|
Aarland, M., Radianti, J., & Gjøsæter, T. (2023). Using System Dynamics to Simulate Trust in Digital Supply Chains. In Jaziar Radianti, Ioannis Dokas, Nicolas Lalone, & Deepak Khazanchi (Eds.), Proceedings of the 20th International ISCRAM Conference (pp. 516–529). Omaha, USA: University of Nebraska at Omaha.
Abstract: The power industry is outsourcing and digitalising their services to provide better, faster, and more reliable supply of electric power to the society. As a result, critical infrastructure increases in complexity and tight couplings between multiple suppliers and systems in digital supply chains. It also introduces new risks and challenges that are difficult to manage for critical infrastructure owners. To address the vulnerability in digital supply chains, we have developed a system dynamics model that represent important challenges to manage cybersecurity in digital supply chains, based on input from an expert group in the power industry. The system dynamics model illustrates how trust in suppliers as well as the need for control play important roles in outsourcing. Scenarios were developed and simulated.
|
|
|
Harrasi, A. A., Grispos, G., & Gandhi, R. (2023). Using Cybersecurity Testbeds to Evaluate (In)Secure Structural Health Monitoring Systems. In Jaziar Radianti, Ioannis Dokas, Nicolas Lalone, & Deepak Khazanchi (Eds.), Proceedings of the 20th International ISCRAM Conference (pp. 902–908). Omaha, USA: University of Nebraska at Omaha.
Abstract: An increasing amount of technology is being integrated into bridges and other structures, such as dams and buildings, to proactively look for signs of deterioration or damage. These technologies are collectively known as structural health monitoring systems. While the benefits of integrating this technology are attractive, this integration is also creating an environment that is conducive to security vulnerabilities. While previous research has focused on the broader cybersecurity challenges associated with structural health monitoring systems, limited guidance is available for identifying specific security vulnerabilities in these systems and their implications for responding to security incidents. Hence, this paper presents CYBRBridge, a cybersecurity testbed that provides a sacrificial environment to assist in identifying and exploring vulnerabilities associated with structural health monitoring systems. This paper reports ongoing research efforts to develop the CYBRBridge testbed and initial results identifying vulnerabilities within the wireless components of a commercial structural health monitoring system
|
|
|
Janine S. Hiller, & Roberta S. Russell. (2015). Modalities for Cyber Security and Privacy Resilience: The NIST Approach. In L. Palen, M. Buscher, T. Comes, & A. Hughes (Eds.), ISCRAM 2015 Conference Proceedings ? 12th International Conference on Information Systems for Crisis Response and Management. Kristiansand, Norway: University of Agder (UiA).
Abstract: Cybersecurity was a major topic of discussion at the 2015 World Economic Forum in Davos – the Sony attack; huge data breaches at Target and Adobe; a 91% increase in targeted cyber-attacks; annual losses of over $400 billion; the exposure of 904 million personal data records; cyber-attacks on a Finnish bank, a South Korean credit bureau, a German factory?s industrial controls, and the Ukrainian government; as well as increased general anxiety over critical infrastructure exposure (Tobias 2014; WEC 2015). These incidents highlight the risks inherent in a world increasingly complex, interconnected, and cyber-based. Much like thinking in other fields of disaster and crisis management, creating an impenetrable boundary or eliminating cyber risk entirely has given way to building cyber resilience. Cyber resilience is a social, economic and national security issue. This paper examines one approach, the NIST Cybersecurity Framework, in terms of building resilience in both cybersecurity and privacy.
|
|