Your search keyword '"Pieters, W. (author)"' showing total 64 results

1. Probability elicitation for Bayesian networks to distinguish between intentional attacks and accidental technical failures

Author

Chockalingam, S. (author), Pieters, W. (author), Teixeira, André M.H. (author), van Gelder, P.H.A.J.M. (author), Chockalingam, S. (author), Pieters, W. (author), Teixeira, André M.H. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed acyclic graph of BN models. In this paper, we add a systematic method for knowledge elicitation to construct the Conditional Probability Tables (CPTs) of BN models, thereby completing a holistic framework to distinguish between attacks and technical failures. In order to elicit reliable probabilities from experts, we need to reduce the workload of experts in probability elicitation by reducing the number of conditional probabilities to elicit and facilitating individual probability entry. We utilise DeMorgan models to reduce the number of conditional probabilities to elicit as they are suitable for modelling opposing influences i.e., combinations of influences that promote and inhibit the child event. To facilitate individual probability entry, we use probability scales with numerical and verbal anchors. We demonstrate the proposed approach using an example from the water management domain., Safety and Security Science, Organisation & Governance

Published

2023

2. Individual preferences in security risk decision making: an exploratory study under security professionals

Author

de Wit, J.J. (author), Pieters, W. (author), van Gelder, P.H.A.J.M. (author), de Wit, J.J. (author), Pieters, W. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Risk assessments in the (cyber) security domain are often, if not always, based on subjective expert judgement. For the first time, to the best of our knowledge, the individual preferences of professionals from the security domain are studied. In on online survey they are asked to mention, rate and rank their preferences when assessing a security risk. The survey setup allows to differentiate between easily accessible or “on top of mind” attributes and guided or stimulated attributes. The security professionals are also challenged to both non-compensatory and compensatory decision making on the relevance of the attributes. The results of this explorative study indicate a clear difference and shift in the individual perceived relevance of attributes in these different settings. Another remarkable finding of this study is the predominant focus on impact attributes by the respondents and the less significant position of likelihood or probability. The majority of professionals seem to ignore likelihood in their security risk assessment. This might be due to so called probability neglect as introduced by other scholars. the security in organisations and society is depending on the assessment and judgement of these professionals, understanding their preferences and the influence of cognitive biases is paramount. This study contributes to this body of knowledge and might raise attention to this important topic in both the academic and professional security domain., Safety and Security Science

Published

2021

3. Bayesian network model to distinguish between intentional attacks and accidental technical failures: a case study of floodgates

Author

Chockalingam, S. (author), Pieters, W. (author), Teixeira, André (author), van Gelder, P.H.A.J.M. (author), Chockalingam, S. (author), Pieters, W. (author), Teixeira, André (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements., Safety and Security Science, Organisation and Governance

Published

2021

4. Investigating the effect of security and privacy on IoT device purchase behaviour

Author

Ho-Sam-Sooi, Nick (author), Pieters, W. (author), Kroesen, M. (author), Ho-Sam-Sooi, Nick (author), Pieters, W. (author), and Kroesen, M. (author)

Abstract

Given the significant privacy and security risks of Internet-of-Things (IoT) devices, it seems desirable to nudge consumers towards buying more secure devices and taking privacy into account in the purchase decision. In order to support this goal, this study examines the effect of security and privacy on IoT device purchase behaviour and assesses whether these effects are sensitive to framing, using a mixed methods approach. The first part of the study focuses on quantifying the effect of security and privacy compared to the effect of other device attributes such as price or functionality, by testing a causal model with choice models that have been developed from stated choice data. The second part aims to reveal the underlying mechanisms that determine the effect of privacy and security on purchase behaviour by means of a qualitative survey. The results suggest that security and privacy can strongly affect purchase behaviour, under the circumstances that privacy- and security-related information is available and communicated in an understandable manner, allowing consumers to compare devices. Moreover, the results show that a description of security that focuses on gains is more effective in nudging consumers towards buying secure devices. Future efforts could build upon this study by comparing the effect of security and privacy to more device attributes, such as ease of use or cost reduction. The results can serve as a basis for interventions that nudge consumers towards buying more secure and privacy-friendly devices., Organisation and Governance, Transport and Logistics

Published

2021

5. Individual preferences in security risk decision making: an exploratory study under security professionals

Author

de Wit, J.J. (author), Pieters, W. (author), van Gelder, P.H.A.J.M. (author), de Wit, J.J. (author), Pieters, W. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Risk assessments in the (cyber) security domain are often, if not always, based on subjective expert judgement. For the first time, to the best of our knowledge, the individual preferences of professionals from the security domain are studied. In on online survey they are asked to mention, rate and rank their preferences when assessing a security risk. The survey setup allows to differentiate between easily accessible or “on top of mind” attributes and guided or stimulated attributes. The security professionals are also challenged to both non-compensatory and compensatory decision making on the relevance of the attributes. The results of this explorative study indicate a clear difference and shift in the individual perceived relevance of attributes in these different settings. Another remarkable finding of this study is the predominant focus on impact attributes by the respondents and the less significant position of likelihood or probability. The majority of professionals seem to ignore likelihood in their security risk assessment. This might be due to so called probability neglect as introduced by other scholars. the security in organisations and society is depending on the assessment and judgement of these professionals, understanding their preferences and the influence of cognitive biases is paramount. This study contributes to this body of knowledge and might raise attention to this important topic in both the academic and professional security domain., Safety and Security Science

Published

2021

6. Bayesian network model to distinguish between intentional attacks and accidental technical failures: a case study of floodgates

Author

Chockalingam, S. (author), Pieters, W. (author), Teixeira, André (author), van Gelder, P.H.A.J.M. (author), Chockalingam, S. (author), Pieters, W. (author), Teixeira, André (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements., Safety and Security Science, Organisation & Governance

Published

2021

7. Investigating the effect of security and privacy on IoT device purchase behaviour

Author

Ho-Sam-Sooi, Nick (author), Pieters, W. (author), Kroesen, M. (author), Ho-Sam-Sooi, Nick (author), Pieters, W. (author), and Kroesen, M. (author)

Abstract

Given the significant privacy and security risks of Internet-of-Things (IoT) devices, it seems desirable to nudge consumers towards buying more secure devices and taking privacy into account in the purchase decision. In order to support this goal, this study examines the effect of security and privacy on IoT device purchase behaviour and assesses whether these effects are sensitive to framing, using a mixed methods approach. The first part of the study focuses on quantifying the effect of security and privacy compared to the effect of other device attributes such as price or functionality, by testing a causal model with choice models that have been developed from stated choice data. The second part aims to reveal the underlying mechanisms that determine the effect of privacy and security on purchase behaviour by means of a qualitative survey. The results suggest that security and privacy can strongly affect purchase behaviour, under the circumstances that privacy- and security-related information is available and communicated in an understandable manner, allowing consumers to compare devices. Moreover, the results show that a description of security that focuses on gains is more effective in nudging consumers towards buying secure devices. Future efforts could build upon this study by comparing the effect of security and privacy to more device attributes, such as ease of use or cost reduction. The results can serve as a basis for interventions that nudge consumers towards buying more secure and privacy-friendly devices., Organisation & Governance, Transport and Logistics

Published

2021

8. Risk Personalization: Governing Uncertain Collective Risk Through Individual Decisions

Author

Spruit, S. (author), de Bruijne, M.L.C. (author), Pieters, W. (author), Spruit, S. (author), de Bruijne, M.L.C. (author), and Pieters, W. (author)

Abstract

Individuals are regularly made responsible for risks they wish to take: one can consent to processing of personal data, and decide what to buy based on risk information on product labels. However, both large-scale processing of personal data and aggregated product choices may carry collective risks for society. In such situations, governance arrangements implying individual responsibility are at odds with uncertain collective risks from new technologies. We, therefore, investigate the governance challenges of what we call risk personalization: a form of governance for dealing with uncertain collective risks that allocates responsibility for governing those risks to individuals. We situate risk personalization at the intersection of two trends: governance of uncertain risk, and emphasis on individual responsibility. We then analyze three cases selected based on diversity: social media, nanomaterials, and Uber. Cross-case comparison highlights issues of risk personalization pertaining to (i) the nature of the risk, (ii) governance arrangements in place, and (iii) mechanisms for allocating responsibility to individuals. We identify governance challenges in terms of (i) meaningful choice, (ii) effectiveness in mitigating risk, and (iii) collective decision making capacity. We conclude that the risk personalization lens stimulates reflection on the effectiveness and legitimacy of risk governance in light of individual agency., Organisation and Governance

Published

2020

9. Effectiveness fettered by bureaucracy–why surveillance technology is not evaluated

Author

Cayford, M.R. (author), Pieters, W. (author), Cayford, M.R. (author), and Pieters, W. (author)

Abstract

The evaluation of the effectiveness of surveillance technology in intelligence agencies and oversight bodies is notably lacking. Assessments of surveillance technology concerning legal compliance, cost, and matters of privacy occupy a solid place, but effectiveness is rarely considered. Bureaucracy may explain this absence. Applying James Q. Wilson’s observations on bureaucracy reveals that effectiveness is minimally treated because it is more difficult to evaluate than budget assessments and legal compliance, and because intelligence outcomes are unobservable and difficult to oversee. Effectiveness evaluation is thus fettered by bureaucracy. Considerations of bringing in effectiveness assessment must appreciate the realities of bureaucratic constraints to be successful., Safety and Security Science, Organisation and Governance

Published

2020

10. Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: A scoping review

Author

Tervoort, Tom (author), De Oliveira, Marcela Tuler (author), Pieters, W. (author), van Gelder, P.H.A.J.M. (author), Olabarriaga, Silvia Delgado (author), Marquering, Henk (author), Tervoort, Tom (author), De Oliveira, Marcela Tuler (author), Pieters, W. (author), van Gelder, P.H.A.J.M. (author), Olabarriaga, Silvia Delgado (author), and Marquering, Henk (author)

Abstract

Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device., Organisation and Governance, Safety and Security Science

Published

2020

11. Decision support model for effects estimation and proportionality assessment for targeting in cyber operations

Author

Maathuis, E.C. (author), Pieters, W. (author), van den Berg, J. (author), Maathuis, E.C. (author), Pieters, W. (author), and van den Berg, J. (author)

Abstract

Cyber operations are relatively a new phenomenon of the last two decades. During that period, they have increased in number, complexity, and agility, while their design and development have been processes well kept under secrecy. As a consequence, limited data(sets) regarding these incidents are available. Although various academic and practitioner public communities addressed some of the key points and dilemmas that surround cyber operations (such as attack, target identification and selection, and collateral damage), still methodologies and models are needed in order to plan, execute, and assess them in a responsibly and legally compliant way. Based on these facts, it is the aim of this article to propose a model that i)) estimates and classifies the effects of cyber operations, and ii) assesses proportionality in order to support targeting decisions in cyber operations. In order to do that, a multi-layered fuzzy model was designed and implemented by analysing real and virtual realistic cyber operations combined with interviews and focus groups with technical – military experts. The proposed model was evaluated on two cyber operations use cases in a focus group with four technical – military experts. Both the design and the results of the evaluation are revealed in this article., Information and Communication Technology, Organisation and Governance

Published

2020

12. Risk Personalization: Governing Uncertain Collective Risk Through Individual Decisions

Author

Spruit, S. (author), de Bruijne, M.L.C. (author), Pieters, W. (author), Spruit, S. (author), de Bruijne, M.L.C. (author), and Pieters, W. (author)

Abstract

Individuals are regularly made responsible for risks they wish to take: one can consent to processing of personal data, and decide what to buy based on risk information on product labels. However, both large-scale processing of personal data and aggregated product choices may carry collective risks for society. In such situations, governance arrangements implying individual responsibility are at odds with uncertain collective risks from new technologies. We, therefore, investigate the governance challenges of what we call risk personalization: a form of governance for dealing with uncertain collective risks that allocates responsibility for governing those risks to individuals. We situate risk personalization at the intersection of two trends: governance of uncertain risk, and emphasis on individual responsibility. We then analyze three cases selected based on diversity: social media, nanomaterials, and Uber. Cross-case comparison highlights issues of risk personalization pertaining to (i) the nature of the risk, (ii) governance arrangements in place, and (iii) mechanisms for allocating responsibility to individuals. We identify governance challenges in terms of (i) meaningful choice, (ii) effectiveness in mitigating risk, and (iii) collective decision making capacity. We conclude that the risk personalization lens stimulates reflection on the effectiveness and legitimacy of risk governance in light of individual agency., Organisation & Governance

Published

2020

13. Effectiveness fettered by bureaucracy–why surveillance technology is not evaluated

Author

Cayford, M.R. (author), Pieters, W. (author), Cayford, M.R. (author), and Pieters, W. (author)

Abstract

The evaluation of the effectiveness of surveillance technology in intelligence agencies and oversight bodies is notably lacking. Assessments of surveillance technology concerning legal compliance, cost, and matters of privacy occupy a solid place, but effectiveness is rarely considered. Bureaucracy may explain this absence. Applying James Q. Wilson’s observations on bureaucracy reveals that effectiveness is minimally treated because it is more difficult to evaluate than budget assessments and legal compliance, and because intelligence outcomes are unobservable and difficult to oversee. Effectiveness evaluation is thus fettered by bureaucracy. Considerations of bringing in effectiveness assessment must appreciate the realities of bureaucratic constraints to be successful., Safety and Security Science, Organisation & Governance

Published

2020

14. Solutions for mitigating cybersecurity risks caused by legacy software in medical devices: A scoping review

Author

Tervoort, Tom (author), Tuler de Oliveira, M. (author), Pieters, W. (author), van Gelder, P.H.A.J.M. (author), Olabarriaga, Silvia Delgado (author), Marquering, Henk (author), Tervoort, Tom (author), Tuler de Oliveira, M. (author), Pieters, W. (author), van Gelder, P.H.A.J.M. (author), Olabarriaga, Silvia Delgado (author), and Marquering, Henk (author)

Abstract

Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This review aims to provide insight into solutions presented in the literature that mitigate risks caused by legacy software on medical devices. We performed a scoping review by categorising and analysing the contributions of a selection of articles, taken from a literature set discovered through bidirectional citation searching. We found 18 solutions, each fitting at least one of the categories of intrusion detection and prevention, communication tunnelling or hardware protections. Approaches taken include proxying Bluetooth communication through smartphones, behaviour-specification based anomaly detection and authenticating signals based on physical characteristics. These solutions are applicable to various use-cases, ranging from securing pacemakers to medical sensor networks. Most of the solutions are based on intrusion detection and on tunnelling insecure wireless communications. These technologies have distinct application areas, and the decision which one is most appropriate will depend on the type of medical device., Organisation & Governance, Safety and Security Science

Published

2020

15. Decision support model for effects estimation and proportionality assessment for targeting in cyber operations

Author

Maathuis, E.C. (author), Pieters, W. (author), van den Berg, Jan (author), Maathuis, E.C. (author), Pieters, W. (author), and van den Berg, Jan (author)

Abstract

Cyber operations are relatively a new phenomenon of the last two decades. During that period, they have increased in number, complexity, and agility, while their design and development have been processes well kept under secrecy. As a consequence, limited data(sets) regarding these incidents are available. Although various academic and practitioner public communities addressed some of the key points and dilemmas that surround cyber operations (such as attack, target identification and selection, and collateral damage), still methodologies and models are needed in order to plan, execute, and assess them in a responsibly and legally compliant way. Based on these facts, it is the aim of this article to propose a model that i)) estimates and classifies the effects of cyber operations, and ii) assesses proportionality in order to support targeting decisions in cyber operations. In order to do that, a multi-layered fuzzy model was designed and implemented by analysing real and virtual realistic cyber operations combined with interviews and focus groups with technical – military experts. The proposed model was evaluated on two cyber operations use cases in a focus group with four technical – military experts. Both the design and the results of the evaluation are revealed in this article., Information and Communication Technology, Organisation & Governance

Published

2020

16. Assessment Methodology for Collateral Damage and Military (Dis)Advantage in Cyber Operations

Author

Maathuis, E.C. (author), Pieters, W. (author), van den Berg, J. (author), Maathuis, E.C. (author), Pieters, W. (author), and van den Berg, J. (author)

Abstract

Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical - military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Information and Communication Technology, Organisation and Governance

Published

2019

17. CYBECO: Supporting cyber-insurance from a behavioural choice perspective

Author

Vassileiadis, Nikos (author), Vieira, Aitor Couce (author), Insua, David Ríos (author), Chatzigiannakis, Vassilis (author), Tsekeridou, Sofia (author), Gómez, Yolanda (author), Vila, José (author), Labunets, K. (author), Pieters, W. (author), Briggs, Pamela (author), Branley-Bell, Dawn (author), Vassileiadis, Nikos (author), Vieira, Aitor Couce (author), Insua, David Ríos (author), Chatzigiannakis, Vassilis (author), Tsekeridou, Sofia (author), Gómez, Yolanda (author), Vila, José (author), Labunets, K. (author), Pieters, W. (author), Briggs, Pamela (author), and Branley-Bell, Dawn (author)

Abstract

Organisation and Governance

Published

2019

18. An Adversarial Risk Analysis Framework for Cybersecurity

Author

Rios Insua, David (author), Couce-Vieira, Aitor (author), Rubio, Jose A. (author), Pieters, W. (author), Labunets, K. (author), G. Rasines, Daniel (author), Rios Insua, David (author), Couce-Vieira, Aitor (author), Rubio, Jose A. (author), Pieters, W. (author), Labunets, K. (author), and G. Rasines, Daniel (author)

Abstract

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems., Organisation and Governance

Published

2019

19. Combining Bayesian Networks and Fishbone Diagrams to Distinguish between Intentional Attacks and Accidental Technical Failures

Author

Chockalingam, S. (author), Pieters, W. (author), Teixeira, Andre M. H. (author), Khakzad, N. (author), van Gelder, P.H.A.J.M. (author), Chockalingam, S. (author), Pieters, W. (author), Teixeira, Andre M. H. (author), Khakzad, N. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this paper, we use Bayesian Networks (BNs) to distinguish between intentional attacks and accidental technical failures, based on contributory factors and observations (or test results). To facilitate knowledge elicitation, we use extended fishbone diagrams for discussions with experts, and then translate those into the BN formalism. We demonstrate the methodology using an example in a case study from the water management domain., Safety and Security Science

Published

2019

20. Assessment Methodology for Collateral Damage and Military (Dis)Advantage in Cyber Operations

Author

Maathuis, E.C. (author), Pieters, W. (author), van den Berg, Jan (author), Maathuis, E.C. (author), Pieters, W. (author), and van den Berg, Jan (author)

Abstract

Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by tackling the underlying scientific and practical gap, this article proposes an assessment methodology for the intended and unintended effects of Cyber Operations, labeled as Military Advantage, Collateral Damage and Military Disadvantage, and aims at supporting the targeting process when engaging targets in Cyber Operations. To arrive at this methodology, an extensive review on literature, military doctrine and methodologies was conducted combined with two series of interviews with military commanders and field work in joint military exercises. The assessment methodology is proposed considering multidimensional factors, phases and steps in a technical - military approach. For validation, one realistic Cyber Operation case study was conducted in a focus group with nine military experts plus four face-to-face meetings with another four military experts., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Information and Communication Technology, Organisation & Governance

Published

2019

21. CYBECO: Supporting cyber-insurance from a behavioural choice perspective

Author

Vassileiadis, Nikos (author), Vieira, Aitor Couce (author), Insua, David Ríos (author), Chatzigiannakis, Vassilis (author), Tsekeridou, Sofia (author), Gómez, Yolanda (author), Vila, José (author), Labunets, K. (author), Pieters, W. (author), Briggs, Pamela (author), Branley-Bell, Dawn (author), Vassileiadis, Nikos (author), Vieira, Aitor Couce (author), Insua, David Ríos (author), Chatzigiannakis, Vassilis (author), Tsekeridou, Sofia (author), Gómez, Yolanda (author), Vila, José (author), Labunets, K. (author), Pieters, W. (author), Briggs, Pamela (author), and Branley-Bell, Dawn (author)

Abstract

Organisation & Governance

Published

2019

22. An Adversarial Risk Analysis Framework for Cybersecurity

Author

Rios Insua, David (author), Couce-Vieira, Aitor (author), Rubio, Jose A. (author), Pieters, W. (author), Labunets, K. (author), G. Rasines, Daniel (author), Rios Insua, David (author), Couce-Vieira, Aitor (author), Rubio, Jose A. (author), Pieters, W. (author), Labunets, K. (author), and G. Rasines, Daniel (author)

Abstract

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems., Organisation & Governance

Published

2019

23. Combining Bayesian Networks and Fishbone Diagrams to Distinguish between Intentional Attacks and Accidental Technical Failures

Author

Chockalingam, S. (author), Pieters, W. (author), Teixeira, Andre M. H. (author), Khakzad, N. (author), van Gelder, P.H.A.J.M. (author), Chockalingam, S. (author), Pieters, W. (author), Teixeira, Andre M. H. (author), Khakzad, N. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. However, adequate decision support for this matter is lacking. In this paper, we use Bayesian Networks (BNs) to distinguish between intentional attacks and accidental technical failures, based on contributory factors and observations (or test results). To facilitate knowledge elicitation, we use extended fishbone diagrams for discussions with experts, and then translate those into the BN formalism. We demonstrate the methodology using an example in a case study from the water management domain., Safety and Security Science

Published

2019

24. Developing a Cyber Operations Computational Ontology

Author

Maathuis, E.C. (author), Pieters, W. (author), van den Berg, J. (author), Maathuis, E.C. (author), Pieters, W. (author), and van den Berg, J. (author)

Abstract

Cyber operations lack models, methodologies, and mechanisms to describe relevant data and knowledge. This problem is directly reflected when cyber operations are conducted and their effects assessed, and it can produce dissonance and disturbance in corresponding decision-making processes and communication between different military actors. To tackle these issues, this article proposes a knowledge model for cyber operations implemented as a computational ontology following a design science approach grounded on extensive technical-military research. This model classifies the essential entities of cyber operations and is exemplified in three case studies. Validation results show that this model can be used to describe cyber operations clearly and concisely., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Information and Communication Technology, Organisation and Governance, Cyber Security

Published

2018

25. Secure or usable computers? Revealing employees’ perceptions and trade-offs by means of a discrete choice experiment

Author

Molin, E.J.E. (author), Meeuwisse, Kirsten (author), Pieters, W. (author), Chorus, C.G. (author), Molin, E.J.E. (author), Meeuwisse, Kirsten (author), Pieters, W. (author), and Chorus, C.G. (author)

Abstract

It is often suggested in the literature that employees regard technical security measures (TSMs) as user-unfriendly, indicating a trade-off between security and usability. However, there is little empirical evidence of such a trade-off, nor about the strength of the associated negative correlation and the importance employees attach to both properties. This paper intends to fill these knowledge gaps by studying employees’ trade-offs concerning the usability and security of TSMs within a discrete choice experiment (DCE) framework. In our DCE, employees are asked to indicate the most preferred security packages that describe combinations of TSMs. In addition, security and usability perceptions of the security packages are explicitly measured and modelled. The models estimated from these observed responses indicate how each TSM affects perceived security, perceived usability and preference. The paper further illustrates how the modelling results can be applied to design highly secure packages that are still preferred by employees. The paper also makes a methodological contribution to the literature by introducing discrete choice experiments to the field of information security., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Transport and Logistics, Safety and Security Science

Published

2018

26. The hybrid victim: Re-conceptualizing high-tech cyber victimization through actor-network theory

Author

van der Wagen, Wytske (author), Pieters, W. (author), van der Wagen, Wytske (author), and Pieters, W. (author)

Abstract

Victims are often conceptualized as single, human and static entities with certain risk factors that make them more vulnerable and attractive for offenders. This framework is challenged by emerging forms of high-tech cybercrime, such as ransomware, botnets and virtual theft, in which the offender targets a composite of human, technical and virtual entities. This study critically assesses the current theorization of the cyber victim and offers an alternative approach. Drawing on actor-network theory and three empirical case studies, it analyses the cyber victim as a hybrid actor-network consisting of different entities that, together with the offender, make the victimization possible. The proposed concepts of victim composition, delegation and translation enable a more profound understanding of the hybrid and complex process of becoming a high-tech cyber victim. Keywords: cybercrime, cyber victimization, actor-network theory, botnet, ransomware, virtual theft., Organisation and Governance

Published

2018

27. Plots, murders, and money: oversight bodies evaluating the effectiveness of surveillance technology

Author

Cayford, M.R. (author), Pieters, W. (author), Hijzen, Constant (author), Cayford, M.R. (author), Pieters, W. (author), and Hijzen, Constant (author)

Abstract

Intelligence agencies routinely use surveillance technology to perform surveillance on digital data. This practice raises many questions that feed a societal debate, including whether the surveillance technology is effective in achieving the given security goal, whether it is cost-efficient, and whether it is proportionate. Oversight bodies are important actors in this debate, overseeing budgets, legal and privacy matters, and the performance of intelligence agencies. This paper examines how oversight bodies evaluate the questions above, using documents produced by American and British oversight mechanisms., Safety and Security Science

Published

2018

28. The effectiveness of surveillance technology: What intelligence officials are saying

Author

Cayford, M.R. (author), Pieters, W. (author), Cayford, M.R. (author), and Pieters, W. (author)

Abstract

In recent years, Western governments have come under sharp criticism for their use of surveillance technology. They have been accused of sweeping up massive amounts of information without evidence of the technologies being effective in improving security. The view of critics is clear, but what do intelligence officials themselves say? This paper analyzes statements of intelligence officials in the U.S. and U.K. from 2006 to 2016, examines what criteria officials use in their discourse on effectiveness, and investigates how considerations of cost and proportionality factor into the equation. It identifies seven measures of effectiveness in the statements of intelligence officials, and finds that cost, though rarely discussed, is the driver behind formalized evaluations of surveillance programs., Safety and Security Science

Published

2018

29. On the anatomy of social engineering attacks: A literature-based dissection of successful attacks

Author

Bullée, Jan Willem Hendrik (author), Montoya, Lorena (author), Pieters, W. (author), Junger, M. (author), Hartel, P.H. (author), Bullée, Jan Willem Hendrik (author), Montoya, Lorena (author), Pieters, W. (author), Junger, M. (author), and Hartel, P.H. (author)

Abstract

The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps, containing single interactions between offender and target. For each attack step, persuasion principles were identified. The main findings are that (a) persuasion principles are often used in social engineering attacks, (b) authority (1 of the 6 persuasion principles) is used considerably more often than others, and (c) single-principle attack steps occur more often than multiple-principle ones. The social engineers identified in the scenarios more often used persuasion principles compared to other social influences. The scenario analysis illustrates how to exploit the human element in security. The findings support the view that security mechanisms should include not only technical but also social countermeasures., Safety and Security Science, Cyber Security

Published

2018

30. Developing a Cyber Operations Computational Ontology

Author

Maathuis, E.C. (author), Pieters, W. (author), van den Berg, Jan (author), Maathuis, E.C. (author), Pieters, W. (author), and van den Berg, Jan (author)

Abstract

Cyber operations lack models, methodologies, and mechanisms to describe relevant data and knowledge. This problem is directly reflected when cyber operations are conducted and their effects assessed, and it can produce dissonance and disturbance in corresponding decision-making processes and communication between different military actors. To tackle these issues, this article proposes a knowledge model for cyber operations implemented as a computational ontology following a design science approach grounded on extensive technical-military research. This model classifies the essential entities of cyber operations and is exemplified in three case studies. Validation results show that this model can be used to describe cyber operations clearly and concisely., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Information and Communication Technology, Organisation & Governance, Cyber Security

Published

2018

31. Secure or usable computers? Revealing employees’ perceptions and trade-offs by means of a discrete choice experiment

Author

Molin, E.J.E. (author), Meeuwisse, Kirsten (author), Pieters, W. (author), Chorus, C.G. (author), Molin, E.J.E. (author), Meeuwisse, Kirsten (author), Pieters, W. (author), and Chorus, C.G. (author)

Abstract

It is often suggested in the literature that employees regard technical security measures (TSMs) as user-unfriendly, indicating a trade-off between security and usability. However, there is little empirical evidence of such a trade-off, nor about the strength of the associated negative correlation and the importance employees attach to both properties. This paper intends to fill these knowledge gaps by studying employees’ trade-offs concerning the usability and security of TSMs within a discrete choice experiment (DCE) framework. In our DCE, employees are asked to indicate the most preferred security packages that describe combinations of TSMs. In addition, security and usability perceptions of the security packages are explicitly measured and modelled. The models estimated from these observed responses indicate how each TSM affects perceived security, perceived usability and preference. The paper further illustrates how the modelling results can be applied to design highly secure packages that are still preferred by employees. The paper also makes a methodological contribution to the literature by introducing discrete choice experiments to the field of information security., Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public., Transport and Logistics, Safety and Security Science

Published

2018

32. The effectiveness of surveillance technology: What intelligence officials are saying

Author

Cayford, M.R. (author), Pieters, W. (author), Cayford, M.R. (author), and Pieters, W. (author)

Abstract

In recent years, Western governments have come under sharp criticism for their use of surveillance technology. They have been accused of sweeping up massive amounts of information without evidence of the technologies being effective in improving security. The view of critics is clear, but what do intelligence officials themselves say? This paper analyzes statements of intelligence officials in the U.S. and U.K. from 2006 to 2016, examines what criteria officials use in their discourse on effectiveness, and investigates how considerations of cost and proportionality factor into the equation. It identifies seven measures of effectiveness in the statements of intelligence officials, and finds that cost, though rarely discussed, is the driver behind formalized evaluations of surveillance programs., Safety and Security Science

Published

2018

33. Plots, murders, and money: oversight bodies evaluating the effectiveness of surveillance technology

Author

Cayford, M.R. (author), Pieters, W. (author), Hijzen, Constant (author), Cayford, M.R. (author), Pieters, W. (author), and Hijzen, Constant (author)

Abstract

Intelligence agencies routinely use surveillance technology to perform surveillance on digital data. This practice raises many questions that feed a societal debate, including whether the surveillance technology is effective in achieving the given security goal, whether it is cost-efficient, and whether it is proportionate. Oversight bodies are important actors in this debate, overseeing budgets, legal and privacy matters, and the performance of intelligence agencies. This paper examines how oversight bodies evaluate the questions above, using documents produced by American and British oversight mechanisms., Safety and Security Science

Published

2018

34. On the anatomy of social engineering attacks: A literature-based dissection of successful attacks

Author

Bullée, Jan Willem Hendrik (author), Montoya, Lorena (author), Pieters, W. (author), Junger, M. (author), Hartel, P.H. (author), Bullée, Jan Willem Hendrik (author), Montoya, Lorena (author), Pieters, W. (author), Junger, M. (author), and Hartel, P.H. (author)

Abstract

The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps, containing single interactions between offender and target. For each attack step, persuasion principles were identified. The main findings are that (a) persuasion principles are often used in social engineering attacks, (b) authority (1 of the 6 persuasion principles) is used considerably more often than others, and (c) single-principle attack steps occur more often than multiple-principle ones. The social engineers identified in the scenarios more often used persuasion principles compared to other social influences. The scenario analysis illustrates how to exploit the human element in security. The findings support the view that security mechanisms should include not only technical but also social countermeasures., Safety and Security Science, Cyber Security

Published

2018

35. The hybrid victim: Re-conceptualizing high-tech cyber victimization through actor-network theory

Author

van der Wagen, Wytske (author), Pieters, W. (author), van der Wagen, Wytske (author), and Pieters, W. (author)

Abstract

Victims are often conceptualized as single, human and static entities with certain risk factors that make them more vulnerable and attractive for offenders. This framework is challenged by emerging forms of high-tech cybercrime, such as ransomware, botnets and virtual theft, in which the offender targets a composite of human, technical and virtual entities. This study critically assesses the current theorization of the cyber victim and offers an alternative approach. Drawing on actor-network theory and three empirical case studies, it analyses the cyber victim as a hybrid actor-network consisting of different entities that, together with the offender, make the victimization possible. The proposed concepts of victim composition, delegation and translation enable a more profound understanding of the hybrid and complex process of becoming a high-tech cyber victim. Keywords: cybercrime, cyber victimization, actor-network theory, botnet, ransomware, virtual theft., Organisation & Governance

Published

2018

36. Bayesian Network Models in Cyber Security: A Systematic Review

Author

Chockalingam, S. (author), Pieters, W. (author), Herdeiro Teixeira, A.M. (author), van Gelder, P.H.A.J.M. (author), Chockalingam, S. (author), Pieters, W. (author), Herdeiro Teixeira, A.M. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 9 different criteria and identify important patterns in the use of these models. A key outcome is that standard BNs are noticeably used for problems especially associated with malicious insiders. This study points out the core range of problems that were tackled using standard BN models in cyber security, and illuminates key research gaps., Safety and Security Science, Information and Communication Technology

Published

2017

37. Game mechanics and technological mediation: an ethical perspective on the effects of MMORPG’s

Author

Klemm, Christian (author), Pieters, W. (author), Klemm, Christian (author), and Pieters, W. (author)

Abstract

In the past decades, video games have grown from a niche market to one of the major entertainment media, enticing millions of players worldwide. When ethical aspects of video games are being debated, the discussion oftentimes revolves around effects of their content, such as violence. This paper argues that effects of game mechanics, such as reward mechanisms, should be considered as well, as these are at the core of the appeal of games. We analyze the ethical dimension of behavioral game design present in Massively Multiplayer Online Role Playing Games (MMORPG’s). Using the framework of technological mediation, we show how opaque and seductive game mechanics can invite problematic usage patterns, such as excessive use with negative effects on well-being, and how designers can take responsibility for morally acceptable impact of their games. Having a practical focus, the paper concludes with several proposals for better design., Safety and Security Science

Published

2017

38. Beyond individual-centric privacy: Information technology in social systems

Author

Pieters, W. (author) and Pieters, W. (author)

Abstract

In the public debate, social implications of information technology are mainly seen through the privacy lens. Impact assessments of information technology are also often limited to privacy impact assessments, which are focused on individual rights and well-being, as opposed to the social environment. In this article, I argue that this perspective is too narrow, in terms of understanding the complexity of the relation between information technology and society, as well as in terms of directions for managing this relation. I use systems theory to show that current approaches focus mostly on individual impact of information technology developments rather than their mediating role in society itself. I argue that this should be complemented by an analysis of impact on individuals (psychic systems) via co-construction of the environment (social system). I then take up the question of what the role of information technology in social systems would look like in terms of the social relations of trust and power, and how this can complement privacy in discussions on impacts of information technology., Safety and Security Science

Published

2017

39. Beyond individual-centric privacy: Information technology in social systems

Author

Pieters, W. (author) and Pieters, W. (author)

Abstract

In the public debate, social implications of information technology are mainly seen through the privacy lens. Impact assessments of information technology are also often limited to privacy impact assessments, which are focused on individual rights and well-being, as opposed to the social environment. In this article, I argue that this perspective is too narrow, in terms of understanding the complexity of the relation between information technology and society, as well as in terms of directions for managing this relation. I use systems theory to show that current approaches focus mostly on individual impact of information technology developments rather than their mediating role in society itself. I argue that this should be complemented by an analysis of impact on individuals (psychic systems) via co-construction of the environment (social system). I then take up the question of what the role of information technology in social systems would look like in terms of the social relations of trust and power, and how this can complement privacy in discussions on impacts of information technology., Safety and Security Science

Published

2017

40. Game mechanics and technological mediation: an ethical perspective on the effects of MMORPG’s

Author

Klemm, Christian (author), Pieters, W. (author), Klemm, Christian (author), and Pieters, W. (author)

Abstract

In the past decades, video games have grown from a niche market to one of the major entertainment media, enticing millions of players worldwide. When ethical aspects of video games are being debated, the discussion oftentimes revolves around effects of their content, such as violence. This paper argues that effects of game mechanics, such as reward mechanisms, should be considered as well, as these are at the core of the appeal of games. We analyze the ethical dimension of behavioral game design present in Massively Multiplayer Online Role Playing Games (MMORPG’s). Using the framework of technological mediation, we show how opaque and seductive game mechanics can invite problematic usage patterns, such as excessive use with negative effects on well-being, and how designers can take responsibility for morally acceptable impact of their games. Having a practical focus, the paper concludes with several proposals for better design., Safety and Security Science

Published

2017

41. Bayesian Network Models in Cyber Security: A Systematic Review

Author

Chockalingam, S. (author), Pieters, W. (author), Herdeiro Teixeira, A.M. (author), van Gelder, P.H.A.J.M. (author), Chockalingam, S. (author), Pieters, W. (author), Herdeiro Teixeira, A.M. (author), and van Gelder, P.H.A.J.M. (author)

Abstract

Bayesian Networks (BNs) are an increasingly popular modelling technique in cyber security especially due to their capability to overcome data limitations. This is also instantiated by the growth of BN models development in cyber security. However, a comprehensive comparison and analysis of these models is missing. In this paper, we conduct a systematic review of the scientific literature and identify 17 standard BN models in cyber security. We analyse these models based on 9 different criteria and identify important patterns in the use of these models. A key outcome is that standard BNs are noticeably used for problems especially associated with malicious insiders. This study points out the core range of problems that were tackled using standard BN models in cyber security, and illuminates key research gaps., Safety and Security Science, Information and Communication Technology

Published

2017

42. Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures

Author

Fichtner, L.V.E. (author), Pieters, W. (author), Herdeiro Teixeira, A.M. (author), Fichtner, L.V.E. (author), Pieters, W. (author), and Herdeiro Teixeira, A.M. (author)

Abstract

In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be difficult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence is on the actions the system facilitates. Security is for example often used as an argument for or against granting access rights that are of importance to stakeholders, such as in the discussion on counterterrorism and privacy. This paper argues that the ongoing politicization of security issues calls for a paradigm to study cybersecurity as a Politikum: a matter of political concern, embedded in existing and future infrastructures. We summarize literature which inspired this paper and explain the role of security arguments for infrastructure governance. Then we outline the new paradigm and its core concepts and contribution, including the notion of framing. Finally, we present discourse analysis and infrastructure ethnography as research methods and discuss cases in which discourses (may) shape infrastructures, in particular smart cities., Accepted Author Manuscript, Information and Communication Technology, Safety and Security Science

Published

2016

43. The attack navigator

Author

Probst, Christian W. (author), Willemson, Jan (author), Pieters, W. (author), Probst, Christian W. (author), Willemson, Jan (author), and Pieters, W. (author)

Abstract

The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions., Safety and Security Science

Published

2016

44. The Navigation Metaphor in Security Economics

Author

Pieters, W. (author), Barendse, Jeroen (author), Ford, Margaret (author), Heath, Claude P R (author), Probst, Christian W. (author), Verbij, Ruud (author), Pieters, W. (author), Barendse, Jeroen (author), Ford, Margaret (author), Heath, Claude P R (author), Probst, Christian W. (author), and Verbij, Ruud (author)

Abstract

The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions., Safety and Security Science

Published

2016

45. The Navigation Metaphor in Security Economics

Author

Pieters, W. (author), Barendse, Jeroen (author), Ford, Margaret (author), Heath, Claude P R (author), Probst, Christian W. (author), Verbij, Ruud (author), Pieters, W. (author), Barendse, Jeroen (author), Ford, Margaret (author), Heath, Claude P R (author), Probst, Christian W. (author), and Verbij, Ruud (author)

Abstract

The navigation metaphor for cybersecurity merges security architecture models and security economics. By identifying the most efficient routes for gaining access to assets from an attacker's viewpoint, an organization can optimize its defenses along these routes. The well-understood concept of navigation makes it easier to motivate and explain security investment to a wide audience, encouraging strategic security decisions., Safety and Security Science

Published

2016

46. Cybersecurity as a Politikum: Implications of Security Discourses for Infrastructures

Author

Fichtner, L.V.E. (author), Pieters, W. (author), Herdeiro Teixeira, A.M. (author), Fichtner, L.V.E. (author), Pieters, W. (author), and Herdeiro Teixeira, A.M. (author)

Abstract

In the cybersecurity community it is common to think of security as a design feature for systems and infrastructures that may be difficult to balance with other requirements. What is less studied is how security requirements come about, for which reasons, and what their influence is on the actions the system facilitates. Security is for example often used as an argument for or against granting access rights that are of importance to stakeholders, such as in the discussion on counterterrorism and privacy. This paper argues that the ongoing politicization of security issues calls for a paradigm to study cybersecurity as a Politikum: a matter of political concern, embedded in existing and future infrastructures. We summarize literature which inspired this paper and explain the role of security arguments for infrastructure governance. Then we outline the new paradigm and its core concepts and contribution, including the notion of framing. Finally, we present discourse analysis and infrastructure ethnography as research methods and discuss cases in which discourses (may) shape infrastructures, in particular smart cities., Accepted Author Manuscript, Information and Communication Technology, Safety and Security Science

Published

2016

47. The attack navigator

Author

Probst, Christian W. (author), Willemson, Jan (author), Pieters, W. (author), Probst, Christian W. (author), Willemson, Jan (author), and Pieters, W. (author)

Abstract

The need to assess security and take protection decisions is at least as old as our civilisation. However, the complexity and development speed of our interconnected technical systems have surpassed our capacity to imagine and evaluate risk scenarios. This holds in particular for risks that are caused by the strategic behaviour of adversaries. Therefore, technology-supported methods are needed to help us identify and manage these risks. In this paper, we describe the attack navigator: a graph-based approach to security risk assessment inspired by navigation systems. Based on maps of a socio-technical system, the attack navigator identifies routes to an attacker goal. Specific attacker properties such as skill or resources can be included through attacker profiles. This enables defenders to explore attack scenarios and the effectiveness of defense alternatives under different threat conditions., Safety and Security Science

Published

2016

48. Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace

Author

Pieters, W. (author), Hadžiosmanovi?, D. (author), Dechesne, F. (author), Pieters, W. (author), Hadžiosmanovi?, D. (author), and Dechesne, F. (author)

Abstract

onceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safety-related, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, adversarial agents (attackers) may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies., Engineering, Systems and Services, Technology, Policy and Management

Published

2015

49. Socio-technical security metrics

Author

Gollmann, D. (author), Herley, C. (author), Koenig, V. (author), Pieters, W. (author), Sasse, M.A. (author), Gollmann, D. (author), Herley, C. (author), Koenig, V. (author), Pieters, W. (author), and Sasse, M.A. (author)

Abstract

Report from Dagstuhl seminar 14491. This report documents the program and the outcomes of Dagstuhl Seminar 14491 “Socio-Technical Security Metrics”. In the domain of safety, metrics inform many decisions, from the height of new dikes to the design of nuclear plants. We can state, for example, that the dikes should be high enough to guarantee that a particular area will flood at most once every 1000 years. Even when considering the limitations of such numbers, they are useful in guiding policy. Metrics for the security of information systems have not reached the same maturity level. This is partly due to the nature of security risk, in which an adaptive attacker rather than nature causes the threat events. Moreover, whereas the human factor may complicate safety and security procedures alike, in security this “weakest link” may be actively exploited by an attacker, such as in phishing or social engineering. In order to measure security at the level of socio-technical systems, one therefore needs to compare online hacking against such social manipulations, since the attacker may simply take the easiest path. In this seminar, we searched for suitable metrics that allow us to estimate information security risk in a socio-technical context, as well as the costs and effectiveness of countermeasures. Working groups addressed different topics, including security as a science, testing and evaluation, social dynamics, models and economics. The working groups focused on three main questions: what are we interested in, how to measure it, and what to do with the metrics., Values Technology and Innovation, Technology, Policy and Management

Published

2015

50. Security-by-Experiment: Lessons from Responsible Deployment in Cyberspace

Author

Pieters, W. (author), Hadziosmanovic, D. (author), Dechesne, F (author), Pieters, W. (author), Hadziosmanovic, D. (author), and Dechesne, F (author)

Abstract

Conceiving new technologies as social experiments is a means to discuss responsible deployment of technologies that may have unknown and potentially harmful side-effects. Thus far, the uncertain outcomes addressed in the paradigm of new technologies as social experiments have been mostly safety-related, meaning that potential harm is caused by the design plus accidental events in the environment. In some domains, such as cyberspace, adversarial agents (attackers) may be at least as important when it comes to undesirable effects of deployed technologies. In such cases, conditions for responsible experimentation may need to be implemented differently, as attackers behave strategically rather than probabilistically. In this contribution, we outline how adversarial aspects are already taken into account in technology deployment in the field of cyber security, and what the paradigm of new technologies as social experiments can learn from this. In particular, we show the importance of adversarial roles in social experiments with new technologies., Energy & Industry, Information and Communication Technology

Published

2015