INCS-CoE Expert Community Seminar – Cybersecurity Issues in Transportation
Tuesday, November 28, 2023
8:00 am – 9:00 am EST
Hosted by Dr. Karl V. Steiner, Vice President for Research & Creative Achievement, UMBC, USA.
GraphCAN: Graph-Based Controller Area Network Security
Dr. Riadul Islam, Assistant Professor, Computer Science & Electrical Engineering, UMBC, Baltimore, MD, USA.
Abstract: Vulnerabilities and security threats associated with the widely adopted vehicular Controller Area Network (CAN) will be examined. Novel techniques for the creation of graphs from CAN data will be introduced. Subsequently, various methods, encompassing statistical analyses, machine learning algorithms, and graph neural network approaches, will be presented as potential means to enhance the security of CAN networks. Furthermore, the challenges related to processing extensive sensor data within a stringent timing budget will be addressed, emphasizing the significance of implementing intrusion detection algorithms on edge devices with a focus on cost-effectiveness.
Advancing Cyber-Resilience in the Age of Autonomous Vehicles
Dr. Rolando Martins, Assistant Professor, Computer Science, University of Porto, Portugal.
Abstract: The adoption of autonomous vehicles requires shifting cyber-physical infrastructures. They are high-value targets, and while Zero Trust is vital, it is insufficient against modern cyber threats. The traditional firewall-based “fortress” approach falls short against advanced adversaries. This situation has reignited interest in Intrusion Tolerance, underutilized since the ‘90s due to its complexity. We will showcase work at the UP Cybersecurity and Privacy Centre (C3P)’s on cybersecurity, focusing on autonomous vehicles.
From Skyjacking to Carjacking: Challenges and Opportunities in Securing Modern Navigation Technologies
Dr. Aanjhan Ranganathan, Assistant Professor, Khoury College of Computer Sciences, Northeastern University, Boston, MA, USA.
Abstract: Modern transportation systems rely heavily on accurate positioning and navigation technologies, which have become increasingly vulnerable to security threats. In this talk, we will explore the security challenges associated with secure positioning and navigation in modern vehicles, including the impact of GPS spoofing on unmanned aerial vehicles (UAVs) and the security problems of instrument landing systems used in aviation as one of the primary means of navigation aid for landing. We will also discuss the security problems of automotive radar, where we will show how easily radio frequency radar signals can be manipulated to fake distances and velocities, compromising the safety of the vehicle and passengers. We will see how even with cryptographic primitives, the challenges to securing positioning, navigation, and timing technologies is no trivial task. The talk will aim to highlight the fundamental limits that exist in securing current technologies and a call for designing secure alternatives.
INCS-CoE Expert Community Seminar – The Growing Role of AI in Cybersecurity
Thursday, September 7, 2023
8:00 am – 9:00 am EDT / 13:00 London / 21:00 Tokyo
The seminar will showcase presentations by experts in the areas of Cybersecurity & AI
The weblink link will be provided soon.
Hosted by Dr. Karl V. Steiner, Vice President for Research & Creative Achievement, UMBC
Optimizing vulnerability triage in DAST with deep learning
Dr. Paul Miller, Queens University Belfast, U.K. – Interim Director of the Global Innovation Institute (GII) and Deputy Director of the Centre for Secure Information Technologies (CSIT) at QUB.
Abstract: False positives generated by vulnerability scanners are an industry-wide challenge in web application security. We present a novel multi-view deep learning architecture to optimise Dynamic Application Security Testing (DAST) vulnerability triage, with task-specific design decisions exploiting the structure of traffic exchanges between our rules-based DAST scanner and a given web app. Leveraging convolutional neural networks, natural language processing and word embeddings, our model learns separate yet complementary internal feature representations of these exchanges before fusing them together to make a prediction of a verified vulnerability or a false positive. Given the amount of time and cognitive effort required to manually review high volumes of DAST results correctly, the addition of this deep learning capability to a rules-based scanner creates a hybrid system that enables expert analysts to rank scan results, deprioritise false positives and concentrate on likely real vulnerabilities. This improves productivity and reduces remediation time, resulting in stronger security postures.
Evaluating what generative AI systems know about cybersecurity
Dr. Tim Finin, UMBC, USA – Willard and Lillian Hackerman Chair in Engineering and a Computer Science and Electrical Engineering Professor at UMBC.
Abstract: The public release of OpenAI’s ChatGPT system eight months ago signaled an inflection point for AI technology and its applications. While these AI systems have well-known shortcomings, they have the potential to help in many ways. After describing the technology, I will report on a recent evaluation of OpenAI’s ChatGPT and Google’s Bard ability to solve cybersecurity problems using two datasets designed to test students’ knowledge: the Cybersecurity Concept Inventory (CCI) and the Cybersecurity Curriculum Assessment (CCA). The CCA results will be compared with those from a recent evaluation of 193 students from seven colleges and universities. Spoiler: one of the AI systems performed surprisingly well.
The use of machine learning algorithms in hardware security
Dr. Avi Mendelson, Technion, Israel – Professor in the CS and EE Departments, and a member of the Technion Computer Engineering center.
Abstract: Machine learning is widely used these days to help expose Hardware Security vulnerabilities and serve as another attack vector. The talk will provide a brief introduction to some of the machine-learning technologies, followed by a few unique examples, such as (1) the use of machine-learning algorithms to assist side-channel attacks and (2) The use Graph Neural Networks (GNN) to locate potential location within a chip that may contain Hardware Trojan horses.
INCS-CoE Expert Community Seminar – Cybercrime and Ransomware (May 31, 2023)
8:00 am EST / 13:00 London / 21:00 Tokyo
This seminar will showcase three presentations from experts in the area of cybercrime and ransomware.
Speaker: Dr Jason Nurse
Title: Cyber insurance and ransomware
Bio: Dr Jason R. C. Nurse is an Associate Professor in Cyber Security in the Institute of Cyber Security for Society (iCSS) & School of Computing at the University of Kent, UK. He also holds the roles of Visiting Fellow in Defence & Security at Cranfield University, UK, and Associate Fellow at the Royal United Services Institute for Defence and Security Studies (RUSI). He received his PhD from the University of Warwick, UK. His research interests include cyber insurance and ransomware, security risk management, corporate communications and cyber security, cyber resilience, and security culture. Jason was selected as a Rising Star for his research into cybersecurity, as a part of the UK’s Engineering and Physical Sciences Research Council’s Recognising Inspirational Scientists and Engineers (RISE) awards campaign. Dr Nurse has published over 100 peer-reviewed articles in internationally recognised security journals and conferences, and he is a professional member of the British Computing Society.
Related work: https://www.sciencedirect.com/science/article/pii/S016740482300072X
Presentation slides: INCS-CoE-2023-Jason-Nurse
_____________________________________
Speaker: Dr Maria Bada
Title: Improving resilience to ransomware
Bio: Dr Maria Bada is a Lecturer at Queen Mary University in London. Maria is a behavioural scientist, and her work focuses on the human aspects of cybersecurity and cybercrime. Her research looks at the effectiveness of cybersecurity awareness campaigns. She has collaborated with government, law enforcement and private sector organisations to assess national level cybersecurity capacity and develop interventions to enhance resilience. She has also supported National Cyber Security Strategy development for the UK and governments in Europe, Africa, Asia and Latin America. She is a member of the National Risk Assessment (NRA) Behavioural Science Expert Group in the UK, working on the social and psychological impact of cyber-attacks on members of the public.
Related work:
https://bpb-eu-w2.wpmucdn.com/blogs.bristol.ac.uk/dist/3/939/files/2022/02/RISCS-Ransomware-workshop-report_Feb2022.pdf
https://assets.kpmg.com/content/dam/kpmg/uk/pdf/2022/11/improving-resilience-to-ransomware.pdf
https://riscs.org.uk/research/research-themes/cybercrime/
Presentation slides: INCS-CoE-2023-Maria_Bada
_____________________________________
Speaker: Dr Darren Hurley-Smith
Title: Game Theoretic Analysis of Ransomware: Identifying and Mitigating Motivators to Pay
Bio: Dr Darren Hurley-Smith is a Senior Lecturer in Information Security, in the Information Security Group of Royal Holloway University of London. Darren has been involved in Ransomware research since 2016, where he worked as PDRA on the RAMSES Horizon 2020 project until 2020. He has authored papers in the area of game theoretic modelling of ransomware and ransomware targeting blockchain and web3 services. A substantial portion of his current research focuses on identify opportunities for extortion in next-generation vehicular networks. His research interests include the analysis of novel ransomware strategies, Systems Security, statistical testing of Random Number Generators, and Mobile Ad Hoc Network Security. He also has a keen interest in investigating moving target defence, and cyber-security related to cloud-implemented services.
Related work:
https://link.springer.com/chapter/10.1007/978-3-031-16035-6_9
https://ramses2020.eu/wp-content/uploads/sites/3/2019/09/D4.4-Optimal-model-system.pdf
https://ramses2020.eu/wp-content/uploads/sites/3/2016/09/D4.1-Findings-on-economic-modelling-of-malware-as-a-business-model.pdf
Presentation slides: INCS-CoE-2023-Darren_Hurley-Smith
INCS-CoE Expert Community Seminar – IT and OT (March 30, 2023)
The seminar will showcase three presentations from experts in the area of cybersecurity in operational technology.
7:00-7:20 am EST / 12:00-12:20 London / 20:00-20:20 Tokyo
Title: Cyber Security and Critical Infrastructure Systems
Speaker: Prof. Chris Hankin, Security Science Fellow, Institute for Security Science and Technology, Imperial College London
c.hankin (at) imperial.ac.uk
Bio: Prof. Hankin joined Imperial College London in 1984 and was promoted to Professor of Computing Science in 1995. His research is in cyber security, data analytics and theoretical computer science. He leads multidisciplinary projects focused on providing better decision support to defend against cyber-attacks for both enterprise systems and industrial control systems. He is Director of the UK Research Institute on Trustworthy Inter-connected Cyber-physical Systems (RITICS) which focuses on cyber security of critical infrastructure. He is a Board Member for the International Cyber Security Centre of Excellence (INCS-CoE). He is a past chair of the Association for Computing Machinery (ACM) Europe Council. He chairs the ACM Europe Technology Policy Committee.
7:20-7:40 am EST / 12:20-12:40 London / 20:20-20:40 Tokyo
Title: Autonomic Resilient cyber-physical Systems
Speaker: Prof. Kiriakos Kiriakidis, Professor of Estimation and Control Dept. of Weapons, Robotics, and Control Engineering, US Naval Academy, Annapolis
kiriakid (at) usna.edu
Bio: Kiriakos Kiriakidis was born in Greece. He received the Diploma in mechanical engineering (1990) from the National Technical University of Athens, Greece, and the M.S. (1993) and Ph.D. (1996) degrees, also in mechanical engineering, from Polytechnic Institute of NYU, Brooklyn, New York. Since 1996, he has been on the faculty of the United States Naval Academy, Annapolis, MD, where he is Professor of Estimation and Control. He served as Department Chair from 2010 to 2015. Dr. Kiriakidis is a member of Institute of Electrical and Electronics Engineers, the American Society of Mechanical Engineers, and Technical Chamber of Greece.
7:40-8:00 am EST / 12:40-13:00 London / 20:40-21:00 Tokyo
Title: Operational Technology Cyber range at UMBC- Systems and Applications
Speaker: Prof. Nilanjan Banerjee, Professor of Computer Science and Electrical Engineering, University of Maryland Baltimore County, Associate Director of Cybersecurity in Manufacturing.
nilanb (at) umbc.edu
Bio: Nilanjan Banerjee is a Professor at University of Maryland, Baltimore County. He is also an Associate Director of Cybersecurity in Manufacturing at UMBC. He is an expert in mobile and sensor systems with focus on designing end-to-end cyber-physical systems with applications to physical rehabilitation, physiological monitoring, and home energy management systems. He is also an expert in cybersecurity for embedded and cyber-physical systems. Presently his research focuses on two broad areas: (1) Wearable Sensing and Analytics for Physiological Sensing; and (2) Cybersecurity for Manufacturing and Supply Chain Management. His research is funded by the National Science Foundation, National Institutes of Health, Office of Naval Research, Army Research Lab, Microsoft, Department of Defense, and the Technology Development Corporation.
Maritime security is vitally important to safeguard shipping and supply chains throughout the world. It presents a truly international challenge, given the growing frequency and sophistication of attacks against maritime infrastructure, both on the sea and on land.
The general aim of the seminar is to help stimulate further INCS-CoE involvement through research, training and/or advisory activities.
The seminar takes place on Monday the 5th of December 2022, at 08:00-09:00 US EST, 13:00-14:00 UK, 22:00-23:00 Japan, online.
The Speakers:
Andy Powell, CISO Maersk. Andy Powell is Chief Information Security Officer (CISO) at A P Moller- Maersk. He joined Maersk in May 2018 from Capgemini where he spent two and half years as Vice President for the UK Cybersecurity business selling, delivering, and running Cybersecurity solutions for over 70 Clients particularly in the Energy and Utility sectors. This ranged from CISO consultancy services to running SOC Services. Prior to this he was General Manager for Cybersecurity at CSC for two years covering UK, Ireland, Netherlands, and Israel. He spent the first 28 years of his career in the Royal Air Force retiring as an Air Commodore (1*) in Dec 2013. In his last three senior roles he was Assistant Chief of Staff (ACOS) A6 for the Royal Air Force, ACOS J6 for joint operations in Iraq/Afghanistan and Libya, and headed Service and Cyber Defence Operations for the UK Ministry of Defence at Information Systems and Services (ISS).
Rory Hopcraft, Research Fellow at the University of Plymouth. He is currently working on the EU Horizon 2020 CyberMAR Project. Prior to this his PhD was within the Centre of Doctoral Training in Cyber Security at Royal Holloway University, focusing on regulatory aspects of maritime cyber security. His current focus is on the skills and training needed by the digital seafarer. He enjoys adopting an inter-disciplinary approach to his work, and exploring new topics and themes, these include, maritime security, piracy, environmental protection, sustainability and critical infrastructure protection.
The last few years have seen a significant convergence between Information Technology (IT) and Operational Technology (OT), which controls much of our industrial and critical national infrastructure. This convergence is being accelerated by the rapid growth in the Internet of Things (IoT). Blurring boundaries between IT, OT and IoT are increasing the need for more integrated, collaborative cyber security strategies. The International Cyber Security Center of Excellence (INCS-CoE) plans to pursue collaboration aimed at designing new integrated strategies that combine IT, OT and IoT security efforts and to maximize use of existing and novel cyber security resources.
This paper briefly reviews current activities in the UK, US and Japan in the OT security and IoT spaces.
We identify three main areas for potential collaboration:
1. Supply Chain Security
2. Sharing of Testbed Facilities
3. Sharing of datasets
by UMBC, Kyushu University, Northeastern University, Keio University.
At Inamori Center Hall, Kyushu University, Kyushu
– Current Issues and On-going Activities of Super-Aging Society
– Super-Aging Society: Gerontology ad Social Study Perspective
– IT for Super-Aging Society Perspective
– Research Strategy:
– Comparative Study
– Natural Human-Smart IoT Interaction Design
– Security and Privacy of Smart IoT for Super-Aging
– Context Recognition, Understanding and Exploitation