Information Security Compliance over Intelligent Transport Systems: Is IT Possible?

Dellios, Kleanthis; Papanikas, Dimitrios; Polemi, Despina

doi:10.1109/msp.2015.59

Cited by 16 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Many of the cybersecurity tools and techniques, processes and procedures to identify and assess security vulnerabilities have been developed over the years (Dellios et al , 2015). Some of these are defined in familiar information and cyber security frameworks, standards and guidelines, such as COBIT and ISO 27001 (Baskerville et al , 2014).…”

Section: Critical Infrastructure Cybersecuritymentioning

confidence: 99%

Cybersecurity capabilities for critical infrastructure resilience

Malatji

Solms

2021

ICS

View full text Add to dashboard Cite

Purpose For many innovative organisations, Industry 4.0 paves the way for significant operational efficiencies, quality of goods and services and cost reductions. One of the ways to realise these benefits is to embark on digital transformation initiatives that may be summed up as the intelligent interconnectivity of people, processes, data and cyber-connected things. Sadly, this interconnectivity between the enterprise information technology (IT) and industrial control systems (ICS) environment introduces new attack surfaces for critical infrastructure (CI) operators. As a result of the ICS cybersecurity risk introduced by the interconnectivity between the enterprise IT and ICS networks, the purpose of this study is to identify the cybersecurity capabilities that CI operators must have to attain good cybersecurity resilience. Design/methodology/approach A scoping literature review of best practice international CI protection frameworks, standards and guidelines were conducted. Similar cybersecurity practices from these frameworks, standards and guidelines were grouped together under a corresponding National Institute of Standards and Technology (NIST) cybersecurity framework (CF) practice. Practices that could not be categorised under any of the existing NIST CF practices were considered new insights, and therefore, additions. Findings A CI cybersecurity capability framework comprising 29 capability domains (cybersecurity focus areas) was developed as an adaptation of the NIST CF with an added dimension. This added dimension emphasises cloud computing and internet of things (IoT) security. Each of the 29 cybersecurity capability domains is executed through various capabilities (cybersecurity processes and procedures). The study found that each cybersecurity capability can further be operationalised by a set of cybersecurity controls derived from various frameworks, standards and guidelines, such as COBIT®, CIS®, ISA/IEC 62443, ISO/IEC 27002 and NIST Special Publication 800-53. Practical implications CI sectors are immediately able to adopt the CI cybersecurity capability framework to evaluate their levels of resilience against cyber-attacks, given new attack surfaces introduced by the interconnectivity of cyber-connected things between the enterprise and ICS levels. Originality/value The authors present an added dimension to the NIST framework for CI cyber protection. In addition to emphasising cryptography, IoT and cloud computing security aspects, this added dimension highlights the need for an integrated approach to CI cybersecurity resilience instead of a piecemeal approach.

show abstract

Section: Critical Infrastructure Cybersecuritymentioning

confidence: 99%

Cybersecurity capabilities for critical infrastructure resilience

Malatji

Solms

2021

ICS

View full text Add to dashboard Cite

show abstract

“…Nəqliyyat sistemində İKT-nin tətbiqi ilə reallaşdırılan bütün proseslər infrastruktur obyektləri, nəqliyyat vasitələri, bu sistemdə dövr edən informasiya, o cümlədən fiziki poçt məlumatları informasiya təhlükəsizliyinin obyektinə çevrilir [68].…”

Section: Nəqliyyat Sisteminin Təhlükəsizliyi Və Informasiya Təhlükəsiunclassified

İnformasi̇ya Təhlükəsi̇zli̇yi̇ Mi̇lli̇ Təhlükəsi̇zli̇yi̇n Mühüm Komponenti̇ Ki̇mi̇

Alguliyev¹,

İmamverdiyev²,

Mahmudov³

2020

JPIS

View full text Add to dashboard Cite

Məqalədə milli təhlükəsizliyin mahiyyətinə, məzmununa dair müxtəlif yanaşmalar araşdırılır. Milli təhlükəsizliyin vəzifələri, təmin olunması metodları şərh olunur. Milli təhlükəsizliyin obyekti olan həyati vacib maraqlar, müxtəlif sahələr təsnif edilir. Bu təsnifata uyğun olaraq milli təhlükəsizliyin ictimai-siyasi təhlükəsizlik, hərbi təhlükəsizlik, informasiya təhlükəsizliyi, qida təhlükəsizliyi, enerji təhlükəsizliyi, təhsil sisteminin təhlükəsizliyi, elmi-texnoloji təhlükəsizlik, səhiyyə sisteminin təhlükəsizliyi, nəqliyyat sisteminin təhlükəsizliyi, ekoloji təhlükəsizlik, KİV-in təhlükəsizliyi, mədəni-mənəvi təhlükəsizlik kimi komponentləri fərqləndirilir. İKT-nin inkişafı, informasiya təhlükəsizliyinin formalaşması ilə əlaqədar milli təhlükəsizlik sistemində informasiya cəmiyyətinin artan rolu və vəzifələri göstərilir. Həmçinin informasiya təhlükəsizliyi ilə milli təhlükəsizliyin digər komponentləri arasında qarşılıqlı münasibətlər analiz edilir. Hər bir milli təhlükəsizlik komponentində İKT-nin tətbiq sahələri, informasiya təhlükəsizliyi təhdidləri müəyyən edilir və onların aradan qaldırılması yolları göstərilir. İşin yerinə yetirilməsində analiz və sintez, müqayisə, ümumiləşdirmə, sistemli yanaşma metodlarından istifadə edilmişdir. Məqalədə əldə edilən nəticələr informasiya cəmiyyəti şəraitində milli təhlükəsizlik üzrə yeni konsepsiyaların, strategiyaların və digər normativ sənədlərin hazırlanması üçün istifadə edilə bilər.

show abstract

“…A more private solution for vehicle EDRs has recently been introduced in [64], exploiting the properties of timed release encryption. Unfortunately, this fragmented landscape extends even further since existing security standards, methodologies, and tools don't explicitly cover the rapidly developed automotive and ITS environment or address its specific requirements, as indicated by Dellios et al [24].…”

Section: Vehicle Securitymentioning

confidence: 99%

External Monitoring Changes in Vehicle Hardware Profiles: Enhancing Automotive Cyber-Security

et al. 2019

Self Cite

View full text Add to dashboard Cite

As the vehicles are gradually transformed into the connected-vehicles, standard features of the past (i.e. immobilizer, keyless entry, self-diagnostics) were neglected to be software updated and hardware upgraded so they do not "align" with the cyber-security demands of the new ICT era (IoT, Industry 4.0, IPv6, sensor technology) we have stepped into, therefore introducing critical legacy IT security issues. Stepping beyond the era of common autotheft and "chop-shops", the new wave of attackers have cyber-skills to exploit these vulnerabilities and steal the vehicle or manipulate it. Recent evolution in ICT offered automotive industry vital tools for vehicle safety, functionality and up to 2010, theft prevention. However, the same technologies are the ones that make vehicles prone to cyber-attacks. To counter such attacks, this work proposes a unified solution that logs all hardware profile changes of a vehicle in a blockchain, to manage control and allow only authenticated changes, subject to user, time, geospatial and contextual constraints exploiting several blockchain features. Testing of the proposed solution omens the prevention of numerous commons attacks, while additionally provides forensics capabilities and significantly enhancing the security architecture of the vehicle (respecting the original IT architectural design of automotive manufacturers).

show abstract

Information Security Compliance over Intelligent Transport Systems: Is IT Possible?

Cited by 16 publications

References 9 publications

Cybersecurity capabilities for critical infrastructure resilience

Cybersecurity capabilities for critical infrastructure resilience

İnformasi̇ya Təhlükəsi̇zli̇yi̇ Mi̇lli̇ Təhlükəsi̇zli̇yi̇n Mühüm Komponenti̇ Ki̇mi̇

External Monitoring Changes in Vehicle Hardware Profiles: Enhancing Automotive Cyber-Security

Contact Info

Product

Resources

About