Engineering Commons^™

Cyber Attacks Against Industrial Control Systems, Adam Kardorff

LSU Master's Theses

Industrial Control Systems (ICS) are the foundation of our critical infrastructure, and allow for the manufacturing of the products we need. These systems monitor and control power plants, water treatment plants, manufacturing plants, and much more. The security of these systems is crucial to our everyday lives and to the safety of those working with ICS. In this thesis we examined how an attacker can take control of these systems using a power plant simulator in the Applied Cybersecurity Lab at LSU. Running experiments on a live environment can be costly and dangerous, so using a simulated environment is the …

Cybersecurity In Industrial Automation Lab Design For Ee 435, Jules Khalil Emile Hajjar, Emily Zhou

Electrical Engineering

This project involves the creation of an instructional laboratory aimed at teaching cybersecurity for industrial automation applications. Specifically tailored for Electrical Engineering students at Cal Poly, the experiment focuses on configuring the Modicon M580, a PLC from Schneider Electric, and serves to introduce students to relevant cybersecurity protocols and techniques. This project will be implemented into the EE435 (Industrial Power Control and Automation) course curriculum upon Cal Poly’s transition to the semester system.

Cybersecurity And Digital Privacy Aspects Of V2x In The Ev Charging Structure, Umit Cali, Murat Kuzlu, Onur Elma, Osman Gazi Gucluturk, Ahmet Kilic, Ferhat Ozgur Catak

Engineering Technology Faculty Publications

With the advancement of green energy technology and rising public and political acceptance, electric vehicles (EVs) have grown in popularity. Electric motors, batteries, and charging systems are considered major components of EVs. The electric power infrastructure has been designed to accommodate the needs of EVs, with an emphasis on bidirectional power flow to facilitate power exchange. Furthermore, the communication infrastructure has been enhanced to enable cars to communicate and exchange information with one another, also known as Vehicle-to-Everything (V2X) technology. V2X is positioned to become a bigger and smarter system in the future of transportation, thanks to upcoming digital technologies …

Cyber Resilience Analytics For Cyber-Physical Systems, Md Ariful Haque

Electrical & Computer Engineering Theses & Dissertations

Cyber-physical systems (CPSs) are complex systems that evolve from the integrations of components dealing with physical processes and real-time computations, along with networking. CPSs often incorporate approaches merging from different scientific fields such as embedded systems, control systems, operational technology, information technology systems (ITS), and cybernetics. Today critical infrastructures (CIs) (e.g., energy systems, electric grids, etc.) and other CPSs (e.g., manufacturing industries, autonomous transportation systems, etc.) are experiencing challenges in dealing with cyberattacks. Major cybersecurity concerns are rising around CPSs because of their ever-growing use of information technology based automation. Often the security concerns are limited to probability-based possible attack …

Supporting The Discovery, Reuse, And Validation Of Cybersecurity Requirements At The Early Stages Of The Software Development Lifecycle, Jessica Antonia Steinmann

Doctoral Dissertations and Master's Theses

The focus of this research is to develop an approach that enhances the elicitation and specification of reusable cybersecurity requirements. Cybersecurity has become a global concern as cyber-attacks are projected to cost damages totaling more than $10.5 trillion dollars by 2025. Cybersecurity requirements are more challenging to elicit than other requirements because they are nonfunctional requirements that requires cybersecurity expertise and knowledge of the proposed system. The goal of this research is to generate cybersecurity requirements based on knowledge acquired from requirements elicitation and analysis activities, to provide cybersecurity specifications without requiring the specialized knowledge of a cybersecurity expert, and …

Predictors Of Email Response: Determinants Of The Intention Of Not Following Security Recommendations, Miguel Angel Toro-Jarrin

Engineering Management & Systems Engineering Theses & Dissertations

Organizations and government leaders are concerned about cyber incidents. For some time, researchers have studied what motivates people to act in ways that put the confidentiality, integrity, and availability of information in organizations at risk. Still, several areas remained unexplored, including the role of employees’ evaluation of the organizational systems and the role of value orientation at work as precursors of secure and insecure actions in relation to information technologies (information security [IS] action). The objective of this research project was to examine how the evaluations of formal and informal security norms are associated with the intention to follow them …

Third Party Risk Management And Cyber Supply Chain Risk Management, Jerald Garner

Operations Management Presentations

Today’s business environment continues to be a challenge. Businesses whether small, or large leverage third-party vendors to provide critical services like data handling (security, transmitting, and storage), cloud storage/applications, and systems security monitoring.

Each business must ask themselves a few simple questions about one of their most valuable assets “Data”. If or when it leaves your secure working environment:

• How secure is your customer data in transit and storage?
• Do your third-party vendors handle your “critical information”?
  • Provide a secure environment for processing?
  • Comply with a proven Cyber Security Framework?
  • Perform a “Due Diligence” on-boarding step for the Nth vendors …

Network Intrusion Detection System Using Deep Learning, Lirim Ashiku, Cihan H. Dagli

Engineering Management and Systems Engineering Faculty Research & Creative Works

The widespread use of interconnectivity and interoperability of computing systems have become an indispensable necessity to enhance our daily activities. Simultaneously, it opens a path to exploitable vulnerabilities that go well beyond human control capability. The vulnerabilities deem cyber-security mechanisms essential to assume communication exchange. Secure communication requires security measures to combat the threats and needs advancements to security measures that counter evolving security threats. This paper proposes the use of deep learning architectures to develop an adaptive and resilient network intrusion detection system (IDS) to detect and classify network attacks. The emphasis is how deep learning or deep neural …

Cybersecurity Risk Assessment Using Graph Theoretical Anomaly Detection And Machine Learning, Goksel Kucukkaya

Engineering Management & Systems Engineering Theses & Dissertations

The cyber domain is a great business enabler providing many types of enterprises new opportunities such as scaling up services, obtaining customer insights, identifying end-user profiles, sharing data, and expanding to new communities. However, the cyber domain also comes with its own set of risks. Cybersecurity risk assessment helps enterprises explore these new opportunities and, at the same time, proportionately manage the risks by establishing cyber situational awareness and identifying potential consequences. Anomaly detection is a mechanism to enable situational awareness in the cyber domain. However, anomaly detection also requires one of the most extensive sets of data and features …

Authentication Schemes' Impact On Working Memory, Janine D. Mator

Psychology Theses & Dissertations

Authentication is the process by which a computing system validates a user’s identity. Although this process is necessary for system security, users view authentication as a frequent disruption to their primary tasks. During this disruption, primary task information must be actively maintained in working memory. As a result, primary task information stored in working memory is at risk of being lost or corrupted while users authenticate. For over two decades, researchers have focused on developing more memorable passwords by replacing alphanumeric text with visual graphics (Biddle et al., 2012). However, very little attention has been given to the impact authentication …

Digital Twin-Based Cooperative Control Techniques For Secure And Intelligent Operation Of Distributed Microgrids, Ahmed Aly Saad Ahmed

FIU Electronic Theses and Dissertations

Networked microgrids play a key role in constructing future active distribution networks for providing the power system with resiliency and reliability against catastrophic physical and cyber incidents. Motivated by the increasing penetration of renewable resources and energy storage systems in the distribution grids, utility companies are encouraged to unleash the capabilities of the distributed microgrid to work as virtual power plants that can support the power systems. The microgrids nature is transforming the grid and their control systems from centralized architecture into distributed architectures. The distributed networked microgrids introduced many benefits to the future smart grids, it created many challenges …

Strategies For Implementing Internet Of Things Devices In Manufacturing Environments, Todd Efrain Hernandez

Walden Dissertations and Doctoral Studies

The Internet of Things (IoT) has been exploited as a threat vector for cyberattacks in manufacturing environments. Manufacturing industry leaders are concerned with cyberattacks because of the associated costs of damages and lost production for their organizations. Grounded in the general systems theory, the purpose of this multiple case study was to explore strategies electrical controls engineers use to implement secure IoT devices in manufacturing environments. The study participants were eight electrical controls engineers working in three separate manufacturing facilities located in the Midwest region of the United States. The data were collected by semistructured interviews and 15 organizational documents. …

The Soft Skills Business Demands Of The Chief Information Security Officer, Richard Smit, Jeroen Van Yperen Hagedoorn, Patric Versteeg, Pascal Ravesteijn

Journal of International Technology and Information Management

While many researchers have investigated soft skills for different roles related to business, engineering, healthcare and others, the soft skills needed by the chief information security officer (CISO) in a leadership position are not studied in-depth. This paper describes a first study aimed at filling this gap.

In this multimethod research, both the business leaders perspective as well as an analysis of CISO job ads is studied. The methodology used to capture the business leaders perspective is via a Delphi study and the jobs adds are studied using a quantitative content analysis.

With an increasing threat to information security for …

Icts For Surveillance And Suppression: The Case Of The Indian Emergency 1975-1977, Ramesh Subramanian

Journal of International Technology and Information Management

Information and Communications technologies (ICT) pervade society. The Internet, wireless communication, and social media are ubiquitous in and indispensable in society today. As they continue to grow and mushroom, there are new and increased calls from various segments of the society such as technologists, activists, sociologists, and legal experts, who issue warnings on the more nefarious and undesirable uses of ICTs, especially by governments. In fact, government control and surveillance using ICTs is not a new phenomenon. By looking at history, we are able to see several instances when ICTs have been used by governments to control, surveil, and infringe …

Securing Photovoltaic (Pv) System Deployments With Data Diodes, Robert D. Larkin, Torrey J. Wagner, Barry E. Mullins

Faculty Publications

A survey of a typical photovoltaic (PV) system with and without the cybersecurity protections of a data diode is explored. This survey includes a brief overview of Industrial Control Systems (ICS) and their relationship to the Internet of Things (IoT), Industrial Internet of Things (IIoT), and Industry 4.0 terminology. The cybersecurity features of eight data diodes are compared, and the cyber attack surface, attack scenarios, and mitigations of a typical PV system are discussed. After assessing cybersecurity, the economic considerations to purchase a data diode are considered. At 13.19 cents/kWh, the sale of 227,445 kWh is needed to fund one …

Systemic Analysis Of The Use Of Artificial Intelligence (Ai) In Regulating Terrorist Content On Social Media Ecosystem Using Functional Dependency Network Analysis (Fdna), Alaina Roman, C. Ariel Pinto

OUR Journal: ODU Undergraduate Research Journal

This research is a systemic analysis of emerging risks to the use Artificial Intelligence (AI) in regulating terrorist content on social media ecosystems using Functional Dependency Network Analysis (FDNA), a proven system-design-and-analysis tool). The research has three phases: 1) framing the problem by identifying and describing AI ecosystem elements as intended, implied and explicit objectives, discernible attributes, and performance indictors; 2) describing the idealized problem-solved scenario, which includes detailing ‘success’ states of the ecosystem; and 3) systemic risk analysis including identifying failure scenarios for each element and establishing causalities among elemental attributes leading to failure scenarios. This research contributes toward …

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan

Theses and Dissertations

Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …

System Of Systems (Sos) Architecture For Digital Manufacturing Cybersecurity, Lirim Ashiku, Cihan H. Dagli

Engineering Management and Systems Engineering Faculty Research & Creative Works

Technology advancements of real time connectivity and computing powers has evolved the way people manage activities triggering heavy reliance on smart devices. This has reshaped the ability to memorize crucial information, instead accumulate the information into devices allowing real-time fingertip access when needed. Inability to access such information when needed is routinely assumed with device malfunctioning bypassing the probability of compromise, but what if the information is now being accessed by adversaries depriving the data-owner access to crucial information? Cyber manufacturing systems are not immune from these issues. It is possible to approach this problem as generating SoS meta-architecture. In …

A Framework And Exploration Of A Cybersecurity Education Escape Room, Justin Charles Snyder

Theses and Dissertations

This thesis presents a review of educational-escape-room literature followed by a design-oriented framework (the Snyder Escape Room Framework or SERF) and demonstrates the potential efficacy of escape-rooms in cybersecurity education. Several authors have proposed frameworks and guidelines for game and educational design regarding escape rooms. This work coalesces some of those ideas into a more substantial and comprehensive framework (SERF) that designers can use when developing educational escape rooms. The Snyder Escape Room Framework provides heuristics for goals and objectives, players, activities, context, trajectory design, and evaluation. Additionally, this work describes and analyzes the novel prototyped BYU GCC escape room …

Compliance In The Ether: Cloud Computing, Data Security And Business Regulation, J. Nicholas Hoover

Journal of Business & Technology Law

No abstract provided.