The dissertation presents an adaptive security framework for cyber-physicalsystems (CPSs) to address the growing challenges posed by evolving cyberattacks. CPSs rely on seamless integration between computational and physical components, making security breaches potentially catastrophic. Traditional methods often fail to keep pace with rapidly advancing threats. The proposed framework leverages real-time monitoring and adaptive model predictive control to dynamically adjust defences based on the threat type, frequency, and severity. By forecasting the impact of various strategies, the system identifies optimal responses to enhance resilience and mitigate risks. The approach strengthens CPS security by adapting to the continuously evolving threat landscape and safeguarding system integrity and functionality.

In the face of increasing cyberattacks, organizations today depend heavily on information technology resources, making regular penetration testing crucial for identifying system vulnerabilities and potential exploits. While automated vulnerability management tools are widely used, they often present challenges such as result interpretation, irrelevant findings, and overwhelming volumes of data that complicate the extraction of critical information. Manual penetration testing, on the other hand, offers greater flexibility, enabling professionals to tailor their methods to the specific characteristics of a given environment. This study focuses on semi-automated penetration testing, blending automated efficiency with manual adaptability, to identify vulnerabilities in a web application, providing insights into optimizing vulnerability detection processes.

Cyber security standards and regulations are pivotal in guiding organizations toward mitigating cyber risks and enhancing their overall security posture. The European Union’s NIS2 Directive, which introduces stringent and comprehensive security requirements, exemplifies a Current regulatory framework designed to address evolving cyber threats. This study critically examines the regulatory, governance, cyber security, and compliance challenges introduced by NIS2 within the Swedish automotive industry. It further explores the strategic integration of NIS2 with existing regulatory frameworks to streamline compliance approaches and foster long term resilience. The findings reveal the increasing complexity and financial implications of compliance, while also identifying significant opportunities to bolster cyber security resilience. This paper underscores the necessity for organizations to adopt proactive and adaptive strategies in response to the dynamic European regulatory landscape. While the focus is on the Swedish automotive sector, the study provides valuable insights that may inform future research into the broader implications of NIS2 across diverse industries and regions within the European Union.

The financial sector is experiencing an increase in cyber incidents, prompting numerous firms to outsource IT infrastructure management. A primary factor contributing to these breaches is that the impacted systems are socio-technical systems (STSs), which include not only technical components such as software and hardware but also physical elements (e.g., robotics, mobility) and social components (e.g., human actors, business processes, and organizational units). Evaluating STS security breaches requires a holistic approach, considering human, organizational, software, and infrastructural elements. The study involves combining strategic factors, including social and organizational dynamics, with technical components such as software and physical infrastructure.

In our previous work, we developed a security attack-monitoring system to tackle these challenges. This framework was developed to monitor, analyze, and model security incidents across the social, cyber, and physical dimensions of cyber-physical systems (CPS). This paper employs the framework to conduct threat-led penetration testing in accordance with the Digital Operational Resilience Act (DORA), thus improving the financial sector’s capacity to address information and communication crises. This study provides important insights into cyberattacks and their impact on the financial sector by examining security breaches reported to the Swedish Civil Contingencies Agency (MSB) by critical service providers. The experiment was performed in collaboration with a prominent Swedish financial institution.

The growing frequency of cyber-attacks on supply chains has jeopardized organizational integrity and data security, underscoring the need to strengthen Cyber Supply Chain Risk Management (CSCRM) frameworks. This paper explores the application, effectiveness, and challenges of three key frameworks—ISO, NIST, and NIS2—in mitigating third-party risks within the cyber supply chain. Using an empirical research approach, data was collected from domain experts in the field of information security. The analysis focuses on how effectively these frameworks enhance organizational data security and the practices surrounding their adoption and implementation. This study contributes valuable insights to CSCRM practices, offering actionable findings for organizations seeking to bolster their cyber defenses. The results also provide policymakers with a deeper understanding of the challenges that need to be addressed for future improvements in CSCRM frameworks.

Ensuring strong security in Cyber-Physical Systems (CPS) is increasingly essential as these systems become integral to contemporary industrial and societal infrastructures. The increasing prevalence of security risks requires the advancement of conventional security engineering approaches to tackle the distinct problems presented by CPS. This study offers a thorough assessment of the research methodologies, approaches, and strategies used in security engineering for cyber-physical systems over the last fifteen years. The review analyses the design and execution of security solutions, including empirical and conceptual investigations, along with the integration and enhancement of existing methodologies. This study seeks to offer a systematic overview of contemporary developments and pinpoint methodological concerns essential for future research in adaptive and security engineering -driven for CPS through an analysis of diverse literature. This study enhances the current discussion by providing a thorough analysis of the research environment, demonstrating the requirement for new and contextually relevant security engineering methodologies.

The paper promotes the notion that any security solution for cyber-physical systems (CPS) should be adaptive and based on the type of attacks and their frequency. Namely, the solution should monitor its environment continuously to defend itself from a cyber-attack by modifying its defensive mechanism. Moreover, the research provides analyses of situations where the environment changes dynamically over time, requiring the designated adaptation to contemplate and respond adequately to these changes. In particular, it explores applying adaptive model predictive control concepts derived from control theory to develop specific adaptive security solutions. These systems can make decisions by forecasting their future performance for various modes or options of adaptation. Using quantitative information, the software then selects the adaptations that minimise the cost associated with security failures. This is highly significant considering that CPS are engineered systems built from and depend upon the seamless integration of computational algorithms and physical components. Moreover, security breaches are rising, and CPS are challenged by catastrophic damage, resulting in billions of losses making many of today’s solutions obsolete. While security agents issue new sets of vulnerability indicators and patches to address security breaches, these changes are continuous processes ad infinitum. A case study on a medical emergency response system illustrates the essential and salient futures of the proposed adaptive security framework for CPS.

Cyber security has been a growing concern for large organizations, especially financial and governmental institutions, as security breaches in the systems they depend on have repeatedly resulted in losses of billions of dollars per year, and this cost is on the rise. A primary reason for these breaches is that the systems in question are cyber-physical - a mix of people, processes, technology, and infrastructure. However, existing security solutions for cyber-physical systems are likely to become obsolete; even though security agents issue new sets of vulnerability indicators and patches to address security breaches, these vulnerability indicators change over time, which is a never-ending process. To tackle this problem, a multi-realm security attack event monitoring framework was proposed to monitor, model, and analyse security events in social(business process), cyber, and physical infrastructure components of cyber-physical systems. In this paper, we evaluate this security attack event monitoring framework. The evaluation was performed by using a large-scale case study on a medical emergency response system.

For many industries, the fourth industrial revolution has brought technological advancements in the form of advances in the integration of physical and digital technologies, particularly for cyber-physical systems, that go far beyond speed, scalability, storage, and cost-effectiveness. Smart manufacturing, smart factories, smart warehousing, and smart logistics are every aspect of the enabling Fourth Industrial Revolution. As a result of these improvements and advantages, new attack surfaces have been created that benefit malicious actors. For effective cyber security risk management in the face of converging cyber attacks, it is essential to quantify cyber risks across or within organisations that estimate cyber security risks in monetary value. This study explored and integrated the FAIR methodology(a well-recognized approach for quantitative cyber security risk assessment) to quantify cyber risk. A case study was conducted with one of the largest logistics companies in Scandinavia.

The present demand for cloud computing is driven by its scalability and adaptability, making it widely employed in enterprises. A Service Level Agreement (SLA) is a contractual arrangement between cloud providers and clients that ensures the stated level of services will be available. In order to evaluate the compliance of the services to the SLA, it is critical to monitor the availability of the cloud services. Cloud service companies offer several monitoring tools. However, such assessments are often influenced by bias, which prompts demands for impartial assessment of service level agreements (SLAs). The objective of this study is to address the issue of monitoring service availability characteristics, specifically uptime and downtime, in relation to SLA. To achieve this, a monitoring tool called SLA Analyser is proposed. The solution comprises a centralised application that generates and collects data in the primary registry database, along with a compliance report generator that computes cloud service availability using previously gathered data and compares it to the SLA availability parameter. An illustrative report is generated based on the gathered and processed data. This study specifically addresses the reliable assessment of SLA for both clients and service providers. Moreover, this study analyses the challenges associated with SLA monitoring and the repercussions of neglecting its assessment. This approach is particularly essential to organisations that use many cloud services from various vendors. The SLA Analyser was employed to monitor the availability of the cloud database services. In order to mitigate financial losses and uphold a positive reputation for consumer confidence, it is essential to validate the SLA.