SpringerBriefs in Computer Science

This SpringerBrief introduces methodologies and tools for quantitative understanding and assessment of supply chain risk to critical infrastructure systems. It unites system reliability analysis, optimization theory, detection theory and mechanism design theory to study vendor involvement in overall system security. It also provides decision support for risk mitigation.

This SpringerBrief introduces I-SCRAM, a software tool to assess the risk. It enables critical infrastructure operators to make risk-informed decisions relating to the supply chain, while deploying their IT/OT and IoT systems.

The authors present examples and case studies on supply chain risk assessment/mitigation of modern connected infrastructure systems such as autonomous vehicles, industrial control systems, autonomous truck platooning and more. It also discusses how vendors of different system components are involved in the overall security posture of the system and how the risk can be mitigated through vendor selection and diversification. The specific topics in this book include:

• Risk modeling and analysis of IoT supply chains
• Methodologies for risk mitigation, policy management, accountability, and cyber insurance
• Tutorial on a software tool for supply chain risk management of IoT

 These topics are supported by up-to-date summaries of the authors’ recent research findings. The authors introduce a taxonomy of supply chain security and discusses the future challenges and directions in securing the supply chains of IoT systems. It also focuses on the need for joint policy and technical solutions to counter the emerging risks, where technology should inform policy and policy should regulate technology development.

This SpringerBrief has self-contained chapters, facilitating the readers to peruse individual topics of interest. It provides a broad understanding of the emerging field of cyber supply chain security in the context of IoT systems to academics, industry professionals and government officials.

This SpringerBrief presents a brief introduction to probabilistic risk assessment (PRA), followed by a discussion of abnormal event detection techniques in industrial control systems (ICS). It also provides an introduction to the use of game theory for the development of cyber-attack response models and a discussion on the experimental testbeds used for ICS cyber security research. The probabilistic risk assessment framework used by the nuclear industry provides a valid framework to understand the impacts of cyber-attacks in the physical world. An introduction to the PRA techniques such as fault trees, and event trees is provided along with a discussion on different levels of PRA and the application of PRA techniques in the context of cybersecurity. A discussion on machine learning based fault detection and diagnosis (FDD) methods and cyber-attack detection methods for industrial control systems are introduced in this book as well.
A dynamic Bayesian networks based method that can be used to detect an abnormal event and classify it as either a component fault induced safety event or a cyber-attack is discussed. An introduction to the stochastic game formulation of the attacker-defender interaction in the context of cyber-attacks on industrial control systems to compute optimal response strategies is presented. Besides supporting cyber-attack response, the analysis based on the game model also supports the behavioral study of the defender and the attacker during a cyber-attack, and the results can then be used to analyze the risk to the system caused by a cyber-attack. A brief review of the current state of experimental testbeds used in ICS cybersecurity research and a comparison of the structures of various testbeds and the attack scenarios supported by those testbeds is included. A description of a testbed for nuclear power applications, followed by a discussion on the design of experiments that can be carried out on the testbed and the associated results is covered as well.
This SpringerBrief  is a useful resource tool for researchers working in the areas of cyber security for industrial control systems, energy systems and cyber physical systems. Advanced-level students that study these topics will also find this SpringerBrief useful as a study guide.

This book presents the latest research in cognitive security, a rapidly emerging field that addresses the vulnerabilities in human behavior and cognition that can lead to Cyber-Physical Systems (CPS) compromise. This book demonstrates that as adversaries increasingly use manipulative and deceptive information to disrupt human cognitive processes, including sensation, attention, memory, and mental operations, humans are misled into fallacious reasoning and manipulated decisions that can lead to system-level meltdown. Cognitive security aims to protect humans from the exploitation of cognitive vulnerabilities, help them make informed decisions that are free from manipulation and undue influence, and mitigate the aggravating risk in the ensuing steps of the attacker’s kill chain.

This book offers solutions that work across different fields, such as psychology, neuroscience, data science, social science, and game theory, to deal with cognitive threats. It guides the reader through the core ideas with figures, real-life examples, and case studies. Moreover, it formally defines all research questions, presents the results using mathematical theorems and proofs, and obtains insights through numerical validation.

This book provides a self-contained and brief overview of essential system-scientific tools for modeling, analyzing, and mitigating cognitive vulnerabilities. The concepts of human cognitive capacities and cognitive vulnerabilities are formally discussed, followed by two case studies in the scenarios of reactive and proactive attention vulnerabilities. This book provides insights and applications on this transdisciplinary topic, with the goal of motivating future research in this emerging area and pushing the frontier of human-technology convergence. This book is a valuable reference for researchers and advanced-level students studying or working in cognitive security and related fields. It is also useful for decision-makers, managers, and professionals working within these related fields.