Browsing by Author "Cook, Allan"
Now showing 1 - 9 of 9
Results Per Page
Sort Options
Item Open Access Agile Incident Response in Industrial Control Environments(CRC press, 2021) Janicke, Helge; Smith, Richard; Maglaras, Leandros; Cook, Allan; He, Ying; Ferra, FeniaICS incident response differs from traditional IT incident response. Whilst there is some crossover many IR practices in IT cannot be directly applied in ICS. Because of this, a new approach is required, one that can adapt quickly and promotes communication between stakeholders. The interview responses of industry professionals have been thematically analyzed with key themes emerging such as the criticality of communication and situational awareness. The four Agile values have been mapped into the context if ICS incident response to meet those requirements along with a number of tools to aid IR teams in the field. Proper incident response can improve technical attribution in relation to ICSItem Metadata only Attribution of Cyber Attacks on Industrial Control Systems(2016-04-21) Cook, Allan; Nicholson, Andrew; Janicke, Helge; Maglaras, Leandros; Smith, RichardIn order to deter or prosecute for cyber attacks on industrial control systems it is necessary to assign attribution to the attacker and define the type of attack so that international law enforcement agencies or national governments can decide on appropriate recourse. In this paper we identify the current state of the art of attribution in industrial control systems. We highlight the critical differences between attribution in enterprise networks and attribution in industrial networks. In doing so we provide a roadmap for future research.Item Open Access Establishing cyber situational awareness in industrial control systems(De Montfort University, 2018-07) Cook, AllanThe cyber threat to industrial control systems is an acknowledged security issue, but a qualified dataset to quantify the risk remains largely unavailable. Senior executives of facilities that operate these systems face competing requirements for investment budgets, but without an understanding of the nature of the threat cyber security may not be a high priority. Operational managers and cyber incident responders at these facilities face a similarly complex situation. They must plan for the defence of critical systems, often unfamiliar to IT security professionals, from potentially capable, adaptable and covert antagonists who will actively attempt to evade detection. The scope of the challenge requires a coherent, enterprise-level awareness of the threat, such that organisations can assess their operational priorities, plan their defensive posture, and rehearse their responses prior to such an attack. This thesis proposes a novel combination of concepts found in risk assessment, intrusion detection, education, exercising, safety and process models, fused with experiential learning through serious games. It progressively builds a common set of shared mental models across an ICS operation to frame the nature of the adversary and establish enterprise situational awareness that permeates through all levels of teams involved in addressing the threat. This is underpinned by a set of coping strategies that identifies probable targets for advanced threat actors, proactively determining antagonistic courses of actions to derive an appropriate response strategy.Item Open Access A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom(MDPI, 2020) Aliyu, Aliyu; Maglaras, Leandros; He, Ying; Yevseyeva, Iryna; Cook, Allan; Janicke, Helge; Boiten, Eerke AlbertAs organisations are vulnerable to cyber attacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light web-based model that can be used as a cyber security assessment tool for Higher Education Institutes (HEIs) of the United Kingdom. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security and privacy regulations and best practises that HEIs must be compliant to, and can be used as a self assessment or a cybersecurity audit tool.Item Open Access The Industrial Control System Cyber Defence Triage Process(Elsevier, 2017-07-24) Cook, Allan; Janicke, Helge; Smith, Richard; Maglaras, LeandrosThe threat to Industrial Control Systems (ICS) from cyber attacks is widely acknowledged by governments and literature. Operators of ICS are looking to address these threats in an effective and cost-sensitive manner that does not expose their operations to additional risks through invasive testing. Whilst existing standards and guidelines offer comprehensive advice for reviewing the security of ICS infrastructure, resource and time limitations can lead to incomplete assessments or undesirably long countermeasure implementation schedules. In this paper we consider the problem of undertaking efficient cyber security risk assessments and implementing mitigations in large, established ICS operations for which a full security review cannot be implemented on a constrained timescale. The contribution is the Industrial Control System Cyber Defence Triage Process (ICS-CDTP). ICS-CDTP determines areas of priority where the impact of attacks is greatest, and where initial investment reduces the organisation's overall exposure swiftly. ICS-CDTP is designed to be a precursor to a wider, holistic review across the operation following established security management approaches. ICS-CDTP is a novel combination of the Diamond Model of Intrusion Analysis, the Mandiant Attack Lifecycle, and the CARVER Matrix, allowing for an effective triage of attack vectors and likely targets for a capable antagonist. ICS-CDTP identifies and focuses on key ICS processes and their exposure to cyber threats with the view to maintain critical operations. The article defines ICS-CDTP and exemplifies its application using a fictitious water treatment facility, and explains its evaluation as part of a large-scale serious game exercise.Item Open Access Measuring the Risk of Cyber Attack in Industrial Control Systems(BCS eWiC, 2016-08-25) Cook, Allan; Smith, Richard; Maglaras, Leandros; Janicke, HelgeCyber attacks on industrial control systems (ICS) that underpin critical national infrastructure can be characterised as high-impact, low-frequency events. To date, the volume of attacks versus the overall global footprint of ICS is low, and as a result there is an insufficient dataset to adequately assess the risk to an ICS operator, yet the impacts are potentially catastrophic. This paper identifies key elements of existing decision science that can be used to inform and improve the cyber security of ICS against antagonistic threats and highlights the areas where further development is required to derive realistic risk assessments, as well as detailing how data from established safety processes may inform the decision-making process. The paper concludes by making recommendations as to how a validated dataset could be constructed to support investment in ICS cyber security.Item Open Access A NIS Directive compliant Cybersecurity Maturity Model(IEEE, 2020-07-16) Drivas, George; Chatzopoulou, Argyro; Maglaras, Leandros; Lambrinoudakis, Costas; Cook, Allan; Janicke, HelgeThe EU NIS Directive introduces obligations related to the security of the network and information systems for Operators of Essential Services and for Digital Service Providers. Moreover, National Competent Authorities for cybersecurity are required to assess compliance with these obligations. This paper describes a novel Cybersecurity Maturity Assessment Framework (CMAF) that is tailored to the NIS Directive requirements. CMAF can be used either as a self-assessment tool from Operators of Essential Services and Digital Service Providers or as an audit tool from the National Competent Authorities for cybersecurity.Item Open Access The smart approach to selecting good cyber security metrics(Journal of Internet Services and Information Security (JISIS), 2024-10) Sherif, Emad; Yevseyeva, Iryna; Basto-Fernandes, Vitor; Cook, AllanWhen it comes to the need to manage cyber security, identifying and utilizing good cyber security metrics is essential. This allows organizations to manage their cyber risk more effectively. However, the literature lacks consensus on the properties and characteristics of good metrics. Hence, the objectives of this work are to explore and identify relevant technical metrics proposed by researchers in the cyber security domain, and then to assess them against the SMART (Specific, Measurable, Actionable, Relevant, and Timely) criteria to determine their feasibility and improve the quality of the selected security metrics. We identified 105 metrics, of which 23 passed the SMART criteria. The resulting set of metrics can be considered as a feasible set of metrics to implement. Additionally, we identified additional criteria that may be considered when assessing security metrics, most of which can be regarded as variants of the SMART criteria except two, wherein the metrics should be inexpensive to gather and independently verifiable via an outside reference.Item Open Access Using Gamification to Raise Awareness of Cyber Threats to Critical National Infrastructure(BCS, 2016-08-25) Cook, Allan; Smith, Richard; Maglaras, Leandros; Janicke, HelgeSenior executives of critical national infrastructure facilities face competing requirements for investment budgets. Whilst the impact of a cyber attack upon such utilities is potentially catastrophic, the risks to continued operations from failing to upgrade ageing infrastructure, or not meeting mandated regulatory regimes, are considered higher given the demonstrable impact of such circumstances. As cyber attacks on critical national infrastructure remain low-frequency events, there is little to motivate business leaders to increase their investment in cyber defences to comparable levels. This paper describes SCIPS, a gamified environment in which senior executives experience the impact of a cyber attack on an electric power generation plant, demonstrating how it can strategically affect shareholder value, and allows them to form their own views on the relative importance of cyber security investment.