The financial sector is experiencing an increase in cyber incidents, prompting numerous firms to outsource IT infrastructure management. A primary factor contributing to these breaches is that the impacted systems are socio-technical systems (STSs), which include not only technical components such as software and hardware but also physical elements (e.g., robotics, mobility) and social components (e.g., human actors, business processes, and organizational units). Evaluating STS security breaches requires a holistic approach, considering human, organizational, software, and infrastructural elements. The study involves combining strategic factors, including social and organizational dynamics, with technical components such as software and physical infrastructure.

In our previous work, we developed a security attack-monitoring system to tackle these challenges. This framework was developed to monitor, analyze, and model security incidents across the social, cyber, and physical dimensions of cyber-physical systems (CPS). This paper employs the framework to conduct threat-led penetration testing in accordance with the Digital Operational Resilience Act (DORA), thus improving the financial sector’s capacity to address information and communication crises. This study provides important insights into cyberattacks and their impact on the financial sector by examining security breaches reported to the Swedish Civil Contingencies Agency (MSB) by critical service providers. The experiment was performed in collaboration with a prominent Swedish financial institution.

The convergence of complex networks, IoT, various services, the enormous amount of data over the network, and 5G have brought challenges to the telecom industry for enhanced service delivery and network maintenance and monitoring. With numerous Netrounds probes and test agents generating massive volumes of data, the knowledge produced is underutilized due to the manual search for insight within the data. With the help of Netrounds APIs and machine learning, the automation of Netrounds metrics data aimed to predict the network performance degradation and anomaly detection ahead of time. The automation was expected to provide meaningful data insight and minimize the violation of SLAs in terms of delay and packet loss. These are one of the primary objectives of business continuity management to handle threats and risks for various network and information systems. Automating Netrounds’ open and programable APIs through Python fed data to an automatic machine learning model (supervised learning for prediction and unsupervised learning for anomaly detection). The analytics were used to predict network behavior, anomaly detection, and maintenance of the SLA threshold.

The paper promotes the notion that any security solution for cyber-physical systems (CPS) should be adaptive and based on the type of attacks and their frequency. Namely, the solution should monitor its environment continuously to defend itself from a cyber-attack by modifying its defensive mechanism. Moreover, the research provides analyses of situations where the environment changes dynamically over time, requiring the designated adaptation to contemplate and respond adequately to these changes. In particular, it explores applying adaptive model predictive control concepts derived from control theory to develop specific adaptive security solutions. These systems can make decisions by forecasting their future performance for various modes or options of adaptation. Using quantitative information, the software then selects the adaptations that minimise the cost associated with security failures. This is highly significant considering that CPS are engineered systems built from and depend upon the seamless integration of computational algorithms and physical components. Moreover, security breaches are rising, and CPS are challenged by catastrophic damage, resulting in billions of losses making many of today’s solutions obsolete. While security agents issue new sets of vulnerability indicators and patches to address security breaches, these changes are continuous processes ad infinitum. A case study on a medical emergency response system illustrates the essential and salient futures of the proposed adaptive security framework for CPS.

Cyber security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in losses of billions of dollars per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are cyber-physical - a mix of people, processes, technology, and infrastructure. However, existing security solutions for cyber-physical systems are likely to become obsolete; even though security agents issue new sets of vulnerability indicators and patches to address security breaches, these vulnerability indicators change over time, which is a never-ending process. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber-physical systems. In this paper, we evaluate this security attack event monitoring framework. The evaluation was performed by using a large-scale case study on a medical emergency response system.

For many industries, the fourth industrial revolution has brought technological advancements in the form of advances in the integration of physical and digital technologies, particularly for cyber-physical systems, that go far beyond speed, scalability, storage, and cost-effectiveness. Smart manufacturing, smart factories, smart warehousing, and smart logistics are every aspect of the enabling Fourth Industrial Revolution. As a result of these improvements and advantages, new attack surfaces have been created that benefit malicious actors. For effective cyber security risk management in the face of converging cyber attacks, it is essential to quantify cyber risks across or within organisations that estimate cyber security risks in monetary value. This study explored and integrated the FAIR methodology(a well-recognized approach for quantitative cyber security risk assessment) to quantify cyber risk. A case study was conducted with one of the largest logistics companies in Scandinavia.

This article demonstrates a significantly different approach to managing probative risks arising from the complex and fast changing relationship between law and computer science. Law's historical problem in adapting to scientific and technologically dependent evidence production is seen less as a socio-techno issue than an ethical failure within criminal justice. This often arises because of an acceptance of epistemological incomprehension between lawyers and scientists. Something compounded by the political economy of criminal justice and safeguard evasion within state institutions. What is required is an exceptionally broad interdisciplinary collaboration to enable criminal justice decision-makers to understand and manage the risk of further ethical failure. If academic studies of law and technology are to address practitioner concerns, it is often necessary, however, to step down the doctrinal analysis to a specific jurisdictional level.

The transformation of the contemporary societies through digital technologies has had a profound effect on all human activities including those that are in the realm of illegal, unlawful, and criminal deeds. Moreover, the affordances provided by the anonymity creating techniques such as the Tor protocol which are beneficial for preserving civil liberties, appear to be highly profitable for various types of miscreants whose crimes range from human trafficking, arms trading, and child pornography to selling controlled substances and racketeering. The Tor similar technologies are the foundation of a vast, often mysterious, sometimes anecdotal, and occasionally dangerous space termed as the Dark Web. Using the features that make the Internet a uniquely generative knowledge agglomeration, with no borders, and permeating different jurisdictions, the Dark Web is a source of perpetual challenges for both national and international law enforcement agencies. The anonymity granted to the wrong people increases the complexity and the cost of identifying both the crimes and the criminals, which is often exacerbated with lack of proper human resources. Technologies such as machine learning and artificial intelligence come to the rescue through automation, intensive data harvesting, and analysis built into various types of web crawlers to explore and identify dark markets and the people behind them. It is essential for an effective and efficient crawling to have a pool of dark sites or onion URLs. The research study presents a way to build a crawling mechanism by extracting onion URLs from malicious executables by running them in a sandbox environment and then analysing the log file using machine learning algorithms. By discerning between the malware that uses the Tor network and the one that does not, we were able to classify the Tor using malware with an accuracy rate of 91% with a logistic regression algorithm. The initial results suggest that it is possible to use this machine learning approach to diagnose new malicious servers on the Tor network. Embedding this kind of mechanism into the crawler may also induce predictability, and thus efficiency in recognising dark market activities, and consequently, their closure. 

The present demand for cloud computing is driven by its scalability and adaptability, making it widely employed in enterprises. A Service Level Agreement (SLA) is a contractual arrangement between cloud providers and clients that ensures the stated level of services will be available. In order to evaluate the compliance of the services to the SLA, it is critical to monitor the availability of the cloud services. Cloud service companies offer several monitoring tools. However, such assessments are often influenced by bias, which prompts demands for impartial assessment of service level agreements (SLAs). The objective of this study is to address the issue of monitoring service availability characteristics, specifically uptime and downtime, in relation to SLA. To achieve this, a monitoring tool called SLA Analyser is proposed. The solution comprises a centralised application that generates and collects data in the primary registry database, along with a compliance report generator that computes cloud service availability using previously gathered data and compares it to the SLA availability parameter. An illustrative report is generated based on the gathered and processed data. This study specifically addresses the reliable assessment of SLA for both clients and service providers. Moreover, this study analyses the challenges associated with SLA monitoring and the repercussions of neglecting its assessment. This approach is particularly essential to organisations that use many cloud services from various vendors. The SLA Analyser was employed to monitor the availability of the cloud database services. In order to mitigate financial losses and uphold a positive reputation for consumer confidence, it is essential to validate the SLA.

Identifying potential system attacks that define security requirements is crucial to building secure cyber systems. Moreover, the attack frequency makes their subsequent analysis challenging and arduous in cyber–physical systems (CPS). Since CPS include people, organisations, software, and infrastructure, a thorough security attack analysis must consider both strategic (social and organisa- tional) aspects and technical (software and physical infrastructure) aspects. Studying cyberattacks and their potential impact on internal and external assets in cyberspace is essential for maintaining cyber security. The importance is reflected in the work of the Swedish Civil Contingencies Agency (MSB), which receives IT incident reports from essential service providers mandated by the NIS direc- tive of the European Union and Swedish government agencies. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber–physical systems. This paper scrutinises security attack patterns and the corresponding security solutions for Swedish government agencies and organisations within the EU’s NIS directive. A pattern analysis was conducted on 254 security incident reports submitted by critical service providers. A total of five critical security attacks, seven vulnerabilities (commonly known as threats), ten attack patterns, and ten parallel attack patterns were identified. Moreover, we employed standard mitigation techniques obtained from recognised repositories of cyberattack knowledge, namely, CAPEC and Mitre, in order to conduct an analysis of the behavioural patterns.

Strong encryption algorithms and reliable anonymity routing have made cybercrime investigation more challenging. Hence, one option for law enforcement agencies (LEAs) is to search through unencrypted content on the Internet or anonymous communication networks (ACNs). The capability of automatically harvesting web content from web servers enables LEAs to collect and preserve data prone to serve as potential leads, clues, or evidence in an investigation. Although scientific studies have explored the field of web crawling soon after the inception of the web, few research studies have thoroughly scrutinised web crawling on the “dark web”, or ACNs, such as I2P, IPFS, Freenet, and Tor. The current paper presents a systematic literature review (SLR) that examines the prevalence and characteristics of dark web crawlers. From a selection of 58 peer-reviewed articles mentioning crawling and the dark web, 34 remained after excluding irrelevant articles. The literature review showed that most dark web crawlers were programmed in Python, using either Selenium or Scrapy as the web scraping library. The knowledge gathered from the systematic literature review was used to develop a Tor-based web crawling model into an already existing software toolset customised for ACN-based investigations. Finally, the performance of the model was examined through a set of experiments. The results indicate that the developed crawler was successful in scraping web content from both clear and dark web pages, and scraping dark marketplaces on the Tor network. The scientific contribution of this paper entails novel knowledge concerning ACN-based web crawlers. Furthermore, it presents a model for crawling and scraping clear and dark websites for the purpose of digital investigations. The conclusions include practical implications of dark web content retrieval and archival, such as investigation clues and evidence, and related future research topics.