All

CriM -- Cyber Security Seminar and Workshops -- 2022

During November 2022 we held the Cyber Security Seminar and Workshops in Oulu, Finland. This four days event has been held since 1999 and brings together teachers, researchers, experts, and students of cybersecurity: https://www.oulu.fi/en/crim.

CriM had twelve talks before lunch and three exercises in the afternoon, covering topics from incidence response to password handling. We were especially glad to hear a talk from Bart Preneel, Europe’s most pronounced cryptography expert, who reminded us at the end of his presentation to a quote from Immanuel Kant “Optimism is a moral duty”.

Continue reading

Cybersecurity For Public Utilities Solutions III

Failing to understand the gravity of the potential effects of a power grid attack leaves municipal utility companies unprepared to enact the necessary cybersecurity counter-measures necessary to prevent or, at least, mitigate attacks. As Miller [1], points out, local governments could benefit from the information that would lead to the early prevention of cyberattacks. Unfortunately, the information is often hidden or never revealed. Although municipalities are obliged to report attacks in a timely fashion, they often avoid reporting attacks to maintain credibility. Nor do they necessarily see sharing of information about attacks as useful.

Continue reading

Cybersecurity For Public Utilities Solutions II

Cyberattacks launched on municipal utility companies are similar to attacks in any other industry. However, the potential for OT attacks and the dangers of a major service disruption has raised the stakes. Miller outlines in this article [1] the most common cybersecurity attacks that have affected municipal utility companies. 

Denial of Service 

Attacks that stop users from accessing essential networks are typically referred to as denial of service (DoS) or distributed denial of service (DDoS) attacks. A DoS attack is initiated by a single attacking computer. A DDoS attack is launched by multiple attacking devices. While the attack is in progress, companies can’t access the means to provide services. These attacks have serious implications for any company, but the interruption of essential services like electricity or running water can quickly become disastrous.  Unfortunately, given the lack of training many utilities are particularly vulnerable to denial of service attacks. While these attacks are difficult to deal with, more work on raising an awareness of the issues and possible counter-measures would be invaluable.

Continue reading

Cybersecurity For Public Utilities Solutions I

In 2021 Jason Miller wrote an article on cybersecurity for municipal utilities stressing that cyber-attacks were increasing every year and greatly impacting a wide range of high-profile targets from governmental agencies to financial and insurance organizations, hospitals and other health facilities, and educational institutions. Of particular concern in many countries, he points out, is the situation on local levels where local governments with municipal utilities are often under-funded with poorly trained staff [1]. Unfortunately, the solutions he offers do not take into account the range of problems facing municipal utilities. Many are not aware, however, of how municipal utilities have become targets for “nation-state actors” and the possibly disastrous effects of an attack.

Continue reading

3 questions – 3 answers Christmas 2022 edition: The second CS-AWARE-NEXT Podcast

We are happy to announce the second CS-AWARE-NEXT Podcast with Juha Röning!

Juha is the Coordinator of the CS-AWARE-NEXT project and is Professor of Embedded Systems at the University of Oulu. Juha has also coordinated the original CS-AWARE project.

He has three patents and has published more than 300 papers in the areas of computer vision, robotics, intelligent signal analysis, and software security. He is currently serving as a Board of Director for euRobotics aisbl. He is also a steering board member of ARTMIS-IA.

Continue reading

Welcome CS-Connect!

In CS-AWARE-NEXT, the role of our unit, CERICT-Università di Salerno, is to design, develop and evaluate, a collaboration layer for the ecosystem, aimed to support the organisations in their activities toward improved security.

We are actually collecting all the requirements from the use cases and we have had very interesting discussions with the organisations in the ecosystems in Larissa and in Foggia, to find out what is actually needed to ensure adequate support to the ecosystem. And indeed, we have collected quite a few requirements, some of which were expected by us (aren’t we all collaborating on something after all) but many were surprising and stimulating. We cannot spoil them as they are going to be in the Deliverable that Workpackage 2 is creating by February 2023. For example, we cannot tell you that we are considering different scenarios that involve the ecosystem in different activities, with different tools and different support by the collaboration system. As well as we cannot tell you that a flexible visibility mechanism for the information shared will allow to accommodate different ecosystem with diverse cohesion. And, of course, we cannot tell you that the visualization of the system will be based on the CS-AWARE visualization but contextualized with the goal of the scenario. Sorry. What we can tell you now is what is the name of the tool! In fact, during the General Meeting in Wien, stimulated by the words, dubiously attributed to the Bard of Avon:

Continue reading

3 questions – 3 answers: The first CS-AWARE-NEXT Podcast

We are happy to announce the first CS-AWARE-NEXT Podcast with Chris Wills!

Chris is Founder and Member of the Management Board of the CS-AWARE Corporation, and has worked as a member of the CS-AWARE project, leading the socio-technical analysis of the cybersecurity situations in the two major European cities that were partners in the project.

His specialist areas of interest are those of Socio-Technical systems analysis and design of cybersecurity systems, software process in safety critical systems and threat and risk assessment in ITC systems.

Continue reading

Startups in Europe – and elsewhere

CS-AWARE Corporation is not only one of the partners of the CS-AWARE-NEXT Consortium, but also the main vehicle for the exploitation of all project outcomes and results. The company itself is a successful spin-out of the previous CS-AWARE Innovation Action and considered as a success story because we exhibited commitment to build a sustainable business that will help local public organisations increase their awareness and build capacities to successfully fight with cyber security threats. This might be our European perspective on how to build a business. Let us see a little more far away…

Continue reading

Turning the Internet into a meaningful (data) space!

Last week I attended the works of the 1st International Conference on FAIR Digital Objects. One may wonder what FAIR Digital Objects are – and then visit the Web page of the Fair Digital Objects Forum to learn more.

Before entering the details of what FDOs are, it may be worth to spend some little time and explain what FAIR is about. More and more projects and research ‘endeavours’ and ‘ventures’ take it as a prerequisite, that all data to be collected – processed – managed – stored should be FAIR. So here it is:

Continue reading

A great base scenario for CS-AWARE-NEXT?

Don’t remember if have heard of this incident before, but this could actually be a great base scenario for CS-AWARE-NEXT. It is about the May 2021 ransomware attack on the Health Service Executive (HSE).

At the end of the year 2021, a report was published, that had been commissioned by the Health Services Executive (“HSE”). The report counts about 100 pages – so it is not what one might regard as a convenient reading for an evening discussion. However, there are many generic cybersecurity issues that the report raises that are to be addressed in the CS-AWARE-NEXT project

Continue reading