A Systems Approach To Cyber Security

With our ever-increasing reliance on computer technology in every field of modern life, the need for continuously evolving and improving cyber security remains a constant imperative. This book presents the 3 keynote speeches and 10 papers delivered at the 2nd Singapore Cyber Security R&D Conference (SG-CRC 2017), held in Singapore, on 21-22 February 2017. SG-CRC 2017 focuses on the latest research into the techniques and methodologies of cyber security. The goal is to construct systems which are resistant to cyber-attack, enabling the construction of safe execution environments and improving the security of both hardware and software by means of mathematical tools and engineering approaches for the design, verification and monitoring of cyber-physical systems. Covering subjects which range from messaging in the public cloud and the use of scholarly digital libraries as a platform for malware distribution, to low-dimensional bigram analysis for mobile data fragment classification, this book will be of interest to all those whose business it is to improve cyber security.

Cyber Security Engineering is the definitive modern reference and tutorial on the full range of capabilities associated with modern cyber security engineering. Pioneering software assurance experts Dr. Nancy R. Mead and Dr. Carol C. Woody bring together comprehensive best practices for building software systems that exhibit superior operational security, and for considering security throughout your full system development and acquisition lifecycles. Drawing on their pioneering work at the Software Engineering Institute (SEI) and Carnegie Mellon University, Mead and Woody introduce seven core principles of software assurance, and show how to apply them coherently and systematically. Using these principles, they help you prioritize the wide range of possible security actions available to you, and justify the required investments. Cyber Security Engineering guides you through risk analysis, planning to manage secure software development, building organizational models, identifying required and missing competencies, and defining and structuring metrics. Mead and Woody address important topics, including the use of standards, engineering security requirements for acquiring COTS software, applying DevOps, analyzing malware to anticipate future vulnerabilities, and planning ongoing improvements. This book will be valuable to wide audiences of practitioners and managers with responsibility for systems, software, or quality engineering, reliability, security, acquisition, or operations. Whatever your role, it can help you reduce operational problems, eliminate excessive patching, and deliver software that is more resilient and secure.

This book presents a compendium of selected game- and decision-theoretic models to achieve and assess the security of critical infrastructures. Given contemporary reports on security incidents of various kinds, we can see a paradigm shift to attacks of an increasingly heterogeneous nature, combining different techniques into what we know as an advanced persistent threat. Security precautions must match these diverse threat patterns in an equally diverse manner; in response, this book provides a wealth of techniques for protection and mitigation. Much traditional security research has a narrow focus on specific attack scenarios or applications, and strives to make an attack “practically impossible.” A more recent approach to security views it as a scenario in which the cost of an attack exceeds the potential reward. This does not rule out the possibility of an attack but minimizes its likelihood to the least possible risk. The book follows this economic definition of security, offering a management scientific view that seeks a balance between security investments and their resulting benefits. It focuses on optimization of resources in light of threats such as terrorism and advanced persistent threats. Drawing on the authors’ experience and inspired by real case studies, the book provides a systematic approach to critical infrastructure security and resilience. Presenting a mixture of theoretical work and practical success stories, the book is chiefly intended for students and practitioners seeking an introduction to game- and decision-theoretic techniques for security. The required mathematical concepts are self-contained, rigorously introduced, and illustrated by case studies. The book also provides software tools that help guide readers in the practical use of the scientific models and computational frameworks.

"Information security has become an important and critical component of every organization. In his book, Professor Chatterjee explains the challenges that organizations experience to protect information assets. The book sheds light on different aspects of cybersecurity including a history and impact of the most recent security breaches, as well as the strategic and leadership components that help build strong cybersecurity programs. This book helps bridge the gap between academia and practice and provides important insights that may help professionals in every industry." Mauricio Angee, Chief Information Security Officer, GenesisCare USA, Fort Myers, Florida, USA "This book by Dave Chatterjee is by far the most comprehensive book on cybersecurity management. Cybersecurity is on top of the minds of board members, CEOs, and CIOs as they strive to protect their employees and intellectual property. This book is a must-read for CIOs and CISOs to build a robust cybersecurity program for their organizations." Vidhya Belapure, Chief Information Officer, Huber Engineered Materials & CP Kelco, Marietta, Georgia, USA Cybersecurity has traditionally been the purview of information technology professionals, who possess specialized knowledge and speak a language that few outside of their department can understand. In our current corporate landscape, however, cybersecurity awareness must be an organization-wide management competency in order to mitigate major threats to an organization’s well-being—and be prepared to act if the worst happens. With rapidly expanding attacks and evolving methods of attack, organizations are in a perpetual state of breach and have to deal with this existential threat head-on. Cybersecurity preparedness is a critical and distinctive competency, and this book is intended to help students and practitioners develop and enhance this capability, as individuals continue to be both the strongest and weakest links in a cyber defense system. In addition to providing the non-specialist with a jargon-free overview of cybersecurity threats, Dr. Chatterjee focuses most of the book on developing a practical and easy-to-comprehend management framework and success factors that will help leaders assess cybersecurity risks, address organizational weaknesses, and build a collaborative culture that is informed and responsive. Through brief case studies, literature review, and practical tools, he creates a manual for the student and professional alike to put into practice essential skills for any workplace.

This book documents recent advances in the field of modeling, simulation, control, security and reliability of Cyber- Physical Systems (CPS) in power grids. The aim of this book is to help the reader gain insights into working of CPSs and understand their potential in transforming the power grids of tomorrow. This book will be useful for all those who are interested in design of cyber-physical systems, be they students or researchers in power systems, CPS modeling software developers, technical marketing professionals and business policy-makers.

The increased use of technology is necessary in order for industrial control systems to maintain and monitor industrial, infrastructural, or environmental processes. The need to secure and identify threats to the system is equally critical. Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection provides a full and detailed understanding of the vulnerabilities and security threats that exist within an industrial control system. This collection of research defines and analyzes the technical, procedural, and managerial responses to securing these systems.

This book comprises a set of chapters that introduce various topics pertinent to novel approaches towards enhancing cyber-physical measures for increased security and resilience levels in control systems. The unifying theme of these approaches lies in the utilization of knowledge and models of the physical systems, rather than an attempt to reinvigorate conventional IT-based security measures. The contributing authors present perspectives on network security, game theory, and control, as well as views on how these disciplines can be combined to design resilient, safe, and secure control systems. The book explores how attacks in different forms, such as false data injections and denial-of-service can be very harmful, and may not be detected unless the security measures exploit the physical models. Several applications are discussed, power systems being considered most thoroughly. Because of its interdisciplinary nature—techniques from systems control, game theory, signal processing and computer science all make contributions—Security and Resilience of Control Systems will be of interest to academics, practitioners and graduate students with a broad spectrum of interests.