Search Results (56)

In the face of increasingly severe cybersecurity threats, incomplete information and environmental dynamics have become central challenges in network attack–defense scenarios. In real-world network environments, defenders often find it difficult to fully perceive attack behaviors and network states, leading to a high degree of uncertainty in the system. Traditional approaches are inadequate in dealing with the diversification of attack strategies and the dynamic evolution of network structures, making it difficult to achieve highly adaptive defense strategies and efficient multi-agent coordination. To address these challenges, this paper proposes a multi-agent network defense approach based on joint game modeling, termed JG-Defense (Joint Game-based Defense), which aims to enhance the efficiency and robustness of defense decision-making in environments characterized by incomplete information. The method integrates Bayesian game theory, graph neural networks, and a proximal policy optimization framework, and it introduces two core mechanisms. First, a Dynamic Communication Graph Neural Network (DCGNN) is used to model the dynamic network structure, improving the perception of topological changes and attack evolution trends. A multi-agent communication mechanism is incorporated within the DCGNN to enable the sharing of local observations and strategy coordination, thereby enhancing global consistency. Second, a joint game loss function is constructed to embed the game equilibrium objective into the reinforcement learning process, optimizing both the rationality and long-term benefit of agent strategies. Experimental results demonstrate that JG-Defense outperforms the Cybermonic model by 15.83% in overall defense performance. Furthermore, under the traditional PPO loss function, the DCGNN model improves defense performance by 11.81% compared to the Cybermonic model. These results verify that the proposed integrated approach achieves superior global strategy coordination in dynamic attack–defense scenarios with incomplete information. Full article

Cybersecurity represents a critical challenge for data-sharing platforms involving multiple stakeholders, particularly within complex and decentralized systems such as livestock supply chain networks. These systems demand novel approaches, robust security protocols, and advanced data management strategies to address key challenges such as data consistency, transparency, ownership, controlled access or exposure, and privacy-preserving analytics for value-added services. In this paper, we introduced the Framework for Livestock Empowerment and Decentralized Secure Data eXchange (FLEX), as a comprehensive solution grounded on five core design principles: (i) enhanced security and privacy, (ii) human-centric approach, (iii) decentralized and trusted infrastructure, (iv) system resilience, and (v) seamless collaboration across the supply chain. FLEX integrates interdisciplinary innovations, leveraging decentralized infrastructure-based protocols to ensure trust, traceability, and integrity. It employs secure data-sharing protocols and cryptographic techniques to enable controlled information exchange with authorized entities. Additionally, the use of data anonymization techniques ensures privacy. FLEX is designed and implemented using a microservices architecture and edge computing to support modularity and scalable deployment. These components collectively serve as a foundational pillar of the development of a digital product passport. The FLEX architecture adopts a layered design and incorporates robust security controls to mitigate threats identified using the STRIDE threat modeling framework. The evaluation results demonstrate the framework’s effectiveness in countering well-known cyberattacks while fulfilling its intended objectives. The performance evaluation of the implementation further validates its feasibility and stability, particularly as the volume of evidence associated with animal identities increases. All the infrastructure components, along with detailed deployment instructions, are publicly available as open-source libraries on GitHub, promoting transparency and community-driven development for wider public benefit. Full article

Ensuring cybersecurity and health management is a fundamental requirement in modern chemical industry plants operating under the Industry 4.0 framework. Traditionally, these two concerns have been addressed independently, despite sharing multiple underlying elements which suggest the viability of a unified detection and localization solution. This study introduces a computational intelligence framework based on fuzzy techniques, which allows for the early identification and precise localization of both faults and cyberattacks, along with the capability to recognize previously unseen events during runtime. Once new events are identified and classified, the training database is updated, creating a mechanism for continuous learning. This integrated approach simplifies the computational complexity of supervisory systems and enhances collaboration between the Operational Technology and Information Technology teams within chemical plants. The proposed methodology demonstrates strong robustness and reliability, even in complex conditions characterized by noisy measurements and disturbances, achieving outstanding performance due to its excellent discrimination capabilities. Full article

The convergence of Operational Technology (OT) and Information Technology (IT) networks has become increasingly prevalent with the growth of Industrial Internet of Things (IIoT) applications. This shift, while enabling enhanced automation, remote monitoring, and data sharing, also introduces new challenges related to communication latency and cybersecurity. Oftentimes, legacy OT protocols were adapted to the TCP/IP stack without an extensive review of the ramifications to their robustness, performance, or safety objectives. To further accommodate the IT/OT convergence, protocol gateways were introduced to facilitate the migration from serial protocols to TCP/IP protocol stacks within modern IT/OT infrastructure. However, they often introduce additional vulnerabilities by exposing traditionally isolated protocols to external threats. This study investigates the security and reliability implications of migrating serial protocols to TCP/IP stacks and the impact of protocol gateways, utilizing two widely used OT protocols: Modbus TCP and DNP3. Our protocol analysis finds a significant safety-critical vulnerability resulting from this migration, and our subsequent tests clearly demonstrate its presence and impact. A multi-tiered testbed, consisting of both physical and emulated components, is used to evaluate protocol performance and the effects of device-specific implementation flaws. Through this analysis of specifications and behaviors during communication interruptions, we identify critical differences in fault handling and the impact on time-sensitive data delivery. The findings highlight how reliance on lower-level IT protocols can undermine OT system resilience, and they inform the development of mitigation strategies to enhance the robustness of industrial communication networks. Full article

This study explores the intersection of competitiveness in a circular economy and the role of digital innovations through an integrative literature review. Synthesizing quantitative and qualitative research identifies gaps and offers insights on how these trends shape competitive strategies. The review emphasizes three main areas: technological enablers, operational challenges, and the role of policy and collaboration. It highlights the interrelationship among the circular economy, digital innovations, and competitiveness in promoting sustainable practices. The research suggests that policymakers should support small- and medium-sized enterprises (SMEs) with financial assistance for digital tool adoption and establish regional digital innovation hubs for technology access and training. Standardized data-sharing protocols are crucial for effective circular economy practices and cybersecurity. Ultimately, the review identifies key research opportunities at the nexus of digital innovations and the circular economy, aiming to enhance theoretical knowledge and inform sustainable business model development. Full article

This paper addresses the critical challenge of evaluating the quality of Cyber Threat Intelligence (CTI) products, particularly focusing on their relevance and actionability. As organizations increasingly rely on CTI to make cybersecurity decisions, the absence of CTI quality metrics challenges the assessment of intelligence quality. To address this gap, the article introduces two innovative metrics. Relevance ($Re$) and Actionability ($Ac$) are designed to evaluate CTI products in relation to organizational information needs and defense mechanisms. Using probabilistic algorithms and data structures, these metrics provide a scalable approach for handling large numbers of unstructured CTI products. Experimental findings demonstrate the effectiveness of metrics in filtering and prioritizing CTI products, offering organizations a tool to prioritize their cybersecurity resources. Furthermore, experimental results demonstrate that, using the metrics, organizations can reduce candidate CTI products by several orders of magnitude, understand weaknesses in defining information needs, guide the application of CTI products, assess CTI products’ contribution to defense, and select CTI products from information sharing communities. In addition, the study has identified certain limitations, which open avenues for future research, including the real-time integration of CTI into organizational defense mechanisms. This work significantly contributes to standardizing the quality evaluation of CTI products and enhancing organizations’ cybersecurity posture. Full article

Airport facility management requires innovative and coordinated techniques due to the infrastructure’s complexity, stakeholders’ diversity, and the necessity of safety. Adopting building information management (BIM) as an advanced technology has several benefits, including increased productivity, lower cost, and higher quality of service. This study seeks to determine the strategies for using BIM in airport facility management. In this vein, two questionnaires were developed to collect data based on a literature review. The first questionnaire was used to collect data for identifying and ranking the main criteria, and the second questionnaire was used to identify the practical strategies. The experts of this study answered five strengths, four weaknesses, five opportunities, and five threats using a standardized questionnaire. An integrated AHP-SWOT approach was used to identify and examine the practical strategies. Furthermore, a sensitivity analysis was used to ensure the results were correct. The findings showed that smart maintenance management, with a weight of 0.363, was the most important strength in the SWOT analysis. Resistance to change was the most important weakness, with a weight of 0.455. The increasing need for smart airports with a weight of 0.358 was the most important opportunity, while cybersecurity issues with a weight of 0.385 were the most important threat. Integrating BIM into the aviation sector can enhance efficiency and sustainability in airport facility management while addressing potential opportunities and shared hazards that extend beyond airport operations. Full article

With an increasing number of firms in cybersecurity information-sharing platforms, the potential cyber risks become a critical challenge during the exchanging of information. How to balance economic benefits and security requirements is an important topic for both firms and the government. By developing a game-theoretic model, the firms’ optimal strategies are discussed considering their absorptive capacity for security information under different policy constrains. The results show that the value of security information, intrusion loss, the level of cybersecurity vulnerability, the negative impact coefficient of platform security information disclosure, and the absorptive capacity for security information are key factors impacting firms’ decisions. The value of security information and intrusion loss are constrained by the marginal utility of cybersecurity investment and security information sharing. Firms prefer to increase their security investment or security information sharing only if the value of security information and intrusion loss are positively related to the marginal utility of cybersecurity investment or cybersecurity information sharing. Specifically, in the case without policy constrains, the optimal strategies of n firms are discussed, and it is found that they are consistent with those of two firms and that the utility of any firm in the platform decreases as the number of firms increases. Full article

Establishing robust cybersecurity for Internet of Things (IoT) ecosystems poses significant challenges for system operators due to IoT resource constraints, trade-offs between security and performance, diversity of applications, and their security requirements, usability, and scalability. This article introduces a physical-layer security (PLS) approach that enables IoT devices to maintain specified levels of information confidentiality against wireless channel eavesdropping threats. This work proposes applying PLS active defense mechanisms utilizing spectrum-sharing schemes combined with fair scheduling and power management algorithms to mitigate the risk of eavesdropping attacks on resource-constrained IoT environments. Specifically, an IoT device communicating over an insecure wireless channel will utilize intentional noise signals transmitted alongside the actual IoT information signal. The intentional noise signal will appear to an eavesdropper (EVE) as additional noise, reducing the EVE’s signal-to-interference-plus-noise ratio (SINR) and increasing the EVE’s outage probability, thereby restricting their capacity to decode the transmitted IoT information, resulting in better protection for the confidentiality of the IoT device’s transmission. The proposed communication strategy serves as a complementary solution to existing security methods. Analytical and numerical analyses presented in this article validate the effectiveness of the proposed strategy, demonstrating that IoT devices can achieve the desired levels of confidentiality. Full article

Cybersecurity in Critical Infrastructures, especially Digital Substations, has garnered significant attention from both the industrial and academic sectors. A commonly adopted approach to support research in this area involves the use of datasets, which consist of network traffic samples gathered during the operation of an infrastructure. However, creating such datasets from real-world electrical systems presents some challenges: (i) These datasets are often generated under controlled or idealized conditions, potentially overlooking the complexities of real-world operations within a digital substation; (ii) the captured data frequently contain sensitive information, making it difficult to share openly within the research community. This paper presents the creation of a new dataset aimed at advancing cybersecurity research, specifically focused on GOOSE spoofing attacks, given the crucial role of the GOOSE protocol in managing operational and control tasks within Digital Substations. The dataset highlights the real-world impacts of these attacks, demonstrating the execution of unintended operations under different operational scenarios, including both stable conditions and situations involving system failures. The data were collected from a laboratory testbed that replicates the actual functioning of a real digital substation with two bays. The experiments provided insights into key characteristics of GOOSE protocol traffic and the vulnerability of DS infrastructure to Spoofing Attacks. Full article

The growing volume of information available to decision-makers makes it increasingly challenging to process all data during decision-making. As a result, a method for selecting only relevant information is highly desirable. Moreover, since the meaning of information depends on its context, the decision-making process requires mechanisms to identify the context of specific scenarios. In this paper, we propose a conceptual framework that utilizes Situation Theory to formalize the concept of context and analyze information relevance. Building on this framework, we introduce an inference-based reasoning process that automatically identifies the information necessary to characterize a given situation. We evaluate our approach in a cybersecurity scenario where computer agents respond to queries by utilizing available information and sharing relevant facts with other agents. The results show that our method significantly reduces the time required to infer answers to situation-specific queries. Additionally, we demonstrate that using only relevant information provides the same answers as using the entire knowledge base. Finally, we show that the method can be applied to a limited set of training queries, allowing the reuse of relevant facts to address new queries effectively. Full article

The rapid development of modern information technology (IT), power supply, communication and traffic information systems and so on is resulting in progress in the area of distributed and energy-efficient (if possible, powered by renewable energy sources) smart grid components securely connected to entire smart city management systems. This enables a wide range of applications such as distributed energy management, system health forecasting and cybersecurity based on huge volumes of data that automate and improve the performance of the smart grid, but also require analysis, inference and prediction using artificial intelligence. Data management strategies, but also the sharing of data by consumers, institutions, organisations and industries, can be supported by edge clouds, thus protecting privacy and improving performance. This article presents and develops the authors’ own concept in this area, which is planned for research in the coming years. The paper aims to develop and initially test a conceptual framework that takes into account the aspects discussed above, emphasising the practical aspects and use cases of the Social Internet of Things (SIoT) and artificial intelligence (AI) in the everyday lives of smart sustainable city (SSC) residents. We present an approach consisting of seven algorithms for the integration of large data sets for machine learning processing to be applied in optimisation in the context of smart cities. Full article

Integrating Internet of Things (IoT) devices into port operations has brought substantial improvements in efficiency, automation, and connectivity. However, this technological advancement has also introduced new operational risks, particularly in terms of cybersecurity vulnerabilities and potential disruptions. The primary objective of this scientific article is to comprehensively analyze and identify the primary security threats and vulnerabilities that IoT devices face when deployed in port environments. This includes examining potential risks, such as unauthorized access, cyberattacks, malware, etc., that could disrupt critical port operations and compromise sensitive information. This research aims to assess the critical entities associated with IoT devices in port environments and develop a comprehensive risk-management framework tailored to these settings. It also aims to explore and propose strategic measures and best practices to mitigate these risks. For this research, a risk-management framework grounded in the principles of ORM, which includes risk avoidance, reduction, sharing, and retention strategies, was developed. The primary outcome of this research is the development of a comprehensive risk-management framework specifically tailored for IoT devices in port environments, utilizing Operational Risk-Management (ORM) methodology. This framework will systematically identify and categorize critical vulnerabilities and potential threats for IoT devices. By addressing these objectives, the article seeks to provide actionable insights and guidelines that can be adopted by port authorities and stakeholders to safeguard their IoT infrastructure and maintain operational stability in the face of emerging threats. Full article

This work describes the collaboration practices of a community of interest in the UK that brings together cybersecurity professionals with a shared interest in improving supply chain cybersecurity for Operational Technology (OT) environments. This research emphasizes the need for collective responsibility between organizations and provides a set of principles for adopting a code of practice and partnership approach to supply chain cybersecurity. This work has enabled cybersecurity experience from several critical infrastructure sectors, including energy, rail, aviation, water, health, and food, to analyze the uptake and practical use of existing supply chain guidance, identifying gaps and challenges. The community has examined touch points with the supply chain and identified improvements related to the communication of cybersecurity requirements, technical and commercial engagement between customers and suppliers, and in the tailoring of implementations towards operational technology contexts. Communicating the context of securing cyber-physical systems is an essential perspective for this community. This work exemplifies a partnership framework and is translating experiences into useful guidance, particularly for OT systems, to improve cybersecurity levels across multiple contributors to critical infrastructure systems. Full article

The escalating complexity and sophistication of cyber threats necessitate advanced solutions that not only counteract these threats but also proactively adapt to the evolving needs of diverse stakeholders involved in digital infrastructures, such as telecom operators, cloud service providers, and end-users in sectors like healthcare and finance. This research addresses a crucial gap by focusing on a systemic, AI-powered approach to stakeholder needs analysis in cybersecurity. By aligning closely with stakeholder requirements, the proposed framework aims to offer dynamic, responsive cybersecurity solutions that enhance the resilience of digital infrastructures against evolving cyber threats. This research systematically maps the landscape of stakeholder needs in cybersecurity across different sectors through qualitative methods like interviews and focus groups, supplemented by data from the CyberSecDome project’s pilot cases and open calls. Requirements for an AI-driven framework are then formulated based on these data to identify patterns and predict stakeholder needs. The analysis reveals critical challenges faced by stakeholders, including limited threat intelligence sharing, insufficient automation in incident response, and regulatory hurdles related to data protection laws and evolving cybersecurity legislation. There is a strong interest in leveraging AI for enhanced intrusion detection, real-time threat intelligence sharing, and privacy-preserving information exchange. Full article