Your search keyword '"Röning J"' showing total 4 results

1. Common Cybersecurity Requirements in IoT Standards, Best Practices, and Guidelines

Author

Kaksonen, R. (Rauli), Halunen, K. (Kimmo), and Röning, J. (Juha)

Subjects

IoT, Standards, Cybersecurity, Best Practices, Internet of Things, Security Requirements, Guidelines

Abstract

The cybersecurity of the Internet of Things (IoT) is an increasing concern and product vendors are advised to follow security standards, best practices, and guidelines. From the many requirement sources, a vendor is likely to choose only a few. How does this selection impact the security requirements of an IoT product? To answer the question, we collect requirements from 16 sources and divide them into categories for comparison. Common categories are identified, with all sources covering Security design, Interface security, Authentication, Data protection, and System updates. The agreement on the high-level categories does not hold in the subcategories and the selection of the sources have a big impact to the requirement details. Consolidation of the IoT security requirements would be desirable and possible.

Published

2022

2. Applying soft systems methodology to complex problem situations in critical infrastructures:the CS-AWARE case study

Author

Kupfersberger, V. (Veronika), Schaberreiter, T. (Thomas), Wills, C. (Chris), Quirchmayr, G. (Gerald), and Röning, J. (Juha)

Subjects

Critical Infrastructures, Cybersecurity, Soft Systems Methodology, Cyber Situational Awareness, Socio-technological Analysis, Information Sharing, System Analysis

Abstract

Modern technology, in addition to all its benefits, creates new threats and attack vectors to individuals and organisations. In the past years, the number of cyber attacks has increased drastically as has the extent of their effects. These circumstances clearly show that a different approach to cybersecurity is required: a holistic, collaborative strategy to improve the security situation for society and the economy as a whole. In the European Union, the legal framework that is currently developing (like the network and information security (NIS) directive), recognises the increasing need for cooperation and collaboration among individual actors to improve cybersecurity. Information sharing is therefore one of the key elements of the NIS directive. In this paper, we present and demonstrate a system and dependency analysis based on soft systems thinking. This approach is able to capture the relations between assets and their internal and external dependencies in the complex systems of organisations. It is applicable to critical infrastructures or other organisations that base their operations on complex systems and interactions. The analysis approach introduced is done in a socio-technological manner; the human aspect of the systems is considered as important as the technical or organisational aspects. The case study presented in this paper, covering the first steps towards the development of a holistic cybersecurity awareness solution, is based on three focus points: an initial threat assessment for local public administrations (LPAs), an analysis of external information sources and an analysis of the piloting scenarios based on the first round of soft systems analysis workshops. The results of which are essential to the development of the solutions implementation framework and further software development.

Published

2018

3. Addressing complex problem situations in critical infrastructures using soft systems analysis:the CS-AWARE approach

Author

Schaberreiter, T. (Thomas), Wills, C. (Chris), Quirchmayr, G. (Gerald), and Röning, J. (Juha)

Subjects

Critical Infrastructures, Cybersecurity, Soft Systems Methodology, Cyber Situational Awareness, Socio-technological Analysis, Information Sharing, System Analysis

Abstract

In a world in which large-scale cyber attacks are the norm rather than the exception, the need for cybersecurity gains in importance every day. Current cybersecurity solutions are often not taking the holistic approach that would be required to provide comprehensive security to their users (for example, strategic/critical infrastructure, large organizations, small and medium-sized enterprises (SMEs) or public institutions). A new way of thinking about cybersecurity is required: Cooperation and collaboration among individual actors as a way to improve the security situation for society and economy as a whole is a promising approach. In the European Union, the legal framework that is currently developing (like the network and information security (NIS) directive), recognizes the need for cooperation and collaboration among individual actors to improve cybersecurity. Information sharing is one of the key elements of the NIS directive. In this paper, we present a system and dependency analysis based on soft systems thinking that is able to capture the relations between assets and its internal and external dependencies in the complex systems of organizations like critical infrastructures or other organizations that base their operations on complex systems and interactions. The analysis is done in a socio-technological manner; the human aspect of the systems is considered as important as the technical or organizational aspects. As a use case, we present CS-AWARE, a European H2020 project which relies on the presented system and dependency analysis method as a core concept for providing a cybersecurity solution that is in line with the cooperative and collaborative efforts of the NIS directive.

Published

2017

4. Network security monitoring and anomaly detection in industrial control system networks

Author

Mantere, M. (Matti) and Röning, J. (Juha)

Subjects

automaatiojärjestelmien turvallisuus, machine learning, koneoppiminen, cybersecurity, information security, intrusion detection, tunkeutumisen havainnointi, network security, tietoturva, kyberturvallisuus, anomaly detection, industrial control system security, poikkeamien havainnointi

Abstract

Industrial control system (ICS) networks used to be isolated environments, typically separated by physical air gaps from the wider area networks. This situation has been changing and the change has brought with it new cybersecurity issues. The process has also exacerbated existing problems that were previously less exposed due to the systems’ relative isolation. This process of increasing connectivity between devices, systems and persons can be seen as part of a paradigm shift called the Internet of Things (IoT). This change is progressing and the industry actors need to take it into account when working to improve the cybersecurity of ICS environments and thus their reliability. Ensuring that proper security processes and mechanisms are being implemented and enforced on the ICS network level is an important part of the general security posture of any given industrial actor. Network security and the detection of intrusions and anomalies in the context of ICS networks are the main high-level research foci of this thesis. These issues are investigated through work on machine learning (ML) based anomaly detection (AD). Potentially suitable features, approaches and algorithms for implementing a network anomaly detection system for use in ICS environments are investigated. After investigating the challenges, different approaches and methods, a proof-ofconcept (PoC) was implemented. The PoC implementation is built on top of the Bro network security monitoring framework (Bro) for testing the selected approach and tools. In the PoC, a Self-Organizing Map (SOM) algorithm is implemented using Bro scripting language to demonstrate the feasibility of using Bro as a base system. The implemented approach also represents a minimal case of event-driven machine learning anomaly detection (EMLAD) concept conceived during the research. The contributions of this thesis are as follows: a set of potential features for use in machine learning anomaly detection, proof of the feasibility of the machine learning approach in ICS network setting, a concept for event-driven machine learning anomaly detection, a design and initial implementation of user configurable and extendable machine learning anomaly detection framework for ICS networks. Tiivistelmä Kehittyneet yhteiskunnat käyttävät teollisuuslaitoksissaan ja infrastruktuuriensa operoinnissa monimuotoisia automaatiojärjestelmiä. Näiden automaatiojärjestelmien tieto- ja kyberturvallisuuden tila on hyvin vaihtelevaa. Laitokset ja niiden hyödyntämät järjestelmät voivat edustaa usean eri aikakauden tekniikkaa ja sisältää useiden eri aikakauden heikkouksia ja haavoittuvaisuuksia. Järjestelmät olivat aiemmin suhteellisen eristyksissä muista tietoverkoista kuin omista kommunikaatioväylistään. Tämä automaatiojärjestelmien eristyneisyyden heikkeneminen on luonut uuden joukon uhkia paljastamalla niiden kommunikaatiorajapintoja ympäröivälle maailmalle. Nämä verkkoympäristöt ovat kuitenkin edelleen verrattaen eristyneitä ja tätä ominaisuutta voidaan hyödyntää niiden valvonnassa. Tässä työssä esitetään tutkimustuloksia näiden verkkojen turvallisuuden valvomisesta erityisesti poikkeamien havainnoinnilla käyttäen hyväksi koneoppimismenetelmiä. Alkuvaiheen haasteiden ja erityispiirteiden tutkimuksen jälkeen työssä käytetään itsejärjestyvien karttojen (Self-Organizing Map, SOM) algoritmia esimerkkiratkaisun toteutuksessa uuden konseptin havainnollistamiseksi. Tämä uusi konsepti on tapahtumapohjainen koneoppiva poikkeamien havainnointi (Event-Driven Machine Learning Anomaly Detection, EMLAD). Työn kontribuutiot ovat seuraavat, kaikki teollisuusautomaatioverkkojen kontekstissa: ehdotus yhdeksi anomalioiden havainnoinnissa käytettävien ominaisuuksien ryhmäksi, koneoppivan poikkeamien havainnoinnin käyttökelpoisuuden toteaminen, laajennettava ja joustava esimerkkitoteutus uudesta EMLAD-konseptista toteutettuna Bro NSM työkalun ohjelmointikielellä.

Published

2015