Cyber-physical Systems: Security Problems and Issues of Personnel Information Security Culture

Full Text (PDF, 359KB), PP.18-26

Views: 0 Downloads: 0

Author(s)

Rasmiyya Sh. Mahmudova 1,*

1. Institute of Information Technology/Training-Innovation Center, Baku, AZ1141, Azerbaijan

* Corresponding author.

DOI: https://doi.org/10.5815/ijeme.2023.02.03

Received: 9 Sep. 2022 / Revised: 31 Oct. 2022 / Accepted: 27 Dec. 2022 / Published: 8 Apr. 2023

Index Terms

Information Security, Information Security Culture, Attack Cyberphysical Systems, İnformation Security of Cyberphysical Systems, Human Factor, Cyber Training

Abstract

Cyber-physical systems (CFS) have already become an integral part of our lives. Starting from the energy sector, production and transport, to healthcare, trade, and financial spheres, these systems have been widely applied everywhere. The realization of threats to the information security of such systems can cause very serious disasters, human casualties, financial loss, as well as damage the image of the companies that use these systems.
From this point of view, it is very important to investigate the issues of ensuring information security of KFS.Security problems of cyber-physical systems are analyzed. At the same time, the role and importance of the human factor in ensuring the information security of cyber-physical systems are explained. The difficulties faced by enterprises in informing employees about information security and forming a culture of information security in them are analyzed. Appropriate training methods are explained and recommendations are given to develop employees' necessary knowledge and skills related to information security.

Cite This Paper

Rasmiyya Sh. Mahmudova, "Cyber-physical Systems: Security Problems and Issues of Personnel Information Security Culture", International Journal of Education and Management Engineering (IJEME), Vol.13, No.2, pp. 18-26, 2023. DOI:10.5815/ijeme.2023.02.03

Reference

[1]Baheti R., Gill H. Cyber-physical systems. The impact of control technology, 2011, vol. 12, no. 1, pp. 161–166.
[2]Klaus Schwab. The Fourth Industrial Revolution.Geneva: World Economic Forum. 2016.
[3]Zeqjda P.D., Poltavceva M.A., Lavrova D.S. “Sistematizaciya kiberfizicheskix sistem i ocenka ix bezopasnosti. Problemi informacionnoy bezopasnosti,” Kompyuterniye sistemi. 2017, №2, pp. 127-138.
[4]Framework for Cyber-Physical Systems. Volume 1, Overwiew (2017) https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1500-201.pdf
[5]Kuteynikov D.L., Ijayev O.A., Zenin C.C., Lebedev V.A. “Kiberfiziceskiye, kiberbioloqiceskiye I iskustvenniye koqnitivniye sistemi: sushnost I yuridiceskiye svoystva,” Rossiyskoe pravo: obrazovaniye, praktika, nauka, 2019, No.3, pp.75-81.
[6]Li Y., Li X., Wang L., Li Y. ‘Limestone-gypsum wet flue gas desulfurization based on Cyber-Physical System’, Chinese Control And Decision Conference (CCDC), 2019, pp. 473-477.
[7]Roqozinskiy Q.Q. “Multidomenniy podxod i modeli obyektov kiberfiziceskoqo prostranstva v zadacax otobrajeniya informacii”, Trudi ucebnix zavedeniy, 2017, vol.3, No. 4, pp.88-93.
[8]Zhernova V. M. Problems of legal counteraction to cyber attacks on cyber-physical systems. Bulletin of the South Ural State University. Ser. Law, 2020, vol. 20, no. 4, pp. 104–108. (in Russ.) DOI: 10.14529/law200418.
[9]Levshun D.C., Qayfulina D.A., Ceculin A.A., Kotenko I.V. “Problemniye voprosi informacionnoy bezopasnosti kiberfiziceskix sistem”, Informatika i avtomatizaciya. vol.19, No. 5, pp. 1050-1088. https://doi.org/10.15622/ia.2020.19.5.6
[10]Alekseyev D.M., Ivanenko K.N., Ubiraylo V.N. “Klassifikaciya uqroz informacionnoy bezopasnosti”, Simvol nauki, 2016, No.9, pp. 18-20.
[11]https://controleng.ru/wp-content/uploads/7563.pdf
[12]Massel A.Q. “Metodika analiza uqrozi ocenki riska narusheniya informacionno-texnoloqiceskoy bezopasnosti enerqeticeskoy kompleksov”, Informacionniye I matematiceskiye texnoloqii v nauke I upravlenii, 2015, pp. 186-195.
[13]Zhu B., Joseph A., Sastry S. A taxonomy of cyberattacks on SCADA systems, International conference on internet of things and 4th international conference on cyber, physical and social computing, 2011, pp. 380-388.
[14]Alguliyev R., Imamverdiyev Y., Sukhostat L. “Cyber-physical systems and their security issues”, Computers in Industry, 2018, vol.100, pp. 212-223.
[15]Furnell S., Clarke N. Power to the people? The evolving recognition of human aspects of security. Comput. Secur., 2012, vol. 31, no. 8, pp. 983–988. DOI: https://doi.org/10.1016/ j.cose.2012.08.004
[16]Humans Factor in IT security: How Employees are Making Businesses Vulnerable from Within, «Kaspersky Labaratory» and B2B International, 2017, https://www.kaspersky.com/blog/the-human-factor-in-it-security/
[17]IBM 2015 Cyber Security Intelligence Index, https://informationsecurity.report/Resources/Whitepapers/fb170637-58b8-4580-9c7c-745d8adca24d_2015%20Cyber%20Security%20Intelligence%20Index%20for%20Retail.PDF
[18]ENISA threat landscape 2020: cyber attacks becoming more sophisticated, targeted, widespread and undetected. European Union Agency for Network and Information Security, https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020
[19]Katsikas SK, López J, Backes M, Gritzalis S, Preneel B (Eds). Information security: 9th international conference, ISC 2006, Samos Island, Greece, August 30–September 2, 2006. Proceedings. Springer
[20]Bendovschi A. Cyber-attacks – trends, patterns and security countermeasures. Procedia Econ Finance, 2015, 28:24–31. https://doi.org/10.1016/S2212-5671(15)01077-1.
[21]Zimmermann V, Renaud K , Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. Int J Hum Comput Stud., 2019, 131:169–187
[22]Eminağaoğlu M, Uçar E, Eren Ş, The positive outcomes of information security awareness training in companies – A case study. Inf Secur Tech Rep, 2009, 14(4):223–229. https://doi.org/10. 1016/j.istr.2010.05.002
[23]Adéleda Veiga NicoMartins, Defining and identifying dominant information security cultures and subcultures, Computers & Security, Volume 70, September 2017, Pages 72-94
[24]Insights from the Verizon 2018 Data Breach Investigation Report,https://delinea.com/blog/verizon-data-breach-report
[25]Dudley R., Golden D. The colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms. – 2021.
[26]https://digitallibrary.un.org/record/482184
[27]Vilkova A.V., Litvishkov V.M., Shvirev B.A., “Problemi neprerivnoqo obuceniya personala informacionnoy bezopasnosti”, Mir nauiki, kulturi obrazovaniya, No.4(77), 2019, pp.29-31.
[28]Lopatina K. Formirovaniye i povisheniye kulturi kiberbezopasnosti. Opit Sberbanka, Information Security, https://www.itsec.ru/articles/formirovaniye-i-povysheniye-kultura-kiberbezopasnosti
[29]Aaltola, K., & Taitto, P. Utilising Experiential and Organizational Learning Theories to Improve Human Performancein Cyber Training. g. Information & Security: An International Journal 43, no. 2 (2019): 123-133.
[30]Hill, Winston Anthony Jr.; Fanuel, Mesafint; Yuan, Xiaohong; Zhang, Jinghua; and Sajad, Sajad, "A Survey of Serious Games for Cybersecurity Education and Training" (2020). KSU Proceedings on Cybersecurity Education, Research and Practice. 7.
[31]Skorenkyy, Y., Kozak, R., Zagorodna, N., Kramar, O., & Baran, I. (2021). Use of augmented reality-enabled prototyping of cyber-physical systems for improving cyber-security education. Journal of Physics: Conference Series, 1840(1).
[32]Rasim M. Alguliyev, Rasmiyya Sh. Mahmudova, "Information Culture Formation as the Most Promising Direction of Individual`s General Culture", IJMECS, vol.7, no.3, pp.54-61, 2015. DOI: 10.5815/ijmecs.2015.03.08