Safety-Critical Cyber-Physical Attacks: Analysis, Detection, And Mitigation

1y ago
4 Views
2 Downloads
1.26 MB
8 Pages
Last View : 23d ago
Last Download : 2m ago
Upload by : Eli Jorgenson
Transcription

Safety-Critical Cyber-Physical Attacks:Analysis, Detection, and MitigationHui Lin, Homa Alemzadeh, Daniel Chen, Zbigniew Kalbarczyk, Ravishankar K. IyerCoordinated Science Laboratory, University of Illinois at Urbana-Champaign,1308 W. Main Street, Urbana, IL, 61801{hlin33, alemzad1, dchen8, kalbarcz, rkiyer}@illinois.eduFigure 1 depicts a generic CPS’s control loop and the most likelyentry points (marked as A, B, and C in Figure 1) for attackers topenetrate the system. In attacks that compromise measurements(often referred to as false or bad data-injection attacks, marked astype A in Figure 1), the attackers try to mislead the controlalgorithm by corrupting the cyber system states [13][19] and, thuscause a wrong command to be issued to the physical process.Examples of the impact of false data injection attacks, in terms ofdisrupting control operations and potential economic losses, arestudied in [24][26].ABSTRACTToday's cyber-physical systems (CPSs) can have very differentcharacteristics in terms of control algorithms, configurations,underlying infrastructure, communication protocols, and real-timerequirements. Despite these variations, they all face the threat ofmalicious attacks that exploit the vulnerabilities in the cyberdomain as footholds to introduce safety violations in the physicalprocesses. In this paper, we focus on a class of attacks that impactthe physical processes without introducing anomalies in the cyberdomain. We present the common challenges in detecting this typeof attacks in the contexts of two very different CPSs (i.e., powergrids and surgical robots). In addition, we present a generalprinciple for detecting such cyber-physical attacks, which combinethe knowledge of both cyber and physical domains to estimate theadverse consequences of malicious activities in a timely manner.Type A attacks frequently aim at indirect changes of the commandsissued to the physical process. However, in today’s CPSs,commands are often transmitted over IP-based control network onunprotected communication channels. If an attacker can gain accessto the control network or the communication link between the cyberand physical components, the attacker can disrupt the system bydirectly compromising the control commands (type C attack). Thisis not to say that the attacks on sensor measurements are notimportant. Quite the opposite, compromised measurements can beused to hide the real (potentially anomalous) state of the power gridin order to delay the detection of the attacks before the actualdamage to the system (as seen in the example of Stuxnet [9] and inthe recent study [16]).1. INTRODUCTIONIn today's cyber-physical systems (CPSs), control operationsinvolve complex interactions between cyber domain controls andphysical domain processes. As shown in Figure 1, measurementscollected from the physical processes are used as an input to thecontrol algorithms to update the models of the physical processesin the cyber domain. Based on the current model and estimation ofthe state of physical processes, the control algorithms generatecommands to adjust the state of the physical processes.To identify and rank the attacks that exploit the vulnerabilities inphysical components (marked as type B in Figure 1), manyresearchers proposed metrics, which can be used to uncoverdifferent types of vulnerabilities [27][28]. For example, powersystem’s electrical characteristics, such as the load of substation ortransmission lines, can be used to understand how an overloadingevent, caused by cyber-attacks, could cause a safety violation.Additionally, previous research studied the characteristics of thetransmission network (e.g., connectivity or the length of theshortest path between substations) to specify how malicious attackscan propagate through CPSs [11][15].Instead of perturbing physical components simultaneously,previous research analyzes in type B attacks that an adversaryperturbs physical components in sequence. A brief discussion onthe risk of the cascaded outage caused by accidents or attacks ispresented in [25]. Zhang et al. experimentally demonstrate that thecascaded attack can introduce more significant damage than theattacks that perturb multiple physical components simultaneously[28]. Note that, type B attacks often require physical access to theactual CPS device, which is not easy, less practical, and has a higherrisk of being detected.Figure 1. Cyber-physical system control.Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. Copyrights forcomponents of this work owned by others than ACM must be honored.Abstracting with credit is permitted. To copy otherwise, or republish, topost on servers or to redistribute to lists, requires prior specific permissionand/or a fee. Request permissions from Permissions@acm.org.HotSoS '16, April 19-21, 2016, Pittsburgh, PA, USA 2016 ACM. ISBN 978-1-4503-4277-3/16/04. 15.00DOI: http://dx.doi.org/10.1145/2898375.2898391Our research focuses on studying type C attacks, in which thecontrol fields of commands delivered over communicationchannels are maliciously modified, and assessing the impact of theattacks on the resiliency of CPSs. Unlike type B attacks thatconsider attacks on all combinations of physical components, wenarrow down the search space to only include the components thatattackers can compromise through cyber domain, to reduce the82

analysis time and computation power. Unlike type A attacks thataffect the process indirectly, modifying control fields can directlyaffect the physical process and thus, introduce safety violation. Tomake things worse, it is difficult to detect this class of attacks bysolely monitoring in the cyber domain, because their modificationsdo not introduce any anomalies in the control flow andcommunication protocols.software receives the user commands (e.g. the desired position andorientation of the robot) through a teleoperation console andtranslates them into surgical movements by issuing motorcommands. In Figure 2(b), which shows the common controlstructure used in a power grid, the control software receives themeasurements of current, voltage, and power usage, estimates theelectronic state, and issues commands which can adjust powersystem’s operational conditions.As shown in [18], the malicious modification of control commandscan impact power system's steady state and dynamic behavior. In[1] we demonstrated that malicious modification of controlcommands in a surgical robot could cause abrupt jumps of a fewmillimeters in the robotic arms. If the attacker mounts the attackduring a surgical procedure, it could cause catastrophic damage tothe robot and harm the patient in the middle of a surgery. Anotherexample of this type of attack is the recent incident in Ukrainianpower grids, where attackers used the cyber domain to injectmalicious commands, which resulted in safety violation of the gridand caused the grid to be down for several hours [2][4].Both robotic surgical systems and power grid infrastructure sharethe similar feedback loops, which allow us to propose a generaldetection principle on common CPSs (details in Section 4).However, the implementation of the control structure andalgorithms can vary dramatically in different CPSs, whichimplements the detection principle into ad-hoc methods for cyberphysical attacks in different systems.2.1 Surgical Robotic SystemSurgical robots are designed as human-operated roboticallycontrolled systems, consisting of a teleoperation console, a controlsystem, and a patient-side cart (which hosts the robotic arms,holding the surgical endoscope and instruments).To detect such attacks in a timely manner, our approach is tocombine the information from both cyber-domain simulations withphysical domain process state in a smart way. Contrary to previouswork, which mainly focuses on analysis and monitoring ofmalicious activities in the cyber domain, we believe that combiningthe modeling and simulation of both cyber and physicalinfrastructures is the key to predict the potential safety violation andcan be beneficial to comprehensive study of attacks and theirimpacts.Figure 3(a) shows the common configuration of the RAVEN IIsystem, an open-source surgical robot [20][22]. The desiredposition and orientation of robotic arms, foot pedal status, and robotcontrol mode are sent from the master console to the robotic controlsoftware over the network using the Interoperable TeleoperationProtocol (ITP), a protocol based on the UDP [12]. The controlsoftware receives the user packets, translates them into motorcommands, and sends them to the control hardware, which enablesthe movement of robotic arms and surgical instruments.In this paper, we focus on a class of attacks that impact the physicalprocesses without introducing anomalies in the cyber domain (typeC attacks). We discuss the common challenges in detecting thistype of attacks in the contexts of two very different CPSs, namely,power grids and surgical robots. We discuss general principles fordetecting such cyber-physical attacks, which combine theknowledge of both cyber and physical domains to estimate theadverse consequences of malicious activities in a timely manner.2. OVERVIEW OF TARGET CPSSIn Figure 2, we show the control structures of two example CPSs(i.e., robotic surgical systems and power grid infrastructures) sideby side to demonstrate their similarities. Both CPSs rely on afeedback control loop, in which human system operators rely onmeasurements from the physical systems to decide the appropriateoperations.(a)SubstationControl CenterSCADAMasterFieldGPSClockLocal HMIWANDataAggregatorSwitch(with SPAN support)DNP3Data storage& s(b)Figure 3. Example communication structures for (a) roboticsurgical systems and (b) power grid infrastructures.(b)Figure 2. Example control structures for (a) robotic surgicalsystems and (b) power grid infrastructures.The control software runs as a node (process) on the RoboticOperating System (ROS) middleware [21] on top of a real-time(RT-Preempt) Linux kernel. It communicates with the physicalmotor controllers and a Programmable Logic Controller (PLC)through a hardware interface (two custom USB interface boards).In Figure 2(a), which shows the typical control structure of arobotic system used in minimally invasive surgery, the control83

The interface boards include commodity programmable devices,digital to analog converters, and encoder readers. The PLC controlsthe fail-safe brakes on the robotic joints and monitors the systemstate by communicating with the control software.other buses at each timestamp. The power-flow equations arenonlinear; solving them can obtain the steady state of a powersystem. There are two groups of approaches to solve power-flowequations. AC power-flow analysis uses iterative algorithms (e.g.,Newton-Raphson algorithm) to calculate solutions that are within apredefined error threshold. DC power-flow analysis solves thelinear approximation of the power-flow equations in order to getthe solution more quickly.The RAVEN control system starts with an initialization phasebefore getting ready for the operation. During the initializationphase, the mechanical and electronic components of the system aretested to detect any faults or problems. After successfulinitialization, the robot enters the “Pedal Up” state, in which therobot is ready for teleoperation but the brakes are engaged. Whenthe human operator presses the foot pedal on the master console,the robot moves to the “Pedal Down” state. In this state the brakesare released from the motors, allowing the teleoperation console tocontrol the robot.Time constrains. In power grids, the requirements to delivermeasurements or control commands can range between hundredsof milliseconds to several seconds [10]. For example, commands toprotect devices against short-circuit faults are required to deliverwith 166 milliseconds while commands issued by control centersto operate devices in substations can take several seconds to finish.Control algorithm. In each control loop, the current state (positionand orientation) of the end effector on each robotic arm is estimatedbased on the encoder readings from its joints using the forwardkinematics function. The user-desired end-effector positions andorientations (received from the surgeon console) are translated tothe joint and motor positions using inverse kinematics calculations.Then the amount of torque needed for each motor to reach its newposition is obtained from a Proportional-Integral-Derivative (PID)controller that minimizes the error between the desired andmeasured torque values. Finally, the motor torque commands aretransferred in the form of DAC commands to the motor controllerson the USB interface boards, to be executed on the physical motorson each arm.Discussion. The intrusiveness of the control algorithms vary indifferent CPSs. Some cyber domain commands may only tune theinputs to the physical process while others may significantlymodify the configuration of the physical process [6][7]. Forexample, in surgical robotic systems, control commands are inputvalues of differential equations, which specify the movement ofrotors and joints. In power grids, however, a system administratorcan directly control circuit breakers responsible forconnecting/disconnecting transmission lines and thus, change thetopology of transmission networks. The consequence is that theparameters, instead of inputs, of power-flow equations are changed.3. CHALLENGESThe control operations in CPSs rely on continuous interactionbetween cyber and physical components, which present newchallenges in detecting potential attacks launched against thesystem.Time constraints. The robot control software must complete eachiteration of computing the new position of the robotic arms withintime less or equal to 1ms.2.2 Power Grid Infrastructure3.1 Attack DetectabilityA power system is composed of buses (representing substations)that are connected through transmission lines. We use the voltagemagnitude and angle for each bus to represent the operationalconditions of a power grid.Cyber-physical attacks in CPS are difficult to detect by monitoringthe cyber or physical domains separately from each other. Table 1uses power grids and robotic surgery systems as examples todescribe the challenges in the attack detection based on monitoringcyber or physical domains alone.Figure 3(b) shows a common communication structure used in apower grid, which has three major parts: control center, substations,and field sites. The Control Center uses SCADA (SupervisorControl And Data Acquisition) Master, which collects data fromSubstations, analyzes the data (using the state estimation software),and issues commands (opening/closing breakers or adjustinggenerations) to devices in substations to maintain and controloperation of the grid.It is difficult to detect and mitigate attacks based solely on theactivities from the cyber domain, due to two reasons. First, in manyCPSs, the communication protocol in the cyber domain usuallylacks security characteristics, such as encryption/authentication,due to use of legacy devices and demanding requirements ofdelivery time in network communication. Consequently, attackerscan easily perform reconnaissance by passively monitoring thecommunication without generating anomaly in the cyber domain.For example, the DNP3 protocol, which is widely used in the U.S.power grids, still do not have any encryption features. Second, thecompromises of the physical process can be crafted by changingone valid control command to another valid command, withoutviolating any protocol syntax, control flow, or the performance ofcommunication. For example, modification of a single bit in theDNP3 packets that deliver commands to control the circuitbreakers, can change the on/off state of the breaker. Consequently,the existing intrusion detection systems that usually rely on theanomaly of the syntax (such as the length of the commands or rangeof a field in network packets) or signatures of abnormal events canbecome ineffective against such compromises [8]. Similarly,surgical robots rely on unprotected serial links (e.g., USB, RS232,or FireWire) for transferring commands and feedback between thecyber and physical components. A maliciously crafted change innew coordinates delivered to the motors through a USB channelmight not raise any anomalies in the communication protocols, butA substation can contain various intelligent electronic devices(IEDs; e.g., relays, phasor measurement units (PMU), GPS clock,etc.). These IEDs can run off-the-shelf operating systems andcommunicate with each other over IP-based network. On the otherhand, IEDs are also connected to actuators and sensors throughproprietary links to monitor the electric state at field sites.The control center is connected to substations through a wide areanetwork (WAN) as substations can be distributed in a largegeographic area. Traditionally, this control-network is not open tothe public Internet. However, to boost control efficiency, thecontrol network is often connected through corporate networks ofa power system or through personal devices (e.g., field engineeringlaptop operated by engineers working at field sites).Control algorithm. To describe the physial process of a power grid,we can formulate at each bus two power-flow equations, whichspecify the mathematic relations among the system state, thegenerated power, the consumed power, and the power delivered to84

Table 1. Challenge in Detection of Attacks in Cyber-Physical SystemsLack of encryption andauthentication mechanismsfor legacy devicesExample Cyber-Physical SystemsPower GridsSurgical RobotsCommunication is in a plain text.Leaking of user commands and stateinformation from the unencrypted datatransferred through network and serial links.Malicious and unsafecommands can be encoded inlegitimate formatsModification of a few bits in network trafficcan maintain the correct communicationsyntax.Inconsistency between thestate estimation in the cyberdomain and the actual state inphysical process.False data injection attacks on measurementsReal-time constraints oncontrol systemsAttacks are hard todistinguish from incidentalfailures and human inducedsafety hazards.Control operations should be delivered in afew hundred milliseconds.Contingency analysis evaluates theconsequence of incidents, in which one or twophysical components are out of service.Real-time constraint of 1 millisecond percontrol iteration.Similar safety-critical impact might occur dueto unexpected physical failures orunintentional human errors.Inadequate knowledge of theglobal system state.Periodically performing state estimation candetect the consequence of attacks based on thecollected measurements. However, it isdifficult for each substation to decide theimpact of a command on the whole powergrid.There are limited hardware resources on theembedded computational units in the interfaceand the physical layer of the robot to performsophisticated computations for estimatingsystem state.Physical domainCyber domainChallengesTOCTTOU (time of check to time of use)vulnerability allowing malicious modificationof the control commands after they arechecked by the software and before arecommunicated to the hardware.Lack of complex models for accurateestimation of the system dynamics andbehavior of robotic joints in real-time.could cause a sudden jump in the robotic arms and damage to thephysical system [1].remedy actions (e.g., software patching or updating operationalprocedures).It is also difficult to detect and mitigate the attacks based solely onthe activities from the physical domain. Today's CPSs rely ontraditional safety procedures that are originally designed to remedyaccidents caused by unexpected physical failures, which occurlocally. However, the safety procedures can become ineffectiveagainst malicious attacks. In power grids, traditional contingencyanalysis considers only low-order incidents (i.e., the "N-1" or "N2" contingency in which one or two devices are out of service).Consequently, it is impractical to construct a black list of thepossible attacks for a large-scale system, which could causecoordinated failure across the grid. On the other hand, surgicalrobots have a hard limit on the maximum allowable torquethreshold for the physical motor; however, this cannot detectmalicious modification of the motor command values that arewithin the range specified by the threshold but still cause deviationsthat result in safety violation.3.3 Real-Time ConstraintsCyber-physical systems usually have strict requirements on timelydelivery of control operations. However, those requirements canspan across different ranges. For example, power grids need todeliver the commands in the range from several hundredmilliseconds to several seconds [10], while the surgical robots arerequired to perform control computations within only a fewmilliseconds [1]. As a result, it is difficult to propose a runtimedetection mechanism that is appropriate for all range of CPSs. Withstringent real-time constraints on the control system operation, anyreal-time detection and mitigation actions must complete withinthose constraints to avoid deviation in system dynamics, leading topotential damage [1].4. DETECTION PRINCIPLEIn this section, we describe the detection principle (see Figure 4)and its realization in the context of power grid infrastructure andsurgical robotic systems. Because attacks are initiated in the cyberdomain and manifest in the physical domain, the detectionmechanisms should combine the knowledge (and runtime data)from the two domains to capture a complete system view andenable attack detection. Specifically, we integrate securitymonitoring in the cyber domain with the control algorithms used bythe physical domain to estimate the consequences of suspiciousactivities.3.2 DiagnosisAttacks are hard to distinguish from incidental failures and humaninduced safety hazards. For example, a malicious attack on asurgical robot by carefully changing the motor torque commandscould result in a sudden jump of the robotic arm. Similar suddenjump behavior due to unexpected physical failures or unintentionalhuman errors are also observed in actual practice [1]. Furthermore,although many cyber-physical attacks cause safety violations, theviolations themselves do not reveal the entry point of the attacksand the malicious activities in the cyber domain. Without suchinformation, it is a challenge to identify the vulnerability exploitedby attackers and thus, to perform the appropriate response orAs shown in the top flow chart in Figure 4, we obtain two pieces ofinformation from the communication between cyber domain andphysical domain (i.e., commands and measurements). From the85

Cyber-domainPhysical-domainCommandsParameters ofCommandsMeasurementsMalicious Commands?Current State ofPhysical ProcessControl temsPowerGridsControl AlgorithmMeasurementsIncrease visibility in the cyberdomainEstimate (ahead of time) theconsequence of command executionIncrease the integrity ofmeasurementsIntercept commands sent by controlsoftwareModel the robot manipulatordynamics with selected degrees offreedoms (e.g., three degrees offreedoms in our case)Retrofit hardware interface board(custom USB board) in order todeliver measurements to thedetection module.Integrate network monitors (e.g.,Bro) with SCADA protocol (e.g.,DNP3 or Modbus) analyzersUse “N-1” contingency analysis todecide relative severity of an attackCompare measurements observedby network monitors placed atdifferent locations on the network inorder to validate the integrity ofmeasurementsClassify critical and noncriticalcommandsDynamically adjust the number ofiterations in AC power flow analysisto balance detection accuracy andlatencyFigure 4. Detection principle and its application to target CPSs.measurements, we estimate the current state of physical processes;from the commands, we extract the parameters related to controloperations. Based on the measurements and the commands’parameters, the control algorithm estimates (ahead of time) thesystem impact of the control command execution and hence, allowsus to determine whether the command is malicious.attacks, we can take advantage of the detection methods proposedto protect the integrity of measurements [5].Control algorithm. We need to employ the control algorithms andestimation techniques to look ahead to the changes in states and thedynamics of the physical system upon execution of controlcommands. The operation of physical systems (e.g., the power flowin power grids or the movements of robotic arms in surgical robots)can be accurately estimated using nonlinear dynamic models of thesystem. Most control algorithms rely on the computation ofdifferential equations to run such models, which can take a longtime to finish and thus, make real-time monitoring difficult. Eventhough existing optimization techniques and linearized models canreduce the computation cost of the state estimation, fusing theinformation on the activities observed in the cyber domain (e.g., thenetwork activities) with multiple estimated measurements from thephysical domain can further optimize the computation and reducethe detection latency.In the table in Figure 4, we explain the detection principle and itsapplication in the two target CPSs. The first row of the table(“Common Principle”) gives common principles that can beapplied to accurately observe commands, collect trustedmeasurements, and build control algorithms. The second (“RoboticSurgery”) and the third (“Power Grids”) rows summarize theimplementation of the identified principles in the two target CPSs.Observability of commands. In order to accurately obtain theparameters of commands, we need to increase the visibility in thecyber domain, which includes the control software, communicationnetwork, and computing platforms. Many current CPSs useproprietary protocols, which network monitors cannot fullyunderstand. The goal of increasing the visibility is to improve ourawareness and understanding of what is really happening ratherthan what we believe should have happened in the cyber domain.Also, we can obtain a better understanding of the interactionsbetween the cyber and physical components, which can help indesigning efficient and effective detection mechanisms against thetargeted attacks.Discussion. Note that this detection principle complements theongoing efforts to secure the computing environment in CPSs, suchas using virtual private networks and adding encryption andauthentication features to communication channels. In the cases inwhich an insider attacker can bypass such security mechanisms(e.g., the Stuxnet attackers obtained a valid security certificate [9]),the detection technique proposed here can help to reveal themalicious intentions behind activities that appear normal to systemoperators but are unsafe when propagated to the physical system.Collection of measurements. Trusted measurements are essential tomake an accurate estimate of the impact of the control commandson the system state. However, collecting trusted measurements isnot easy, as many attacks (marked by “A” in Figure 1) focus oncompromising measurements of CPSs to reduce observability ofphysical domain. Consequently, on detecting cyber-physical4.1 Detection in Robotic Surgical SystemsObservability of commands. We retrofitted the hardware interfaceboard (custom USB board) in the control system of the RAVENsurgical robot such that the detection mechanism based on the86

dynamic model (details in the next paragraph) receives all controlcommands sent by the control software and monitors them beforethey are executed on the physical robot.executions of the commands. One critical challenge was thatexisting algorithms proposed for power-flow analysis have fixedparameters; using these algorithms, the detection latency could notalways meet the real-time requirements of delivering controlcommands.Collection of measurements. As shown in [1], software running inthe programmable microcontroller (e.g., firmware) of the hardwareinterface board can become an attack target. Once attackerspenetrate the interface board, they can compromise measurements,to indicate the wrong physical state. However, this is less likelycompared with attacks targeting the control software running in thecyber domain, since gaining remote access to the interface boardand changing the firmware requires passing through several morebarriers. One solution to ensure the integrity of the firmware is toapply remote attestation periodically [14] or to comparemeasurements observed at different locations.To shorten detection latency while preserving detection accuracy,we proposed a new adaptive power-flow analysis and integrated itwith real-time network analyzers [18]. Specifically, we adapted thenumber of iterations that the iterative algorithm in AC power-flowanalysis used to estimate the power system state. Instead ofstatically fixing this parameter (e.g., being fixed by one loop ofiteration in [3]), we dynamically adapted the number of iterationsbased on the parameters of control commands observed at runtime.Specifically, when a disturbance of multiple devices is observed,the number of iterations to analyze it is assigned as the averagenumber of iterations that the classical AC power-flow analysistakes to analyze the disturbance of each involved device (i.e., theN-1 contingency analysis). By dynamically adjusting the numberof iterations, we can save computation time to perform accuratedetection on more severe perturbations. Our experimentsdemonstrate that the adaptive algorithm ca

the risk of the cascaded outage caused by accidents or attacks is presented in [25]. Zhang et al. experimentally demonstrate that the cascaded attack can introduce more significant damage than the attacks that perturb multiple physical components simultaneously [28]. Note that, type B attacks often require physical access to the

Related Documents:

injection) Code injection attacks: also known as "code poisoning attacks" examples: Cookie poisoning attacks HTML injection attacks File injection attacks Server pages injection attacks (e.g. ASP, PHP) Script injection (e.g. cross-site scripting) attacks Shell injection attacks SQL injection attacks XML poisoning attacks

ing. Modern power systems are thus cyber-physical power systems (CPPS). Although the coupling of these two net-works brings some convenience, the power system is more vulnerable to intricate cyber environment, which puts the CPPS at the risk of cyber attacks [1], [2]. In general, external attacks on CPPS can be divided into physical attacks, cyber

risks for cyber incidents and cyber attacks.” Substantial: “a level which aims to minimise known cyber risks, cyber incidents and cyber attacks carried out by actors with limited skills and resources.” High: “level which aims to minimise the risk of state-of-the-art cyber attacks carried out by actors with significant skills and .

cyber attacks. Today, cyber attacks are among the most critical business risks facing corporations. A cyber attack may damage the profit, customer relations, and the reputation of a company. Accordingly, it is crucial to focus on cyber and information security in the board room. 2. Cyber competences in the Board of Directors Board members need .

Cyber Security Training For School Staff. Agenda School cyber resilience in numbers Who is behind school cyber attacks? Cyber threats from outside the school Cyber threats from inside the school 4 key ways to defend yourself. of schools experienced some form of cyber

Cyber crimes pose a real threat today and are rising very rapidly both in intensity and complexity with the spread of internet and smart phones. As dismal as it may sound, cyber crime is outpacing cyber security. About 80 percent of cyber attacks are related to cyber crimes. More importantly, cyber crimes have

Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.

normally trade if trading as either a “day trader” or a “position trader” (simply due to the fact that those styles typically require larger stops thus shrinking the amount of lots one can safely trade according to equity management principles). By trading more lots a scalper can achieve significant gains comparable to the gains expected by day & position traders in the same time span .