Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Introduction
In the era of cyber attacks the issues of protecting national infrastructure arise. The
techniques of awareness and defense-in-depth are two important protection methodologies that
complement each other in detecting emerging threats and strengthening countermeasures. The
defense-in-depth method focuses on adding extra layers of protection to the organization, and the
awareness method conduct the research of current risks at the enterprise. Therefore, by studying
the potential and current vulnerabilities, the enterprises can use that information to add extra
layers of protection in the area of those vulnerabilities.
Defense-in-depth is a protection technique for cyber security that includes the provision of
extra layers of defense. It has three important features. It has to be "deep" by having many
independent layers of security. It has to be "narrow" by having minimized number of nodes. It
has to be also "strong" by making each different layer retaining from the attacks. (P. Mell, J.
Shook & R. Harang, 2016) In order to fulfill these requirements for defense-in-depth technique,
the awareness methodology can be used. The situational awareness can help to study the
requirements to create "deep", "narrow" and "strong" layers.
With the rise of technologies and automation, the more data appears about vulnerabilities
and potential attacks. The awareness technique is the method that is used to study the potential
risks. According to the paper of T. Pahi, M. Leitner and F. Skopik, the Effective Cyber
Situational Awareness includes three main phases such as network awareness (analyze of assets
enumeration of defense capabilities), threat of attack awareness (creates a picture of possible
attacks), operational or mission awareness (determines how decreased network will affect the
mission of the network) (T. Pahi, M. Leitner and F. Skopik, 2017).
The security administrator asks three main questions when an attack occurs: what
happened? why did it happen? what can be done? The awareness technique answers the first two
questions (M. Albanese, H. Cam & S. Jahodia, 2014). The third question is answered by
implementing the extra defense with multi-layered methods. Based on the acquired information,
the new layers of protection can be added to the network security, software application or user
accessibility. The third question shows the importance of complementing and combining two
techniques of defense-in-depth and awareness together. Defense-in-depth helps to answer the
third question while the first two are replied by awareness.
By conducting the situational awareness, the enterprises process a lot of data of potential
risks and their real association with the vulnerability. Not always the occurred problem is
associated with potential attacks. Sometimes the abnormal behavior can be caused by the
software mistake and not the intruder. The research of Massimiliano Albanese provides the
information on automated tools to conduct the situational awareness effectively and less time
consuming. The author suggest a few models to automate the technique of situational awareness
by creating the cyber situation awareness frameworks and deploying the Petri Net Models. (M.
Albanese, H. Cam & S. Jahodia, 2014). Thus, by automating the awareness, the cyber security
manager would receive a ready information on vulnerabilities that would help to implement
other cyber security methodologies faster. The defense-in-depth methodology would use the
acquired information received from automated awareness tools to strengthen the multi-layered
protection.
To secure better the ICS by defense-in-depth methodologies, the new approach was
proposed by Jayasingam Nivethan and Mauricio Papa when changes in constraints are
determined by employees that are not related to IT industries. The approach brings awareness of
the risks and helps to mitigate them by non-IT workers. The framework allows the Intrusion
Detection System (ICS) to audit the variables and alert the system operator if abnormal values
occurred. (J. Nivethan, M. Papa, 2016) The method shows how two techniques of awareness and
defense-in-depth are used together in Industrial Control System by acquiring the risks
information and improving the defense.
The other method of automatic construction of statechart anomaly detection models for ICS
presents the defense-in-depth method along with awareness strategy. The authors, Amit
Kleinmann and Avishai Wool, offer a new approach that called Statechart DFA, that demonstrate
automatic construction of statechart from captured traffic stream. It learns the individual patterns
of complex cycle patterns in the traffic (A. Kleinmann, A. Wool, 2017). The method discovers
the potential vulnerabilities and adds extra layers of protection to the system.
F.Silva and P. Jacob consider that creating a mission dependency metamodel is a crucial
requirement for the risk assessment. The model determines the dependency layers and entities
that are affected by the risks ( F.Silva, P. Jacob, 2018). The suggested method also uses the
techniques of defense-in-depth and awareness complimentarily by thoroughly determining the
risks in each layer.
Conclusion
References
Albanese, M., Cam, H., & Jajodia, S. (2014). Automated Cyber Situation Awareness Tools and
Models for Improving Analyst Performance. Advances in Information Security Cybersecurity
Systems for Human Cognition Augmentation,47-60. doi:10.1007/978-3-319-10374-7_3
Mell, P., Shook, J., & Harang, R. (2016). Measuring and Improving the Effectiveness of
Defense-in-Depth Postures. ICSS '16 Proceedings of the 2nd Annual Industrial Control System
Security Workshop,15-22. doi:10.1145/3018981.3018986
Nivethan, J., & Papa, M. (2016). A SCADA Intrusion Detection Framework that Incorporates
Process Semantics. CISRC'16 Proceedings of the 11th Annual Cyber and Information Security
Research Conference Article No. 6. doi:10.1145/2897795.2897814
Pahi, T., Leitner, M., & Skopik, F. (2017). Analysis and Assessment of Situational Awareness
Models for National Cyber Security Centers. Proceedings of the 3rd International Conference on
Information Systems Security and Privacy : ICISSP,1, 334-345. doi:10.5220/0006149703340345
Silva, F. R., & Jacob, P. (2018). Mission-Centric Risk Assessment to Improve Cyber Situational
Awareness. Proceedings of the 13th International Conference on Availability, Reliability and
Security - ARES 2018. doi:10.1145/3230833.3233281