Engineering Commons^™

Assessing Risk In Iot Devices, David Levitsky

Master's Theses

The explosive growth of the Internet of Things ecosystem has thrust these devices into the center of our lives. Unfortunately, the desire to create these devices has been stronger than the one to secure them. Recent attacks have shown us ignoring security in Internet of Things devices can cause severe harm in both a digital and physical sense. This thesis outlines a framework for developers and managers to assess the risk of IoT devices using a weighted scoring system across five different categories. Our case studies suggest that devices with higher security considerations have a better security posture and lower …

Using Offline Activities To Enhance Online Cybersecurity Education, Sarah Padlipsky

Master's Theses

Since the beginning of the 21st century, the United States has experienced the impact of a technological revolution. One effect of this technological revolution is the creation of entirely new careers related to the field of technology, including cybersecurity. Continued growth in the cybersecurity industry means a greater number of jobs will be created, adding to the existing number of jobs that are challenging an under-educated and under-trained workforce. The goal of this thesis is to increase the effectiveness of cybersecurity education. This thesis studies whether an online course in cybersecurity can be enhanced by offline, in-person activities that mirror …

Correlating Easily And Unobtrusively Queried Computer Characteristics To Number And Severity Of Vulnerabilities, Jonathan M. Mercado

Theses and Dissertations

Cybersecurity has become a top-of-mind concern as the threat landscape expands and organizations continue to undergo digital transformation. As the industry confronts this growth, tools designed to evaluate the security posture of a network must improve to provide better value. Current agent-based and network scanning tools are resource intensive, expensive, and require thorough testing before implementation in order to ensure seamless integration. While surfacing specific vulnerability information is imperative to securing network assets, there are ways to predict the security status of a network without taking exact measurements. These methods may inform security professionals as to where the weakest points …

Hybrid Black-Box Solar Analytics And Their Privacy Implications, Dong Chen

Doctoral Dissertations

The aggregate solar capacity in the U.S. is rising rapidly due to continuing decreases in the cost of solar modules. For example, the installed cost per Watt (W) for residential photovoltaics (PVs) decreased by 6X from 2009 to 2018 (from $8/W to $1.2/W), resulting in the installed aggregate solar capacity increasing 128X from 2009 to 2018 (from 435 megawatts to 55.9 gigawatts). This increasing solar capacity is imposing operational challenges on utilities in balancing electricity's real-time supply and demand, as solar generation is more stochastic and less predictable than aggregate demand. To address this problem, both academia and utilities have …

A Nonlinear Systems Framework For Cyberattack Prevention For Chemical Process Control Systems, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Recent cyberattacks against industrial control systems highlight the criticality of preventing future attacks from disrupting plants economically or, more critically, from impacting plant safety. This work develops a nonlinear systems framework for understanding cyberattack-resilience of process and control designs and indicates through an analysis of three control designs how control laws can be inspected for this property. A chemical process example illustrates that control approaches intended for cyberattack prevention which seem intuitive are not cyberattack-resilient unless they meet the requirements of a nonlinear systems description of this property.

Aviation Cybersecurity: An Overview, Gary C. Kessler, J. Philip Craiger

National Training Aircraft Symposium (NTAS)

Information security—aka cybersecurity—is the most rapidly growing threat to critical infrastructures, including the aviation industry. Due to the plethora of digital devices, ubiquity of the Internet and other networks, and the rapid growth in the adoption of technology, everyone is an information system security manager. Every professional in the aviation and aeronautics industry use computers, mobile devices, tablets, GPS devices, and/or other hardware on a daily basis, as well as go online for a variety of reasons.

Attacks on information have been ongoing since the inception of the industry a hundred years ago, in such forms as intellectual property theft …

Suas: Cybersecurity Threats, Vulnerabilities, And Exploits, Philip Craiger, Gary Kessler, William Rose

National Training Aircraft Symposium (NTAS)

The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached …

State Measurement Spoofing Prevention Through Model Predictive Control Design, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Security of chemical process control systems against cyberattacks is critical due to the potential for injuries and loss of life when chemical process systems fail. A potential means by which process control systems may be attacked is through the manipulation of the measurements received by the controller. One approach for addressing this is to design controllers that make manipulating the measurements received by the controller in any meaningful fashion very difficult, making the controllers a less attractive target for a cyberattack of this type. In this work, we develop a model predictive control (MPC) implementation strategy that incorporates Lyapunov-based stability …

Survey Results On Adults And Cybersecurity Education, Frank Breitinger, Joseph Ricci, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link in the security chain. Therefore, this survey focused on analyzing the interest for adults for ‘cyber threat education seminars’, e.g., how to project themselves and their loved ones. Specifically, we asked questions to understand a possible audience, willingness for paying / time commitment, or fields of interest as well as background and previous training experience. The survey was conducted in late 2016 and taken by 233 participants. The results show that many are worried about cyber threats and about their children exploring …

A Framework And Exploration Of A Cybersecurity Education Escape Room, Justin Charles Snyder

Theses and Dissertations

This thesis presents a review of educational-escape-room literature followed by a design-oriented framework (the Snyder Escape Room Framework or SERF) and demonstrates the potential efficacy of escape-rooms in cybersecurity education. Several authors have proposed frameworks and guidelines for game and educational design regarding escape rooms. This work coalesces some of those ideas into a more substantial and comprehensive framework (SERF) that designers can use when developing educational escape rooms. The Snyder Escape Room Framework provides heuristics for goals and objectives, players, activities, context, trajectory design, and evaluation. Additionally, this work describes and analyzes the novel prototyped BYU GCC escape room …

Data Defenders, Madison Claire Cannon

Alumni Publications

No abstract provided.

User's Manual For Tardigrade Risk Assessment, Alexis M. Shook

University of New Orleans Theses and Dissertations

This user-guide provides instructions for operating Tardigrade 1.1.3, a cybersecurity software for Nollysoft, LLC. This guide instructs users step-by-step on how to set security controls, risk assessments, and administrative maintenance. Tardigrade 1.1.3 is a Risk Assessment Enterprise that evaluates the risk level of corporations and offers solutions to any security gaps within an organization. Tardigrade 1.1.3 is a role-based software that operates through three modules, Cybersecurity Assessment, Internal Control, and Security Requirement Traceability Matrix.

Ftc Regulating Cybersecurity Post Wyndham: An International Common Law Comparison On The Impact Of Regulation Of Cybersecurity, Andrew Z. R. Smith

Georgia Journal of International & Comparative Law

No abstract provided.

Autonomous Cars And The Anonymous Threat: The Immediate Need For Cybersecurity Legislation For Self-Driving Vehicles, Forrest Albiston

Brigham Young University Prelaw Review

This paper addresses the immediate need for cybersecurity regulations on self-driving cars. The focus of this paper is to discuss the urgency of these laws and put forth the SPY Car Act of 2017 as a solution with some edits. This Act will help ensure the safety of US citizens and will also benefit businesses.

Low Latency Intrusion Detection In Smart Grids, Israel Zairi Akingeneye

Graduate Theses and Dissertations

The transformation of traditional power grids into smart grids has seen more new technologies such as communication networks and smart meters (sensors) being integrated into the physical infrastructure of the power grids. However, these technologies pose new vulnerabilities to the cybersecurity of power grids as malicious attacks can be launched by adversaries to attack the smart meters and modify the measurement data collected by these meters. If not timely detected and removed, these attacks may lead to inaccurate system state estimation, which is critical to the system operators for control decisions such as economic dispatch and other related functions.

This …

Scada And Plc Systems Configuration For The Ncrept Test Facility, Arman Ahmed

Electrical Engineering Undergraduate Honors Theses

This thesis details the project to update the control and interface system of the National Center for Reliable Electric Power Transmission (NCREPT) testing facility. The need for this project arose from the 2017-2018 expansion of the facility, which included some modifications in the layout of electrical equipment used for testing purposes. These modifications necessitated the update of the control and interface system. Additionally, the old system was implemented a decade ago and is nearing obsolescence, so the facility’s expansion served as an opportune time for an upgrade.

There were two main parts to the scope of this project, which were …

Command Validation For Cybersecure Power Router, Isaac M. Kroger

Electrical Engineering Undergraduate Honors Theses

For grid-connected homes equipped with solar panels, power electronics are necessary to manage and convert power between the solar panels, battery storage, grid, and residential load. A power router can be used to manage these power electronics and govern power generation, storage, and distribution within the household. This level of control makes power routers that do not employ cybersecurity a target for external attacks. The use of command validation is an effective way to prevent unauthorized commands from maliciously altering the state of a home’s power router. The purpose of this thesis is to describe the development of the command …

Cybersecurity Assessment And Mitigation Stochastic Model, Matthew W. Davis

Theses and Dissertations

With numerous cybersecurity incidents and vulnerability concerns in an increasingly contested cyber warfighting environment, the Department of Defense (DoD) has mandated cybersecurity assessment and authorization of all major weapon systems (MWS) before their use. In response to this direction, the Air Force Life Cycle Management Center (AFLCMC) created the Platform Information Technology Assessment and Authorization (PIT A&A) Process. Modeled after the NIST Risk Management Framework (RMF), this process applies a risk-based approach to cybersecurity with the goal of identifying risks and mitigating vulnerabilities in MWS. Within this work, a stochastic model of the PIT A&A Process is presented with an …

Conceptual Systems Security Analysis Aerial Refueling Case Study, Martin Trae Span Iii

Theses and Dissertations

In today’s highly interconnected and technology reliant environment, systems security is rapidly growing in importance to complex systems such as automobiles, airplanes, and defense-oriented weapon systems. While systems security analysis approaches are critical to improving the security of these advanced cyber-physical systems-of-systems, such approaches are often poorly understood and applied in ad hoc fashion. To address these gaps, first a study of key architectural analysis concepts and definitions is provided with an assessment of their applicability towards complex cyber-physical systems. From this initial work, a definition of cybersecurity architectural analysis for cyber-physical systems is proposed. Next, the System Theory Theoretic …

Information Technology News, Georgia Southern University

Information Technology News (2012-2023)

• Georgia Southern ranked No. 8 on the 2018 Military Times 10 Best Cybersecurity Programs list

Employing A User-Centered Design Process For Cybersecurity Awareness In The Power Grid, Jean C. Scholtz, Lyndsey Franklin, Aditya Ashok, Katya Leblanc, Christopher Bonebrake, Eric Andersen, Michael Cassiadoro

Journal of Human Performance in Extreme Environments

In this paper, we discuss the process we are using in the design and implementation of a tool to improve the situation awareness of cyberattacks in the power grid. We provide details of the steps we have taken to date and describe the steps that still need to be accomplished. The focus of this work is to provide situation awareness of the power grid to staff from different, non-overlapping roles in an electrical transmission organization in order to facilitate an understanding of a possible occurrence of a cyberattack. Our approach follows a user-centered design process and includes determining the types …

Perceptions Of Female Cybersecurity Professionals Toward Factors That Encourage Females To The Cybersecurity Field, Kembley Kay Lingelbach

CCE Theses and Dissertations

Despite multiple national, educational, and industry initiatives, women continue to be underrepresented in the cybersecurity field. Only 11% of cybersecurity professionals, globally, are female. This contributes to the growing overall shortage of workers in the field. This research addressed the significant underrepresentation of females in the cybersecurity workforce. There are many practitioner and industry studies that suggest self-efficacy, discrimination and organizational culture play important roles in the low rate of women in the cybersecurity field. A limited number of scholarly studies identify causal factors; however, there is not a general consensus or framework to explain the problem thoroughly. Moreover, there …

Ransomware Behavioural Analysis On Windows Platforms, Nikolai Hampton, Zubair A. Baig, Sherali Zeadally

Research outputs 2014 to 2021

Ransomware infections have grown exponentially during the recent past to cause major disruption in operations across a range of industries including the government. Through this research, we present an analysis of 14 strains of ransomware that infect Windows platforms, and we do a comparison of Windows Application Programming Interface (API) calls made through ransomware processes with baselines of normal operating system behaviour. The study identifies and reports salient features of ransomware as referred through the frequencies of API calls

Cyber Security And Risk Society: Estonian Discourse On Cyber Risk And Security Strategy, Lauren Kook

Copyright, Fair Use, Scholarly Communication, etc.

The main aim of this thesis is to call for a new analysis of cyber security which departs from the traditional security theory. I argue that the cyber domain is inherently different in nature, in that it is lacking in traditional boundaries and is reflexive in nature. Policy-makers are aware of these characteristics, and in turn this awareness changes the way that national cyber security strategy is handled and understood. These changes cannot be adequately understood through traditional understanding of security, as they often are, without missing significant details. Rather, examining these changes through the lens of Ulrich Beck’s risk …

Malware Analysis Skills Taught In University Courses, Swetha Gorugantu

Browse all Theses and Dissertations

Career opportunities for malware analysts are growing at a fast pace due to the evolving nature of cyber threats as well as the necessity to counter them. However, employers are often unable to hire analysts fast though due to a lack of the required skillset. Hence, the primary purpose of the thesis is to conduct a gap analysis between the binary analysis skills taught in universities with those that the recruiters are looking for. Malware can be analyzed using three main types of tools and techniques: high-level profiling, static analysis, and dynamic analysis. These methods provide detailed information about the …