Cyber Security Research: a vision for the UK: Finance challenges

Invited talk, representing the Royal Society

Stateful Intrusion Detection for IEC 60870-5-104 SCADA Security

Cyber threats in Supervisory Control and Data Acquisition (SCADA) systems have the potential to render physical damage and jeopardize power system operation, safety and stability. SCADA systems were originally designed with little consideration of escalating cyber threats and hence the problem of how to develop robust intrusion detection technologies to tailor the requirements of SCADA is an emerging topic and a big challenge. This paper proposes a stateful Intrusion Detection System (IDS) using a Deep Packet Inspection (DPI) method to improve the cyber-security of SCADA systems using the IEC 60870-5-104 protocol which is tailored for basic telecontrol communications. The proposed stateful protocol analysis approach is presented that is designed specifically for the IEC 60870-5-104 protocol. Finally, the novel intrusion detection approach are implemented and validated.

An Ambiguity Aversion Framework of Security Game under Ambiguities

Security is a critical concern around the world. Since resources for security are always limited, lots of interest have arisen in using game theory to handle security resource allocation problems. However, most of the existing work does not address adequately how a defender chooses his optimal strategy in a game with absent, inaccurate, uncertain, and even ambiguous strategy profiles' payoffs. To address this issue, we propose a general framework of security games under ambiguities based on Dempster-Shafer theory and the ambiguity aversion principle of minimax regret. Then, we reveal some properties of this framework. Also, we present two methods to reduce the influence of complete ignorance. Our investigation shows that this new framework is better in handling security resource allocation problems under ambiguities.

Implementation Experiences from Smart Grid Security Applications and Outlook on Future Research

Experiences from smart grid cyber-security incidents in the past decade have raised questions on the applicability and effectiveness of security measures and protection mechanisms applied to the grid. In this chapter we focus on the security measures applied under real circumstances in today’s smart grid systems. Beginning from real world example implementations, we first review cyber-security facts that affected the electrical grid, from US blackout incidents, to the Dragonfly cyber-espionage campaign currently focusing on US and European energy firms. Provided a real world setting, we give information related to energy management of a smart grid looking also in the optimization techniques that power control engineers perform into the grid components. We examine the application of various security tools in smart grid systems, such as intrusion detection systems, smart meter authentication and key management using Physical Unclonable Functions, security analytics and resilient control algorithms. Furthermore we present evaluation use cases of security tools applied on smart grid infrastructure test-beds that could be proved important prior to their application in the real grid, describing a smart grid intrusion detection system application and security analytics results. Anticipated experimental results from the use-cases and conclusions about the successful transitions of security measures to real world smart grid operations will be presented at the end of this chapter.

Striking a Balance:Christianity and the Challenges of Long-Term Human Security in Zimbabwe

African evangelical/Pentecostal/charismatic (EPC) Christians-previously dismissed by scholars as apolitical-are becoming increasingly active socially and politically. This chapter presents a case study of an EPC congregation in Harare. It demonstrates how the congregation provides short-term human security by responding to the needs of the poor, while at the same time creating space where people can develop the "self-expression values" necessary for long-term human security. The case study also demonstrates that even under authoritarian states, religious actors can actively choose to balance the immediate demands of short-term human security with the sometimes competing demands of long-term human security. Policymakers can benefit from a greater understanding of how religious actors strike this balance and from a greater appreciation of the variability, flexibility, and religious resources of EPC Christians in such contexts.

A Survey of Security in Software Defined Networks

The proposition of increased innovation in network applications and reduced cost for network operators has won over the networking world to the vision of Software-Defined Networking (SDN). With the excitement of holistic visibility across the network and the ability to program network devices, developers have rushed to present a range of new SDN-compliant hardware, software and services. However, amidst this frenzy of activity, one key element has only recently entered the debate: Network Security. In this article, security in SDN is surveyed presenting both the research community and industry advances in this area. The challenges to securing the network from the persistent attacker are discussed and the holistic approach to the security architecture that is required for SDN is described. Future research directions that will be key to providing network security in SDN are identified.

SDN Security: A Survey

The pull of Software-Defined Networking (SDN) is magnetic. There are few in the networking community who have escaped its impact. As the benefits of network visibility and network device programmability are discussed, the question could be asked as to who exactly will benefit? Will it be the network operator or will it, in fact, be the network intruder? As SDN devices and systems hit the market, security in SDN must be raised on the agenda. This paper presents a comprehensive survey of the research relating to security in software-defined networking that has been carried out to date. Both the security enhancements to be derived from using the SDN framework and the security challenges introduced by the framework are discussed. By categorizing the existing work, a set of conclusions and proposals for future research directions are presented.

The significance of interconnector counter-trading in a security constrained electricity market

Throughout the European Union there is an increasing amount of wind generation being dispatched-down due to the binding of power system operating constraints from high levels of wind generation. This paper examines the impact a system non-synchronous penetration limit has on the dispatch-down of wind and quantifies the significance of interconnector counter-trading to the priority dispatching of wind power. A fully coupled economic dispatch and security constrained unit commitment model of the Single Electricity Market of the Republic of Ireland and Northern Ireland and the British Electricity Trading and Transmission Arrangement was used in this study. The key finding was interconnector counter-trading reduces the impact the system non-synchronous penetration limit has on the dispatch-down of wind. The capability to counter-trade on the interconnectors and an increase in system non-synchronous penetration limit from 50% to 55% reduces the dispatch-down of wind by 311 GW h and decreases total electricity payments to the consumer by €1.72/MW h. In terms of the European Union electricity market integration, the results show the importance of developing individual electricity markets that allow system operators to counter-trade on interconnectors to ensure the priority dispatch of the increasing levels of wind generation.

Who Knows What's Going On? Mapping New Security Landscapes in Contemporary Espionage Fiction

This article explores whether or to what extent the contemporary espionage novel is able to map and interrogate transformations in the post-9/11security environment. It asks how well a form or genre of writing, typically handcuffed to the machinations and demands of the Cold War and state sovereignty, is able to adapt to a new security environment characterized by strategies of “risk assessment” and “resilience-building” and by modes or regimes of power not reducible to, or wholly controlled by, the state. In doing so, it thinks about the capacities of this type of fiction for “resisting” the formations of power it wants to make visible and is partly complicit with.

Status and security: how Russian media is spinning airstrikes in Syria

Even before the Russian air force launched its first strikes over Syria, there was already a Russian presence on the battleground. These were not the spetsnaz, Kremlin’s special forces, but war correspondents from the leading Russian media outlets. This was as clear a sign as any that the Russia’s priority has shifted from Ukraine, where these reporters spent most of the past 18 months, to Syria.

There is, however, no unanimity on Russia’s latest escalation in Syria. As Russian state TV stations report successes of Russia’s high-precision weapons projecting an image of a high-tech Russian military equal to the US, doubts persist about the latest adventure in the Middle East.