Global Cyber Security Center

Rome, Italy

Global Cyber Security Center

Rome, Italy

Time filter

Source Type

Grant
Agency: European Commission | Branch: FP7 | Program: CP-FP | Phase: SEC-2013.2.5-2 | Award Amount: 3.75M | Year: 2014

Some progress has been made in understanding and managing cyber crime as well assessing its economic impact. Yet much remains to be done. Lack of co-ordination in law enforcement and legislation, lack of common consensus on the nature of cyber crime and lack of knowledge sharing and trust are just some of the issues that both afflict cyber crime responses and cloud our understanding of cyber crime. E-CRIME addresses these well-known problems, while analysing the economic impact of cyber crime and developing concrete measures to manage risks and deter cyber criminals in non-ICT sectors. E-CRIME does so by adopting an interdisciplinary and multi-level-stakeholder focused approach that fully integrates a wide range of stakeholders knowledge and insights into the project. First, the project will create a detailed taxonomy and inventory of cyber crime in non-ICT sectors and analyse cyber criminal structures and economies by combining the best existing data sources with specialist new insights from key stakeholders and experts. Second, E-CRIME will assess existing counter-measures against cyber crime in non-ICT sectors in the form of current technology, best practices, policy and enforcement approaches, and awareness and trust initiatives. Third, having mapped the as-is of cyber crime, the project will use available information and new data to develop a multi-level model to measure the economic impact of cyber crime on non ICT-sectors. Fourth, E-CRIME will integrate all its previous findings to identify and develop diverse, concrete counter-measures, combined in portfolios of inter-sector and intra-sector solutions, including enhancement for crime-proofed applications, risk management tools, policy and best practices, and trust and confidence measures. The analysis will proceed in close co-operation with relevant and diverse stakeholders. This will be achieved through conducting interviews and survey, organising workshops and setting up an E-CRIME Stakeholder Forum.


Baldini G.,European Commission - Joint Research Center Ispra | Fovino I.N.,Global Cyber Security Center | Braghin S.,Nanyang Technological University | Trombetta A.,University of Insubria
Security and Communication Networks | Year: 2013

Cognitive radio is a novel wireless communication technology that allows for adaptive configuration of the reception parameters of a terminal, based on the information collected from the environment. Cognitive radio technology can be used in innovative spectrum management approaches such as spectrum sharing, where radio frequency spectral bands can be shared among various users through a dynamic exclusive-use spectrum access model. Spectrum sharing can be applied to various scenarios in the commercial, public safety and military domain. In some scenarios, spectrum sharing demands a mechanism for expressing and enforcing access control policies for the allocation of resources including spectral bands. The access control polices should state what are the available resources (e.g., transmission/reception bandwidths), what are the users that are allowed to access them and under what conditions. However, because of the intrinsically highly dynamic nature of specific scenarios (e.g., public safety, military), where parties with various levels of authority may suddenly appear, it may be difficult to establish in advance what are the most suitable access control policies. Trust negotiation is a well-known approach for expressing and enforcing distributed access control policies that depend on two or more parties. In this work, we present a trust negotiation-based framework that allows for the definition of highly expressive and flexible distributed access control policies for the allocation of spectrum resources. Copyright © 2012 John Wiley & Sons, Ltd. Cognitive radio is a novel wireless communication technology that allows new spectrum management models, where radio frequency spectral bands can be shared among various users. Spectrum sharing demands a mechanism to regulate the allocation of spectrum resources in a secure way. In this paper, we present a trust negotiation-based framework that allows for the definition of highly expressive and distributed access control policies for the allocation of spectrum resources. © 2012 John Wiley & Sons, Ltd.


Kilinc G.,Izmir Institute of Technology | Fovino I.N.,Global Cyber Security Center | Ferigato C.,European Commission - Joint Research Center Ispra | Koltuksuz A.,Yaşar University
IFAC Proceedings Volumes (IFAC-PapersOnline) | Year: 2012

The cyber-security of industrial control systems (ICS) is gaining high relevance due to the impact of industrial system failures on the citizen life. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to cyber-threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of an effective key management infrastructure supporting a cryptographic layer. In this paper, we describe a "model of distributed key generation for industrial control systems" we have recently implemented. The model is based on a known Distributed Key Generator protocol we have adapted to an industrial control system environment and to the related communication protocol (Modbus). To validate in a formal way selected security properties of the model, we introduced a Petri Nets representation. This representation allows for modeling attacks against the protocol and understanding some potential weaknesses of its implementation in the industrial control system environment.


Leszczyna R.,Technical University of Gdansk | Fovino I.N.,Global Cyber Security Center | Masera M.,European Commission
IET Information Security | Year: 2011

This study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation of trust cases which provide valuable information for the end users of the infrastructure. Another new proposal is MAlSim - mobile agent-based simulator of malicious software (viruses, worms, etc). To the best of the authors' knowledge, such a simulator has not been proposed before. The present approach was applied to the verification of the security of industrial control systems and power plants. In the study, one of the experiments related to the security study of an information system of a power plant, a simulation of zero-day worm attack, is described. © 2011 The Institution of Engineering and Technology.


Nai Fovino I.,Global Cyber Security Center | Coletta A.,Global Cyber Security Center | Carcano A.,University of Insubria | Masera M.,Institute for Energy
IEEE Transactions on Industrial Electronics | Year: 2012

The security of System Control and Data Acquisition (SCADA) systems is one of the most pressing subjects in industrial systems, particularly for those installations actively using the public network in order to provide new features and services. In this paper, we present an innovative approach to the design of filtering systems based on the state analysis of the system being monitored. The aim is to detect attacks composed of a set of "SCADA" commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed firewall detects these complex attacks thanks to an internal representation of the controlled SCADA system. Furthermore, we detail the design of the architecture of the firewall for systems that use the ModBus and DNP3 protocols, and the implementation of a prototype, providing experimental comparative results that confirm the validity of the proposed approach. © 2012 IEEE.


Kilinc G.,Izmir Institute of Technology | Nai Fovino I.,Global Cyber Security Center
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

The security of the ICT (Information Communications Technology) components of industrial systems is gaining great importance in the context of their criticality for society at large. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to such threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of a effective key management infrastructure supporting a cryptographic layer. In this paper we present the first working prototype of a distributed key generation infrastructure for SCADA systems based on the well known identity based crypto-paradigm. © 2013 Springer-Verlag.


Casalicchio E.,University of Rome Tor Vergata | Caselli M.,Global Cyber Security Center | Coletta A.,Global Cyber Security Center | Fovino I.N.,Global Cyber Security Center
International Journal of Critical Infrastructures | Year: 2013

Modern critical infrastructures (e.g., power plants, energy grids, oil pipelines, etc.), make nowadays extensive use of information and communication technologies (ICT). As a direct consequence their exposure to cyber-attacks is becoming a matter of public security. In this paper, we analyse a particular infrastructure, rarely considered as source of threats, on which indeed the majority of network based services rely. the domain name system. Taking as example the power system, we show how deeply a failure (accidental or malicious) of the DNS might impact on the operation of the modern and distributed critical infrastructure. Copyright © 2013 Inderscience Enterprises Ltd.


Nai Fovino I.,Global Cyber Security Center | Di Blasi S.,Global Cyber Security Center | Rigoni A.,Global Cyber Security Center
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2013

The pervasiveness of Information and Communication Technologies in the control and governance of Critical Infrastructures (CIs) (e.g. power plants, energy grids, oil pipelines etc.) makes the Cyber Security problem a matter of citizen protection and safety. In this work, taking as example the Power System, we analyze the impact of malicious attacks agains the Domain Name System (DNS) on the operation of the modern, open and distributed critical infrastructures. © 2013 Springer-Verlag.


Casalicchio E.,University of Rome Tor Vergata | Caselli V.,Global Cyber Security Center | Coletta A.,Global Cyber Security Center
IEEE Network | Year: 2013

The Internet is a worldwide distributed critical infrastructure, and it is composed of many vital components. While IP routing is the most important service, today the Domain Name System can be classified as the second most important, and has been defined as a critical infrastructure as well. DNS enables naming services used by every networked application and therefore by every networked critical infrastructure. Without DNS all services used in daily life activities (e.g., commerce, finance, industrial process control, logistics, transportation, health care) become unavailable. A big challenge is to guarantee the proper level of DNS health. Providing DNS health requires monitoring the system, analyzing its behavior, and planning and actuating corrective actions. There are several initiatives in this field, all claiming to be able to measure the DNS health from a local perspective. The reality is a bit different and many challenges are still open: no standard metric exist (only a shared list of five health indicators); no common rules to compute health indicators are agreed; no common concept of regular DNS behavior is defined. The Measuring the Naming System (MeNSa) project proposes a formal and structured methodology and a set of metrics for the evaluation of the DNS health and security levels. This article discusses the problem of measuring the DNS health level and introduces the main concepts of the MeNSa project. Finally, using a real case study, the problem of metrics aggregation is discussed. © 2013 IEEE.


Rigoni A.,Global Cyber Security Center | Di Blasi S.,Global Cyber Security Center
10th European Conference on Information Warfare and Security 2011, ECIW 2011 | Year: 2011

The Domain Name System (DNS) is a fundamental and critical building block of the Internet. Not only, DNS represents one of the most critical services of information infrastructures, and the strong interdependency between critical infrastructures relying on information and communication technology makes DNS a likely, disrupting target in case of cyber conflict. Critical infrastructures are no longer independent from the Internet networks: electricity plants, telecommunications services, transportation systems, banks and financial institutions heavily rely on Information and Communication Technology (ICT). New risk scenarios for critical infrastructure protection are expected, in that newer threats propagate through the Internet networks and exploit Internet infrastructure vulnerabilities, making such threats as cyber espionage, cyber conflict and cyber terrorism a likely possibility every government should consider in its national security agenda. DNS is vulnerable to a series of threat agents, and these vulnerabilities might be exploited by coordinated groups of attackers to produce damages to national critical assets. A more secure DNS in terms of technology, processes, policy making and organizational structures is needed. The proposal presented in this paper represents a work in progress, whose main objective consists in the development of an accepted metric framework for DNS security and stability: this will be accomplished through a deep state-of-theart analysis of current DNS metrics and KPIs, the proposal of a newer set of KPIs and consequential sharing of the results with the DNS community. We believe the definition and collection of these metrics will pave the way to the empirical definition of a DNS stability baseline, leading to the establishment of best practices, standards and acceptable service levels for a consolidated overarching DNS security policy making framework and raising awareness on DNS vulnerabilities and threats outside DNS community.

Loading Global Cyber Security Center collaborators
Loading Global Cyber Security Center collaborators