Risk Assessment of Cryptojacking Attacks on Endpoint Systems: Threats to Sustainable Digital Agriculture
Round 1
Reviewer 1 Report
Comments and Suggestions for AuthorsIn this manuscript, the authors assess the risks of cryptojacking attacks on endpoint systems within digital agriculture, focusing on their financial and operational impacts. Its main contributions include a quantitative risk assessment framework using Monte Carlo simulations, Bayesian networks, and attack tree analysis, applied across five distinct scenarios.
The paper presents a methodology for quantifying cryptojacking risks, combining probabilistic models and scenario-based analysis. However, several weaknesses and methodological gaps need addressing:
1. Some of the figures are unclear and lack sufficient resolution. For example, the quality of Figure 1 is insufficient, as it appears blurry and lacks clarity. Please consider improving the resolution to ensure better visibility and comprehension.
2. Table 2 provides sample parameters for risk modeling. However, the value ranges (e.g., 8–12 incidents/year) appear to be arbitrarily selected without citation of empirical data or prior studies. To enhance the credibility and transparency of the analysis, please specify the data sources.
3. While Chapter 3 introduces several cybersecurity risk modeling approaches, including probabilistic analysis and the concept of a risk tree in the context of cryptojacking attacks, there is no clear application of these methods in the scenario presented in Chapter 4. Furthermore, it is difficult to correlate the experimental results and figures in Chapter 4 with the methodologies described in Chapter 3.
4. Some figures contain garbled or unreadable characters. For example, in Figure 7, subfigure (b) and (c) contain garbled or unreadable characters. This issue should be corrected to ensure clarity and proper interpretation.
5. Scenario 4 reports very high annual losses; however, it does not discuss how server-specific vulnerabilities (e.g., unpatched software) contribute to these figures. A more detailed analysis of such contributing factors would enhance the credibility and depth of the risk assessment.
6. In 4.6, the ROSI calculation yields a total of \$958,225, but the individual scenario contributions are not detailed. Provide a breakdown of ROSI per scenario to clarify how each contributes to the total.
As a conclusion, the paper lacks sufficient detail in the presentation of its theoretical foundation and methodological framework. The described scenarios and experimental analyses are not well elaborated, and the sources of data are unclear, making it difficult to assess the novelty and the actual contribution of the work. Additionally, several figures are of poor quality, and key references are missing for some of the data presented in the tables. Based on these shortcomings, I do not recommend the acceptance of this paper.
Comments for author File: Comments.pdf
Author Response
Dear Reviewer!
Responses to your comments are in the attached file.
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsThe research establishes technical precision when studying cryptojacking risks that emerge through agricultural digital transformation. The authors have managed to connect cybersecurity threat modeling approaches to sustainability issues in agricultural systems while studying a previously unexamined yet crucial threat space. The authors propose the following adjustments as well as modifications to enhance clarity and practical application, and depth of the manuscript.
- The manuscript presents logical organization but requires better transition flow between its literature review segment and methodological development and simulation outcome sections. The existing structure needs short transitional paragraphs to create a better flow between sections. Kindly improve the transition between paragraphs.
- The risk models incorporate reasonable parameters which need additional contextualization, such as energy costs and incident response costs, and CPU usage thresholds. The implementation requires clear descriptions about how sources of information were selected and measurement methods used, particularly for input variables, in order to enhance transparency and reproducibility.
- The analysis should address agricultural systems more directly because it pertains to digital agriculture. A complete analysis of field-specific weaknesses, including IoT irrigation equipment and smart agricultural equipment, and drone surveillance, should be added to increase the study's applicability to the agricultural sector.
- The research provides direct applications, yet additional information about how agricultural stakeholders should use these findings for practical implementation would strengthen the paper's useful outcomes.
- This manuscript delivers a powerful simulation approach to risk assessment, yet fails to establish its value with authentic organizational data or industrial performance metrics. The external validity and practical value of the findings would increase dramatically if the study included minimal actual organizational data, such as agricultural enterprise incident logs or security operations center anonymous reports. The credibility of model outputs becomes stronger by comparing the proposed risk scores and financial loss estimates to known cryptojacking incidents, if available.
- The study examines attack probabilities and losses, which remain independent from each other throughout endpoints or server nodes in the model. Modern agriculture depends heavily on interconnected systems where IoT sensors transmit data to cloud analytics that connect with autonomous systems running on edge servers. The model currently fails to identify the full scope of risks from one compromised node on connected systems throughout the network. The modeling approach needs further development by the authors to incorporate dependency elements as well as systemic risks that propagate throughout genuine agro-digital systems.
- The quantitative strength of the risk assessment exists despite its lack of distinction between different stakeholder viewpoints (farm owners, IT administrators, and agribusiness insurers). Risk-based prioritization does not follow standardized procedures, as various organizational participants determine different priority rankings for loss categories. By implementing stakeholder-dependent sensitivity analysis, which evaluates risks from different organizational angles, companies can improve both the strategic worth of their assessments alongside more accurate mitigation planning.
- The article maintains good writing quality, but specific areas, including figure captions and scenario explanations, need additional linguistic work to enhance precision as well as cut repetition while also maintaining a continuous writing style.
Author Response
Dear Reviewer!
Responses to your comments are in the attached file.
Author Response File: Author Response.pdf
Reviewer 3 Report
Comments and Suggestions for AuthorsDear Authors
All comments, remarks and questions are included in the manuscript
Comments for author File: Comments.pdf
Author Response
Dear Reviewer!
Thank you for your valuable comments, we have tried to take them into account as much as possible.
Comment
All comments, remarks and questions are included in the manuscript.
Answer
Thank you for your comments. We have highlighted the corrections in pink throughout the text.
Also the quality of the drawings has been improved according to your comments.
Sincerely,
Authors
Round 2
Reviewer 1 Report
Comments and Suggestions for AuthorsThe authors have carefully revised the manuscript in response to the reviewers’ previous comments. The current version presents a more complete and coherent structure, with substantial improvements in both content and presentation.
In particular:
- The technical content has been refined and better organized.
- Figures and tables have been appropriately updated and now contribute more clearly to the narrative.
- The writing quality has improved, with better logical flow and clarity.
The revision demonstrates that the authors have taken the feedback seriously and addressed the main concerns raised during the initial review. Based on the improvements made, I believe the manuscript has reached a publishable standard.
Only minor polishing may be needed for grammar or formatting, if required by the journal.
Overall Recommendation: The revised paper is of good quality and can be considered for acceptance.