Search Results (4)

Recent world events and geopolitics have brought the vulnerability of critical infrastructure to cyberattacks to the forefront. While there has been considerable attention to attacks on Information Technology (IT) systems, such as data theft and ransomware, the vulnerabilities and dangers posed by industrial control systems (ICS) have received significantly less attention. What is very different is that industrial control systems can be made to do things that could destroy equipment or even harm people. For example, in 2021 the US encountered a cyberattack on a water treatment plant in Florida that could have resulted in serious injuries or even death. These risks are based on the unique physical characteristics of these industrial systems. In this paper, we present a holistic, integrated safety and security analysis, we call Cybersafety, based on the STAMP (System-Theoretic Accident Model and Processes) framework, for one such industrial system—an industrial chiller plant—as an example. In this analysis, we identify vulnerabilities emerging from interactions between technology, operator actions as well as organizational structure, and provide recommendations to mitigate resulting loss scenarios in a systematic manner. Full article

Urban mobility is in the midst of a revolution, driven by the convergence of technologies such as artificial intelligence, on-demand ride services, and Internet-connected and self-driving vehicles. Technological advancements often lead to new hazards. Coupled with the increased levels of automation and connectivity in the new generation of autonomous vehicles, cybersecurity is emerging as a key threat affecting these vehicles. Traditional hazard analysis methods treat safety and security in isolation and are limited in their ability to account for interactions among organizational, sociotechnical, human, and technical components. In response to these challenges, the cybersafety method, based on System Theoretic Process Analysis (STPA and STPA-Sec), was developed to meet the growing need to holistically analyze complex sociotechnical systems. We applied cybersafety to coanalyze safety and security hazards, as well as identify mitigation requirements. The results were compared with another promising method known as Combined Harm Analysis of Safety and Security for Information Systems (CHASSIS). Both methods were applied to the Mobility-as-a-Service (MaaS) and Internet of Vehicles (IoV) use cases, focusing on over-the-air software updates feature. Overall, cybersafety identified additional hazards and more effective requirements compared to CHASSIS. In particular, cybersafety demonstrated the ability to identify hazards due to unsafe/unsecure interactions among sociotechnical components. This research also suggested using CHASSIS methods for information lifecycle analysis to complement and generate additional considerations for cybersafety. Finally, results from both methods were backtested against a past cyber hack on a vehicular system, and we found that recommendations from cybersafety were likely to mitigate the risks of the incident. Full article

This research investigated the current maturity levels of cybersafety in South African schools. The maturity level indicates if schools are prepared to assist relevant role players (teachers and learners) in establishing a cybersafety culture within the school environment. The research study measured the maturity levels of cybersafety in 24 South African schools by evaluating the four main elements that are needed to improve cybersafety within schools. These elements are (1) leadership and policies, (2) infrastructure, (3) education, and (4) standards and inspection. The study used a UK-approved measurement tool (360safe) to measure the cybersafety maturity of schools within South Africa, using five levels of compliance (Level 1: full compliance, to Level 5: no compliance). The data analysis clearly indicated that all the schools that participated in the study had a significantly low level of cybersafety maturity and compliance. Schools are starting to adopt technology as part of their educational and social approach to prepare learners for the future, but there is a clear lack of supporting cybersafety awareness, policies, practices and procedures within South African schools. The research proposed a step-by-step approach involving a ten-phase cybersafety plan to empower schools to create and grow their own cybersafety culture. Full article

This study experimentally evaluated the short-term effects of the Arizona Attorney General’s cybersafety promotion presentation, a key component of which is cyberbullying prevention. Fifty-one parents of children attending a middle school in the southwestern United States participated in the study. Results reveal parents who viewed the presentation believed their children to be more susceptible to cyberbullying, and indicated that they were more likely to talk to their children about saving evidence, not retaliating, and telling an adult compared to parents who had not viewed the presentation. The theoretical and practical implications of these results are discussed. Full article