Automatic assets identification for smart cities: Prerequisites for cybersecurity risk assessments

Waedt, Karl; Ciriello, Antonio; Parekh, Mithil; Bajramovic, Edita

doi:10.1109/isc2.2016.7580812

Cited by 11 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These key assets need to be integrated within the smart city infrastructure and maintained to ensure systems are not degraded and valuable services are operable. The study by Waedt et al (2016) focused on the manual and automatic asset identification, annotation and tracking of graded Application Security Controls (ASCs) that can benefit from comprehensive and formalized asset management. This included the availability and integrity of fixed and mobile technology assets and the reliability and integrity of software assets installed on servers and cloud environments.…”

Section: Smart City Infrastructurementioning

confidence: 99%

“…This included the availability and integrity of fixed and mobile technology assets and the reliability and integrity of software assets installed on servers and cloud environments. The Waedt et al (2016) study asserts that rigorous and pervasive asset management provides value beyond security to mitigate the misuse of assets for sophisticated attacks targeting combinations of version-specific vulnerabilities.…”

Section: Smart City Infrastructurementioning

confidence: 99%

See 1 more Smart Citation

Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework

et al. 2020

View full text Add to dashboard Cite

The complex and interdependent nature of smart cities raises significant political, technical, and socioeconomic challenges for designers, integrators and organisations involved in administrating these new entities. An increasing number of studies focus on the security, privacy and risks within smart cities, highlighting the threats relating to information security and challenges for smart city infrastructure in the management and processing of personal data. This study analyses many of these challenges, offers a valuable synthesis of the relevant key literature, and develops a smart city interaction framework. The study is organised around a number of key themes within smart cities research: privacy and security of mobile devices and services; smart city infrastructure, power systems, healthcare, frameworks, algorithms and protocols to improve security and privacy, operational threats for smart cities, use and adoption of smart services by citizens, use of blockchain and use of social media. This comprehensive review provides a useful perspective on many of the key issues and offers key direction for future studies. The findings of this study can provide an informative research framework and reference point for academics and practitioners.

show abstract

Section: Smart City Infrastructurementioning

confidence: 99%

Section: Smart City Infrastructurementioning

confidence: 99%

Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework

et al. 2020

View full text Add to dashboard Cite

show abstract

“…However, the fuzzy RAMCAP considers the relative importance among vulnerability, threat, and consequence but not the relevant goals for the assets. The authors in [39] focus on the manual and automatic asset identification, annotation and tracking, as well as on the assignment of graded application security controls (ASCs), that can benefit from a comprehensive and formalised asset management. However, this process is not feasible in a heavily regulated business domain and can easily be a target to threat actors leading to a cyber-attack.…”

Section: Comparison With the Other Study Resultsmentioning

confidence: 99%

Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system

Kure

Islam

Ghazanfar

et al. 2021

Neural Comput & Applic

View full text Add to dashboard Cite

Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS). It enables identifying critical assets, vulnerabilities and threats and determining suitable proactive control measures for the risk mitigation. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This paper aims for an effective cybersecurity risk management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and comprehensive assessment model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as asset, threat actor, attack pattern, tactic, technique and procedure (TTP), and controls and maps these concepts with the VERIS community dataset (VCDB) features for the risk predication. The experimental results reveal that using the fuzzy set theory in assessing assets criticality supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware. An accurate prediction of risk can help organisations to determine the suitable controls in proactive manner to manage the risk.

show abstract

“…Other researchers employed special‐purpose tools to evaluate their proposed techniques: Cyber Security Argument Graph Evaluation (CyberSAGE) tool, 87 Smart Grid Information Security (SGIS) Toolbox, 116 and network application tool (NetAPT) 117 . Some authors used manual risk assessment 118,119 and compared their results generated through computer‐aided tools. For manual risk assessment, the techniques used are risk matrix, where for each identified risk value of H (High), M (Medium), and L (Low) is assigned by the professionals during meetings or group sessions 120 …”

Section: Findings Of Our Reviewmentioning

confidence: 99%

Security risks in cyber physical systems—A systematic mapping study

Zahid

Inayat

Daneva

et al. 2021

J Software Evolu Process

View full text Add to dashboard Cite

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber‐attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state‐of‐the‐art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model‐based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber‐security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber‐attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.

show abstract

Automatic assets identification for smart cities: Prerequisites for cybersecurity risk assessments

Cited by 11 publications

References 8 publications

Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework

Security, Privacy and Risks Within Smart Cities: Literature Review and Development of a Smart City Interaction Framework

Asset criticality and risk prediction for an effective cybersecurity risk management of cyber-physical system

Security risks in cyber physical systems—A systematic mapping study

Contact Info

Product

Resources

About