Cybersecurity and Privacy in Government
Permanent URI for this collection
Browse
Recent Submissions
Item The Role of Consequences in Securing Cyber-Physical Systems(2020-01-07) Conklin, Wm. ArthurThe importance of cybersecurity of cyber-physical systems is increasing across the wide spectrum of critical infrastructure systems and resulting in governmental attention to methods of reducing risks. Although these systems use computers to manage the communication and control of the processes, the systems are distinctly different from IT systems in business. Securing these cyber-physical systems require a different approach and set of tools. There are some unique characteristics of the physical systems under control that can be used to help mitigate risks associated with control system failures. This paper examines how security measures need to take a wider approach than just application of IT controls to a new environment if one is interested in truly managing the risk of these systems.Item An Accurate and Scalable Role Mining Algorithm based on Graph Embedding and Unsupervised Feature Learning(2020-01-07) Abolfathi, Masoumeh; Raghebi, Zohreh; Jafarian, Jafar Haadi; Banaei-Kashani, FarnoushRole-based access control (RBAC) is one of the most widely authorization models used by organizations. In RBAC, accesses are controlled based on the roles of users within the organization. The flexibility and usability of RBAC have encouraged organizations to migrate from traditional discretionary access control (DAC) models to RBAC. The most challenging step in this migration is role mining, which is the process of extracting meaningful roles from existing access control lists. Although various approaches have been proposed to address this NP-complete role mining problem in the literature, they either suffer from low scalability or present heuristics that suffer from low accuracy. In this paper, we propose an accurate and scalable approach to the role mining problem. To this aim, we represent user-permission assignments as a bipartite graph where nodes are users and permissions, and edges are user-permission assignments. Next, we introduce an efficient deep learning algorithm based on random walk sampling to learn low-dimensional representations of the graph, such that permissions that are assigned to similar users are closer in this new space. Then, we use k-means and GMM clustering techniques to cluster permission nodes into roles. We show the effectiveness of our proposed approach by testing it on different datasets. Experimental results show that our approach performs accurate role mining, even for large datasets.Item Understanding the Stakeholder Roles in Business Continuity Management Practices – A Study in Public Sector(2020-01-07) Järveläinen, JonnaNatural disasters, power cuts and fires do not discriminate, but they happen to both private and public organizations. Prior literature has agreed that business continuity management (BCM) requires commitment from all levels of an organization. However, the roles of different internal and external stakeholders in BCM practices have not been discussed in prior literature. This study focuses on BCM stakeholders in continuity practices in the public sector. We report the results of a qualitative case study with 16 interviews. The support from senior and middle management was expected, IT experts were valued, the role of users was not deemed important, and external service providers were trusted partners but also considered “the biggest headaches” by the interviewed managers.Item Maritime Cybersecurity: Meeting Threats to Globalization’s Great Conveyor(2020-01-07) Bronk, Robert; Dewitte, PaulaThis paper addresses the issue of cybersecurity in the global maritime system. The maritime system is a set of interconnected infrastructures that facilitates trade across major bodies of water. Covered here are the problem of protecting maritime traffic from attack as well as how cyberattacks change the equation for securing commercial shipping from attack on the high seas. The authors ask what cyberattack aimed at maritime targets – ships, ports, and other elements –looks like and what protections have been emplaced to counter the threat of cyberattack upon the maritime system.Item Towards an Evaluation Framework for Threat Intelligence Sharing Platforms(2020-01-07) Bauer, Sara; Fischer, Daniel; Sauerwein, Clemens; Latzel, Simon; Stelzer, Dirk; Breu, RuthThreat intelligence sharing is an important countermeasure against the increasing number of security threats to which companies and governments are exposed. Its objective is the cross-organizational exchange of information about actual and potential threats. In recent years, a heterogeneous market of threat intelligence sharing platforms (TISPs) has emerged. These platforms are inter-organizational systems that support collaborative collection, aggregation, analysis and dissemination of threat-related information. Organizations that consider using TISPs are often faced with the challenge of selecting suitable platforms. To facilitate the evaluation of threat intelligence sharing platforms, we present a framework for analyzing and comparing relevant TISPs. Our framework provides a set of 25 functional and non-functional criteria that support potential users in selecting suitable platforms. We demonstrate the applicability of our evaluation framework by assessing three platforms: MISP, OTX and ThreatQ. We describe common features and differences between the three platforms.Item Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics(2020-01-07) Bihl, Trevor; Gutierrez, Robert; Bauer, Kenneth; Boehmke, Brad; Saie, CadeForensic analysis of logs is one responsibility of an enterprise cyber defense team; inherently, this is a big data task with thousands of events possibly logged in minutes of activity. Logged events range from authorized users typing incorrect passwords to malignant threats. Log analysis is necessary to understand current threats, be proactive against emerging threats, and develop new firewall rules. This paper describes embedded analytics for log analysis, which incorporates five mechanisms: numerical, similarity, graph-based, graphical analysis, and interactive feedback. Topological Data Analysis (TDA) is introduced for log analysis with TDA providing novel graph-based similarity understanding of threats which additionally enables a feedback mechanism to further analyze log files. Using real-world firewall log data from an enterprise-level organization, our end-to-end evaluation shows the effective detection and interpretation of log anomalies via the proposed process, many of which would have otherwise been missed by traditional means.Item Introduction to the Minitrack on Cybersecurity and Privacy in Government(2020-01-07) White , Greg; Harrison, Keith; Conklin, Wm. Arthur