Search Results (6)

The digital transformation of electric power systems into smart grids has significantly expanded the cybersecurity risk landscape of the energy sector. While advanced sensing, communication, automation, and data-driven control improve efficiency, flexibility, and renewable energy integration, they also introduce complex cyber–physical interdependencies and new vulnerabilities across interconnected technical and organisational domains. This study adopts a scoping review methodology in accordance with PRISMA-ScR to systematically analyse smart grid cybersecurity from an architecture-aware and resilience-oriented perspective. Peer-reviewed scientific literature and authoritative institutional sources are synthesised to examine modern smart grid architectures, key security challenges, major cyberthreats, and documented real-world cyber incidents affecting energy infrastructure up to 2025. The review systematically links architectural characteristics such as field devices, communication networks, software platforms, data pipelines, and externally operated services to specific threat mechanisms and observed attack patterns, illustrating how cyber risk propagates across interconnected grid components. The findings show that cybersecurity challenges in smart grids arise not only from technical vulnerabilities but also from architectural dependencies, software supply chains, operational constraints, and cross-sector coupling. Based on the analysis of historical incidents and emerging research, the study identifies key defensive strategies, including zero-trust architectures, advanced monitoring and anomaly detection, secure software lifecycle management, digital twins for cyber–physical testing, and cyber-resilient grid design. The review concludes that cybersecurity in smart grids should be treated as a systemic and persistent condition, requiring resilience-oriented approaches that prioritise detection, containment, recovery, and safe operation under adverse conditions. Full article

The sophistication of cyberthreats demands more efficient and intelligent tools to support Security Operations Centers (SOCs) in managing and mitigating incidents. To address this, we developed the Security Event Response Copilot (SERC), a system designed to assist analysts in responding to and mitigating security breaches more effectively. SERC integrates two core components: (1) security event data extraction using Retrieval-Augmented Generation (RAG) methods, and (2) LLM-based incident response guidance. This paper specifically utilizes Wazuh, an open-source Security Information and Event Management (SIEM) platform, as the foundation for capturing, analyzing, and correlating security events from endpoints. SERC leverages Wazuh’s capabilities to collect real-time event data and applies a RAG approach to retrieve context-specific insights from three vectorized data collections: incident response knowledge, the MITRE ATT&CK framework, and the NIST Cybersecurity Framework (CSF) 2.0. This integration bridges strategic risk management and tactical intelligence, enabling precise identification of adversarial tactics and techniques while adhering to best practices in cybersecurity. The results demonstrate the potential of combining structured threat intelligence frameworks with AI-driven models, empowered by Wazuh’s robust SIEM capabilities, to address the dynamic challenges faced by SOCs in today’s complex cybersecurity environment. Full article

The article explores the importance of cybersecurity in Industry 4.0, specifically focusing on safeguarding industrial automation systems from cyberattacks. It discusses essential security measures, network monitoring, and employee training, emphasizing the significance of risk management for ensuring industry stability. Adherence to industrial security standards, such as ISA/IEC 62443, is crucial (ISA—International Society of Automation, IEC—International Electrotechnical Commission). The article outlines cyberthreat challenges and their impact on various sectors, including healthcare and finance, as well as the risks faced by large industrial enterprises. Additionally, it elucidates evolving cybersecurity strategies and principles, underscoring the necessity for continuous, multi-layered protection. Collaboration with operators, strict information security policies, and robust incident response plans are emphasized. The importance of risk monitoring and adaptability to ever-changing threat landscapes is highlighted, emphasizing the collaborative and flexible nature of cybersecurity in the face of escalating digital threats. Full article

The purpose of this paper is to analyse the cybersecurity in online travel agencies (OTAs) and hotel sectors to protect users’ private data in smart cities. Methodologically, this research uses a sample of information about cyberattacks that occurred during the period of 2000–2023 in companies operating as OTAs and in the travel, tourism, and food sectors, which was obtained from research articles. Then, we had to expand the research to include updated information about cyberattacks from digital newspapers, regulatory sources, and state data breach notification sites like CSIS, KonBriefing, EUROCONTROL, and GlobalData. The findings of the current research prove that hotels and OTAs were constantly exposed to cyberattacks in the period analysed, especially by data breaches and malware attacks; in fact, this is the main novelty of this research. In addition, these incidents were severe for both guests and tourism companies because their vulnerabilities and consequences affect the reputation of companies and smart cities where these firms operate, as well as consumer confidence. The results also showed that most of the cyberattacks examined in this manuscript were aimed at stealing information about the companies’ and users’ private data such as email addresses; credit card numbers, security codes, and expiration dates; and encoded magstripe data; among many other types of data. Cyberattacks and cyberthreats never disappear completely in the travel and tourism sectors because these illegal activities are closely related to the hacker’s thirst for power, fame, and wealth. Full article

Small and medium enterprises are significantly hampered by cyber-threats as they have inherently limited skills and financial capacities to anticipate, prevent, and handle security incidents. The EU-funded PALANTIR project aims at facilitating the outsourcing of the security supervision to external providers to relieve SMEs/MEs from this burden. However, good practices for the operation of SME/ME assets involve avoiding their exposure to external parties, which requires a tightly defined and timely enforced security policy when resources span across the cloud continuum and need interactions. This paper proposes an innovative architecture extending Network Function Virtualisation to externalise and automate threat mitigation and remediation in cloud, edge, and on-premises environments. Our contributions include an ontology for the decision-making process, a Fault-and-Breach-Management-based remediation policy model, a framework conducting remediation actions, and a set of deployment models adapted to the constraints of cloud, edge, and on-premises environment(s). Finally, we also detail an implementation prototype of the framework serving as evaluation material. Full article

The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats. Full article