WP
W. Pieters
73 records found
1
Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two
...
Bayesian network model to distinguish between intentional attacks and accidental technical failures
A case study of floodgates
Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attack
...
Given the significant privacy and security risks of Internet-of-Things (IoT) devices, it seems desirable to nudge consumers towards buying more secure devices and taking privacy into account in the purchase decision. In order to support this goal, this study examines the effect o
...
Individual preferences in security risk decision making
An exploratory study under security professionals
Risk assessments in the (cyber) security domain are often, if not always, based on subjective expert judgement. For the first time, to the best of our knowledge, the individual preferences of professionals from the security domain are studied. In on online survey they are asked t
...
The evaluation of the effectiveness of surveillance technology in intelligence agencies and oversight bodies is notably lacking. Assessments of surveillance technology concerning legal compliance, cost, and matters of privacy occupy a solid place, but effectiveness is rarely cons
...
Cyberattacks against healthcare institutions threaten patient care. The risk of being targeted by a damaging attack is increased when medical devices are used which rely on unmaintained legacy software that cannot be replaced and may have publicly known vulnerabilities. This revi
...
Domino effects are high-impact phenomena that have caused catastrophic damage to several chemical and process plants around the world through secondary incidents caused by primary ones. With the increasing trend of cyberattacks targeting critical infrastructures, there is a conce
...
Risk Personalization
Governing Uncertain Collective Risk Through Individual Decisions
Individuals are regularly made responsible for risks they wish to take: one can consent to processing of personal data, and decide what to buy based on risk information on product labels. However, both large-scale processing of personal data and aggregated product choices may car
...
Cyber operations are relatively a new phenomenon of the last two decades. During that period, they have increased in number, complexity, and agility, while their design and development have been processes well kept under secrecy. As a consequence, limited data(sets) regarding the
...
Because of modern societies' dependence on industrial control systems, adequate response to system failures is essential. In order to take appropriate measures, it is crucial for operators to be able to distinguish between intentional attacks and accidental technical failures. Ho
...
Cyber Operations stopped being utopia or Sci-Fi based scenarios: they became reality. When planning and conducting them, military actors encounter difficulties since they lack methodologies and models that support their actions and assess their effects. To address these issues by
...
Everything-as-a-hack
Claims-making for access to digital and social resources
In media and public discourse, cyber incidents are typically covered in terms of cybercriminals or other external threat agents managing to gain access to sensitive data and systems through weaknesses in technology and/or human factors. Such a framing of incidents foregrounds the
...
Purpose: This study aims to explore how the public perceives the effectiveness of surveillance technology, and how people’s views on privacy and their views on effectiveness are related. Likewise, it looks at the relation between perceptions of effectiveness and opinions on the a
...
Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in
...
Cyber operations lack models, methodologies, and mechanisms to describe relevant data and knowledge. This problem is directly reflected when cyber operations are conducted and their effects assessed, and it can produce dissonance and disturbance in corresponding decision-making p
...
Due to the advancement of technology and continuing emergence of international conflict situations, wars are now also conducted into the official new battlefield: Cyberspace. Although several incidents have been characterized in terms of cyber operations, there is an important ga
...
On the anatomy of social engineering attacks
A literature-based dissection of successful attacks
The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into atta
...
Plots, murders, and money
Oversight bodies evaluating the effectiveness of surveillance technology
Intelligence agencies routinely use surveillance technology to perform surveillance on digital data. This practice raises many questions that feed a societal debate, including whether the surveillance technology is effective in achieving the given security goal, whether it is cos
...
The effectiveness of surveillance technology
What intelligence officials are saying
In recent years, Western governments have come under sharp criticism for their use of surveillance technology. They have been accused of sweeping up massive amounts of information without evidence of the technologies being effective in improving security. The view of critics is c
...