| 1. |
- Atif, Yacine, 1967-, et al.
(author)
-
Cyber-Threat Intelligence Architecture for Smart-Grid Critical Infrastructures Protection
- 2017
-
Conference paper (peer-reviewed)abstract
- Critical infrastructures (CIs) are becoming increasingly sophisticated with embedded cyber-physical systems (CPSs) that provide managerial automation and autonomic controls. Yet these advances expose CI components to new cyber-threats, leading to a chain of dysfunctionalities with catastrophic socio-economical implications. We propose a comprehensive architectural model to support the development of incident management tools that provide situation-awareness and cyber-threats intelligence for CI protection, with a special focus on smart-grid CI. The goal is to unleash forensic data from CPS-based CIs to perform some predictive analytics. In doing so, we use some AI (Artificial Intelligence) paradigms for both data collection, threat detection, and cascade-effects prediction.
|
|
| 2. |
- Yano, Edgar Toshiro, et al.
(author)
-
A framework to support the development of Cyber Resiliency with Situational Awareness Capability
- 2015
-
In: 20th ICCRTS Proceedings. - : International Command and Control Institute.
-
Conference paper (peer-reviewed)abstract
- Cybersecurity success is essentially the result of an effective risk management process. However, this process is being challenged by the inherent complexity of systems, developed with vulnerable components and protocols, and the crescent sophistication of attackers, now backed by well-resourced criminal organizations and nations. With this scenario of uncertainties and high volume of events, it is essential the ability of cyber resiliency. Cyber resiliency is the ability of a system, organization, mission, or business process to anticipate, withstand, recover from, and adapt capabilities in the face of adversary conditions, stresses, or attacks on the cyber resources it needs to function. In the present work, it is presented a framework for cyber resiliency where a segmentation strategy and the Intrusion Kill Chain (IKC) attack model, developed by Lockheed-Martin, are central elements. Segmentation allows the construction of a layered defense, where the highest-priority assets are in the inner layers and the attackers are forced to surpass several layers to reach them. The IKC attack model is a model of seven phases that the attackers must perform to achieve their goals. Each segment is supposed to be designed with the best efforts to prevent, detect and contain an IKC. According to the Situational Awareness (SA) model of Endsley, the Level of Perception is achieved through sensors connected to the controls of prevention, detection and containment of IKC in different segments. The Level of Understanding is obtained by identifying the segments impacted by the attackers, and the Level of Projection by the identification of the next segments to be attacked and defense actions required to contain this advance. The use of the framework leads to the development of a structured set of defense mechanisms, and supports the development of SA capability to allow defenders to make correct decisions in order to maintain the mission even under a heavy attack
|
|
