Nabin Chowdhury scite author profile

The development and deployment of highly dynamic, cyber+connected operational environments, such as smart homes, smart cities, and smart transportation systems, is increasing. The security analysis of such dynamic environments necessitates the use of dynamic risk assessment methodologies and the modeling of dynamically changing states. In this paper, we focus on the smart home environment, where the deployment of IoT devices increase the attack surface. We examine existing dynamic risk assessment methodologies, and by leveraging a smart home reference architecture we identify the security risks of a smart home’s physical and communication viewpoints, taking into consideration also dynamic operational aspects. Further, we develop a smart home network topology generator and a graph-based attack model to study dependencies among dynamically changing states and the propagation of a malware infection.

show abstract

CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review

Chowdhury

2021

Signals

View full text Add to dashboard Cite

As digital instrumentation in Nuclear Power Plants (NPPs) is becoming increasingly complex, both attack vectors and defensive strategies are evolving based on new technologies and vulnerabilities. Continued efforts have been made to develop a variety of measures for the cyber defense of these infrastructures, which often consist in adapting security measures previously developed for other critical infrastructure sectors according to the requirements of NPPs. That being said, due to the very recent development of these solutions, there is a lack of agreement or standardization when it comes to their adoption at an industrial level. To better understand the state of the art in NPP Cyber-Security (CS) measures, in this work, we conduct a Systematic Literature Review (SLR) to identify scientific papers discussing CS frameworks, standards, guidelines, best practices, and any additional CS protection measures for NPPs. From our literature analysis, it was evidenced that protecting the digital space in NPPs involves three main steps: (i) identification of critical digital assets; (ii) risk assessment and threat analysis; (iii) establishment of measures for NPP protection based on the defense-in-depth model. To ensure the CS protection of these infrastructures, a holistic defense-in-depth approach is suggested in order to avoid excessive granularity and lack of compatibility between different layers of protection. Additional research is needed to ensure that such a model is developed effectively and that it is based on the interdependencies of all security requirements of NPPs.

show abstract

Key competencies for critical infrastructure cyber-security: a systematic literature review

Chowdhury¹,

Gkioulos²

2021

ICS

View full text Add to dashboard Cite

Purpose The purpose of this paper can be encapsulated in the following points: identify the research papers published on the topic: competencies and skills necessary for critical infrastructure (CI) cyber-security (CS) protection; determine main focus areas within the identified literature and evaluate the dependency or lack thereof between them: make recommendations for future research. Design/methodology/approach This study is based on a systematic literature review conducted to identify scientific papers discussing and evaluating competencies, skills and essential attributes needed by the CI workforce for CS and preparedness to attacks and incidents. Findings After a comparative analysis of the articles reviewed in this study, a variety of skills and competencies was found to be necessary for CS assurance in CIs. These skills have been grouped into four categories, namely, technical, managerial, implementation and soft skills. Nonetheless, there is still a lack of agreement on which skills are the most critical and further research should be conducted on the relation between specific soft skills and CS assurance. Research limitations/implications Investigation of which skills are required by industry for specific CS roles, by conducting interviews and sending questionnaire\surveys, would allow consolidating whether literature and industry requirements are equivalent. Practical implications Findings from this literature review suggest that more effort should be taken to conciliate current CS curricula in academia with the skills and competencies required for CS roles in the industry. Originality/value This study provides a previously lacking current mapping and review of literature discussing skills and competencies evidenced as critical for CS assurance for CI. The findings of this research are useful for the development of comprehensive solutions for CS awareness and training.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Nabin Chowdhury

Cyber security training for critical infrastructure protection: A literature review

Modeling effective cybersecurity training frameworks: A delphi method-based study

Threat Analysis for Smart Homes

CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review

Key competencies for critical infrastructure cyber-security: a systematic literature review

Contact Info

Product

Resources

About