To address the issue of educating and training new experts in cybersecurity, it is crucial to identify the specific educational needs of the various professions that exist in the field. We measure ...these needs by analysing six cybersecurity-related job profiles—each with its own specific skill requirements—that have been assessed by academic and industrial organisations from the cybersecurity community in 14 European countries. We find that it is possible to identify a series of “transversal” skills relevant to all job profiles, and thus of utmost importance in the cybersecurity curricula. However, we also observe that academic and industrial priorities differ substantially, and that skills related to the area of Human security do not rank particularly high, possibly exposing the difficulty of integrating such concepts in traditional education.
One major challenge for automated cars is to not only be safe, but also secure. Indeed, connected vehicles are vulnerable to cyberattacks, which may jeopardize individuals' trust in these vehicles ...and their safety. In a driving simulator experiment, 38 participants were exposed to two screen failures:
(i.e., no turn signals on the in-vehicle screen and instrument cluster) and
(i.e., ransomware attack), both while performing a non-driving related task (NDRT) in a conditionally automated vehicle. Results showed that objective trust decreased after experiencing the failures. Drivers took over control of the vehicle and stopped their NDRT more often after the explicit failure than after the silent failure. Lateral control of the vehicle was compromised when taking over control after both failures compared to automated driving performance. However, longitudinal control proved to be smoother in terms of speed homogeneity compared to automated driving performance. These findings suggest that connectivity failures negatively affect trust in automation and manual driving performance after taking over control. This research posits the question of the importance of connectivity in the realm of trust in automation. Finally, we argue that engagement in a NDRT while riding in automated mode is an indicator of trust in the system and could be used as a surrogate measure for trust.
Synthetic media presents looming threats to managers in a business setting. To address this issue, we first offer a short overview of the evolution of media manipulation to contextualize the new era ...of synthetic media. Then, we present the problems associated with synthetic media via veridicality and heuristics to illustrate how consumers have little choice but to believe what they see, read, and hear online. We outline the most likely and impactful types of synthetic media threats and attacks and present a synthetic media incident response playbook. Our aim is to inform managers about six specific phases so they can prepare, assess, detect, analyze, and recover from synthetic media incidents and coordinate their lessons learned.
The smart grid is an unprecedented opportunity to shift the current energy industry into a new era of a modernized network where the power generation, transmission, and distribution are ...intelligently, responsively, and cooperatively managed through a bi-directional automation system. Although the domains of smart grid applications and technologies vary in functions and forms, they generally share common potentials such as intelligent energy curtailment, efficient integration of Demand Response, Distributed Renewable Generation, and Energy Storage. This paper presents a comprehensive review categorically on the recent advances and previous research developments of the smart grid paradigm over the last two decades. The main intent of the study is to provide an application-focused survey where every category and sub-category herein are thoroughly and independently investigated. The preamble of the paper highlights the concept and the structure of the smart grids. The work presented intensively and extensively reviews the recent advances on the energy data management in smart grids, pricing modalities in a modernized power grid, and the predominant components of the smart grid. The paper thoroughly enumerates the recent advances in the area of network reliability. On the other hand, the reliance on smart cities on advanced communication infrastructure promotes more concerns regarding data integrity. Therefore, the paper dedicates a sub-section to highlight the challenges and the state-of-the-art of cybersecurity. Furthermore, highlighting the emerging developments in the pricing mechanisms concludes the review.
An ever-growing number of companies are moving toward the Industry 4.0 paradigm, adopting a range of advanced technologies (e.g., smart sensors, big data analytics, and cloud computing) and ...networking their manufacturing systems. This improves the efficiency and effectiveness of operations but also introduces new cybersecurity challenges. In this article, the impact assessment methodology is applied in the context of manufacturing systems 4.0 (also known as smart manufacturing systems, cyber manufacturing systems, or digital manufacturing systems), thus identifying the critical assets to be protected against cyber-attacks and assessing the business impacts in the case of subtractive and additive technologies. The research design of the single case study with multiple units of analysis is applied. In particular, a large company, a leader in the manufacturing of aeronautical components, is considered a representative case study, and its two main types of manufacturing cells that is, those based on networked computer numerical control machines and 3-D printers, are taken as applicative cases for the methodology. The application of the impact assessment methodology in the manufacturing context 4.0 of aeronautical components represents a useful guide for researchers in the field of cybersecurity and for companies intending to implement it in their smart manufacturing environments. In particular, based on this study, companies can define the critical manufacturing data to protect against cyber-attacks, isolate the business impacts in case of cybersecurity breaches, correlate the identified business impacts with the specific data category, and assess the level of business impacts.
Objective:
Evaluate the effectiveness of training embedded within security warnings to identify phishing webpages.
Background:
More than 20 million malware and phishing warnings are shown to users of ...Google Safe Browsing every week. Substantial click-through rate is still evident, and a common issue reported is that users lack understanding of the warnings. Nevertheless, each warning provides an opportunity to train users about phishing and how to avoid phishing attacks.
Method:
To test use of phishing-warning instances as opportunities to train users’ phishing webpage detection skills, we conducted an online experiment contrasting the effectiveness of the current Chrome phishing warning with two training-embedded warning interfaces. The experiment consisted of three phases. In Phase 1, participants made login decisions on 10 webpages with the aid of warning. After a distracting task, participants made legitimacy judgments for 10 different login webpages without warnings in Phase 2. To test the long-term effect of the training, participants were invited back a week later to participate in Phase 3, which was conducted similarly as Phase 2.
Results:
Participants differentiated legitimate and fraudulent webpages better than chance. Performance was similar for all interfaces in Phase 1 for which the warning aid was present. However, training-embedded interfaces provided better protection than the Chrome phishing warning on both subsequent phases.
Conclusion:
Embedded training is a complementary strategy to compensate for lack of phishing webpage detection skill when phishing warning is absent.
Application:
Potential applications include development of training-embedded warnings to enable security training at scale.
Ransomware Early Detection Techniques Asma A. Alhashmi; Abdulbasit A. Darem; Ahmed B. Alshammari ...
Engineering, technology & applied science research,
06/2024, Letnik:
14, Številka:
3
Journal Article
Recenzirano
Odprti dostop
Ransomware has become a significant threat to individuals and organizations worldwide, causing substantial financial losses and disruptions. Early detection of ransomware is crucial to mitigate its ...impact. The significance of early detection lies in the capture of ransomware in the act of encrypting sample files, thus thwarting its progression. A timely response to ransomware is crucial to prevent the encryption of additional files, a scenario not adequately addressed by current antivirus programs. This study evaluates the performance of six machine-learning algorithms for ransomware detection, comparing the accuracy, precision, recall, and F1-score of Logistic Regression, Decision Tree, Naive Bayes, Random Forest, AdaBoost, and XGBoost. Additionally, their computational performance is evaluated, including build time, training time, classification speed, computational time, and Kappa statistic. This analysis provides insight into the practical feasibility of the algorithms for real-world deployment. The findings suggest that Random Forst, Decision Tree, and XGBoost are promising algorithms for ransomware detection due to their high accuracy of 99.37%, 99.42%, and 99.48%, respectively. These algorithms are also relatively efficient in terms of classification speed, which makes them suitable for real-time detection scenarios, as they can effectively identify ransomware samples even in the presence of noise and data variations.
Industry 4.0 is a concept devised for improving the way modern factories operate through the use of some of the latest technologies, like the ones used for creating the Industrial Internet of Things ...(IIoT), robotics, or Big Data applications. One of such technologies is blockchain, which is able to add trust, security, and decentralization to different industrial fields. This article focuses on analyzing the benefits and challenges that arise when using blockchain and smart contracts to develop Industry 4.0 applications. In addition, this paper presents a thorough review of the most relevant blockchain-based applications for Industry 4.0 technologies. Thus, its aim is to provide a detailed guide for the future Industry 4.0 developers that allows for determining how the blockchain can enhance the next generation of cybersecure industrial applications.
In the last century, the automotive industry has arguably transformed society, being one of the most complex, sophisticated, and technologically advanced industries, with innovations ranging from the ...hybrid, electric, and self-driving smart cars to the development of IoT-connected cars. Due to its complexity, it requires the involvement of many Industry 4.0 technologies, like robotics, advanced manufacturing systems, cyber-physical systems, or augmented reality. One of the latest technologies that can benefit the automotive industry is blockchain, which can enhance its data security, privacy, anonymity, traceability, accountability, integrity, robustness, transparency, trustworthiness, and authentication, as well as provide long-term sustainability and a higher operational efficiency to the whole industry. This review analyzes the great potential of applying blockchain technologies to the automotive industry emphasizing its cybersecurity features. Thus, the applicability of blockchain is evaluated after examining the state-of-the-art and devising the main stakeholders' current challenges. Furthermore, the article describes the most relevant use cases, since the broad adoption of blockchain unlocks a wide area of short- and medium-term promising automotive applications that can create new business models and even disrupt the car-sharing economy as we know it. Finally, after strengths, weaknesses, opportunities, and threats analysis, some recommendations are enumerated with the aim of guiding researchers and companies in future cyber-resilient automotive industry developments.
Cyber resilience has become a major concern for both academia and industry due to the increasing number of data breaches caused by the expanding attack surface of existing IT infrastructure. Cyber ...resilience refers to an organisation’s ability to prepare for, absorb, recover from, and adapt to adverse effects typically caused by cyber-attacks that affect business operations. In this survey, we aim to identify the significant domains of cyber resilience and measure their effectiveness. We have selected these domains based on a literature review of frameworks, strategies, applications, tools, and technologies. We have outlined the cyber resilience requirements for each domain and explored solutions related to each requirement in detail. We have also compared and analysed different studies in each domain to find other ways of enhancing cyber resilience. Furthermore, we have compared cyber resilience frameworks and strategies based on technical requirements for various applications. We have also elaborated on techniques for improving cyber resilience. In the supplementary section, we have presented applications that have implemented cyber resilience. This survey comprehensively compares various popular cyber resilience tools to help researchers, practitioners, and organisations choose the best practices for enhancing cyber resilience. Finally, we have shared key findings, limitations, problems, and future directions.
PDF
