Search results

Cyber resilience in cyber supply chain (CSC) systems security has become inevitable as attacks, risks and vulnerabilities increase in real-time critical infrastructure systems with little time for system failures. Cyber resilience approaches ensure the ability of a supply chain system to prepare, absorb, recover and adapt to adverse effects in the complex CPS environment. However, threats within the CSC context can pose a severe disruption to the overall business continuity. The paper aims to use machine learning (ML) techniques to predict threats on cyber supply chain systems, improve cyber resilience that focuses on critical assets and reduce the attack surface.

The approach follows two main cyber resilience design principles that focus on common critical assets and reduce the attack surface for this purpose. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles. The critical assets include Cyber Digital, Cyber Physical and physical elements. We consider Logistic Regression, Decision Tree, Naïve Bayes and Random Forest classification algorithms in a Majority Voting to predicate the results. Finally, we mapped the threats with known attacks for inferences to improve resilience on the critical assets.

The paper contributes to CSC system resilience based on the understanding and prediction of the threats. The result shows a 70% performance accuracy for the threat prediction with cyber resilience design principles that focus on critical assets and controls and reduce the threat.

Therefore, there is a need to understand and predicate the threat so that appropriate control actions can ensure system resilience. However, due to the invincibility and dynamic nature of cyber attacks, there are limited controls and attributions. This poses serious implications for cyber supply chain systems and its cascading impacts.

ML techniques are used on a dataset to analyse and predict the threats based on the CSC resilience design principles.

There are no social implications rather it has serious implications for organizations and third-party vendors.

The originality of the paper lies in the fact that cyber resilience design principles that focus on common critical assets are used including Cyber Digital, Cyber Physical and physical elements to determine the attack surface. ML techniques are applied to various classification algorithms to learn a dataset for performance accuracies and threats predictions based on the CSC resilience design principles to reduce the attack surface for this purpose.

This paper aims to establish a theoretic framework to provide a fundamental understanding of cyberspatial objects, their existence and their identification scheme while providing a connection between cyber-enabled spaces and cyberspace. It develops an avenue to quantify general philosophical and theoretical questions, precisely, inherently spatial basis that produces an unprecedented space–time continuum, in which cyber-enabled relations evolve.

Multidisciplinary theoretical approaches are needed to describe complex systems, which in this paper are integrated in a quest for the principles underlying the structural organization and dynamics of cyberspace. A theoretic framework is presented, and the spatial conception of cyber-enabled physical, social, information and thinking spaces and entities existence are provided.

With spatial objects and spatial properties, cyberspace is inherently spatial. Its basic constructs are founded on its spatial qualities and producing radical space–time compression, cyber-enabled spaces in which dynamic relations develop and thrive. The cyberspatial object operations are primarily built on foundations that depend on physical space and other spatial metaphors. Information space, basically missing in the literature, is an important part of cyberspace.

This work suggested a novel analytical approach to describing cyberspace from broader perspectives and fields. Due to the novelty and divergence of cyber concepts, an interdisciplinary study and methodology are needed. Thus, more research toward theoretical direction could help many of the practical implementations of concepts.

The research is of particular significance in cyberspatial mechanics to describe the dynamics and behavior of cyber physical systems. For example, object-based analysis functions like spatial query, node pattern analysis, cluster analysis, spatial similarity analysis and location modeling.

Complementing the existing literature and defining information space to the research sphere, a theoretical framework providing a fundamental understanding of cyberspatial objects and the general cyberspace foundation has been proposed, resulting in a formalized concept of existence, interactions and applications and services, with respect to philosophy, science and technology, respectively.

Additive manufacturing also known as 3D printing is an evolving advanced manufacturing technology critical for the new era of complex machinery and operating systems. Manufacturing systems are increasingly faced with risk of attacks not only by traditional malicious actors such as hackers and cyber-criminals but also by some competitors and organizations engaged in corporate espionage. This paper aims to elaborate a plausible risk practice of designing and demonstrate a case study for the compromised-based malicious for polymer 3D printing system.

This study assumes conditions when a machine was compromised and evaluates the effect of post compromised attack by studying its effects on tensile dog bone specimens as the printed object. The designed algorithm removed predetermined specific number of layers from the tensile samples. The samples were visually identical in terms of external physical dimensions even after removal of the layers. Samples were examined nondestructively for density. Additionally, destructive uniaxial tensile tests were carried out on the modified samples and compared to the unmodified sample as a control for various mechanical properties. It is worth noting that the current approach was adapted for illustrating the impact of cyber altercations on properties of additively produced parts in a quantitative manner. It concurrently pointed towards the vulnerabilities of advanced manufacturing systems and a need for designing robust mitigation/defense mechanism against the cyber altercations.

Density, Young’s modulus and maximum strength steadily decreased with an increase in the number of missing layers, whereas a no clear trend was observed in the case of % elongation. Post tensile test observations of the sample cross-sections confirmed the successful removal of the layers from the samples by the designed method. As a result, the current work presented a cyber-attack model and its quantitative implications on the mechanical properties of 3D printed objects.

To the best of the authors’ knowledge, this is the original work from the team. It is currently not under consideration for publication in any other avenue. The paper provides quantitative approach of realizing impact of cyber intrusions on deteriorated performance of additively manufactured products. It also enlists important intrusion mechanisms relevant to additive manufacturing.

In spite of growing research interest in cyber security, inter-firm based cyber risk studies are rare. Therefore, this study aims to investigate cyber risk management in supply chain contexts.

Adapting a systematic literature review process, papers from interdisciplinary areas published between 1990 and 2017 were selected. Different typologies, developed for conducting descriptive and thematic analysis, were established using data mining techniques to conduct a comprehensive, replicable and transparent review.

The review identifies multiple future research directions for cyber security/resilience in supply chains. A conceptual model is developed, which indicates a strong link between information technology, organisational and supply chain security systems. The human/behavioural elements within cyber security risk are found to be critical; however, behavioural risks have attracted less attention because of a perceived bias towards technical (data, application and network) risks. There is a need for raising risk awareness, standardised policies, collaborative strategies and empirical models for creating supply chain cyber-resilience.

Different types of cyber risks and their points of penetration, propagation levels, consequences and mitigation measures are identified. The conceptual model developed in this study drives an agenda for future research on supply chain cyber security/resilience.

A multi-perspective, systematic study provides a holistic guide for practitioners in understanding cyber-physical systems. The cyber risk challenges and the mitigation strategies identified support supply chain managers in making informed decisions.

To the best of the authors’ knowledge, this is the first systematic literature review on managing cyber risks in supply chains. The review defines supply chain cyber risk and develops a conceptual model for supply chain cyber security systems and an agenda for future studies.

The purpose of this paper is to present the current state research of cyber-physical system (CPS) and its application in libraries. CPS is a kind of large-scale and networked system that consists of physical and cyber elements and is currently of interest in academia, industry and government. In this survey, the definitions, theoretical foundation and basic applications of CPS are systematically reviewed. In addition, the development of library and current research of CPS application in library management are presented. The vision and challenge of smart library are also discussed.

By retrieving the main scholarly databases, the literature of CPS and its application in libraries were examined.

This study shows that a lot of CPS technology applications are still in initial stage, and explores CPS potential impacts on libraries.

The application of CPS in library management has not been paid much attention, this study provides a prospective for the application of CPS in libraries.

The purpose of this paper is to build cyber-physical-psychological ternary fusion crowd intelligence network and realize comprehensive, real, correct and synchronous projection in cyber–physical–psychological ternary fusion system. Since the network of crowd intelligence is the future interconnected network system that takes on the features of large scale, openness and self-organization. The Digital-selfs in the network of crowd intelligence interact and cooperate with each other to finish transactions and achieve co-evolution eventually.

To realize comprehensive, real, correct and synchronous projection between cyber–physical–psychological ternary fusion system, the authors propose the rules and methods of projection from real world to the CrowdIntell Network. They build the mental model of the Digital-self including structure model and behavior model in four aspects: identity, provision, demand and connection, thus forming a theoretical mental model framework of Digital-self.

The mental model is excepted to lay a foundation for the theory of modeling and simulation in the research of crowd science and engineering.

This paper is the first one to propose the mental model framework and projection rules and methods of Digital-selfs in network of crowd intelligence, which lays a solid foundation for the theory of modeling, simulation, intelligent transactions, evolution and stability of CrowdIntell Network system, thus promoting the development of crowd science and engineering.

The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS.

Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view.

This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies.

The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study.

This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs.

The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.

The common implementation practices of modern industrial control systems (ICS) has left a window wide open to various security vulnerabilities. As the cyber-threat landscape continues to evolve, the ICS and their underlying architecture must be protected to withstand cyber-attacks. This study aims to review several ICS security assessment methodologies to identify an appropriate vulnerability assessment method for the ICS systems that examine both critical physical and cyber systems so as to protect the national critical infrastructure.

This paper reviews several ICS security assessment methodologies and explores whether the existing methodologies are indeed sufficient to meet the cyber security assessment exercise required to validate the security of electrical power control systems.

The study showed that most of the examined methodologies seem to concentrate on vulnerability identification and prioritisation techniques, whilst other security techniques received noticeably less attention. The study also showed that the least attention is devoted to patch management process due to the critical nature of the SCADA system. Additionally, this review portrayed that only two security assessment methodologies exhibited absolute fulfilment of all NERC-CIP security requirements, whilst the others only partially fulfilled the essential requirements.

This paper presents a review and a comparative analysis of several standard SCADA security assessment methodologies and guidelines published by internationally recognised bodies. In addition, it explores the adequacy of the existing methodologies in meeting cyber security assessment practices required for electrical power networks.

Railways are a well-known example of complex critical infrastructure, incorporating socio-technical systems with humans such as drivers, signallers, maintainers and passengers at the core. The technological evolution including interconnectedness and new ways of interaction lead to new security and safety risks that can be realised, both in terms of human error, and malicious and non-malicious behaviour. This study aims to identify the human factors (HF) and cyber-security risks relating to the role of signallers on the railways and explores strategies for the improvement of “Digital Resilience” – for the concept of a resilient railway.

Overall, 26 interviews were conducted with 21 participants from industry and academia.

The results showed that due to increased automation, both cyber-related threats and human error can impact signallers’ day-to-day operations – directly or indirectly (e.g. workload and safety-critical communications) – which could disrupt the railway services and potentially lead to safety-related catastrophic consequences. This study identifies cyber-related problems, including external threats; engineers not considering the human element in designs when specifying security controls; lack of security awareness among the rail industry; training gaps; organisational issues; and many unknown “unknowns”.

The authors discuss socio-technical principles through a hexagonal socio-technical framework and training needs analysis to mitigate against cyber-security issues and identify the predictive training needs of the signallers. This is supported by a systematic approach which considers both, safety and security factors, rather than waiting to learn from a cyber-attack retrospectively.

Cyber physical system (CPS) has attracted much attention from industry, government and academia due to its dramatic impact on society, economy and people’s daily lives. Scholars have conducted a number of studies on CPS. However, despite of the dynamic nature of this research area, a systematic and extensive review of recent research on CPS is unavailable. Accordingly, this paper conducts an intensive literature review on CPS and presents an overview of existing research on CPS. The purpose of this paper is to identify the challenges of studying CPS as well as the directions for future studies on CPS.

This paper examines existing literatures about CPS from 2006 to 2018 in Compendex, presenting its definition, architectures, characteristics and applications.

This study finds that CPS is closely integrated, diversified and large-scale network with complex multiple time scales. It requires dynamic reorganization/reconfiguration, mass computing, and closed, automated and control circuits. Currently, CPS has been applied in smart manufacturing, medical systems, smart city and smart libraries. The main challenges in designing CPS are to develop, to modify, to integrate abstractions and to set predictable timing of openness and physical interconnection of physical devices. Furthermore, security is a key issue in CPS.

This study adds knowledge to the existing literature of CPS by answering what the current level of development on CPS is and what the potential future research directions of CPS are.