Biblio

How can high-level directives concerning risk, cybersecurity and compliance be operationalized in the central nervous system of any organization above a certain complexity? How can the effectiveness of technological solutions for security be proven and measured, and how can this technology be aligned with the governance and financial goals at the board level? These are the essential questions for any CEO, CIO or CISO that is concerned with the wellbeing of the firm. The concept of Zero Trust (ZT) approaches information and cybersecurity from the perspective of the asset to be protected, and from the value that asset represents. Zero Trust has been around for quite some time. Most professionals associate Zero Trust with a particular architectural approach to cybersecurity, involving concepts such as segments, resources that are accessed in a secure manner and the maxim “always verify never trust”. This paper describes the current state of the art in Zero Trust usage. We investigate the limitations of current approaches and how these are addressed in the form of Critical Success Factors in the Zero Trust Framework developed by ON2IT ‘Zero Trust Innovators’ (1). Furthermore, this paper describes the design and engineering of a Zero Trust artefact that addresses the problems at hand (2), according to Design Science Research (DSR). The last part of this paper outlines the setup of an empirical validation trough practitioner oriented research, in order to gain a broader acceptance and implementation of Zero Trust strategies (3). The final result is a proposed framework and associated technology which, via Zero Trust principles, addresses multiple layers of the organization to grasp and align cybersecurity risks and understand the readiness and fitness of the organization and its measures to counter cybersecurity risks.

This paper proposes an artificial immune information security protection technology architecture for embedded system of Electric power equipment. By simulating the three functions of human immunity, namely "immune homeostasis", "immune surveillance" and "immune defense", the power equipment is endowed with the ability of human like active immune security protection. Among them, "immune homeostasis" is constructed by trusted computing technology components to establish a trusted embedded system running environment. Through fault-tolerant component construction, "immune surveillance" and "immune defense" realize illegal data defense, business logic legitimacy check and equipment status evaluation, realize real-time perception and evaluation of power equipment's own security status, as well as fault emergency handling and event backtracking record, so that power equipment can realize self recovery from abnormal status. The proposed technology architecture is systematic, scientific and rich in scalability, which can significantly improve the information security protection ability of electric power equipment.

How does information regarding an adversary's intentions affect optimal system design? This paper addresses this question in the context of graphical coordination games where an adversary can indirectly influence the behavior of agents by modifying their payoffs. We study a situation in which a system operator must select a graph topology in anticipation of the action of an unknown adversary. The designer can limit her worst-case losses by playing a security strategy, effectively planning for an adversary which intends maximum harm. However, fine-grained information regarding the adversary's intention may help the system operator to fine-tune the defenses and obtain better system performance. In a simple model of adversarial behavior, this paper asks how much a system operator can gain by fine-tuning a defense for known adversarial intent. We find that if the adversary is weak, a security strategy is approximately optimal for any adversary type; however, for moderately-strong adversaries, security strategies are far from optimal.

Industrial Internet of Things (IIoT) is a fusion of industrial automation systems and IoT systems. It features comprehensive sensing, interconnected transmission, intelligent processing, self-organization and self-maintenance. Its applications span intelligent transportation, smart factories, and intelligence. Many areas such as power grid and intelligent environment detection. With the widespread application of IIoT technology, the cyber security threats to industrial IoT systems are increasing day by day, and information security issues have become a major challenge in the development process. In order to protect the industrial IoT system from network attacks, this paper aims to study the industrial IoT information security protection technology, and the typical architecture of industrial Internet of things system, and analyzes the network security threats faced by industrial Internet of things system according to the different levels of the architecture, and designs the security protection strategies applied to different levels of structures based on the specific means of network attack.

Cyber security management of systems in the cyberspace has been a challenging problem for both practitioners and the research community. Their proprietary nature along with the complexity renders traditional approaches rather insufficient and creating the need for the adoption of a holistic point of view. This paper draws upon the principles theory game in order to present a novel systemic approach towards cyber security management, taking into account the complex inter-dependencies and providing cost-efficient defense solutions.