Harrasi, A. A., Grispos, G., & Gandhi, R. (2023). Using Cybersecurity Testbeds to Evaluate (In)Secure Structural Health Monitoring Systems. In Jaziar Radianti, Ioannis Dokas, Nicolas Lalone, & Deepak Khazanchi (Eds.), Proceedings of the 20th International ISCRAM Conference (pp. 902–908). Omaha, USA: University of Nebraska at Omaha.
Abstract: An increasing amount of technology is being integrated into bridges and other structures, such as dams and buildings, to proactively look for signs of deterioration or damage. These technologies are collectively known as structural health monitoring systems. While the benefits of integrating this technology are attractive, this integration is also creating an environment that is conducive to security vulnerabilities. While previous research has focused on the broader cybersecurity challenges associated with structural health monitoring systems, limited guidance is available for identifying specific security vulnerabilities in these systems and their implications for responding to security incidents. Hence, this paper presents CYBRBridge, a cybersecurity testbed that provides a sacrificial environment to assist in identifying and exploring vulnerabilities associated with structural health monitoring systems. This paper reports ongoing research efforts to develop the CYBRBridge testbed and initial results identifying vulnerabilities within the wireless components of a commercial structural health monitoring system
|
|
Aarland, M., Radianti, J., & Gjøsæter, T. (2023). Using System Dynamics to Simulate Trust in Digital Supply Chains. In Jaziar Radianti, Ioannis Dokas, Nicolas Lalone, & Deepak Khazanchi (Eds.), Proceedings of the 20th International ISCRAM Conference (pp. 516–529). Omaha, USA: University of Nebraska at Omaha.
Abstract: The power industry is outsourcing and digitalising their services to provide better, faster, and more reliable supply of electric power to the society. As a result, critical infrastructure increases in complexity and tight couplings between multiple suppliers and systems in digital supply chains. It also introduces new risks and challenges that are difficult to manage for critical infrastructure owners. To address the vulnerability in digital supply chains, we have developed a system dynamics model that represent important challenges to manage cybersecurity in digital supply chains, based on input from an expert group in the power industry. The system dynamics model illustrates how trust in suppliers as well as the need for control play important roles in outsourcing. Scenarios were developed and simulated.
|
|
Emir Dervisevic, & Miralem Mehic. (2021). Overview of Quantum Key Distribution Technique within IPsec Architecture. In Anouck Adrot, Rob Grace, Kathleen Moore, & Christopher W. Zobel (Eds.), ISCRAM 2021 Conference Proceedings – 18th International Conference on Information Systems for Crisis Response and Management (pp. 391–403). Blacksburg, VA (USA): Virginia Tech.
Abstract: Quantum key distribution (QKD) is a method for secret key distribution which is secure against any future computational threat. In this paper we give an overview of existing solutions that integrate QKD method within the most popular architecture for establishing secure communication in modern IP (Internet Protocol) networks – IPsec (Internet Protocol security). The provided overview can be used to further design the integration of QKD within IPsec architecture striving for a standardized solution.
|
|
Ivar Svare Holand, Peter Mozelius, & Trond Olav Skevik. (2021). A structured and dynamic model for emergency management exercises. In Anouck Adrot, Rob Grace, Kathleen Moore, & Christopher W. Zobel (Eds.), ISCRAM 2021 Conference Proceedings – 18th International Conference on Information Systems for Crisis Response and Management (pp. 186–197). Blacksburg, VA (USA): Virginia Tech.
Abstract: Emergencies are management challenges, and emergency exercises that involve multiple collaborating parties is a means towards mastering them. Such exercises are often conducted in a virtual training environment based on complex disaster scenarios. The reported study was carried out using a requirement-focused design approach. The aim was to describe and discuss a relevant design for lean, dynamic, and cost-efficient emergency management exercise systems. Data were gathered from a literature study and analyses of earlier emergency management projects in which the authors had participated. Despite the complexity of many current emergency management exercises, the scenarios usually involve only the response phases and have a linear structure that hinders both didactic aspects and the software structure. The conclusion drawn from the study is that an emergency management exercise model should focus on managing the activities that correspond to alternatives that unfold from a dynamic scenario. Finally, the authors recommend the principles of alternate reality games as a way towards more dynamic and cost-efficient emergency exercise systems.
|
|
Daniel Lichte, Dustin Witte, & Kai-Dietrich Wolf. (2020). Comprehensive Security Hazard Analysis for Transmission Systems. In Amanda Hughes, Fiona McNeill, & Christopher W. Zobel (Eds.), ISCRAM 2020 Conference Proceedings – 17th International Conference on Information Systems for Crisis Response and Management (pp. 1145–1153). Blacksburg, VA (USA): Virginia Tech.
Abstract: Critical energy infrastructures are more and more focused upon by politics and society. Modern society depends on these structures, since they enable the steady support of electricity and other types of energy. Deliberately precipitated hazards of certain critical parts of electrical transmission systems (ETS) can lead to catastrophic consequences. Therefore, the analysis of feasible security hazards and resulting consequences for the operation of transmission systems are a concern to transmission system operators (TSO). Alas, there is no common method available that comprehensively identifies these feasible security related scenarios and classifies them according to their overall criticality for the safe operation of the ETS. To tackle this challenge, we propose a comprehensive, yet easy-to-apply method to systematically identify and assess the criticality of security threat scenarios. It is conducted in four steps and consists of a matrix based consistency check of threat scenarios in a defined solution space and a convenient semi-quantitative assessment of a risk factor for the ETS. The approach is illustrated by the simplified generic example of an EETS.
|
|