Physical Sciences and Mathematics Commons^™

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan

Theses and Dissertations

Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …

Countering Cybersecurity Vulnerabilities In The Power System, Fengli Zhang

Graduate Theses and Dissertations

Security vulnerabilities in software pose an important threat to power grid security, which can be exploited by attackers if not properly addressed. Every month, many vulnerabilities are discovered and all the vulnerabilities must be remediated in a timely manner to reduce the chance of being exploited by attackers. In current practice, security operators have to manually analyze each vulnerability present in their assets and determine the remediation actions in a short time period, which involves a tremendous amount of human resources for electric utilities. To solve this problem, we propose a machine learning-based automation framework to automate vulnerability analysis and …

Detecting Cyberattacks In Industrial Control Systems Using Online Learning Algorithms, Guangxia Li, Yulong Shen, Peilin Zhao, Xiao Lu, Jia Liu, Yangyang Liu, Steven C. H. Hoi

Research Collection School Of Computing and Information Systems

Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace-the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that …

Cybersecurity Issues In The Context Of Cryptographic Shuffling Algorithms And Concept Drift: Challenges And Solutions, Hatim Alsuwat

Theses and Dissertations

In this dissertation, we investigate and address two kinds of data integrity threats. We first study the limitations of secure cryptographic shuffling algorithms regarding preservation of data dependencies. We then study the limitations of machine learning models regarding concept drift detection. We propose solutions to address these threats.

Shuffling Algorithms have been used to protect the confidentiality of sensitive data. However, these algorithms may not preserve data dependencies, such as functional de- pendencies and data-driven associations. We present two solutions for addressing these shortcomings: (1) Functional dependencies preserving shuffle, and (2) Data-driven asso- ciations preserving shuffle. For preserving functional dependencies, …

Comparing Security Self-Efficacy Amongst College Freshmen And Senior, Female And Male Cybersecurity Students, Lane H. Melton

Doctoral Dissertations and Projects

This study sought to determine if there was a difference in the self-efficacy of freshman and senior, female and male Cybersecurity students relating to threats associated with various information systems. The design for this quantitative study was non-experimental, causal-comparative and known as group comparison used to determine if there was a causal relationship between variables. The method used to make that determination utilized a self-efficacy survey developed by Phelps (2005), to identify the independent variables specific level of self-efficacy. Research was conducted at a small, southern university with total of 33 participants. Each student was enrolled in the Computer Science …

Developing And Securing Software For Small Space Systems, Brandon L. Shirley

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

The space systems industry is moving towards smaller multi-vendor satellites, known as Small Space. This shift is driven by economic and technological factors that necessitate hardware and software components that are modular, reusable, and secure. This research addresses two problems associated with the development of modular, reusable, and secure space systems: developing software for space systems (the Development Problem) and securing space systems (the Security Problem). These two problems are interrelated and this research addresses them together.

The Development Problem encompasses challenges that space systems developers face as they try to address the constraints induced by reduced budgets, …

Cybersecurity Education In Utah High Schools: An Analysis And Strategy For Teacher Adoption, Cariana June Cornel

Theses and Dissertations

The IT Education Specialist for the USBE, Brandon Jacobson, stated:I feel there is a deficiency of and therefore a need to teach Cybersecurity.Cybersecurity is the “activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation” (NICE, 2018). Practicing cybersecurity can increase awareness of cybersecurity issues, such as theft of sensitive information. Current efforts, including but not limited to, cybersecurity camps, competitions, college courses, and conferences, have been created to better prepare cyber citizens nationwide for such cybersecurity occurrences. In …

Process/Equipment Design Implications For Control System Cybersecurity, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

An emerging challenge for process safety is process control system cybersecurity. An attacker could gain control of the process actuators through the control system or communication policies within control loops and potentially drive the process state to unsafe conditions. Cybersecurity has traditionally been handled as an information technology (IT) problem in the process industries. In the literature for cybersecurity specifically of control systems, there has been work aimed at developing control designs that seek to fight cyberattacks by either giving the system appropriate response mechanisms once attacks are detected or seeking to make the attacks difficult to perform. In this …

Securing The Human: Broadening Diversity In Cybersecurity, Mohammad Azhar, Sajal Bhatia, Greg Gagne, Chadi Kari, Joseph Maguire, Xenia Montrouidou, Liviana Tudor, David Vosen, Timothy T. Yuen

School of Computer Science & Engineering Faculty Publications

Recent global demand for cybersecurity professionals is promising, with the U.S. job growth rate at 28%, three times the national average [1]. Lacking qualified applicants, many organizations struggle to fill open positions [2]. In a global survey, 2,300 security managers reported that 59% of their security positions were unfilled, although 82% anticipated cyberattacks to their systems [3]. At the same time, the cybersecurity field is broadening, not only in technical concepts but also in human factors, business processes, and international law. The field has not become culturally diversified, however. Professionals hired in 2018 included only 24.9% women, 12.3% African Americans, …

The Chilling Effect Of Enforcement Of Computer Misuse: Evidences From Online Hacker Forums, Qiu-Hong Wang, Rui-Bin Geng, Seung Hyun Kim

Research Collection School Of Computing and Information Systems

To reduce the availability of hacking tools for violators in committing cybersecurity offences, many countries have enacted the legislation to criminalize the production, distribution and possession of computer misuse tools with offensive intent. However, the dual-use nature of cybersecurity technology increases the difficulty in the legal process to recognize computer misuse tools and predict their harmful outcome, which leads to unintended impacts of the enforcement on the provision of techniques valuable for information security defence. Leveraging an external shock in online hacker forums, this study examines the potential impacts of the enforcement of computer misuse on users' contribution to information …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

A Design Case: Assessing The Functional Needs For A Multi-Faceted Cybersecurity Learning Space, Charles J. Lesko Jr.

Journal of Cybersecurity Education, Research and Practice

Following a multi-year effort that developed not only a detailed list of functional requirements but also the preliminary physical and logical design layouts, the concept for a multi-faceted cybersecurity center was approved and the physical, as well as, additional infrastructure space was subsequently allocated. This effort briefly describes the structure and scope of the current cybersecurity program being supported and then draws out the functional requirements that were identified for the center based on the needs of the institution’s cybersecurity program. It also highlights the physical and logical design specifications of the center, as well as, the many external program …

Information Privacy: Not Just Gdpr, Danilo Bruschi

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The "information rush" which is characterizing the current phase of the information age calls for actions aimed at enforcing the citizens' right to privacy. Since the entire information life-cycle (collection, manipulation, storing) is now carried out by digital technologies, most of such actions consists of the adoption of severe measures (both organizational and technological) aimed at improving the security of computer systems, as in the case of the EU General Data Protection Regulation. Usually, data processors which comply with these requirements are exempted by any other duty. Unfortunately recent trends in the computer attack field show that even the adoption …

Malicious Digital Penetration Of United States Weaponized Military Unmanned Aerial Vehicle Systems: A National Security Perspective Concerning The Complexity Of Military Uavs And Hacking, Edwin Bell

Mathematics and Computer Science Capstones

The United States’ (US) military unmanned aerial vehicle (UAV) has seen increased usage under the post 9/11 military engagements in the Middle East, Afghanistan, and within American borders. However, the very digital networks controlling these aircrafts are now enduring malicious intrusions (hacking) by America’s enemies. .

The digital intrusions serve as a presage over the very digital networks the US relies upon to safeguard its national security and interests and domestic territory. The complexity surrounding the hacking of US military UAVs appears to be increasing, given the advancements in digital networks and the seemingly inauspicious nature of artificial intelligence and …

Cybersecurity For Critical Infrastructure: Addressing Threats And Vulnerabilities In Canada, Samuel A. Cohen

MSU Graduate Theses

The aim of this thesis is to assess the unique technical and policy-based cybersecurity challenges facing Canada’s critical infrastructure environment and to analyze how current government and industry practices are not equipped to remediate or offset associated strategic risks to the country. Further, the thesis also provides cases and evidence demonstrating that Canada’s critical infrastructure has been specifically targeted by foreign and domestic cyber threat actors to pressure the country’s economic, safety and national security interests. Essential services that Canadians and Canadian businesses rely on daily are intricately linked to the availability and integrity of vital infrastructure sectors, such as …

Management And Security Of Multi-Cloud Applications, Lav Gupta

McKelvey School of Engineering Theses & Dissertations

Single cloud management platform technology has reached maturity and is quite successful in information technology applications. Enterprises and application service providers are increasingly adopting a multi-cloud strategy to reduce the risk of cloud service provider lock-in and cloud blackouts and, at the same time, get the benefits like competitive pricing, the flexibility of resource provisioning and better points of presence. Another class of applications that are getting cloud service providers increasingly interested in is the carriers' virtualized network services. However, virtualized carrier services require high levels of availability and performance and impose stringent requirements on cloud services. They necessitate the …

Analyzing And Estimating Cyberattack Trends By Performing Data Mining On A Cybersecurity Data Set, Chan Young Koh

Honors Program Theses and Projects

More than five billion personal information has been compromised over the past eight years through data breaches from notable companies, and the damage related to cybercrime is expected to reach six trillion USD annually by the year of 2021. Interestingly, recent cyberattacks were aimed specifically at credit agencies and companies that hold credit information of their customers and employees. The question is: “Why is it difficult to protect against or evade cyberattacks even for these prestigious companies?”. The purpose of this research is to bring the notion of notorious, rapidly-multiplying cyberthreats. Hence, the research focuses on analyzing cyberattack techniques and …

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Dissertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information. Such …

Cybersecurity In The Maritime Domain, Gary C. Kessler

Publications

In 2017 and 2018, the maritime industry saw a record number of attempted—and many successful—frauds via email, phishing, or other means. Demonstrated and actual attacks on vessel networks, communication systems, and navigation systems have become practically routine. Port and shipping line networks are increasingly vulnerable to what appears to be increasingly targeted attacks against maritime systems.

Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin

Theses and Dissertations

The United States Air Force and Department of Defense continues to rely on its total workforce to provide the first layer of protection against cyber intrusion. Prior research has shown that the workforce is not adequately educated to perform this task. As a result, DoD cybersecurity strategy now includes attempting to improve education and training on cyber-related concepts and technical skills to all users of DoD networks. This paper describes an experiment designed to understand the broad methods that non-expert users may use to educate themselves on how to perform technical tasks. Preliminary results informed subsequent experiments that directly compared …

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby

Theses and Dissertations

Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …

Suas: Cybersecurity Threats, Vulnerabilities, And Exploits, Philip Craiger, Gary Kessler, William Rose

J. Philip Craiger, Ph.D.

The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached …

The Benefits Of Artificial Intelligence In Cybersecurity, Ricardo Calderon

Economic Crime Forensics Capstones

Cyberthreats have increased extensively during the last decade. Cybercriminals have become more sophisticated. Current security controls are not enough to defend networks from the number of highly skilled cybercriminals. Cybercriminals have learned how to evade the most sophisticated tools, such as Intrusion Detection and Prevention Systems (IDPS), and botnets are almost invisible to current tools. Fortunately, the application of Artificial Intelligence (AI) may increase the detection rate of IDPS systems, and Machine Learning (ML) techniques are able to mine data to detect botnets’ sources. However, the implementation of AI may bring other risks, and cybersecurity experts need to find a …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

A Comprehensive Cybersecurity Defense Framework For Large Organizations, Willarvis Smith

CCE Theses and Dissertations

There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient. …

Comprehending The Safety Paradox And Privacy Concerns With Medical Device Remote Patient Monitoring, Marc Doyle

CCE Theses and Dissertations

Medical literature identifies a number of technology-driven improvements in disease management such as implantable medical devices (IMDs) that are a standard treatment for candidates with specific diseases. Among patients using implantable cardiac defibrillators (ICD), for example, problems and issues are being discovered faster compared to patients without monitoring, improving safety. What is not known is why patients report not feeling safer, creating a safety paradox, and why patients identify privacy concerns in ICD monitoring.

There is a major gap in the literature regarding the factors that contribute to perceived safety and privacy in remote patient monitoring (RPM). To address this …

An Examination Of User Detection Of Business Email Compromise Amongst Corporate Professionals, Shahar Sean Aviv

CCE Theses and Dissertations

With the evolution in technology and increase in utilization of the public Internet, Internet-based mobile applications, and social media, security risks for organizations have greatly increased. While corporations leverage social media as an effective tool for customer advertisements, the abundance of information available via public channels along with the growth in Internet connections to corporate networks including mobile applications, have made cyberattacks attractive for cybercriminals. Cybercrime against organizations is a daily threat and targeting companies of all sizes. Cyberattacks are continually evolving and becoming more complex that make it difficult to protect against with traditional security methods. Cybercriminals utilize email …

Assessing The Presence Of Mindfulness Within Cyber And Non-Cybersecurity Groups, Christopher Wilder

CCE Theses and Dissertations

Corporations and individuals continue to be under Phishing attack. Researchers categorizes methods corporations and individuals can employ to reduce the impact of being caught in a Phishing scheme. Corporation enable technical mechanisms such as automated filtering, URL blacklisting, and manipulation of browser warning messages to reduce phishing susceptibility costing billions of dollars annually. However, even with robust efforts to educate employees about phishing techniques through security awareness training the abundance of attacks continues to plague organizations. This study aims to identify whether a correlation exists between mindfulness and phishing susceptibility. The goal of this research is to determine if mindful …

Cyber Situational Awareness And Cyber Curiosity Taxonomy For Understanding Susceptibility Of Social Engineering Attacks In The Maritime Industry, Guillermo Francisco Perez

CCE Theses and Dissertations

The maritime information system (IS) user has to be prepared to deal with a potential safety and environmental risk that can be caused by an unanticipated failure to a cyber system used onboard a vessel. A hacker leveraging a maritime IS user’s Cyber Curiosity can lead to a successful cyber-attack by enticing a user to click on a malicious Web link sent through an email and/or posted on a social media website. At worst, a successful cyber-attack can impact the integrity of a ship’s cyber systems potentially causing disruption or human harm. A lack of awareness of social engineering attacks …

An Evidence Based Cybersecurity Approach To Risk Management: Risk Management And "Market For Lemons", David Maimon

EBCS Presentations

No abstract provided.