ABSTRACT
As the coronavirus disease (COVID-19) broke out in late 2019, the electricity sector was significantly impacted. Hence, the effects of the pandemic and restricting measures in power system operation are investigated during pandemic circumstances. The secure operation of the power system is a fundamental requirement. Appropriate procedures should be taken to mitigate these effects and ensure the power system's security. Accordingly, in this study, the authors determine that the COVID-19 pandemic can change the system's operating conditions in the first stage. Since data-driven security assessment methods require the training database to learn about Security constraints, this paper proposes an efficient database generation strategy respecting the consequences of the COVID-19 outbreak. The proposed strategy provides a training set with high information content compatible with the operating conditions. To this end, the method consists of a characteristics extraction approach and updating scheme. The characteristics should be extracted to represent the operating conditions of the system. Further, the similarity of intervals is compared using characteristics in updating scheme. The copula-based sampling approach is provided to generate the random samples. The proposed strategy generates a database for data-driven methods. Therefore, it can be utilized in various applications of security assessment. Real-world data is mapped to the IEEE 39-bus system to illustrate the framework efficiency. The outcomes indicate that a classification using the proposed strategy outperforms conventional methods in terms of evaluation metrics. © 2017 Elsevier Inc. All rights reserved. © 2023 Elsevier Ltd
ABSTRACT
An FAO/WFP Crop and Food Security Assessment Mission (CFSAM) conducted an analysis from 7 to 16 December 2020 to estimate the cereal production in South Sudan during 2020, based on a review of data and information collected by the Ministry of Agriculture and Food Security (MAFS). The Mission also reviewed secondary data from a variety of sources in order to produce an overview of the overall food security situation in the country. Due to COVID-19-related travel restrictions, the analysis was performed remotely through several video-conferences with relevant staff of the FAO Office in South Sudan. The CFSAM reviewed the findings of several Crop Assessment Missions conducted at harvest time from August, following the removal of COVID-19-related travel restrictions, to December 2020, in different agro-ecological zones of the country.
ABSTRACT
Recent studies report that cybersecurity breaches noticed in hospitals are associated with low levels of personnel's cybersecurity awareness. This work aims to assess the cybersecurity culture in healthcare institutions from middle- to low-income EU countries. The evaluation process was designed and performed via anonymous online surveys targeting individually ICT (internet and communication technology) departments and healthcare professionals. The study was conducted in 2019 for a health region in Greece, with a significant number of hospitals and health centers, a large hospital in Portugal, and a medical clinic in Romania, with 53.6% and 6.71% response rates for the ICT and healthcare professionals, respectively. Its findings indicate the necessity of establishing individual cybersecurity departments to monitor assets and attitudes while underlying the importance of continuous security awareness training programs. The analysis of our results assists in comprehending the countermeasures, which have been implemented in the healthcare institutions, and consequently enhancing cybersecurity defense, while reducing the risk surface.
ABSTRACT
Election infrastructure includes socio-technical systems that are designated as United States critical infrastructure within the Government Facilities sector. Following the 2016 United States' General Election and during the 2020 Presidential Election cycle, election security and the integrity of election processes became a prevalent, national conversation. From the 2019 U.S. Senate Intelligence Committee report indicating that election systems in all 50 states had been targeted by foreign adversaries to the more recent broadened use of, and concern about, mail-based voting during the COVID-19 pandemic, election integrity is increasingly important. Furthermore, poll workers play a crucial role in elections and election equipment, as they are one of the first lines of defense in systems security. This paper contributes to improving the security of election infrastructure through intentional, targeted, cyber, physical, and insider threat training for poll workers. Specifically, this paper details the engineering design, including pedagogical approach, and deployment of online, election-specific, threat training modules. Results of a System Usability Scale assessment from 44 poll workers indicate the content and online platform are easy to interact with and use. Further, the developed modules were piloted and then deployed in a mid-Atlantic state;participating counties include over 1,900 poll workers who serve nearly 750,000 voters. © 2021 IISE Annual Conference and Expo 2021. All rights reserved.
ABSTRACT
The coronavirus pandemic led to an unprecedented crisis affecting all aspects of the concurrent reality. Its consequences vary from political and societal to technical and economic. These side effects provided fertile ground for a noticeable cyber-crime increase targeting critical infrastructures and, more specifically, the health sector; the domain suffering the most during the pandemic. This paper aims to assess the cybersecurity culture readiness of hospitals' workforce during the COVID-19 crisis. Towards that end, a cybersecurity awareness webinar was held in December 2020 targeting Greek Healthcare Institutions. Concepts of cybersecurity policies, standards, best practices, and solutions were addressed. Its effectiveness was evaluated via a two-step procedure. Firstly, an anonymous questionnaire was distributed at the end of the webinar and voluntarily answered by attendees to assess the comprehension level of the presented cybersecurity aspects. Secondly, a post-evaluation phishing campaign was conducted approximately four months after the webinar, addressing non-medical employees. The main goal was to identify security awareness weaknesses and assist in drafting targeted assessment campaigns specifically tailored to the health domain needs. This paper analyses in detail the results of the aforementioned approaches while also outlining the lessons learned along with the future scientific routes deriving from this research.
ABSTRACT
The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK's possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.