Cybersecurity

Defending Smart Grid Infrastructure—A Scenario-Based Analysis of Cybersecurity and Privacy Rules in China, France, Russia, UK, and USA

Abstract:

The digitization of the electric energy grid enlarges its attack surface and makes the infrastructure increasingly vulnerable to digital warfare. Therefore, national legislation is central to defending critical energy infrastructure against terrorist and nation-state attacks in cyberspace. Still, previous studies have found shortcomings in cybersecurity legislation. To support smaller countries in their policymaking, this study describes a normative ideal in the form of a consolidated security policy framework. The framework consists of 25 policies that are based on cybersecurity and privacy rules of five countries with strong cyber defence capabilities; the framework addresses five cyberattack scenarios with a very high consequence potential. This study shows that the consolidated policies provide a holistic cyber defence framework, covering strategic, tactical, and operational levels, including obligations on both authority and industry levels.

Published In

Volume 23, Issue 3

Enhancing Global Cybersecurity Resilience: Navigating the Subconscious Fallacies within Critical Infrastructure Protection

Abstract:

Amidst the digital revolution, cyber-enabled critical infrastructures are the foundation of societal operations. However, this interconnectivity introduces risks such as cascading failures where disruptions in the power grid affect multiple systems. Global collaboration becomes inescapable in forming holistic approaches that evolve alongside continuous technological advancements to enhance infrastructure resilience. Before these approaches can truly succeed, it is imperative to understand the decision-making processes within these environments and effectively mitigate biases that may alter priorities. This study investigates subconscious biases stemming from perceived solutions, intending to anticipate their potential impact on decision-making prioritization and enhance overall cybersecurity in critical infrastructure resilience.

Published In

Volume 23, Issue 3

Written By

Marion Stephens

Aspectual Human Performance Variability in Social Engineering Attacks

Abstract:

Most of the influence and persuasion techniques used in social engineering have been documented across many domains, including cybersecurity, and have been shown to rely on similar effect mechanisms used in areas such as marketing, scams, and street cons. This paper shows that, while these attacks are explained in terms of the social and psychological effect mechanisms, the aspectual lens provides a more nuanced understanding of human performance variability implicated in social engineering. The aspectual lens provides a comprehensive analytical and ontological framing, and hints at aspectually informed measures for mitigating social engineering attacks and dampening the said human performance variability.

Published In

Volume 23, Issue 1

Written By

Mamello Thinyane

The Cybersecurity Framework’s Most Vulnerable User: Small Business

Abstract:

The broad applicability of the National Institute for Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the Cybersecurity Framework (CSF), creates a utility gap for small and medium businesses (SMB) to apply and implement the framework effectively within their organizations. The purpose of this research is to explore and interpret the CSF in the context of small and medium businesses with implications of bridging the utility gap for this significant, yet vulnerable, population; specifically, this paper contributes detailed interpretations and actions of the NIST CSF that can be implemented by SMBs to help improve their cybersecurity stance.

Published In

Volume 22, Issue 4

Written By

Nicklous Salzman

Towards Improving APT Mitigation: A Case for Counter-APT Red Teaming

Abstract:

Vulnerabilities leveraged by Advanced Persistent Threats (APTs) that ultimately allow them to gain access to critical data and unveil private information are often far removed from the portions of the security environment where initial access is gained. This paper presents a defensi- ble scholarly decomposition of the red-team process itself and discusses how traditional red-team assessments may not be the most effective solution for emulating APT threats and mitigating their impacts.

Published In

Volume 18, Issue 1

Written By

J.G. Oakley

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P
PDA

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com