No Arabic abstract
In this paper, we provide (i) a rigorous general theory to elicit conditions on (tail-dependent) heavy-tailed cyber-risk distributions under which a risk management firm might find it (non)sustainable to provide aggregate cyber-risk coverage services for smart societies, and (ii)a real-data driven numerical study to validate claims made in theory assuming boundedly rational cyber-risk managers, alongside providing ideas to boost markets that aggregate dependent cyber-risks with heavy-tails.To the best of our knowledge, this is the only complete general theory till date on the feasibility of aggregate cyber-risk management.
In this paper, we propose a trust-centric privacy-preserving blockchain for dynamic spectrum access in IoT networks. To be specific, we propose a trust evaluation mechanism to evaluate the trustworthiness of sensing nodes and design a Proof-of-Trust (PoT) consensus mechanism to build a scalable blockchain with high transaction-per-second (TPS). Moreover, a privacy protection scheme is proposed to protect sensors real-time geolocatioin information when they upload sensing data to the blockchain. Two smart contracts are designed to make the whole procedure (spectrum sensing, spectrum auction, and spectrum allocation) run automatically. Simulation results demonstrate the expected computation cost of the PoT consensus algorithm for reliable sensing nodes is low, and the cooperative sensing performance is improved with the help of trust value evaluation mechanism.In addition, incentivization and security are also analyzed, which show that our design not only can encourage nodes participation, but also resist to many kinds of attacks which are frequently encountered in trust-based blockchain systems.
Cyber-physical systems (CPS) are interconnected architectures that employ analog, digital, and communication resources for their interaction with the physical environment. CPS are the backbone of enterprise, industrial, and critical infrastructure. Thus, their vital importance makes them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature, can have disastrous consequences. The security of CPES can be enhanced leveraging testbed capabilities to replicate power system operations, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. In this paper, we provide a comprehensive overview of the CPS security landscape with emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models which can be used to evaluate the systems performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.
In this research article, we explore the use of a design process for adapting existing cyber risk assessment standards to allow the calculation of economic impact from IoT cyber risk. The paper presents a new model that includes a design process with new risk assessment vectors, specific for IoT cyber risk. To design new risk assessment vectors for IoT, the study applied a range of methodologies, including literature review, empirical study and comparative study, followed by theoretical analysis and grounded theory. An epistemological framework emerges from applying the constructivist grounded theory methodology to draw on knowledge from existing cyber risk frameworks, models and methodologies. This framework presents the current gaps in cyber risk standards and policies, and defines the design principles of future cyber risk impact assessment. The core contribution of the article therefore, being the presentation of a new model for impact assessment of IoT cyber risk.
We consider a demand management problem of an energy community, in which several users obtain energy from an external organization such as an energy company, and pay for the energy according to pre-specified prices that consist of a time-dependent price per unit of energy, as well as a separate price for peak demand. Since users utilities are their private information, which they may not be willing to share, a mediator, known as the planner, is introduced to help optimize the overall satisfaction of the community (total utility minus total payments) by mechanism design. A mechanism consists of a message space, a tax/subsidy and an allocation function for each user. Each user reports a message chosen from her own message space, and then receives some amount of energy determined by the allocation function and pays the tax specified by the tax function. A desirable mechanism induces a game, the Nash equilibria (NE) of which result in an allocation that coincides with the optimal allocation for the community. As a starting point, we design a mechanism for the energy community with desirable properties such as full implementation, strong budget balance and individual rationality for both users and the planner. We then modify this baseline mechanism for communities where message exchanges are allowed only within neighborhoods, and consequently, the tax/subsidy and allocation functions of each user are only determined by the messages from her neighbors. All the desirable properties of the baseline mechanism are preserved in the distributed mechanism. Finally, we present a learning algorithm for the baseline mechanism, based on projected gradient descent, that is guaranteed to converge to the NE of the induced game.
What makes cyber risks arising from connected systems challenging during the management of a pandemic? Assuming that a variety of cyber-physical systems are already operational-collecting, analyzing, and acting on data autonomously-what risks might arise in their application to pandemic management? We already have these systems operational, collecting, and analyzing data autonomously, so how would a pandemic monitoring app be different or riskier? In this review article, we discuss the digitalization of COVID-19 pandemic management and cyber risk from connected systems.