Security threats to critical infrastructure: the human factor
View/
Ghafir_Journal_of_Supercomputing (1.059Mb)
Download
Publication date
2018-10Keyword
Critical infrastructure securitySecurity awareness
Cyber security training
Work-based security training
Security threats against critical infrastructure
Rights
© The Author(s) 2018. This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.Peer-Reviewed
YesMetadata
Show full item recordAbstract
In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.Version
Published versionCitation
Ghafir I, Saleem J, Hammoudeh M et al (2018) Security threats to critical infrastructure: the human factor. The Journal of Supercomputing. 74: 4986-5002.Link to publisher’s version
https://doi.org/10.1007/s11227-018-2337-2Type
ArticleCollections
Related items
Showing items related by title, author, creator and subject.
-
The significance of ECOWAS Norms and Mechanisms in Conflict Prevention and Security-Building in West Africa since 2000This thesis examines the roles and significance of ECOWAS (Economic Community of West Africa States) in conflict prevention, crisis response and security-building processes in West Africa, particularly since 2000. The importance of developing regional institutions and capacities for peace and security-building in Sub-Saharan Africa has been widely recognised since at least the mid-1990s. Not only has the African Union developed important peace and security building aims and roles, but so too have several of the sub-regional organisations in Africa, including ECOWAS in West Africa. In the late 1990s, ECOWAS Member States achieved a number of noteworthy sub-regional agreements on ECOWAS norms and mechanisms for conflict prevention, crisis response, and peace and security –building in West Africa. These agreements and mechanisms have subsequently been further developed since 2000, in a dynamic process that was informed by experience with efforts to respond to a range of crises and conflicts in the region. This thesis critically examines this process, focussing particularly on the extent to which, and how, ECOWAS norms, institutions and mechanism have continued not only to develop but also to be influential in practice. Our research demonstrates that the ECOWAS agreements and norms established by 2000 have continued subsequently to be dynamically developed and used by ECOWAS member states and West African networks, in close interaction with several international partners. It argues that these norms and mechanisms have played significant roles in influencing actual policies, practices and missions. They have therefore proved to be more than shallow symbolic or paper agreements, despite the political fragility and divisions of the region and most of its states. We argue that this cannot be adequately understood using single explanatory frameworks, such as Nigeria’s hegemonic influence or instrumental influence of external Actors such as UN, EU or USA, as has often been suggested. Adequate explanations need to combine these factors with others, including relatively consistent investment in regional norms and institutions by coalitions of some West African states (including Ghana, Senegal and Nigeria) together with civil society and parliamentary networks. Our research then examines in detail the extent to which, and how, ECOWAS norms and mechanisms on conflict prevention, crisis response and security sector reform were significant and influential in ECOWAS’ responses to the crises and conflicts in Cote D’Ivoire, Mali and to a lesser extent in Gambia since 2003; and also how these crises were in turn influential in the further development of ECOWAS norms in these areas. We demonstrate numerous weaknesses in the implementation and effectiveness in these norms; and limitations in their diffusion and influence. However, we argue that such weaknesses and limitations are typical of regional peace and security norms everywhere, including much more stable and developed regions. Equally significant is that substantial coalitions exist between ECOWAS member states and stakeholders. Despite obvious tensions, ECOWAS, AU, UN and other countries such as France continue to work to address inherent tensions and develop mutually beneficial collaborations that enhance effective conflict prevention in the sub-region. The study draws on the knowledge created within this this thesis to propose a framework for conflict intervention.
-
A quantitative measure of the security risk level of enterprise networksAlong with the tremendous expansion of information technology and networking, the number of malicious attacks which cause disruption to business processes has concurrently increased. Despite such attacks, the aim for network administrators is to enable these systems to continue delivering the services they are intended for. Currently, many research efforts are directed towards securing network further whereas, little attention has been given to the quantification of network security which involves assessing the vulnerability of these systems to attacks. In this paper, a method is devised to quantify the security level of IT networks. This is achieved by electronically scanning the network using the vulnerability scanning tool (Nexpose) to identify the vulnerability level at each node classified according to the common vulnerability scoring system standards (critical, severe and moderate). Probabilistic approach is then applied to calculate an overall security risk level of sub networks and entire network. It is hoped that these metrics will be valuable for any network administrator to acquire an absolute risk assessment value of the network. The suggested methodology has been applied to a computer network of an existing UK organization with 16 nodes and a switch.
-
An Assessment of the 2002 National Security Strategy of the United States: Continuity and Change.The 2002 National Security Strategy of the US (NSS 2002) appeared to have presented a momentous approach to self-defense. To many, the doctrine of preemptive selfdefense seemed to challenge the legal and political foundations of the post-World War II international order. Some saw in the US stated reliance on preemption a direct threat to the international system embodied in the UN Charter. The prima facie case that the US position was novel and even dangerous appeared persuasive. This thesis attempts to assess the exceptionality of NSS 2002 in its formulation and implications. This question of exceptionality is broadly divided into two sections. The first section deals with internal exceptionality, in terms of means (the deliberation and drafting processes) and ends (the US defense posture). The second section deals with external exceptionality in the broader terms of possible consequences outside the US. Section One begins by establishing the grounds for looking into the formulation of NSS 2002, and provides the background for that Strategy's mandated precursors. After exploring how National Security Strategy documents are conceived and framed, Section One discusses the Strategy as it was published, and examines a sampling of contemporaneous reactions to its publication. Section Two concentrates on the second part of the research question, and utilizes a thematic approach ¿ in terms of the use of force, the international security environment, and international law. Possible consequences of the proposed US response to contemporary security challenges are considered in these three key areas.
