Facing Cyber-Physical Security Threats by PSIM-SIEM Integration

Frattini, Flavio; Giordano, Ugo; Conti, Vincenzo

doi:10.1109/edcc.2019.00026

Cited by 11 publications

(3 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fausto et al (2021) explored the integration of CPS logs into processes that review other typical information logs to detect cyber threats and physical anomalies. Frattini et al (2019) also researched a merging of log information by proposing a combination of security incident and event management and physical security incident management systems, finding that merging plant condition management software and IBM’s QRadar in test scenarios benefits security analysis in detecting attacks that target both physical and digital vulnerabilities. Razavi-Far et al (2021) note that missing information can reduce the effectiveness of classifying intrusion detections and outline approaches that can increase the accuracy of intrusion classifications by reducing missing scores in SCADA data.…”

Section: Prior Convergence Studiesmentioning

confidence: 99%

Organizational perspectives on converged security operations

Mattord,

Kotwica,

Whitman

et al. 2023

ICS

View full text Add to dashboard Cite

Purpose The purpose of this paper is to explore the current practices in security convergence among and between corporate security and cybersecurity processes in commercial enterprises. Design/methodology/approach This paper is the first phase in a planned multiphase project to better understand current practices in security optimization efforts being implemented by commercial organizations exploring means and methods to operate securely while reducing operating costs. The research questions being examined are: What are the general levels of interest in cybersecurity and corporate security convergence? How well do the perspectives on convergence align between organizations? To what extent are organizations pursuing convergence? and How are organizations achieving the anticipated outcomes from convergence? Findings In organizations, the evolution to a more optimized security structure, either merged or partnered, was traditionally due to unplanned or unforeseen events; e.g. a spin-off/acquisition, new security leadership or a negative security incident was the initiator. This is in contrast to a proactive management decision or formal plan to change or enhance the security structure for reasons that include reducing costs of operations and/or improving outcomes to reduce operational risks. The dominant exception was in response to regulatory requirements. Preliminary findings suggest that outcomes from converged organizations are not necessarily more optimized in situations that are organizationally merged under a single leader. Optimization may ultimately depend on the strength of relationships and openness to collaboration between management, cybersecurity and corporate security personnel. Research limitations/implications This report and the number of respondents to its survey do not support generalizable findings. There are too few in each category to make reliable predictions and in analysis, there was an insufficient quantity of responses in most categories to allow supportable conclusions to be drawn. Practical implications Practitioners may find useful contextual clues to their needs for convergence or in response to directives for convergence from this report on what is found in some other organizations. Social implications Improved effectiveness and/or reduced costs for organizational cybersecurity would be a useful social outcome as organizations become more efficient in the face of increasing levels of cyber security threats. Originality/value Convergence as a concept has been around for some time now in both the practice and research communities. It was initially promoted formally by ASIS International and ISACA in 2005. Yet there is no universally agreed-upon definition for the term or the practices undertaken to achieve it. In addition, the business drivers and practices undertaken to achieve it are still not fully understood. If convergence or optimization of converged operations offers a superior operational construct compared to other structures, it is incumbent to discover if there are measurable benefits. This research hopes to define the concept of security collaboration optimization more fully. The eventual goal is to develop and promote a tool useful for organizations to measure where they are on such a continuum.

show abstract

Section: Prior Convergence Studiesmentioning

confidence: 99%

Organizational perspectives on converged security operations

Mattord,

Kotwica,

Whitman

et al. 2023

ICS

View full text Add to dashboard Cite

show abstract

“…A framework for event collection and correlation that can process and analyze heterogeneous data through event pattern detectors-and integrate them into the open-source SIEM OSSIM-was proposed in [26]. The authors of [27] addressed the issue of physical security information management and security information and event management integration by using the IBM SIEM QRadar as a platform. The authors of [28] presented another framework, called synERGY, for cross-layer anomaly detection based on ML techniques, in order to enable the early discovery of both cyber and physical attacks that may impact the cyber-physical system.…”

Section: State-of-the-art On Siemmentioning

confidence: 99%

Toward the Integration of Cyber and Physical Security Monitoring Systems for Critical Infrastructures

Fausto

Gaggero

Patrone

et al. 2021

Sensors

View full text Add to dashboard Cite

Critical Infrastructures (CIs) are sensible targets. They could be physically damaged by natural or human actions, causing service disruptions, economic losses, and, in some extreme cases, harm to people. They, therefore, need a high level of protection against possible unintentional and intentional events. In this paper, we show a logical architecture that exploits information from both physical and cybersecurity systems to improve the overall security in a power plant scenario. We propose a Machine Learning (ML)-based anomaly detection approach to detect possible anomaly events by jointly correlating data related to both the physical and cyber domains. The performance evaluation showed encouraging results—obtained by different ML algorithms—which highlights how our proposed approach is able to detect possible abnormal situations that could not have been detected by using only information from either the physical or cyber domain.

show abstract

“…Appropriate countermeasures for critical incidents are facilitated by real-time information about affected devices, root causes and physical impact. As incidents can be caused by failure or attack against a variety of physical and digital devices, integrated monitoring of the cyber and physical domain is advantageous (Frattini et al, 2019). The problem is further complicated by new attack types or unseen physical failures, where no prior knowledge is available for event identification.…”

Section: Introductionmentioning

confidence: 99%