Ethical Implications of Security Vulnerability Research for Critical Infrastructure Protection

Nweke, Livinus Obiora; Wolthusen, Stephen D.

doi:10.30844/wi_2020_z4-paper2

Cited by 4 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, it has been observed in [8] that practising law involves anticipating how and what a judge might decide when presented with an issue, but ethics appears as a superior and stable reference to which laws can refer to. Thus, we presented in [21] the ethical implications of security vulnerability research for CIP. The result of this study shows that a security researcher could rely on the three different normative ethical frameworks to reason about the best course of action during security vulnerability research for CIP.…”

Section: Discussionmentioning

confidence: 99%

A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda

Nweke

Wolthusen

2021

International Conference on Emerging Applications and Technologies for Industry 4.0 (EATI’2020)

Self Cite

View full text Add to dashboard Cite

Critical infrastructure is an asset or a system that is essential for the maintenance of vital societal functions. The protection of such an infrastructure requires more than a technical understanding of the underlying issues; it also needs an understanding of the organisational aspects. Although there are several standards and guidelines for the protection of critical infrastructure, they are usually vague and do not offer practical solutions. In this paper, we describe a 'work in progress' holistic approach for enhancing critical infrastructure protection. First, we introduce the theoretical background of this study. Then, based on this theoretical foundation, we propose a holistic approach which takes into account both organisational and technical measures. In addition, we provide a synopsis of our research outcomes so far and our ongoing work towards enhancing critical infrastructure protection.

show abstract

Section: Discussionmentioning

confidence: 99%

A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda

Nweke

Wolthusen

2021

International Conference on Emerging Applications and Technologies for Industry 4.0 (EATI’2020)

Self Cite

View full text Add to dashboard Cite

show abstract

“…These generic ethical frameworks have some drawbacks. They fail to offer a clear decision-making process when confronted with an ethical issue: absence of shared community values, lack of consensus on enforcement and limited individual expertise (Nweke and Wolthusen, 2020).…”

Section: Related Workmentioning

confidence: 99%

Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure

Nygård,

Katsikas

2024

ICS

View full text Add to dashboard Cite

Purpose This paper aims to discuss the ethical aspects of hardware reverse engineering (HRE) and propose an ethical framework for HRE when used to mitigate cyber risks of the digital supply chain of critical infrastructure operators. Design/methodology/approach A thorough review and analysis of existing relevant literature was performed to establish the current state of knowledge in the field. Ethical frameworks proposed for other areas/disciplines and identified pertinent ethical principles have been used to inform the proposed framework’s development. Findings The proposed framework provides actionable guidance to security professionals engaged with such activities to support them in assessing whether an HRE project conforms to ethical principles. Recommendations on action needed to complement the framework are also proposed. According to the proposed framework, reverse engineering is neither unethical nor illegal if performed honourably. Collaboration with vendors and suppliers at an industry-wide level is critical for appropriately endorsing the proposed framework. Originality/value To the best of the authors’ knowledge, no ethical framework currently guides cybersecurity research, far less of cybersecurity vulnerability research and reverse engineering.

show abstract

“…Safety is not only a requirement of rail transport, but it is a pillar ([1], [26], [27]), and interlocking is the core of railway signaling on which the guarantee of safe train movement is based. So, respecting the requirement of security leads our system to be in compliance with CENELEC Standards [7], and IEC 62443 Standards; especially IEC 62443-3-3 Chapter related to systems to ensure a secure execution of interlocking functionalities and exchange between interlocking and with other applications.…”

Section: Security Of Soa Interfacesmentioning

confidence: 99%

Services interfaces for interoperability of signaling computer interlocking on borders

Abourahim

Eleuldj

Amghar

2023

IJECE

View full text Add to dashboard Cite

<p>Technological developments in the field of railway signaling have allowed more and more flexibility in the management of rail traffic, especially with computer interlocking. However, differences in signaling principles from one country to another as well as differences in the structure of interlocking software and communication protocols depending on suppliers lead to interoperability difficulties at the borders between computer interlocking. Some deployed projects deal with interoperability issues regarding the communication of signaling information between the train and interlocking like the European rail traffic management system (ERTMS) project. Unfortunately, the interoperability between interlocking themselves is still not achieved. Some deployed projects deal with interoperability issues regarding the communication of signaling information between the train and interlocking like the ERTMS project. Unfortunately, the interoperability between interlocking themselves is still not achieved. This article draws up a proposed model for interfacing at the interlocking boundaries based on service-oriented architecture (SOA). In addition, to ensure the coupling of SOA services to the internal functions of the signaling computer interlocking, a distributed architecture of programmable logic controller according to the IEC 61499 standard is suggested.</p>

show abstract

Ethical Implications of Security Vulnerability Research for Critical Infrastructure Protection

Cited by 4 publications

References 10 publications

A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda

A Holistic Approach for Enhancing Critical Infrastructure Protection: Research Agenda

Ethical hardware reverse engineering for securing the digital supply chain in critical infrastructure

Services interfaces for interoperability of signaling computer interlocking on borders

Contact Info

Product

Resources

About