The Problem Of Software For Iotmentioning

confidence: 99%

Mapping the Values of IoT

Nicolescu

Huth

Radanliev³

et al. 2018

Journal of Information Technology

View full text Add to dashboard Cite

show abstract

“…CPSs reliance on digitalization and remote control systems increases their exposure to cyber attacks to controllers, databases, networks and human-system interfaces, that can result in the loss of system integrity and/or functionality. Malicious activities can be manifested as Denial of Service (DoS) attacks [156,208,214], False Data Injection (FDI) attacks (e.g., packet/data modification) [111,128,179], network scan and sniffing attacks [156,182], integrity attacks (e.g., through malware contagion) [139,140] and, illegal command executions [172]. They can be initiated in the cyber domain through local or remote accesses, mimicking the components failures but isolating the connectivity between cyber and physical systems, leaving the physical process uncontrolled and possibly drifting towards severe consequences.…”

Section: Safety and Security Of Cyber-physical Systemsmentioning

confidence: 99%

The future of risk assessment

Zio

2018

Reliability Engineering & System Safety

265

116

View full text Add to dashboard Cite

A B S T R A C TRisk assessment must evolve for addressing the existing and future challenges, and considering the new systems and innovations that have already arrived in our lives and that are coming ahead. In this paper, I swing on the rapid changes and innovations that the World that we live in is experiencing, and analyze them with respect to the challenges that these pose to the field of risk assessment. Digitalization brings opportunities but with it comes also the complexity of cyber-phyiscal systems. Climate change and extreme natural events are increasingly threatening our infrastructures; terrorist and malevolent threats are posing severe concerns for the security of our systems and lives. These sources of hazard are extremely uncertain and, thus, difficult to describe and model quantitatively.Some research and development directions that are emerging are presented and discussed, also considering the ever increasing computational capabilities and data availability. These include the use of simulation for accident scenario identification and exploration, the extension of risk assessment into the framework of resilience and business continuity, the reliance on data for dynamic and condition monitoring-based risk assessment, the safety and security assessment of cyber-physical systems.The paper is not a research work and not exactly a review or a state of the art work, but rather it offers a lookout on risk assessment, open to consideration and discussion, as it cannot pretend to give an absolute point of view nor to be complete in the issues addressed (and the related literature referenced to).

show abstract

“…CPSs reliance on digitalization and remote control systems increases their exposure to cyber attacks to controllers, databases, networks and human-system interfaces, that can result in the loss of system integrity and/or functionality. Malicious activities can be manifested as Denial of Service (DoS) attacks (Zargar et al, 2013;Yuan et al, 2013;Rahman et al, 2016), False Data Injection (FDI) attacks (e.g., packet/data modification) (Liang et al, 2017;Tan et al, 2017;Mohammadpourfard et al, 2017), network scan & sniffing attacks (Trabelsi and Rahmani, 2005;Rahman et al, 2016), integrity attacks (e.g., through malware contagion) (Ntalampiras, 2015;Ntalampiras, 2016) and, illegal command executions (Shin et al, 2015). They can be initiated in the cyber domain through local or remote accesses, mimicking the components failures but isolating the connectivity between cyber and physical systems, leaving the physical process uncontrolled and possibly drifting towards severe consequences.…”

Section: Threatsmentioning

confidence: 99%

A Non-parametric Cumulative Sum Approach for Online Diagnostics of Cyber Attacks to Nuclear Power Plants

Wang

Maio

Zio

2019

Resilience of Cyber-Physical Systems

View full text Add to dashboard Cite

Failures and cyber attacks can both compromise the integrity of Cyber-Physical Systems (CPSs). Cyber attacks manifest themselves in the physical system and, can be misclassified as component failures, leading to wrong control actions and maintenance strategies. In this chapter, we illustrate the use of a non-parametric cumulative sum (NP-CUSUM) approach for online diagnostics of cyber attacks to CPSs. This allows for a prompt recognition of cyber attacks from component failures, and effective actions for CPSs protection. We apply the approach to the Advanced Leadcooled Fast Reactor European Demonstrator (ALFRED) and its digital Instrumentation and Control (I&C) system. For this, an object-oriented model previously developed is embedded within a Monte Carlo (MC) engine that allows injecting into the I&C system both components (stochastic) failures (such as sensor bias, drift, wider noise and freezing) and cyber attacks (such as Denial of Service (DoS) attacks mimicking component failures).

show abstract

Development of a cyber security risk model using Bayesian networks

Cited by 82 publications

References 14 publications

Mapping the Values of IoT

Mapping the Values of IoT

The future of risk assessment

A Non-parametric Cumulative Sum Approach for Online Diagnostics of Cyber Attacks to Nuclear Power Plants

Contact Info

Product

Resources

About