Search Results (46)

A Security Operation Center (SOC) is a security control center for monitoring, detecting, analyzing, and responding to cybersecurity threats. PT (Perseroan Terbatas) Non-Bank Financial Company (NBFC) has implemented an SOC to secure its information systems, but challenges remain to be solved. These include the absence of impact analysis on financial and regulatory requirements, cost, and effort estimation for recovery; established Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for monitoring security controls; and an official program for insider threats. This study evaluates SOC effectiveness at PT NBFC using the ISO 27005:2018 and NIST SP 800-30 frameworks. The research results in a proposed SOC assessment framework, integrating risk assessment, risk treatment, risk acceptance, and monitoring. Additionally, a maturity level assessment was conducted for ISO 27005:2018, NIST SP 800-30, and the proposed framework. The proposed framework achieves good maturity, with two domains meeting the target maturity value and one domain reaching level 4 (Managed and Measurable). By incorporating domains from both ISO 27005:2018 and NIST SP 800-30, the new framework offers a more comprehensive risk management approach, covering strategic, managerial, and technical aspects. Full article

This study critically examines the technological feasibility, regulatory challenges, and societal acceptance of Pilotless Passenger Aircraft (PPAs) in commercial aviation. A mixed-methods design integrated quantitative passenger surveys (n = 312) and qualitative pilot interviews (n = 15), analyzed using SPSS and NVivo to capture both statistical and thematic perspectives. Results show moderate public awareness (58%) but limited willingness to fly (23%), driven by safety (72%), cybersecurity (64%), and human judgement (60%) concerns. Among pilots, 93% agreed automation improves safety, yet 80% opposed removing human pilots entirely, underscoring reliance on human adaptability in emergencies. Both groups identified regulatory assurance, demonstrable reliability, and human oversight as prerequisites for acceptance. Technologically, this paper synthesizes advances in AI-driven flight management, multi-sensor navigation, and high-integrity control systems, including Airbus’s ATTOL and NASA’s ICAROUS, demonstrating that pilotless flight is technically viable but has yet to achieve the airline-grade reliability target of 10⁻⁹ failures per flight hour. Regulatory analysis of FAA, EASA, and ICAO frameworks reveals maturing but fragmented approaches to certifying learning-enabled systems. Ethical and economic evaluations indicate unresolved accountability, job displacement, and liability issues, with potential 10–15% operational cost savings offset by certification, cybersecurity, and infrastructure expenditures. Integrated findings confirm that PPAs represent a socio-technical challenge rather than a purely engineering problem. This study recommends a phased implementation roadmap: (1) initial deployment in cargo and low-risk missions to accumulate safety data; (2) hybrid human–AI flight models combining automation with continuous human supervision; and (3) harmonized international certification standards enabling eventual passenger operations. Policy implications emphasize explainable-AI integration, workforce reskilling, and transparent public engagement to bridge the trust gap. This study concludes that pilotless aviation will not eliminate the human element but redefine it, achieving autonomy through partnership between human judgement and machine precision to sustain aviation’s uncompromising safety culture. Full article

The electric power grid constitutes a foundational pillar of modern critical infrastructure (CI), underpinning societal functionality and global economic stability. Yet, the increasing convergence of Information Technology (IT) and Operational Technology (OT), particularly through the integration of Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS), has amplified the sector’s exposure to sophisticated cyber threats. This study conducts a comparative analysis of five major cyber incidents targeting electric power systems: the 2015 and 2016 Ukrainian power grid disruptions, the 2022 Industroyer2 event, the 2010 Stuxnet attack, and the 2012 Shamoon incident. Each case is examined with respect to its objectives, methodologies, operational impacts, and mitigation efforts. Building on these analyses, the research evaluates the extent to which such attacks could have been prevented or mitigated through the systematic adoption of leading cybersecurity maturity frameworks. The NIST Cybersecurity Framework (CSF) 2.0, the ENISA NIS2 Directive Risk Management Measures, the U.S. Department of Energy’s Cybersecurity Capability Maturity Model (C2M2), and the Cybersecurity Risk Foundation (CRF) Maturity Model alongside complementary technical standards such as NIST SP 800-82 and IEC 62443 have been thoroughly examined. The findings suggest that a proactive, layered defense architecture grounded in the principles of these frameworks could have significantly reduced both the likelihood and the operational impact of the reviewed incidents. Moreover, the paper identifies critical gaps in the existing maturity models, particularly in their ability to capture hybrid, cross-domain, and human-centric threat dynamics. The study concludes by proposing directions for evolving from compliance-driven to resilience-oriented cybersecurity ecosystems, offering actionable recommendations for policymakers and power system operators to strengthen the cyber-physical resilience of electric generation and distribution infrastructures worldwide. Full article

This paper presents a PRISMA-guided systematic literature review (2015–2025) of 20 empirical studies on digital transformation in retail banking, examining how artificial intelligence (AI) strengthens cybersecurity, enables FinTech collaboration through interoperable APIs and open-banking infrastructures, and embeds data-driven decision-making across core functions. We searched major databases, applied predefined eligibility criteria, appraised study quality, and coded outcomes related to digital adoption, operational resilience, and customer experience. The synthesis indicates that AI-enabled controls and API-mediated partnerships are consistently associated with higher digital-maturity indicators, conditional on robust model-risk governance and prudent third-party/outsourcing management. Benefits span improved customer experience, efficiency, and inclusion; however, legacy systems, regulatory fragmentation, cyber threats, and organizational resistance remain binding constraints. We propose a unified framework linking technology choices, regulatory design, and organizational outcomes, and distill actionable guidance for policymakers (e.g., interoperable standards, proportional AI governance, sector-wide cyber resilience) and bank managers (sequencing AI use cases, risk controls, and partnership models). Future research should assess emerging technologies—including quantum-safe security and central bank digital currencies (CBDCs)—and their implications for digital-banking stability and trust. Full article

Digital Twins are becoming central enablers of Europe’s digital and green transitions, yet their data-intensive and autonomous nature exposes them to one of the most complex regulatory environments in the world. This article presents a comprehensive scoping review of how six principal European digital laws—the General Data Protection Regulation, Data Governance Act, Data Act, Artificial Intelligence Act, NIS2 Directive, and Cyber Resilience Act—jointly govern the design, deployment, and operation of Digital Twin systems. Building on the PRISMA-ScR methodology, the study constructs a Unified Digital Twin Compliance Framework (UDTCF) that consolidates overlapping obligations across data governance, privacy, cybersecurity, transparency, interoperability, and ethical responsibility. The framework is operationalised through a Digital Twin Compliance Evaluation Matrix (DTCEM) that enables qualitative assessment of compliance maturity in research and innovation projects. Applying these tools to representative European cases in Smart Cities, Industrial Manufacturing, Transportation, and Energy Systems reveals strong convergence in data governance, security, and interoperability, but also persistent gaps in the transparency, explainability, and accountability of AI-driven components. The findings demonstrate that European digital legislation forms a coherent yet fragmented ecosystem that increasingly requires integration through compliance-by-design methodologies. The article concludes that Digital Twins can act not only as regulated technologies but also as compliance infrastructures themselves, embedding legal, ethical, and technical safeguards that reinforce Europe’s vision for trustworthy, resilient, and human-centric digital transformation. Full article

This study examines the adoption and implementation of the Zero Trust (ZT) cybersecurity paradigm using the Technology–Organization–Environment (TOE) framework. While ZT is gaining traction as a security model, many organizations struggle to align strategic intent with effective implementation. We adopted a sequential mixed-methods design combining 27 semi-structured interviews with cybersecurity professionals and a survey of 267 experts across industries. The qualitative phase used an inductive approach to identify organizational challenges, whereas the quantitative phase employed Partial Least Squares Structural Equation Modeling (PLS-SEM) to test the hypothesized relationships. Results show that information security culture and investment significantly influence both strategic alignment and the technical implementation of ZT. Implementation acted as an intermediary mechanism through which these organizational factors affected governance and compliance outcomes. Strategic commitment alone was insufficient to drive effective implementation without strong cultural support. Qualitative insights underscored the importance of leadership engagement, cross-functional collaboration, and legacy infrastructure readiness in shaping outcomes. The findings emphasize the need for cultural alignment, targeted investments, and process maturity to ensure successful ZT adoption. Organizations can leverage these insights to prioritize resources, strengthen governance, and reduce implementation friction. This research is among the first to empirically investigate ZT implementation through the TOE lens. It contributes to cybersecurity management literature by integrating strategic, cultural, and operational dimensions of ZT adoption and offers practical guidance for decision-makers seeking to institutionalize Zero Trust principles. Full article

This study explores the transformative role of Cyber-Physical Power System (CPPS) Digital Twins (DTs) in enhancing the operational resilience, flexibility, and intelligence of modern power grids. By integrating physical system models with real-time cyber elements, CPPS DTs provide a synchronized framework for real-time monitoring, predictive maintenance, energy management, and cybersecurity. A structured literature review was conducted using the ProKnow-C methodology, yielding a curated portfolio of 74 publications from 2017 to 2025. This corpus was analyzed to identify key application areas, enabling technologies, simulation methods, and conceptual maturity levels of CPPS DTs. The study highlights seven primary application domains, including real-time decision support and cybersecurity, while emphasizing essential enablers such as data acquisition systems, cloud/edge computing, and advanced simulation techniques like co-simulation and hardware-in-the-loop testing. Despite significant academic interest, real-world implementations remain limited due to interoperability and integration challenges. The paper identifies gaps in standard definitions, maturity models, and simulation frameworks, underscoring the need for scalable, secure, and interoperable architectures and highlighting key areas for scientific development and real-life application of CPPS DTs, such as grid predictive maintenance, forecasting, fault handling, and power system cybersecurity. Full article

The integration of Artificial Intelligence (AI) systems into critical decision-making processes necessitates robust mechanisms to ensure trustworthiness, ethical compliance, and human oversight. This paper introduces trustSense, a novel assessment framework and tool designed to evaluate the maturity of human oversight practices in AI governance. Building upon principles from trustworthy AI, cybersecurity readiness, and privacy-by-design, trustSense employs a structured questionnaire-based approach to capture an organisation’s oversight capabilities across multiple dimensions. The tool supports diverse user roles and provides tailored feedback to guide risk mitigation strategies. Its calculation module synthesises responses to generate maturity scores, enabling organisations to benchmark their practices and identify improvement pathways. The design and implementation of trustSense are grounded in user-centred methodologies, with defined personas, user flows, and a privacy-preserving architecture. Security considerations and data protection are integrated into all stages of development, ensuring compliance with relevant regulations. Validation results demonstrate the tool’s effectiveness in providing actionable insights for enhancing AI oversight maturity. By combining measurement, guidance, and privacy-aware design, trustSense offers a practical solution for organisations seeking to operationalise trust in AI systems. This work contributes to the discourse on governance of trustworthy AI systems by providing a scalable, transparent, and empirically validated human maturity assessment tool. Full article

Digital Twin (DT) technology has rapidly matured from pilot projects to integral components of advanced asset management and process optimization in the oil and gas (O&G) industry. This review provides a structured synthesis of the current state of digital twin frameworks, with a focus on offshore and topside gas-processing systems, such as those found on Floating Production Storage and Offloading (FPSO). Emphasis is placed on high-fidelity process simulations and scalable architectures integrating real-time data with advanced analytics. Drawing on over 85 peer-reviewed sources and industrial frameworks, the paper outlines modular DT architectures, encompassing steady-state and dynamic process simulations (e.g., Aspen HYSYS), reduced-order and hybrid machine learning models, co-simulation environments, and advanced equation-of-state packages (e.g., GERG-2008). Special attention is given to compressor map integration, Equations of State (EOS) selection, ISO/IEC standard compliance, and digital thread continuity. Additionally, the review explores economic and sustainability-driven DT implementations, including flare and methane mitigation, ISO 50001-aligned energy optimization, and lifecycle/decommissioning strategies. It concludes with a technical and economic assessment of DT maturity for gas compression facilities, identifying research gaps in standardization, long-term validation, and cybersecurity integration. The insights provided are intended to support decision-makers, engineers, and researchers in deploying scalable, auditable, and high-impact DT solutions across the O&G value chain. Full article

Dark web forums are critical platforms for illicit activities and anonymous communication, making their analysis essential for cybersecurity, law enforcement, and academic research. This systematic literature review synthesises methodologies for data collection and analysis of dark web forum content. Following PRISMA 2020 guidelines, we searched SciSpace, Google Scholar, and PubMed, identifying 364 papers, of which 11 provided detailed methodological insights. Key methodologies include web crawling, machine learning, natural language processing, and social network analysis. Results show the dominance of Python-based automated tools, with hybrid approaches combining automation and manual verification proving most effective. Challenges include ethical considerations, data accessibility, and platform dynamism. The field is maturing but requires standardised frameworks and improved reproducibility. This review outlines current practices, evaluates methodological effectiveness, and suggests future directions for research and application. Full article

As grids decarbonize and end-use sectors electrify, the rapid penetration of artificial intelligence (AI) and hyperscale data centers reshapes the electrical load profile and power quality requirements. This leads not only to higher consumption but also coincident demand in constrained urban nodes, steeper ramps and tighter power quality constraints. The article investigates to what extent a compute-additionality covenant can reduce resource inadequacy (LOLE) at an acceptable $/kW-yr under realistic grid constraints, tying interconnection/capacity releases to auditable contributions (ELCC-accredited firm-clean MW in-zone or verified PCC-level services such as FFR/VAR/black-start). Using two worked cases (mature market and EMDE context) the way in which tranche-gated interconnection, ELCC accreditation and PCC-level services can hold LOLE at the planning target while delivering auditable FFR/VAR/ride-through performance at acceptable normalized costs is illustrated. Enforcement relies on standards-based telemetry and cybersecurity (IEC 61850/62351/62443) and PCC compliance (e.g., IEEE/IEC). Supply and network-side options are screened with stage-gates and indicative ELCC/PCC contributions. In a representative mature case, adequacy at 0.1 day·yr⁻¹ is maintained at ≈$200 per compute-kW-yr. A covenant term sheet (tranche sizing, benefit–risk sharing, compliance workflow) is developed along an integration roadmap. Taken together, this perspective outlines a governance mechanism that aligns rapid compute growth with system adequacy and decarbonization. Full article

The Zero Trust Architecture (ZTA) model has emerged as a foundational cybersecurity paradigm that eliminates implicit trust and enforces continuous verification across users, devices, and networks. This study presents a systematic literature review of 74 peer-reviewed articles published between 2016 and 2025, spanning domains such as cloud computing (24 studies), Internet of Things (11), healthcare (7), enterprise and remote work systems (6), industrial and supply chain networks (5), mobile networks (5), artificial intelligence and machine learning (5), blockchain (4), big data and edge computing (3), and other emerging contexts (4). The analysis shows that authentication, authorization, and access control are the most consistently implemented ZTA components, whereas auditing, orchestration, and environmental perception remain underexplored. Across domains, the main challenges include scalability limitations, insufficient lightweight cryptographic solutions for resource-constrained systems, weak orchestration mechanisms, and limited alignment with regulatory frameworks such as GDPR and HIPAA. Cross-domain comparisons reveal that cloud and enterprise systems demonstrate relatively mature implementations, while IoT, blockchain, and big data deployments face persistent performance and compliance barriers. Overall, the findings highlight both the progress and the gaps in ZTA adoption, underscoring the need for lightweight cryptography, context-aware trust engines, automated orchestration, and regulatory integration. This review provides a roadmap for advancing ZTA research and practice, offering implications for researchers, industry practitioners, and policymakers seeking to enhance cybersecurity resilience. Full article

Cybersecurity has become a critical concern in the automotive sector, where the increasing connectivity and complexity of modern vehicles—particularly in the context of autonomous driving—have significantly expanded the attack surface. In response to these challenges, this paper presents the Welcome To The Machine (WTTM) framework, developed to support proactive and structured cyber risk management throughout the entire vehicle lifecycle. Specifically tailored to the automotive domain, the framework encompasses four core actions: detection, analysis, response, and remediation. A central element of WTTM is the WTTM Questionnaire, designed to assess the organizational cybersecurity maturity of automotive manufacturers and suppliers. The questionnaire addresses six key areas: Governance, Risk Management, Concept and Design, Security Requirements, Validation and Testing, and Supply Chain. This paper focuses on the development and validation of WTTM-Q. Statistical validation was performed using responses from 43 participants, demonstrating high internal consistency (Cronbach’s alpha > 0.70) and strong construct validity (CFI = 0.94, RMSEA = 0.061). A supervised classifier (XGBoost), trained on 115 hypothetical response configurations, was employed to predict a priori risk classes, achieving 78% accuracy and a ROC AUC of 0.84. The WTTM framework, supported by a Vehicle Security Operations Center, provides a scalable, standards-aligned solution for enhancing cybersecurity in the automotive industry. Full article

Smart mobility has emerged as a transformative enabler for achieving the United Nations Sustainable Development Goals (SDGs), offering technological and systemic solutions to pressing urban challenges such as congestion, environmental degradation, accessibility, and economic inclusion. Realizing this potential, however, depends not only on technological maturity but also on robust education and capacity-building frameworks. This paper addresses two critical gaps: the absence of a systematic review of structured academic curricula, vocational training programs, and professional development pathways dedicated to smart mobility, and the lack of a formal approach to demonstrate how structured, research-oriented education can effectively bridge theory and practice. The review examines a wide spectrum of initiatives, including academic programs, industry training, challenge-based competitions, and community-driven platforms. The analysis shows significant progress in Europe and North America but also reveals important gaps, particularly the limited availability of structured initiatives in the Global South, the underrepresentation of accessibility and inclusivity, and the insufficient integration of governance, ethical AI, policy, and cybersecurity. A case study of the AI for Smart Mobility course, developed using a design science methodology, illustrates how research-oriented education can be operationalized in practice. Since 2020, the course has engaged hundreds of students and professionals, with project dissemination through the AI4SM Medium hub attracting more than 20,000 views and 11,000 reads worldwide. The findings highlight both the progress made and the persistent gaps in smart mobility education, underscoring the need for wider geographic reach, stronger emphasis on inclusivity and governance, and structured approaches that effectively link theory with practice. Full article

This study presents a comprehensive bibliometric review of 136 academic publications on smart grids, microgrids, and semiconductor technologies in the context of sustainable energy management. Data were collected from the Web of Science Core Collection and analyzed using VOSviewer to identify intellectual structures, thematic clusters, and research trajectories. The results demonstrate the increasing prominence of semiconductor-enabled solutions in advancing renewable energy integration, grid optimization, and energy storage systems. Five major research themes are identified: renewable energy and smart grid integration; distributed microgrid systems; optimization models; control strategies; and system-level resilience and cybersecurity. The analysis reveals a temporal evolution from foundational engineering (2020–2021) to intelligent, digitally enhanced energy systems (2022–2025), with a growing emphasis on electric mobility, digital twins, and advanced energy management techniques, such as convex optimization. Beyond mapping trends, this study underscores critical research gaps in the non-English literature, multi-database integration, and practical deployment. The findings provide actionable insights for researchers, policymakers, and industry leaders by highlighting technological maturity, real-world applications, and strategic implications for energy transition. By aligning digital intelligence, semiconductor innovation, and sustainable energy goals, this review advances a forward-looking agenda for resilient and equitable energy systems. Full article