An Automated, Disruption-Tolerant Device Authentication and Key Management Framework for Critical Systems


Key management is critical to secure operation. Distributed control systems, such as Supervisory Control and Data Acquisition (SCADA) systems, have unique operational requirements that make conventional key management solutions less effectiveand burdensome. This paper pres-ents a novel Kerberos-based framework for automated, disruption-tolerant key management for control system environments. Experimental tests and their results are presented to quantify the expected performance overhead of this approach. Additionally, Zeek sensor analytics are presented to aid in monitoring the health and security of the key management framework operation.

Safer and Optimised Vulnerability Scanning for Operational Technology through Integrated and Automated Passive Monitoring and Active Scanning


Vulnerability scanning of embedded sensors and controllers have a history of causing disruption and malfunction within operational technology environments. Traditional information technology vulnerability scanning generally consists of blunt exercising all or a large population of test conditions to understand how equipment responds. Often the large number and varied conditions of the tests are too much for embedded systems to handle. This paper presents a methodol-ogy and framework for integrating passive monitoring and active scanning techniques to optimise the type and amount of necessary active communication tests while achieving acceptable levels of device and vulnerability discovery. 

Best Practices for Designing and Conducting Cyber-Physical-System War Games


Cyber war games have been shown to be useful for a broad range of purposes. The authors describe and compare  methods for  designing  realistic war games  in  the  domain of Cyber Physical Systems (CPS), review general methods for conducting war games, and illustrate best practices to assist researchers and practitioners in planning their own war games. 

Safeguarding Australia from Cyber-terrorism: A Proposed Cyber-terrorism SCADA Risk Framework for Australia


In theory terrorist groups are currently using information and communication technologies (ICTs) to orchestrate their conventional attacks. More recently, terrorists have been developing a new form of capability within the cyber arena to coordinate cyber based attacks. This paper examines a cyber-terrorism SCADA risk framework. The paper proposes a high level managerial framework which is designed to measure and protect SCADA systems from the threat of cyber-terrorism within Australia.  

Results from a SCADA-Based Cyber Security Competition


On April 1 2011, Regis University hosted the 7th Computer and Network Vulnerability Assessment Simulation (CANVAS) competition with a turnout of 68 event competitors and at least two dozen faculty and spectators. The event was a major success. The competition sought primarily to introduce a Critical Infrastructure Protection (CIP) theme to a cyber competition to raise awareness of these types of attacks. This paper will discuss the goals and intricacies of developing the CANVAS cyber competition, including technical details, extensibility of CIP-focused cyber competitions, as well as the continued development and value of CIP simulation infrastructure.

Cyber-Mugging: Summary and Analysis of a Simulated ICS/SCADA Attack


In a representative Industrial Control System (ICS)/Supervisory Control And Data Acquisition (SCADA) laboratory environment, a simulated cyber attack suggests that an attacker with a low to moderate level of technical proficiency may utilize common, publicly-available tools and techniques to obtain complete control of the ICS environment. The cyber-physical relationship between information systems and industrial machinery has created environments where limited resources may be leveraged to trigger significant physical effects. The feasibility that such an incident has the potential to cause significant disruptive effects directly challenges the current paradigm that state-level resources are required to inflict catastrophic results.

Developing a Strategic Framework for Managing Security in SCADA Systems


The Internet, originally an open distributed system, has gradually evolved into a complex network as a platform for global connectivity. Today, the Internet hosts complex electronic and engineering systems (such as Supervisory Control and Data Acquisition – SCADA – systems) deployed to manage critical infrastructures. The Internet has become a platform for transporting high volumes of critical information worldwide. Securing sensitive information and safeguarding operations of critical infrastructure management systems has become critical. SCADA systems are deployed, complex operations that play a vital role in managing critical resources. This paper elaborates on the need for a holistic approach for managing the security of complex infrastructures and recommends a strategic model for security management of SCADA systems.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.















Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455