Security threats to critical infrastructure: the human factor
View/
Ghafir_Journal_of_Supercomputing (1.059Mb)
Download
Publication date
2018-10Keyword
Critical infrastructure securitySecurity awareness
Cyber security training
Work-based security training
Security threats against critical infrastructure
Rights
© The Author(s) 2018. This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.Peer-Reviewed
YesMetadata
Show full item recordAbstract
In the twenty-first century, globalisation made corporate boundaries invisible and difficult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today’s critical infrastructures are operated by non-computer experts, e.g. nurses in health care, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g. firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, among others.Version
Published versionCitation
Ghafir I, Saleem J, Hammoudeh M et al (2018) Security threats to critical infrastructure: the human factor. The Journal of Supercomputing. 74: 4986-5002.Link to publisher’s version
https://doi.org/10.1007/s11227-018-2337-2Type
ArticleCollections
Related items
Showing items related by title, author, creator and subject.
-
Peace and conflict in AfricaNowhere in the world is the demand for peace more prominent and challenging than in Africa. From state collapse and anarchy in Somalia to protracted wars and rampant corruption in the Congo; from bloody civil wars and extreme poverty in Sierra Leone to humanitarian crisis and authoritarianism in Sudan, the continent is the focus of growing political and media attention. This book presents the first comprehensive overview of conflict and peace across the continent. Bringing together a range of leading academics from Africa and beyond, "Peace and Conflict in Africa" is an ideal introduction to key themes of conflict resolution, peacebuilding, security and development. The book's stress on the importance of indigenous Africa approaches to creating peace makes it an innovative and exciting intervention in the field.
-
A quantitative measure of the security risk level of enterprise networksAlong with the tremendous expansion of information technology and networking, the number of malicious attacks which cause disruption to business processes has concurrently increased. Despite such attacks, the aim for network administrators is to enable these systems to continue delivering the services they are intended for. Currently, many research efforts are directed towards securing network further whereas, little attention has been given to the quantification of network security which involves assessing the vulnerability of these systems to attacks. In this paper, a method is devised to quantify the security level of IT networks. This is achieved by electronically scanning the network using the vulnerability scanning tool (Nexpose) to identify the vulnerability level at each node classified according to the common vulnerability scoring system standards (critical, severe and moderate). Probabilistic approach is then applied to calculate an overall security risk level of sub networks and entire network. It is hoped that these metrics will be valuable for any network administrator to acquire an absolute risk assessment value of the network. The suggested methodology has been applied to a computer network of an existing UK organization with 16 nodes and a switch.
-
CASM: A Content-Aware Protocol for Secure Video MulticastInformation security has been a critical issue in the design and development of reliable distributed communication systems and has attracted significant research efforts. A challenging task is how to maintain information security at a high level for multiple-destination video applications with the huge volume of data and dynamic property of clients. This paper proposes a novel Content-Aware Secure Multicast (CASM) protocol for video distribution that seamlessly integrates three important modules: 1) a scalable light-weight algorithm for group key management; 2) a content-aware key embedding algorithm that can make video quality distortion imperceptible and is reliable for clients to detect embedded keys; and 3) a smart two-level video encryption algorithm that can selectively encrypt a small set of video data only, and yet ensure the video as well as the embedded keys unrecognizable without a genuine key. The implementation of the CASM protocol is independent of the underlying multicast mechanism and is fully compatible with existing coding standards. Performance evaluation studies built upon a CASM prototype have demonstrated that CASM is highly robust and scalable in dynamic multicast environments. Moreover, it ensures secure distribution of key and video data with minimized communication and computation overheads. The proposed content-aware key embedding and encryption algorithms are fast enough to support real-time video multicasting.