Cyberattacks on both databases and critical infrastructure have threatened public and private sectors. Ubiquitous tracking and wearable computing have infringed upon privacy. Advocates and engineers have recently proposed using defensive deception as a means to leverage the information asymmetry typically enjoyed by attackers as a tool for defenders. The term deception, however, has been employed broadly and with a variety of meanings. In this article, we survey 24 articles from 2008 to 2018 that use game theory to model defensive deception for cybersecurity and privacy. Then, we propose a taxonomy that defines six types of deception: perturbation, moving target defense, obfuscation, mixing, honey-x, and attacker engagement. These types are delineated by their information structures, agents, actions, and duration: precisely concepts captured by game theory. Our aims are to rigorously define types of defensive deception, to capture a snapshot of the state of the literature, to provide a menu of models that can be used for applied research, and to identify promising areas for future work. Our taxonomy provides a systematic foundation for understanding different types of defensive deception commonly encountered in cybersecurity and privacy.
The EU Cybersecurity Act states that ENISA shall support the Member States in developing national strategies on the security of network and information systems, promote the correct deployment of those strategies and set up a governance framework that ensures the sustainability of national strategies (National Cybersecurity Strategy - NCSS). As part of this mandate, ENISA launched this study to perform a systematic review of the governance models relevant to the deployment of an NCSS to identify and select the most relevant instances, lessons learned, and good practices from the Member States. This study aims to collect insights on the definition of processes, roles and responsibilities, the subsequent deployment of monitoring measures and what are the main challenges and good practices that the European countries put in place to ensure an effective governance framework for the implementation of current and future NCSSs of the EU Member States.
This work proposes a Moving Target Defense (MTD) strategy that randomly shuffles the communication protocols through which a node communicates to a gateway in an IoT network. The system’s configuration changes have an associated cost. The objective of the proposed MTD strategy in this work is to balance the increase in system performance overhead, the increase in business impact (system unavailability), and, at the same time, the decrease in the probability of success of a given attack. A framework is proposed to design this strategy; this framework can guide any MTD strategy for IoT (Internet of Things) systems. The framework’s objective is to find, after several iterations, the MTD strategy parameters that achieve a balance between five different measurable variables of an IoT system.
Objective: Cyberattacks on healthcare systems are increasing in frequency and severity. Hospitals need to integrate cybersecurity preparedness into their emergency operations planning and response to mitigate adverse outcomes during increasingly likely cyber events. No data currently exist regarding the level of preparedness of United States hospital systems for cybersecurity attacks. We surveyed hospital emergency managers to assess cybersecurity preparedness for these events. Methods: Fifty-seven emergency managers representing hospitals across the United States participated in an online Qualtrics survey regarding current preparedness and response procedures for cybersecurity hazards. Results: Survey responses between April 2019 and May 2021 demonstrated that a majority of hospital systems surveyed included cybersecurity disasters in their HVA (82.4%; 47/57), and most ranked it as 1 of their top 5 priorities (57.4%; 27/47). However, over half denied specifically mentioning cybersecurity in their Emergency Operations Plans (EOPs; 52.6%; 30/57). Fourteen of the 57 hospital systems (24.5%) endorsed previously activating an emergency response for a cybersecurity incident unrelated to information technology (IT) failure. Conclusions: The survey results suggest that American hospitals are currently underprepared for cybersecurity disasters. We emphasize the importance of prioritizing cybersecurity in Hazard Vulnerability Analyses (HVAs) and implementing specific EOP annexes for cybersecurity emergencies. © The Author(s), 2023. Published by Cambridge University Press on behalf of Society for Disaster Medicine and Public Health, Inc.
This paper presents a comprehensive review of some of the latest attack detection and defense strategies. Firstly, the vulnerabilities brought by some new information and communication technologies (ICTs) are analyzed, and their impacts on the security of CPPSs are discussed. Various malicious cyber-attacks on cyber and physical layers are then analyzed within CPPSs framework, and their features and negative impacts are discussed. Secondly, two current mainstream attack detection methods including state estimation based and machine learning based methods are analyzed, and their benefits and drawbacks are discussed. Moreover, two current mainstream attack defense methods including active defense and passive defense methods are comprehensively discussed. Finally, the trends and challenges in attack detection and defense strategies in CPPSs are provided.
This paper surveys the scientific and trade literature on cybersecurity for unmanned aerial vehicles (UAV), concentrating on actual and simulated attacks, and the implications for small UAVs. The review is motivated by the increasing use of small UAVs for inspecting critical infrastructures such as the electric utility transmission and distribution grid, which could be a target for terrorism. The paper presents a modified taxonomy to organize cyber attacks on UAVs and exploiting threats by Attack Vector and Target. It shows that, by Attack Vector, there has been one physical attack and ten remote attacks. By Target, there have been six attacks on GPS (two jamming, four spoofing), two attacks on the control communications stream (a deauthentication attack and a zero-day vulnerabilities attack), and two attacks on data communications stream (two intercepting the data feed, zero executing a video replay attack). The paper also divides and discusses the findings by large or small UAVs, over or under 25 kg, but concentrates on small UAVs.
In this study, the sources of cybersecurity threats in the Industry 4.0
ecosystem are examined in the corporate and end-user dimensions. The cybersecurity vulnerabilities most evident in Industry 4.0 systems have been determined to consist of vulnerabilities in control systems protocols,unprotected thing connections, neglect of periodic infiltration tests, inability to manage network devices effectively and untrained personnel.
In this paper, the researchers identify the various challenges faced by SMEs in adopting an AI based cybersecurity due to their knowledge gap and lack of expertise. The researcher intends to provide a good background on AI, Cyber Threat Intelligence (CTI) and highlight some of the significant benefits provided by an AI based CTI system. A simple roadmap is developed using a qualitative research methodology to help SMEs effectively implement an AI based Cyber Threat Intelligent system in their infrastructure.
The roadmap for successful alliances to build the cybersecurity workforce requires four primary components: 1) establishing program goals and metrics, 2) developing strategies and tactics, 3) measuring impact and results, and 4) sustaining the effort. Each section of the roadmap provides specific examples and activities that the pilot programs found to be successful and repeatable in other efforts.
In recent years, unmanned aerial systems (UAS) have been widely used in both military and civilian fields. However, their open-source software and protocols have made their security vulnerable, resulting in a growing number of cybersecurity issues. This paper provides a comprehensive review of UAS cybersecurity research, with a focus on attack and defense technologies. Regarding UAS being a system that integrates software and hardware and can work independently with complex tasks, this paper analyzes the UAS architecture and classifies security threats into four categories: communication network security, software security, payload security, and intelligent security. Additionally, it provides an overview of existing threat assessment methods. This paper also highlights representative research progress in UAS cyberattacks and defense technologies in the four identified categories. Finally, this paper examines the current research status and future prospects of UAS cybersecurity.