Critical Infrastructure Protection XIII: 13th IFIP WG 11.10 International Conference, ICCIP 2019, Arlington, VA, USA, March 11–12, 2019, Revised Selected Papers

Recent years have seen increases in the number of data breaches. This chapter attempts to quantify the impacts of data breaches in terms of the monetary costs incurred by providers and consumers. This is important because data breaches are a major factor when allocating funds for security controls. Case studies involving the Equifax incident in 2017 and the Target incident in 2013 are employed to demonstrate that the cost impacts of data breaches are significant for providers as well as consumers. The cost components in the overall cost function for providers and consumers are presented. Guided by open-source data, the cost components in the provider portion of the cost function are expressed as best-fit functions of time since the data breach. An important point in the cost quantification is that equal weights are assigned to the costs incurred by the provider and the consumers.

[1]  Milos Manic,et al.  Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks , 2014, IEEE Transactions on Industrial Informatics.

[2]  Sheldon A. Munns,et al.  RF-DNA Fingerprinting for Airport WiMax Communications Security , 2010, 2010 Fourth International Conference on Network and System Security.

[3]  Agachai Sumalee,et al.  Smarter and more connected: Future intelligent transportation system , 2018, IATSS Research.

[4]  Huan-Liang Tsai,et al.  Development of Generalized Photovoltaic Model Using MATLAB / SIMULINK , 2022 .

[5]  D. Watson,et al.  The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis , 2008, 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing.

[6]  Kang G. Shin,et al.  Fingerprinting Electronic Control Units for Vehicle Intrusion Detection , 2016, USENIX Security Symposium.

[7]  Hafiz Malik,et al.  Linking received packet to the transmitter through physical-fingerprinting of controller area network , 2017, 2017 IEEE Workshop on Information Forensics and Security (WIFS).

[8]  C. Stoll The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage , 1990 .

[9]  Michael A. Temple,et al.  Physical layer identification of embedded devices using RF-DNA fingerprinting , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[10]  Balaji Viswanathan,et al.  Performance Benchmarking and Optimizing Hyperledger Fabric Blockchain Platform , 2018, 2018 IEEE 26th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS).

[11]  Ralf-Philipp Weinmann,et al.  Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks , 2012, WOOT.

[12]  Madhusudan Singh,et al.  Previous work : Blockchain technology for Intelligent Transportation System , 2017 .

[13]  Bogdan Groza,et al.  Source Identification Using Signal Characteristics in Controller Area Networks , 2014, IEEE Signal Processing Letters.

[14]  Sean W. Smith,et al.  YASIR: A Low-Latency, High-Integrity Security Retrofit for Legacy SCADA Systems , 2008, SEC.

[15]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[16]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[17]  Timothy J Carbino,et al.  Exploitation of Unintentional Ethernet Cable Emissions Using Constellation Based-Distinct Native Attribute (CB-DNA) Fingerprints to Enhance Network Security , 2015 .

[18]  Timothy J. Carbino,et al.  Physical-Layer discrimination of Power Line Communications , 2017, 2017 International Conference on Computing, Networking and Communications (ICNC).

[19]  Thelma Virginia Rodrigues,et al.  OpenPLC: An open source alternative to automation , 2014, IEEE Global Humanitarian Technology Conference (GHTC 2014).

[20]  Michael A. Temple,et al.  Conditional Constellation Based-Distinct Native Attribute (CB-DNA) fingerprinting for network device authentication , 2016, 2016 IEEE International Conference on Communications (ICC).

[21]  Mathew Lukacs,et al.  Device identification using active noise interrogation and RF-DNA "fingerprinting" for non-destructive amplifier acceptance testing , 2016, 2016 IEEE 17th Annual Wireless and Microwave Technology Conference (WAMICON).

[22]  Michael A. Temple,et al.  Authorized and Rogue Device Discrimination Using Dimensionally Reduced RF-DNA Fingerprints , 2015, IEEE Transactions on Information Forensics and Security.

[23]  Dong Hoon Lee,et al.  Identifying ECUs Using Inimitable Characteristics of Signals in Controller Area Networks , 2016, IEEE Transactions on Vehicular Technology.

[24]  Michael A. Temple,et al.  A Comparison of PHY-Based Fingerprinting Methods Used to Enhance Network Access Control , 2015, SEC.

[25]  Amir Rahmati,et al.  ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem , 2018, USENIX Security Symposium.

[26]  Susan Marie Wade SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats , 2011 .

[27]  Craig Valli,et al.  SCADA Security - Slowly Circling a Disaster Area , 2009, Security and Management.

[28]  Alysson Bessani,et al.  A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform , 2017, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[29]  Michael A. Temple,et al.  Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features , 2017, IEEE Transactions on Information Forensics and Security.

[30]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[31]  Ram Dantu,et al.  Automating ECU Identification for Vehicle Security , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).