Search Results (704)

Digital transformation is increasingly central to the development of transport systems, yet current research offers limited guidance on how digital maturity levels shape operational risk. Existing digital maturity models primarily support benchmarking and planning, but rarely integrate structured risk assessment. This study addresses this gap by proposing a framework that links digital maturity with the systematic identification and prioritisation of digital transformation risks. A Digital Maturity-Based Risk Assessment Framework (DMRisk-TS) is developed, classifying risks into three categories. Probability and severity are evaluated using fuzzy logic, while contextual modifiers account for the maturity gap and system coverage. The approach is demonstrated using a real tram transport system and the DMM-TRAM model. The analysis shows that risk profiles differ markedly across maturity levels. Low-maturity environments generate operational risks related to insufficient or non-integrated information. Transitioning between levels introduces implementation and data-integration risks. At high maturity levels, new systemic risks emerge, including error propagation, cyber vulnerabilities, and over-reliance on automated processes. DMRisk-TS offers a meaningful basis for understanding and managing risks in transport systems. The framework supports the prioritisation of mitigation actions, informs decisions on advancing maturity, and highlights that higher digitisation creates new classes of systemic risk. Full article

Side-Channel-based Anomaly Detection (SCAD) offers a powerful and non-intrusive means of detecting unauthorized behavior in IoT and cyber–physical systems. It leverages signals that emerge from physical activity—such as electromagnetic (EM) emissions or power consumption traces—as passive indicators of software execution integrity. This capability is particularly critical in IoT/IIoT environments, where large fleets of deployed devices are at heightened risk of firmware tampering, malicious code injection, and stealthy post-deployment compromise. However, its deployment remains constrained by the costly and time-consuming need to re-fingerprint whenever a program is updated or modified, as fingerprinting involves a precision-intensive manual capturing process for each execution path. To address this challenge, we propose a generative modeling framework that synthesizes realistic EM signals for newly introduced or updated execution paths. Our approach utilizes a Conditional Wasserstein Generative Adversarial Network with Gradient Penalty (CWGAN-GP) framework trained on real EM traces that are conditioned on Execution State Descriptors (ESDs) that encode instruction sequences, operands, and register values. Comprehensive evaluations at instruction-level granularity demonstrate that our approach generates synthetic signals that faithfully reproduce the distinctive features of real EM emissions—achieving 85–92% similarity to real emanations. The inclusion of ESD conditioning further improves fidelity, reducing the similarity distance by ∼$13\%$. To gauge SCAD utility, we train a basic semi-supervised detector on the synthetic signals and find ROC-AUC results within ±1% of detectors trained on real EM data across varying noise conditions. Furthermore, the proposed 1DCNNGAN model (a CWGAN-GP variant) achieves faster training and reduced memory requirements compared with the previously leading ResGAN. Full article

The electric power grid constitutes a foundational pillar of modern critical infrastructure (CI), underpinning societal functionality and global economic stability. Yet, the increasing convergence of Information Technology (IT) and Operational Technology (OT), particularly through the integration of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), has amplified the sector’s exposure to sophisticated cyber threats. This study conducts a comparative analysis of five major cyber incidents targeting electric power systems: the 2015 and 2016 Ukrainian power grid disruptions, the 2022 Industroyer2 event, the 2010 Stuxnet attack, and the 2012 Shamoon incident. Each case is examined with respect to its objectives, methodologies, operational impacts, and mitigation efforts. Building on these analyses, the research evaluates the extent to which such attacks could have been prevented or mitigated through the systematic adoption of leading cybersecurity maturity frameworks. The NIST Cybersecurity Framework (CSF) 2.0, the ENISA NIS2 Directive Risk Management Measures, the U.S. Department of Energy’s Cybersecurity Capability Maturity Model (C2M2), and the Cybersecurity Risk Foundation (CRF) Maturity Model alongside complementary technical standards such as NIST SP 800-82 and IEC 62443 have been thoroughly examined. The findings suggest that a proactive, layered defense architecture grounded in the principles of these frameworks could have significantly reduced both the likelihood and the operational impact of the reviewed incidents. Moreover, the paper identifies critical gaps in the existing maturity models, particularly in their ability to capture hybrid, cross-domain, and human-centric threat dynamics. The study concludes by proposing directions for evolving from compliance-driven to resilience-oriented cybersecurity ecosystems, offering actionable recommendations for policymakers and power system operators to strengthen the cyber-physical resilience of electric generation and distribution infrastructures worldwide. Full article

As enterprises increasingly depend on software systems, security defects such as vulnerability disclosures, exploitations, and misconfigurations have become economically relevant risk events. However, their short-term impacts on capital markets remain insufficiently understood. This study examines how different types of software security defects affect short-horizon stock market behavior. Using a multi-model event-study framework that integrates the Constant Mean Return Model (CMRM), Autoregressive Integrated Moving Average (ARIMA), and the Capital Asset Pricing Model (CAPM), we estimate abnormal returns and trading-activity responses around security-related events. The results show that vulnerability disclosures are associated with negative abnormal returns and reduced trading activity, while exploitation events lead to larger price declines accompanied by significant increases in trading activity. Misconfiguration incidents exhibit weaker price effects but persistent turnover increases, suggesting that markets interpret them primarily as governance-related issues. Further analyses reveal that market reactions vary with technical severity, exposure scope, industry context, and firm role, and that cyber shocks propagate through both price adjustment and liquidity migration channels. Overall, the findings indicate that software security defects act as short-term information shocks in financial markets, with heterogeneous effects depending on event type. This study contributes to the literature on cybersecurity economics and provides insights for firms, investors, and policymakers in managing software-related risks. Full article

The security and integrity of election systems represent fundamental pillars of democratic governance in the 21st century. As electoral processes increasingly rely on networked technologies and digital infrastructures, the vulnerability of these systems to cyber threats has become a paramount concern for election officials, cybersecurity experts, and policymakers worldwide. This paper presents the first comprehensive synthesis and systematic analysis of vulnerabilities across major U.S. election systems, integrating findings from government assessments, security research, and documented incidents into a unified analytical framework. We compile and categorize previously fragmented vulnerability data from multiple vendors, federal advisories (CISA, EAC), and security assessments to construct a holistic view of the election security landscape. Our novel contribution includes (1) the first cross-vendor vulnerability taxonomy for election systems, (2) a quantitative risk assessment framework specifically designed for election infrastructure, (3) systematic mapping of threat actor capabilities against election system components, and (4) the first proposal for honeynet deployment in election security contexts. Through analysis of over 200 authoritative sources, we identify critical security gaps in federal guidelines, quantify risks in networked election components, and reveal systemic vulnerabilities that only emerge through comprehensive cross-system analysis. Our findings demonstrate that interconnected vulnerabilities create risk-amplification factors of 2-5x compared to isolated component analysis, highlighting the urgent need for comprehensive federal cybersecurity standards, improved network segmentation, and enhanced monitoring capabilities to protect democratic processes. Full article

Wireless Sensor Networks (WSNs) are increasingly being used in mission-critical infrastructures. In such applications, they are evaluated on the risk of cyber intrusions that can target the already constrained resources. Traditionally, Intrusion Detection Systems (IDS) in WSNs have been based on machine learning techniques; however, these models fail to capture the nonlinear, temporal, and topological dependencies across the network nodes. As a result, they often suffer degradation in detection accuracy and exhibit poor adaptability against evolving threats. To overcome these limitations, this study introduces a hybrid deep learning-based IDS that integrates multi-scale convolutional feature extraction, dual-stage attention fusion, and graph convolutional reasoning. Moreover, bidirectional long short-term memory components are embedded into the unified framework. Through this combination, the proposed architecture effectively captures the hierarchical spatial–temporal correlations in the traffic patterns, thereby enabling precise discrimination between normal and attack behaviors across several intrusion classes. The model has been evaluated on a publicly available benchmarking dataset, and it has been found to attain higher classification capability in multiclass scenarios. Furthermore, the model outperforms conventional IDS-focused approaches. In addition, the proposed design aims to retain suitable computational efficiency, making it appropriate for edge and distributed deployments. Consequently, this makes it an effective solution for next-generation WSN cybersecurity. Overall, the findings emphasize that combining topology-aware learning with multi-branch attention mechanisms offers a balanced trade-off between interpretability, accuracy, and deployment efficiency for resource-constrained WSN environments. Full article

With the widespread deployment of Industrial Cyber-Physical Systems (ICPS), their inherent vulnerabilities have increasingly exposed them to sophisticated cybersecurity threats. Although existing protective mechanisms can block attacks at runtime, the risk of defense failure remains. To proactively evaluate and harden ICPS security, we design a distributed crowdsourced testing platform tailored to the four-layer cloud ICPS architecture—spanning the workshop, factory, enterprise, and external network layers. Building on this architecture, we develop a Distributed Input–Output Testing and Verification Framework (DIOTVF) that models ICPS as systems with spatially separated injection and observation points, and supports controllable communication delays and multithreaded parallel execution. The framework incorporates a dynamic test–task management model, an asynchronous concurrent testing mechanism, and an optional LLM-assisted thread controller, enabling efficient scheduling of large testing workloads under asynchronous network conditions. We implement the proposed framework in a prototype platform and deploy it on a virtualized ICPS testbed with configurable delay characteristics. Through a series of experimental validations, we demonstrate that the proposed framework can improve testing and verification speed by approximately 2.6 times compared to Apache JMeter. Full article

Cyberattacks targeting industrial control systems can produce environmental damage by disrupting energy production, altering chemical processes, or forcing reliance on more carbon-intensive backup resources. Yet, the environmental dimension of cybersecurity risk is rarely quantified. This paper examines the connection between cybersecurity and sustainability by comparing the environmental impact of cyber-induced power plant disruption with the life cycle emissions involved in deploying cybersecurity monitoring solutions. We present a quantitative scenario in which a cyberattack forces a temporary disconnection of a power generation unit from the grid, leading to additional CO₂ emissions primarily from wasted fuel during the operational disruption and subsequent reconnection procedures. The resulting carbon footprint is then compared with the emissions associated with implementing a continuous monitoring system designed to prevent such incidents. The results demonstrate that the installation and operation of a continuous monitoring system has a negligible environmental impact (below 5 tCO₂ over five years) compared to the emissions resulting from a single 12 h outage event (460–836 tCO₂), even when considering only the direct fuel waste. These findings position cybersecurity investment as a climate-positive strategy for the energy sector. Full article

The generation of synthetic cyber threat intelligence (CTI) has emerged as a significant area of research, particularly regarding the capacity of large language models (LLMs) to produce realistic yet deceptive security content. This study explores both the generative and evaluative aspects of CTI synthesis by employing a custom-developed detection system and publicly accessible LLMs. The evaluation combined automated analysis with a human study involving cybersecurity professionals. The results indicate that even a compact, resource-efficient fine-tuned model can generate highly convincing CTI misinformation capable of deceiving experts and AI-based classifiers. Human participants achieved an average accuracy around 50% in distinguishing between authentic and generated CTI reports. However, the proposed hybrid detection model achieved 98.5% accuracy on the test set and maintained strong generalization with 88.5% accuracy on unseen data. These findings demonstrate both the potential of lightweight models to generate credible CTI narratives and the effectiveness of specialized detection systems in mitigating such threats. The study underscores the growing risk of harmful misinformation in AI-driven CTI and highlights the importance of incorporating robust validation mechanisms within cybersecurity infrastructures to enhance defense resilience. Full article

Background: The maritime industry, vital for global trade, faces escalating cyber threats in 2025. Critical port infrastructures are increasingly vulnerable due to rapid digitalization and the integration of IT and operational technology (OT) systems. Methods: Using 112 incidents from the Maritime Cyber Attack Database (MCAD, 2020–2025), we developed a novel quantitative risk assessment model based on a Threat-Vulnerability-Impact (T-V-I) framework, calibrated with MITRE ATT&CK techniques and validated against historical incidents. Results: Our analysis reveals a 150% rise in incidents, with OT compromise identified as the paramount threat (98/100 risk score). Ports in Poland and Taiwan face the highest immediate risk (95/100), while the Panama Canal is assessed as the most probable next target (90/100). State-sponsored actors from Russia, China, and Iran are responsible for most high-impact attacks. Conclusions: This research provides a validated, data-driven framework for prioritizing defensive resources. Our findings underscore the urgent need for engineering-grade solutions, including network segmentation, zero-trust architectures, and proactive threat intelligence integration to enhance maritime cyber resilience against evolving threats. Full article

This study develops a tri-level adversarial robust optimization framework for cyber–physical scheduling in smart grids, addressing the intertwined challenges of coordinated cyberattacks, defensive resource allocation, and stochastic operational uncertainties. The upper level represents the attacker’s objective to maximize system disruption and conceal detection, the middle level models the defender’s optimization of detection and redundancy deployment under budgetary constraints, and the lower level performs economic dispatch given tampered data and uncertain renewable generation. The model integrates Distributionally Robust Optimization (DRO) based on a Wasserstein ambiguity set to safeguard against worst-case probability distributions, ensuring operational stability even under unobserved adversarial scenarios. A hierarchical reformulation using Karush–Kuhn–Tucker (KKT) conditions and Mixed-Integer Second-Order Cone Programming (MISOCP) transformation converts the nonconvex tri-level problem into a tractable bilevel surrogate solvable through alternating direction optimization. Numerical case studies on multi-node systems demonstrate that the proposed method reduces system loss by up to 36% compared to conventional stochastic scheduling, while maintaining 92% dispatch efficiency under high-severity attack scenarios. The results further reveal that adaptive defense allocation accelerates robustness convergence by over 50%, and that the risk–reward frontier stabilizes near a Pareto-optimal equilibrium between cost and resilience. This work provides a unified theoretical and computational foundation for adversarially resilient smart grid operation, bridging cyber-defense strategy, uncertainty quantification, and real-time economic scheduling into one coherent optimization paradigm. Full article

This paper presents a PRISMA-guided systematic literature review (2015–2025) of 20 empirical studies on digital transformation in retail banking, examining how artificial intelligence (AI) strengthens cybersecurity, enables FinTech collaboration through interoperable APIs and open-banking infrastructures, and embeds data-driven decision-making across core functions. We searched major databases, applied predefined eligibility criteria, appraised study quality, and coded outcomes related to digital adoption, operational resilience, and customer experience. The synthesis indicates that AI-enabled controls and API-mediated partnerships are consistently associated with higher digital-maturity indicators, conditional on robust model-risk governance and prudent third-party/outsourcing management. Benefits span improved customer experience, efficiency, and inclusion; however, legacy systems, regulatory fragmentation, cyber threats, and organizational resistance remain binding constraints. We propose a unified framework linking technology choices, regulatory design, and organizational outcomes, and distill actionable guidance for policymakers (e.g., interoperable standards, proportional AI governance, sector-wide cyber resilience) and bank managers (sequencing AI use cases, risk controls, and partnership models). Future research should assess emerging technologies—including quantum-safe security and central bank digital currencies (CBDCs)—and their implications for digital-banking stability and trust. Full article

Building Information Modelling (BIM) represents a technological and organisational innovation transforming the architecture, engineering, and construction (AEC) industry by embedding data-rich collaboration into project delivery. However, the diffusion of this innovation is constrained by unresolved legal–contractual complexities, where conventional frameworks often fail to manage BIM-specific risks, such as unclear responsibilities, intellectual property, and dispute resolution. This study advances knowledge by conceptualising a novel legal–contractual analytical dimension that systematically links risk factors to tailored management strategies, enabling BIM innovation to be more effectively embedded into organisational and contractual processes. A mixed-methods design was adopted. An integrative review of Scopus- and Google Scholar-indexed studies, supported by thematic analysis in NVivo, generated a comprehensive legal–contractual Risk Breakdown Structure (RBS) that organises fragmented knowledge of legal–contractual risks. Qualitative content analysis, combined with survey and expert interview data, enabled triangulated validation and the development of the BIM-RBS Matrix and BIM-RBS–MS Nexus. These tools operationalise risk knowledge by quantifying risk severity (SPSS Version 29.0.1.0 (171)) and systematically aligning management strategies with specific risk categories. The results highlight actionable innovations, such as enhanced cybersecurity protocols (e.g., QR-based traceability) to strengthen cyber/data security and collaborative risk–reward mechanisms to address contractual design ambiguities. The study makes three primary contributions: (1) conceptualising a structured legal–contractual knowledge spectrum for BIM innovation, (2) advancing mixed-methods integration for legal–contractual risk knowledge creation and validation, and (3) providing actionable frameworks that support industry, policymakers, and researchers in embedding BIM innovation more reliably. This study frames legal–contractual risk knowledge as a critical enabler of innovation that extends theoretical understanding and offers globally relevant pathways for the knowledge-based transformation of the AEC sector. Full article

The limitations of conventional rule-based security systems have been exposed by the quick evolution of cyber threats, necessitating more proactive, intelligent, and flexible solutions. In cybersecurity, Artificial Intelligence (AI) has emerged as a transformative factor, offering improved threat detection, prediction, and automated response capabilities. This paper explores the advantages of using AI in strengthening cybersecurity, focusing on its applications in machine learning, Deep Learning, Natural Language Processing, and reinforcement learning. We highlight the improvement brought by AI in terms of real-time incident response, detection accuracy, scalability, and false positive reduction while processing massive datasets. Furthermore, we examine the challenges that accompany the integration of AI into cybersecurity, including adversarial attacks, data quality constraints, interpretability, and ethical implications. The study concludes by identifying potential future directions, such as integration with blockchain and IoT, Explainable AI and the implementation of autonomous security systems. By presenting a comprehensive analysis, this paper underscores exceptional potential of AI to transform cybersecurity into a field that is more robust, adaptive, and predictive. Full article

Non-profit organizations (NPOs) are crucial for building equitable and thriving communities. The majority of NPOs are small, community-based organizations that serve local needs. Despite their significance, NPOs often lack the resources to manage cybersecurity effectively, and information about them is usually found in nonacademic or practitioner sources rather than in the academic literature. The recent surge in cyberattacks on NPOs underscores the urgent need for investment in cybersecurity readiness. The absence of robust safeguards and cybersecurity preparedness not only exposes NPOs to risks and vulnerabilities but also erodes trust and diminishes the value donors and volunteers place on them. Through this systematic literature review (SLR) mapping framework, the existing work on cyber threat assessment and mitigation is leveraged to make a framework and data collection plan to address the significant cybersecurity vulnerabilities faced by NPOs. The research aims to offer actionable guidance that NPOs can implement within their resource constraints to enhance their cybersecurity posture. This systematic literature review (SLR) adheres to PRISMA 2020 guidelines to examine the state of cybersecurity readiness in NPOs. The initial 4650 records were examined on 6 March 2025. We excluded studies that did not answer our research questions and did not discuss the cybersecurity readiness in NPOs. The quality of the selected studies was assessed on the basis of methodology, clarity, completeness, and transparency, resulting in the final number of 23 included studies. Further, 37 studies were added investigating papers that referenced relevant studies or that were referenced by the relevant studies. Results were synthesized through quantitative topic analysis and qualitative analysis to identify key themes and patterns. This study makes the following contributions: (i) identify and synthesize the top cybersecurity risks for NPOs, their service impacts, and mitigation methods; (ii) summarize affordable cybersecurity practices, with an emphasis on employee training and sector-specific knowledge gaps; (iii) analyze organizational and contextual factors (e.g., geography, budget, IT skills, cyber insurance, vendor dependencies) that shape cybersecurity readiness; and (iv) review and integrate existing assessment and resilience frameworks applicable to NPOs. Full article