Information Security Commons^™

Countering Cybersecurity Vulnerabilities In The Power System, Fengli Zhang

Graduate Theses and Dissertations

Security vulnerabilities in software pose an important threat to power grid security, which can be exploited by attackers if not properly addressed. Every month, many vulnerabilities are discovered and all the vulnerabilities must be remediated in a timely manner to reduce the chance of being exploited by attackers. In current practice, security operators have to manually analyze each vulnerability present in their assets and determine the remediation actions in a short time period, which involves a tremendous amount of human resources for electric utilities. To solve this problem, we propose a machine learning-based automation framework to automate vulnerability analysis and …

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan

Theses and Dissertations

Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …

Cybersecurity Education In Utah High Schools: An Analysis And Strategy For Teacher Adoption, Cariana June Cornel

Theses and Dissertations

The IT Education Specialist for the USBE, Brandon Jacobson, stated:I feel there is a deficiency of and therefore a need to teach Cybersecurity.Cybersecurity is the “activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation” (NICE, 2018). Practicing cybersecurity can increase awareness of cybersecurity issues, such as theft of sensitive information. Current efforts, including but not limited to, cybersecurity camps, competitions, college courses, and conferences, have been created to better prepare cyber citizens nationwide for such cybersecurity occurrences. In …

Process/Equipment Design Implications For Control System Cybersecurity, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

An emerging challenge for process safety is process control system cybersecurity. An attacker could gain control of the process actuators through the control system or communication policies within control loops and potentially drive the process state to unsafe conditions. Cybersecurity has traditionally been handled as an information technology (IT) problem in the process industries. In the literature for cybersecurity specifically of control systems, there has been work aimed at developing control designs that seek to fight cyberattacks by either giving the system appropriate response mechanisms once attacks are detected or seeking to make the attacks difficult to perform. In this …

The Chilling Effect Of Enforcement Of Computer Misuse: Evidences From Online Hacker Forums, Qiu-Hong Wang, Rui-Bin Geng, Seung Hyun Kim

Research Collection School Of Computing and Information Systems

To reduce the availability of hacking tools for violators in committing cybersecurity offences, many countries have enacted the legislation to criminalize the production, distribution and possession of computer misuse tools with offensive intent. However, the dual-use nature of cybersecurity technology increases the difficulty in the legal process to recognize computer misuse tools and predict their harmful outcome, which leads to unintended impacts of the enforcement on the provision of techniques valuable for information security defence. Leveraging an external shock in online hacker forums, this study examines the potential impacts of the enforcement of computer misuse on users' contribution to information …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

A Design Case: Assessing The Functional Needs For A Multi-Faceted Cybersecurity Learning Space, Charles J. Lesko Jr.

Journal of Cybersecurity Education, Research and Practice

Following a multi-year effort that developed not only a detailed list of functional requirements but also the preliminary physical and logical design layouts, the concept for a multi-faceted cybersecurity center was approved and the physical, as well as, additional infrastructure space was subsequently allocated. This effort briefly describes the structure and scope of the current cybersecurity program being supported and then draws out the functional requirements that were identified for the center based on the needs of the institution’s cybersecurity program. It also highlights the physical and logical design specifications of the center, as well as, the many external program …

Information Privacy: Not Just Gdpr, Danilo Bruschi

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The "information rush" which is characterizing the current phase of the information age calls for actions aimed at enforcing the citizens' right to privacy. Since the entire information life-cycle (collection, manipulation, storing) is now carried out by digital technologies, most of such actions consists of the adoption of severe measures (both organizational and technological) aimed at improving the security of computer systems, as in the case of the EU General Data Protection Regulation. Usually, data processors which comply with these requirements are exempted by any other duty. Unfortunately recent trends in the computer attack field show that even the adoption …

Cybersecurity For Critical Infrastructure: Addressing Threats And Vulnerabilities In Canada, Samuel A. Cohen

MSU Graduate Theses

The aim of this thesis is to assess the unique technical and policy-based cybersecurity challenges facing Canada’s critical infrastructure environment and to analyze how current government and industry practices are not equipped to remediate or offset associated strategic risks to the country. Further, the thesis also provides cases and evidence demonstrating that Canada’s critical infrastructure has been specifically targeted by foreign and domestic cyber threat actors to pressure the country’s economic, safety and national security interests. Essential services that Canadians and Canadian businesses rely on daily are intricately linked to the availability and integrity of vital infrastructure sectors, such as …

Analyzing And Estimating Cyberattack Trends By Performing Data Mining On A Cybersecurity Data Set, Chan Young Koh

Honors Program Theses and Projects

More than five billion personal information has been compromised over the past eight years through data breaches from notable companies, and the damage related to cybercrime is expected to reach six trillion USD annually by the year of 2021. Interestingly, recent cyberattacks were aimed specifically at credit agencies and companies that hold credit information of their customers and employees. The question is: “Why is it difficult to protect against or evade cyberattacks even for these prestigious companies?”. The purpose of this research is to bring the notion of notorious, rapidly-multiplying cyberthreats. Hence, the research focuses on analyzing cyberattack techniques and …

Cybersecurity In The Maritime Domain, Gary C. Kessler

Publications

In 2017 and 2018, the maritime industry saw a record number of attempted—and many successful—frauds via email, phishing, or other means. Demonstrated and actual attacks on vessel networks, communication systems, and navigation systems have become practically routine. Port and shipping line networks are increasingly vulnerable to what appears to be increasingly targeted attacks against maritime systems.

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Dissertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information. Such …

Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin

Theses and Dissertations

The United States Air Force and Department of Defense continues to rely on its total workforce to provide the first layer of protection against cyber intrusion. Prior research has shown that the workforce is not adequately educated to perform this task. As a result, DoD cybersecurity strategy now includes attempting to improve education and training on cyber-related concepts and technical skills to all users of DoD networks. This paper describes an experiment designed to understand the broad methods that non-expert users may use to educate themselves on how to perform technical tasks. Preliminary results informed subsequent experiments that directly compared …

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby

Theses and Dissertations

Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …

Suas: Cybersecurity Threats, Vulnerabilities, And Exploits, Philip Craiger, Gary Kessler, William Rose

J. Philip Craiger, Ph.D.

The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached …

The Benefits Of Artificial Intelligence In Cybersecurity, Ricardo Calderon

Economic Crime Forensics Capstones

Cyberthreats have increased extensively during the last decade. Cybercriminals have become more sophisticated. Current security controls are not enough to defend networks from the number of highly skilled cybercriminals. Cybercriminals have learned how to evade the most sophisticated tools, such as Intrusion Detection and Prevention Systems (IDPS), and botnets are almost invisible to current tools. Fortunately, the application of Artificial Intelligence (AI) may increase the detection rate of IDPS systems, and Machine Learning (ML) techniques are able to mine data to detect botnets’ sources. However, the implementation of AI may bring other risks, and cybersecurity experts need to find a …

An Evidence Based Cybersecurity Approach To Risk Management: Risk Management And "Market For Lemons", David Maimon

EBCS Presentations

No abstract provided.

Introducing The Global Data Privacy Prize, Fred H. Cate, Christopher Kuner, Orla Lynskey, Christopher Millard, Nora Ni Loideain, Dan Jerker B. Svantesson

Articles by Maurer Faculty

No abstract provided.

Investigating The Impact Of Publicly Announced Information Security Breaches On Corporate Risk Factor Disclosure Tendencies, Sandra J. Cereola, Joanna Dynowska

Journal of Cybersecurity Education, Research and Practice

As the reported number of data breaches increase and senators push for more disclosure regulation, the SEC staff issued a guidance in 2011 on disclosure obligations relating to cybersecurity risks and incidents. More recently, on February 26, 2018 the SEC Commission issued interpretive guidance to help assist public companies prepare disclosures regarding cybersecurity risks and incidents. As reported incidents of cybersecurity breaches occur, investors are concerned about the risks associated with these incidents and the impact they may have on financial performance. Although the SEC staff guidance warns public companies to make timely disclosure, recognizing the threat that cybercrime poses …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …