Search Results (680)

Background: The maritime industry, vital for global trade, faces escalating cyber threats in 2025. Critical port infrastructures are increasingly vulnerable due to rapid digitalization and the integration of IT and operational technology (OT) systems. Methods: Using 112 incidents from the Maritime Cyber Attack Database (MCAD, 2020–2025), we developed a novel quantitative risk assessment model based on a Threat-Vulnerability-Impact (T-V-I) framework, calibrated with MITRE ATT&CK techniques and validated against historical incidents. Results: Our analysis reveals a 150% rise in incidents, with OT compromise identified as the paramount threat (98/100 risk score). Ports in Poland and Taiwan face the highest immediate risk (95/100), while the Panama Canal is assessed as the most probable next target (90/100). State-sponsored actors from Russia, China, and Iran are responsible for most high-impact attacks. Conclusions: This research provides a validated, data-driven framework for prioritizing defensive resources. Our findings underscore the urgent need for engineering-grade solutions, including network segmentation, zero-trust architectures, and proactive threat intelligence integration to enhance maritime cyber resilience against evolving threats. Full article

The deep integration of digital technologies has significantly improved the operational efficiency of electricity markets, but it has also introduced increasingly severe and sophisticated cybersecurity challenges. As a highly coupled cyber–physical system (CPS), the electricity market is increasingly vulnerable to attacks that exploit weaknesses in both market mechanisms and information infrastructure. Unlike existing reviews, this study makes three key contributions: First, it provides a hierarchical analysis of cyberattacks targeting electricity market operations, detailing how such attacks manipulate outcomes for profit or disruption. Second, it proposes a novel full-lifecycle dynamic defense framework tailored to the cyber–physical–market nature of the electricity market, coordinating defenses across the entire attack lifecycle to ensure market stability and financial integrity. Third, it analyzes key enabling technologies for attack–defense games and identifies fundamental challenges to market resilience. Looking ahead, the manuscript outlines a strategic research agenda, emphasizing breakthroughs in intelligent and collaborative technologies. These advancements are expected to drive the evolution of the electricity market’s defense from a passive–reactive model to a state of active immunity, which can anticipate, withstand, and autonomously recover from complex cyber threats. Full article

The modern power grid is considered a Smart Grid (SG) when it relies extensively on technologies that integrate traditional power infrastructure with Information and Communication Technologies (ICTs). The dependence on Internet of Things (IoT)-based communication systems to operate physical power devices transforms the grid into a complex system of systems (SoS), introducing cybersecurity vulnerabilities across various SG layers. Several surveys have addressed SG cybersecurity, but none have correlated recent developments with the NIST seven-domain framework, a comprehensive model covering all major SG domains and crucial for domain-level trend analysis. To bridge this gap, we systematically review and classify studies by impacted NIST domain, threat type, and methodology (including tools/platforms used). We note that the scope of applicability of this study is 60 studies (2011–2024) selected exclusively from IEEE Xplore. Unlike prior reviews, this work maps contributions to the NIST domain architecture, examines temporal trends in research, and synthesizes cybersecurity defenses and their limitations. The analysis reveals that research is unevenly distributed: the Operations domain accounts for ~35% of all studies, followed by Generation ~25% and Distribution ~14%, while domains like Transmission (~9%) and Service Provider (5%) are comparatively under-studied. We find a heavy reliance on simulation-based tools (~46% of studies) such as MATLAB/Simulink, and False Data Injection (FDI) attacks are predominantly studied, comprising approximately 36% of analyzed attacks. The broader objective of this work is to guide researchers and SG stakeholders (e.g., utilities, policy-makers) toward understanding and coordinating strategies for improving system-level cyber-resilience, which is crucial for future SGs, while avoiding any overstatement of findings beyond the reviewed evidence. Full article

Small- and Medium-sized Enterprises (SMEs) play a crucial role in the global economy, accounting for approximately two-thirds of global employment and contributing significantly to the GDP of developed countries. Despite the availability of various cybersecurity standards and frameworks, SMEs remain highly vulnerable to cyber threats. Limited resources and a lack of expertise in cybersecurity make them frequent targets for cyberattacks. It is essential to identify the challenges faced by SMEs and explore effective defensive strategies to enhance the implementation of cybersecurity measures. The study aims to bridge the gap and help these organizations in implementing cost-effective and practical cybersecurity approaches through a systematic mapping study (SMS) conducted, where 73 articles were thoroughly reviewed. This research will shed light on the current cybersecurity approaches (practices) posture for different SMEs, along with the threats they are facing, which have stopped them from deciding, planning, and implementing cybersecurity measures. The study identified a wide range of cybersecurity threats, including phishing, social engineering, insider threats, ransomware, malware, denial of services attacks, and weak password practices, which are the most prevalent for SMEs. This study identified defensive practices, such as cybersecurity awareness and training, endpoint protection tools, incident response planning, network segmentation, access control, multi-factor authentication (MFA), access controls, privilege management, email authentication and encryption, enforcing strong password policies, cloud security, secure backup solutions, supply chain visibility, and automated patch management tools, as key measures. The study provides valuable insights into the specific gaps and challenges faced by SMEs, as well as their preferred methods of seeking and consuming cybersecurity assistance. The findings can guide the development of targeted defensive practices and policies to enhance the cybersecurity posture of SMEs for successful software development. This SMS will also provide a foundation for future research and practical guidelines for SMEs to improve the process of secure software development. Full article

Non-profit organizations (NPOs) are crucial for building equitable and thriving communities. The majority of NPOs are small, community-based organizations that serve local needs. Despite their significance, NPOs often lack the resources to manage cybersecurity effectively, and information about them is usually found in nonacademic or practitioner sources rather than in the academic literature. The recent surge in cyberattacks on NPOs underscores the urgent need for investment in cybersecurity readiness. The absence of robust safeguards and cybersecurity preparedness not only exposes NPOs to risks and vulnerabilities but also erodes trust and diminishes the value donors and volunteers place on them. Through this systematic literature review (SLR) mapping framework, the existing work on cyber threat assessment and mitigation is leveraged to make a framework and data collection plan to address the significant cybersecurity vulnerabilities faced by NPOs. The research aims to offer actionable guidance that NPOs can implement within their resource constraints to enhance their cybersecurity posture. This systematic literature review (SLR) adheres to PRISMA 2020 guidelines to examine the state of cybersecurity readiness in NPOs. The initial 4650 records were examined on 6 March 2025. We excluded studies that did not answer our research questions and did not discuss the cybersecurity readiness in NPOs. The quality of the selected studies was assessed on the basis of methodology, clarity, completeness, and transparency, resulting in the final number of 23 included studies. Further, 37 studies were added investigating papers that referenced relevant studies or that were referenced by the relevant studies. Results were synthesized through quantitative topic analysis and qualitative analysis to identify key themes and patterns. This study makes the following contributions: (i) identify and synthesize the top cybersecurity risks for NPOs, their service impacts, and mitigation methods; (ii) summarize affordable cybersecurity practices, with an emphasis on employee training and sector-specific knowledge gaps; (iii) analyze organizational and contextual factors (e.g., geography, budget, IT skills, cyber insurance, vendor dependencies) that shape cybersecurity readiness; and (iv) review and integrate existing assessment and resilience frameworks applicable to NPOs. Full article

The growing integration of Digital Twins (DTs) in Industry 4.0 environments exposes the physical–virtual communication layer as a critical vector for cyber vulnerabilities; while most studies focus on complex and resource-intensive security mechanisms, this work demonstrates that the inherently predictable nature of DT communications allows simple statistical metrics—such as the $\mu +3\sigma$ threshold—to provide robust, interpretable, and computationally efficient anomaly detection. Using a Docker-based simulation, we emulate Denial-of-Service (DoS), Man-in-the-Middle (MiTM), and intrusion attacks, showing that each generates a distinct statistical signature (e.g., a 50-fold increase in packet rate during DoS). The results confirm that data rate monitoring offers a viable, non-intrusive, and cost-effective first line of defense, thereby enhancing the resilience of IIoT-based Digital Twins. Full article

The rapid advancement of artificial technology is giving rise to new forms of cyber threats like memorization-based APT attacks, which not only pose significant risks to critical infrastructure but also present serious challenges to conventional security architectures. As a crucial service information system in railway passenger stations, the Railway Passenger Service System (RPSS) is particularly vulnerable due to its widespread terminal distribution and large attack surface. This paper focuses on two key challenges within the RPSS Cloud Center’s Double-Layer Dynamic Heterogeneous Redundancy (DDHR) architecture under such attacks: (i) the inability to accurately estimate redundant executor scheduling time, and (ii) the absence of an intelligent defense scheduling method capable of countering memorization-based attacks within a unified and quantifiable environment. To address these issues, we first establish the problem formulation of optimizing defender’s payoff under incomplete information, which applies information entropy of DDHR redundant executors to reflect attacking and defending behaviors. Then a method of estimating attacking time is proposed in order to overcome the difficulty in determining scheduling time due to incomplete information. Finally, we introduce the PPO_HE approach—a Proximal Policy Optimization (PPO) algorithm enhanced with quantifiable information Entropy and Heterogeneity of DDHR redundant executors. Extensive experiments were conducted for evaluation in terms of the two entropy-related metrics: information entropy decay amount and information entropy decay rate. Results demonstrate that the PPO_EH approach achieves the highest efficiency per scheduling operation in countering attacks and provides the longest resistance time against memorization-based attacks under identical initial information entropy conditions. Full article

In an increasingly interconnected world, cybersecurity professionals play a pivotal role in safeguarding organizations from cyber threats. To secure their cyberspace, organizations are forced to adopt a cybersecurity framework such as the NIST National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity (NICE Framework). Although these frameworks are a good starting point for businesses and offer critical information to identify, prevent, and respond to cyber incidents, they can be difficult to navigate and implement, particularly for small-medium businesses (SMBs). To help overcome this issue, this paper identifies the most frequent attack vectors to SMBs (Objective 1) and proposes a practical model of both technical and non-technical tasks, knowledge, skills, abilities (TKSA) from the NICE Framework for those attacks (Objective 2). This research develops a scenario-based curriculum. By immersing learners in realistic cyber threat scenarios, their practical understanding and preparedness in responding to cybersecurity incidents is enhanced (Objective 3). Finally, this work integrates practical experience and real-life skill development into the curriculum (Objective 4). SMBs can use the model as a guide to evaluate, equip their existing workforce, or assist in hiring new employees. In addition, educational institutions can use the model to develop scenario-based learning modules to adequately equip the emerging cybersecurity workforce for SMBs. Trainees will have the opportunity to practice both technical and legal issues in a simulated environment, thereby strengthening their ability to identify, mitigate, and respond to cyber threats effectively. We piloted these learning modules as a semester-long course titled “Hack Lab” for both Computer Science (CS) and Law students at CSU during Spring 2024 and Spring 2025. According to the self-assessment survey by the end of the semester, students demonstrated substantial gains in confidence across four key competencies (identifying vulnerabilities and using tools, applying cybersecurity laws, recognizing steps in incident response, and explaining organizational response preparation) with an average improvement of +2.8 on a 1–5 scale. Separately, overall course evaluations averaged 4.4 for CS students and 4.0 for Law students, respectively, on a 1–5 scale (college average is 4.21 and 4.19, respectively). Law students reported that hands-on labs were difficult, although they were the most impactful experience. They demonstrated a notable improvement in identifying vulnerabilities and understanding response processes. Full article

Hybrid AC/DC microgrids (HMGs) are pivotal for integrating renewable resources, yet their stability and resilience are fundamentally constrained by the power electronic converters that interface them. This paper provides a critical review and synthesis of the co-dependent advancements in HMG converter topologies, control strategies, and fault management. Through a systematic analysis of the state of the art, this review examines the evolution from classical control to intelligent, software-defined converter functions. The analysis reveals a fundamental bifurcation in design philosophy between low-voltage (LV) and medium-voltage (MV) systems, driven by a trade-off between power density Gallium Nitride (GaN) and systemic reliability silicon carbide (SiC). Furthermore, it highlights the rise of virtualization, namely virtual Inertia control (VIC) and adaptive virtual impedance control (AVIDC), as a dominant paradigm to compensate for the physical limitations of low-inertia, resistive grids. Finally, this review identifies a critical, synergistic dependency in fault management, where ultra-fast solid-state circuit breakers (SSCBs) guarantee the survivability of vulnerable voltage source converters (VSCs), which in turn enables software-based resilience via fault ride-through (FRT). This synthesis concludes that the converter has become the intelligent nexus of the HMG and identifies the primary barriers to widespread adoption as the computational, economic, and standardization gaps in this new cyber–physical domain. Full article

Moving Target Defense (MTD) has been proposed as a dynamic defense strategy to address the static and isomorphic vulnerabilities of networks. Recent research in MTD has focused on enhancing its effectiveness by combining it with cyber deception techniques. However, there is limited research on evaluating and quantifying this hybrid defence framework. Existing studies on MTD evaluation often overlook the deployment of deception, which can expand the potential attack surface and introduce additional costs. Moreover, a unified model that simultaneously measures security, reliability, and defense cost is lacking. We propose a novel hybrid defense effectiveness evaluation method that integrates queuing and evolutionary game theories to tackle these challenges. The proposed method quantifies the safety, reliability, and defense cost. Additionally, we construct an evolutionary game model of MTD and deception, jointly optimizing triggering and deployment strategies to minimize the attack success rate. Furthermore, we introduce a hybrid strategy selection algorithm to evaluate the impact of various strategy combinations on security, resource consumption, and availability. Simulation and experimental results demonstrate that the proposed approach can accurately evaluate and guide the configuration of hybrid defenses. Demonstrating that hybrid defense can effectively reduce the attack success rate and unnecessary overhead while maintaining Quality of Service (QoS). Full article

The European Union’s Cyber Resilience Act (CRA) introduces a complex set of binding lifecycle security obligations, presenting a significant compliance challenge for the Internet of Things (IoT) industry. This study addresses this challenge by developing a comprehensive CRA mapping framework specifically tailored to the IoT sector. The core contribution is a detailed lifecycle-based checklist that translates the regulation’s legal mandates into an actionable blueprint for manufacturers. Beyond the checklist itself, this paper’s core contribution is a transparent two-phase methodology. The first phase provides a structured pipeline to translate dense legal text (from CRA Articles 13–14 and its annexes) into atomic testable engineering requirements. The second phase builds a quantitative rating tree using the Analytic Hierarchy Process (AHP) to weigh these requirements, providing a consistent and evidence-based scoring rubric. By synthesizing the complex regulatory landscape and the technical state of the art, this paper operationalizes the CRA’s requirements for governance, secure design, vulnerability management, and conformity assessment. The framework is validated in the TRUEDATA case, yielding a weighted readiness score and a sensitivity analysis that underpin the reliability of the findings. Full article

Recent technological advances in communication networks, intelligent devices, power electronics, and phasor measurement units have significantly transformed the operation of modern power systems. This evolution gave rise to smart grids, which enable the flow of real-time information on the operational state of the grid and of control commands across multiple communication infrastructures, using a variety of protocols and standards, between control centers and devices deployed throughout the grid’s physical structure. At the same time, it has exposed power systems to new challenges and threats, due to the vulnerabilities inherited from the different components they integrate. Attackers have a variety of attacks at their disposal, by which they can disturb the availability of electricity as well as cause damage to the smart grid’s physical structure. Therefore, cybersecurity has become an important aspect of the smart grid concept. This field of research has attracted the attention of many researchers, and in the last decade or so, the number of studies on the cyber-physical security of smart grids has surged significantly. Proportionally, an important number of survey papers were published as well. It has therefore become more difficult to navigate literature on the topic of smart grid cyber-physical security due to the large number of papers, the complexity of the grid’s structure, and the variety of attacks, resolution methods, and techniques. To address this issue, in this work, we present a comprehensive review of existing literature reviews on the topic of smart grid cyber-physical security. We reviewed 100 survey papers, which were categorized into general surveys, attack-specific surveys, method-specific surveys, and component-specific surveys. We discussed and highlighted research tendencies in terms of attacks and methods used to protect smart grids. Additionally, we presented an overview of the different research challenges and possible future directions. Full article

Internet of Things (IoT) devices are increasingly deployed in homes and enterprises, yet they face a rising rate of cyberattacks. High-quality Cyber Threat Intelligence (CTI) is essential for data-driven, deep learning (DL)-based cybersecurity, as structured intelligence enables faster, automated detection. However, many CTI platforms still use unstructured or non-standard formats, hindering integration with ML systems.This study compares CTI from one commercial platform (AlienVault OTX) and public vulnerability databases (NVD’s CVE and CPE) in the IoT/smart home context. We assess their adherence to the Structured Threat Information Expression (STIX) v2.1 standard and the quality and coverage of their intelligence. Using 6.2K IoT-related CTI objects, we conducted syntactic and semantic analyses. Results showed that OTX achieved full STIX compliance. Based on our coverage metric, OTX demonstrated high intelligence completeness, whereas the NVD sources showed partial contextual coverage. IoT threats exhibited an upward trend, with Network as the dominant attack vector and Gain Access as the most common objective. The limited use of STIX-standardized vocabulary reduced machine readability, constraining data-driven applications. Our findings inform the design and selection of CTI feeds for intelligent intrusion detection and automated defense systems. Full article

Wireless Sensor Networks (WSNs) have a decisive share in various monitoring and control systems. However, their distributed and resource-constrained nature makes them vulnerable to anomalies caused by factors such as environmental noise, sensor faults, and cyber intrusions. In this paper, HEXADWSN, a hybrid ensemble learning-based explainable anomaly detection framework for anomaly detection to improve reliability and interpretability in WSNs, has been proposed. The proposed framework integrates an ensemble learning approach using Autoencoders, Isolation Forests, and One-Class SVMs to achieve robust detection of time-series-based irregularities in the Intel Lab dataset. The framework uses stack and vote ensemble learning. The stack ensemble achieved the highest overall performance, indicating strong effectiveness in detecting varied anomaly patterns. The voting ensemble demonstrated moderate results and offered a balance between detection rate and computation, whereas LSTM, which is efficient at capturing temporal dependencies, exhibited a relatively low performance in the processed dataset. SHAP, LIME, and Permutation Feature Importance techniques are employed for model explainability. These techniques offer insights into feature relevance and anomalies at global and local levels. The framework also measures the mean energy consumption for anomalous and normal data. The interpretability results identified that temperature, humidity, and voltage are the most influential features. HEXADWSN establishes a scalable and explainable foundation for anomaly detection in WSNs, striking a balance between accuracy, interpretability, and energy management insights. Full article

With the development and widespread application of information technology, cybersecurity has become a focal point in all industry sectors. The maritime sector is no exception, with both physical and cyber threats. This survey first highlights, from a system engineering and information technology perspective, the specific architectures of on-vessel and in-port systems, as well as the communication equipment connecting them. Subsequently, cyber attacks in maritime and port domains and their potential consequences are described from various angles. Examples of real cases of cyber attacks are also reported. An overview of current key techniques used in vulnerability analysis, attack detection, and security protection is proposed before discussing cybersecurity issues in the maritime and port sectors from the particular perspective of discrete event systems. Various systems used in maritime and port domains are modeled as automata or Petri nets. Some analysis, detection, and protection approaches are then proposed to illustrate the potential of discrete event systems in this domain. Full article