Daniel Prince

The Impact of Social Engineering on Industrial Control System Security

In assessing the security posture of Industrial Control Systems (ICS), several approaches have been proposed, including attack graphs, attack trees, Bayesian networks and security ideals. Predominantly focusing on technical vulnerabilities, challenges stemming from social and organisational factors are often reviewed in isolation, if at all. Taking a mean time-to-compromise (MTTC) metric as a base for expansion, we explore the impact social engineering attack vectors (malicious e-mails) could have on such assessments. The applied method takes a holistic view, to better understand the potential impact of social engineering across a small European utility company. The results of this review are analysed and discussed, highlighting the level of access an attacker could gain through social engineering, and the need for assessment metrics to include vulnerabilities stemming not only from technical factors, but social and organisational ones as well.

Securitization and the global politics of cybersecurity

In ‘Digital disaster, cyber security, and the Copenhagen school’, published in 2009, Lene Hansen and Helen Nissenbaum suggest ways in which securitization theory can help understand the politics of cybersecurity and cyberwar. What was significant about Hansen and Nissenbaum’s article was the way it attempted to add new approaches and questions to a topic that tended to occupy a space in an often highly technical discourse of security, technology and strategy, a discourse that extended in to all aspects of life in a digitizing society. This article asks: What should international relations scholars be doing in addition to the challenge and task – to become more interdisciplinary in order to be able to engage with the potential technification and hypersecuritizations of cybersecurity policy and discourse – that was set out in Hansen and Nissenbaum’s article?

On Demand Network Level Service Deployment in Ad Hoc Networks

Many network level services such as routing, auto-addressing and, security have been proposed for ad hoc networks. Each has characteristics that may cause it to outperform similar services under different network conditions; therefore the choice of optimal services depends on the network deployment. Furthermore, since ad hoc network groups may be mobile it is probable that networks operating different or varying service implementations will interact. This paper presents work to provide dynamic, on demand network service selection and deployment, with minimal user interaction, in ad hoc networks.

Cybersecurity: The Security and Protection Challenges of Our Digital World

Once the domain of national agencies empowered to protect civil society and support intelligence missions, cybersecurity is now the pervasive technical, social, and economic issue. It affects all aspects of our daily life and organizational functions. From financial institutions to smart homes, and from the classroom to the doctor’s office, we are in a cyber arms race to protect ourselves from those driven to do us harm.

How Long is a Piece of String:: Defining Key Phases andObserved Challenges within ICS Risk Assessment

The numbers and severity of global cyber security attacks on Industrial Control Systems have increased over recent years. However, there are also significant efforts to improve defensive capabilities. While comprehensive reviews of risk assessment efforts exist, little detail is currently available on how they are being applied by security practitioners. This paper provides a summary of the approaches adopted by security practitioners, outlining key phases applied to risk assessment, application of existing predefined methodologies, and challenges faced throughout the overall process.