Emerging Technologies in Cybersecurity

EMERGING TECHNOLOGIES IN CYBERSECURITY

EMERGING TECHNOLOGIES IN CYBERSECURITY

By: Randall Lewis

Abstract: Cyber space is the newest domain in our world. For humans first there was Land, Sea and then Air. After Air we discovered space and now we have embarked on Cyberspace. Cyber space has at least 28 official definitions and it is defining important aspects of everyday life more and more. With the US and International trades in Cyberspace it has also become key in the world economy. The Department of Defense depends on Cyberspace to function. DoD has over 15,000 Networks, with millions of computers and devices all around the world. With the advances in technologies Cyberspace will only grow which then entails a needed growth in Cybersecurity and Cybersecurity Technologies.

 

Introduction

 

With the growth of the internet, Cyber-attacks have grown also and this has affected every aspect of business, government and commerce. From Advanced Persistent Threats (APT’s), which is only growing, to online terrorism. These attacks affect companies; local, state and National Governments and ordinary people. With billions of dollars are stolen every year in Cyberspace and there is a global push in Cybersecurity to better secure our networks.

National and economic security of the US depends on the reliability of our Critical Infrastructure. The President issued Executive Order 13636, “Improving Critical

Infrastructure Cybersecurity,” on February 12, 2013, which established that “[i]t is the Policy of the United States to enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”(NIST, 2013).

This focuses on using business managers to guide the risks and incorporating cybersecurity risks as the organizations risk in the risk management process. There are three Focuses on this framework

• Framework Core which is a set of cyber security activities, outcomes, and informative references.
• Framework Profile will help align the organization’s business requirements, risk tolerance and resources with Cybersecurity
• Framework Implementation in Tiers Helps the organizations understand their approach to Cybersecurity management of risk.(NIST, 2013 )

 

With Advanced Persistent Threats becoming more of the norm and Asymmetric Threats increasing, advancement in Cybersecurity and new technologies is needed to stay afloat in this newly connected world.

This paper is about assessing the emerging Cybersecurity Technologies and our Governments effort to nurture them. Emerging Cybersecurity technologies that we will discuss in this paper are Real-Time Forensics Analysis, Remote Agent Technologies, Smart Grid, Smart Card Technology and Research and development. Each one of these approaches and Technologies to new Cybersecurity is critical to our National Security and directly to securing our networks in Cyberspace. We need Smart Grid technology to get our systems from the old style electric grids to the newly cyber connected but cyber protected grids. Real-Time forensic Analysis is needed to catch and stop the bad guys when an intrusion or compromise happens instead of only knowing the after effects that will likely not display the total amount of damage done. Also to analyze the benefits or drawbacks of government efforts to nurture these Technologies.

 

Real-Time Forensic Analysis

 

This is an approach that is coming closer to being a reality in the modern world. Its main focus is on continuous monitoring and situational awareness (UMUC, 2012). Network forensic is based on recording and analyzing the network auditing information (Mukkamala, 2005). Forensics with computers and networks were put into place in the 1990’s and most of the current systems are passive monitors. Most attacks go undetected until a report is actually filed for the attack. The network forensic that we are all use to follows an audit trail and a system for known patterns. There are signature patterns or behavioral patterns that are monitored and when these are detected an alarm may sound or a type of investigation will begin. These systems also need a significant amount of space for storage to analyze the information. All the data must be maintained and logs must be processed and this is becoming a problem because of the size of the data.

Real-Time forensic analysis is the future and needs to be the now for all organizations. The old way of digital forensics is becoming outdated. Issues that occur are:

• Cases analyzed one device and are now analyzing multiple devices
• Encryption is not allowing data to be analyze just recovered
• The usage of the cloud is allowing for data to not even be found
• Malware is making the need greater for RAM forensics that’s not written to device storage. (Garfinkel, 2010)

 

Currently with the onset of smartphones, examiners cannot even examine information that may be stored and processed on the major operating platforms like Android, Windows mobile, blackberry and Apple. The ways for discovering information on these is becoming harder because of the tools needed to analyze the information and the fact that the data may not even reside on the smartphone. There is also not a standard to take information from a smartphone. The modern system needs change in order to keep up with the new methods of criminals and terrorist.

 

Real-Time forensic analysis is the emerging technology that will take our monitoring in the future. Continuous monitoring and real time analysis are in the process to become the norm and it is defined as maintaining an ongoing awareness of information threats and vulnerabilities in supporting the risk management decisions of an agency or an organization. The goal is to be able to respond by transferring, avoiding, rejecting, accepting, sharing or mitigating risks by conducting constant monitoring of a network, information and system.(NIST, 2010). The two primary monitoring categories are Proactive and Detective. The proactive is described as vulnerability monitoring and device awareness while the Detective is full view analysis, alerting and threat monitoring. (Tarala, 2011). These two types of monitor also need to work together to be sufficiently effect. Problems that need to be combated are Zero Day malware and Sensitive data exfiltration. Systems need to analyze all network traffic, fight back external threats and gather data from networks, applications and security systems in real time.

The steps in which this occurs is in three phases. The first is monitoring with firewalls, IDS/IPS systems and Log analysis. The second includes advanced forms of monitoring, pervasive network recording, strong visibility into the network traffic and a better understanding of the network behavior. The third is organizations are purchasing advanced tools for Firewalls, IPS, Log management systems with Real-Time Network forensics to put all the tools together and monitor the networks.

A real world example of this kind of monitoring is the Solera Networks. This is a company that produces a software based Real Time Network Forensic for advanced network protection. This product provided real time situational awareness, continuous monitoring, advanced malware detection, security incident response, security awareness, organization .policy compliance along with data loss monitoring and analysis (Solera, 2014). It does this by also recording every network packet from layer 2 to layer 7 and analyzing them.

Solera was rated as the Best Computer Forensic software in 2010 by Homeland Security. (Solera, 2014)

 

Government Role

This kind of technology offers many benefits to the government and their networks. The modern way of network forensics is going away because the types of devices used to break into systems are changing. Also most of the old ways help more for the aftermath of an attack or intrusion while the real time detection is what is needed because catching and prosecuting the offenders is more unlikely. The Government needs to catch the attack when it is in the process and stop it to have less damage. This will greatly benefit the Government in maintaining the CIA and security of the network. With APT’s, hackers have been able to infiltrate networks and stay in the network undetected for an unknown period of time. This will mitigate that threat and supply the government’s networks with another layer of added security for priceless data.

The US Department of State developed its own system called the IPost system. This system gets information feeds from different sources like Microsoft Active Directory and SMS. Also using a Vulnerability Analysis tool. They put all this information together and the IT Personnel are able to see and identify the risk levels and to respond to the threats.

The IPost system continuously monitors and reports risk on the IT infrastructure. This uses the RISK Scoring program in three stages.

•   “ Deployment of Enterprise management tools
•     Delivery of operational data to the field in an integrated application, iPost
•     Establishment of a risk scoring program” (Tarala, 2011)

 

The program is designed to meet many objectives. Some being to measure risk in multiple areas, measure improvement, provide a single score for each host, site and enterprise along with motivating admin’s to reduce risk. This scoring assigns a score to each weakness, vulnerability or other infrastructure issue.

Items that are scored include:

 

 

Component	Abbreviation	What is Scored	Source
Vulnerability	VUL	Vulnerabilities detected on a host	Tenable
Patch	PAT	Patches required by a host	SMS
Security Compliance	SCM	Failures of a host to use required security settings	Tenable
Anti-Virus	AVR	Out of date anti-virus signature file	SMS
SOE Compliance	SOE	Incomplete/invalid installations of any product in the Standard Operating Environment (SOE) suite	SMS
AD Users	ADU	User account password ages exceeding threshold (scores each user account, not each host)	AD
AD Computers	ADC	Computer account password ages exceeding threshold	AD
SMS Reporting	SMS	Incorrect functioning of the SMS client agent	SMS
Vulnerability Reporting	VUR	Missed vulnerability scans	Tenable
Security Compliance Reporting	SCR	Missed security compliance scans	Tenable

 

(Tarala, 2011)

 

The vulnerabilities are measured by Tenable, McAfee and other vulnerability scanners. Patch detection, Anti-Virus, SOE Compliance is provided by SMS while the Security Compliance is done by Tenable. AD user and Computer monitor the passwords and computer accounts.

Enterprise Level tools used are Microsoft Active Directory, Microsoft System Management Server, Tenable, NetQ App Manager, NetQ Security Manager, HP Openview, and others. IPost was needed as an integration application and here is the design

 

(Tarala, 2011)

This program needs a coordinated effort for all administrators in the risk scoring effort. There must also be continuous monitoring and resources behind it. This program has resulted in a better awareness of the system and attacks attempted.

 

Remote Agent Technologies

 

Remote agent technologies focus on remote agents that conduct centralized remote test in concern with the security of the networks (UMUC, 2012). When there is a network and needs to be patched along with other operations, this technology or the use of a Mobile Agent can be deployed. These are programs that travel within the network among the host with the execution codes and proceed automatically. The Mobile Agents can make the choice of moving from one computing environment to another and implementing in distributed systems and monitor the security of the network.

Organizations would use this technology by deploying the Mobile Agent in the network. This agent can work on its own control and perform tasks using the resources in these nodes (Tiwari, Shailendra, Tiwari & K, 2010).  The Mobile Agents have a kind of virtual grocery list of items to accomplish on each server and when they are finished they go onto the next. When they arrive at each server they will query it to determine the task that need to be accomplished. When all the nodes have been checked the agent then sends a report to the original host with all the results.

 

A real world example of this is the working of .NET remoting explained by Tiwari. Here the .NET Remoting will let the user to use the methods in another address space (Tiwari, Shailendra, Tiwari & K, 2010). The two methods are completed at an RPC in an object oriented environment and distributing them while the implementation reside on different machines. This version of remoting is the Common Language Runtime and the client application can invoke function on a server object that can even be on a remote computer over a network. This communication is run through a proxy server that allows the client to contact the server.

 

Government Role

 

There are numerous benefits to the government that this can create. For the massive amount of networks, servers and the information complex of the government, this can only benefit them. Lacking the human ability or capital to consistently monitor every aspect of the entire network 24hrs a day, this remote technology will be able to accomplish task like patching or investigating on user behavior changes to check on insider threats. With the insider threat being the number one security breach in organizations and zero-day attacks increasing, the Government cannot afford to not implement this technology. It can only mitigate these threat for a better secure and operational Government network.

One real word usage of this technology is by NASA. The software is on the Deep Space 1 and the spaceship will have more control of itself than in the past. The spacecraft itself will be able to make more decisions for itself with just general direction from the ground control (NASA, 2014). This software has model-based reasoning algorithms with goal directed planning, algorithms that are executable and fail-operation fault protection approach. The software is equipped with a planner called “Tokens” that are sent to an executive that makes decisions based on the knowledge of the spacecraft system. It examines the health of the system and can make adjustments within its frame.

 

 

Smart Card Technology

 

The Smart card is a card that can be used for identification that contains an Embedded Integrated Circuit that we call a Chip. These cards can be used for identification, authentication and data storage. These cards have the ability to contain a large amount of sensitive information and can process applications and be used as a security device for processing of applications and Single Sign On. Because Smart Cards are used to store data that is sensitive, there is a strong push for these cards to become more secure.

Companies and organizations have traditionally used these cards for Memory storage or a processing enabled card, the storage on the memory card is non-volatile while the processor enabled cards are the true smart cards (Shelfer, 2002).

The Smart Card’s operating system has a set of instructions embedded on the chip in the ROM. These are used by most programs and are called Chip Operating Systems. The cards have to be specific for a certain application because operating system and are not that flexible. Now the trend is going to a new kind of card that is called the Multi Application Card Operating Systems (MACOS). MACOS can have multiple applications that run on one card and is sufficient with high security needs.

The Technology is called MULTOS and this uses MACOS and it is the first open, high security MACOS. With MULTOS different developers can develop applications to run on the same card without interference.

Applications can also be loaded onto the card directly over the internet. This handles the need to run different applications on the card for different functions and gives the flexibility of the card that is needed for future development. Most MULTOS application are written in C with a JAVA compiler also. Even if there is another source language, they are all compiled into a MULTOS executable language which is a RISC language specific to MULTOS (CardWerk, 2013).  Invalid instructions or attempted memory accesses will be rejected by the VM. This makes it impossible for an application to access data from another application with means the security is of high standard.

Each card contains an RSA key pair that is certified through the Key Management Authority. (MULTOS, 2014). The public key is used by the data preparation software that will encipher a packet of data.

 

Government Role

 

            The benefits of Smart Card technology is priceless to the federal government. ID’s will soon carry multiple types of information including encryptions, passwords, processors, sensitive data and more. Creating a more secure smart card that will not allow a random person to access data i in case of a compromise is key for the future of securing networks and data. With data breaches increasing and attacks on networks nonstop, this type on new technological approach will only benefit the government.

The government has issued a new standard, HSPD-12, that is government wide and will secure forms of identification that is issued by the Federal government to the employees. The government is issuing this for the ID of contractors and government to be reliable and secure. This directive was originally issued on August 12, 2994 by GWB. From this standard the NIAT developed federal personal information processing standards publication. 201.

New technology that is being implemented by the Government has the two factor authentication with the Smart Card. The authentication is based on what you know, what you have and what you are. The two factor authentication will increase the assurance factor of you are who you say you are  and are authorized to access, in this case, USDA systems. (HSPD, 2014)

 

Smart Grid Technology

 

There have been many efforts to hack into or disrupt Banks, financial institutions, Critical infrastructure and the Smart Grid. In order to maintain adequate security for the Smart Grid there have been new approaches and new technologies to it.

A major part of the world is able to be connected to the internet along with the electric grid systems being more connected also. Smart Grids were previously called Electric grids and they were easily able to be protected inside control rooms, behind a locked door and the connectivity was blocked away from public access. Now with the advent of technology and connectivity, these grids are called Smart Grids and are connected to each other along with and through the internet. Instrument like the equipment and SCADA online diagram can be viewed and information can be exchanged on the net.

This new kind of communication approach to the smart grid allows it so be vulnerable to cyber criminals and Critical infrastructure attacks. The ICS-CERT noted that through Homeland Security 41% of incidents reported last year were related to energy (Hinden, 2013).  The Smart Grid or new Smart Grid Technology refers to networks of IP’s installed on the Electric Power Grid, Smart Meters, Substations, and Distribution Networks. An attack on these could possible lead to a city losing power.

Certain challenges that are faced with making changes from the old systems to the new are many. Systems such as modern SCADA/EMS/DMS systems are large and complex. The change will result in required processes to manage, maintain assets and monitor them which will cost high in resources. (Siemens, 2012). Some machines also run older OS platforms like Windows 95 to critical systems also with default passwords still used. Default passwords are a big security concern because an average person can search on the internet for the passwords and get into the system.

The Smart Grid is also call the worlds most interconnected machine and one new way to use new cybersecurity technology on the smart grid is to use PKI technologies and trusted computing components (Metke, 2010). PKI brings more to the security than just the Hardware and software, it also is embedded with policy and procedures. The PKI puts together public keys with user ID’s using digital certificates. The Registration Authority is the overhead of this process while the Certificate Authority then issues certificate to the User. Users and the connected devices can encrypt/decrypt with each other, authenticate also between devices. This builds a system of trust within the Smart Grid system. This system will allow operators to buy equipment, install it and use the PKI instead of just installing pre-loaded keys.

One of the Cons of the system is that PKI can be difficult to install and it works with higher standards. Implementing this would be done by the industry because of the lack of guidance and a model policy from the industry on how to implement it. “The purpose of a model policy is to define the naming conventions, constraints, policies, and many operational aspects of a PKI for an entire industry” (Metke, 2010)

Metke also points out another solution that is Trusted Computing because of the size of the Smart Grid Network and the potential for cyber attacks. Embedded system and general purpose is what is at focus now. The fight of getting malware stored on the embedded devices can be accomplished through assurance. To do this the manufacturer has to implement a secure software development processes (Metke, 2010). Then they have to provide a secure software upgrade solution and they can do this by adding a secure storage key during the manufacturing of the products.  For general purpose systems the usage of anti-virus software using signatures is a way to protect the system.

 

Government Role

           

The government efforts in this technology has many benefits and its core is on securing the nation’s infrastructure which is critical for the protection of national security. The fact that this system is extremely big and interconnected and the amount of attacks on energy makes this a high priority. There are some drawbacks with the amount of equipment that needs to be replaced and some not being compatible with new security additions, like cryptology. But the benefits completely outweigh the price of the cons and these needed additions will strengthen our infrastructure.

 

Government efforts to secure the Smart Grid have been far and wide. Particularly NIST points out that it also the world’s largest interconnected machine that’s undergoing a significant change.  In the Cyberspace Policy Review initiated by Pres. Obama it stated that the US is deploying new smart grid technology and must make sure that the standards for security are developed to avoid creating opportunities for hackers to penetrate the systems (Cyberspace, 2009).

NIST points out in the Research and Development themes for Smart Grid Security that there is high Priority for Cryptography and Key Management. The Industry needs to enable key management with millions of credentials and keys with encryption and digital signatures. (NISTIR  7628, 2010)

Smart Grid devices may not be able to store cryptographic material and be limited in computational power. With the advent of low cost semi-conductors and embedded processors with crypto capabilities, more of the devices will or should be able to use this technology in the near future. The Smart Grid will also communicate over many different channels with different bandwidths.

The PKI systems communicate through a peer to peer key model and not all devices in the smart grid will be able to connect to the key servers, certificate Authorities, etc.

Cryptographic issues include one that the devices do not have the access to the key sources that will serve for crypto key generation. The systems and the design will have to be upgraded to accommodate this need. Factors include in a secure widespread application in the Smart Grid are the Ciphers, 3DES, AES: These modes, CBC, CTR: Key and assymetric sizes, ECC, RSA; and this would be the base of the authentication system (NIST, 2013). NIST and FIPS lays out a clear strategy to a secure communication.

Key Management issues include PKI also. PKI’s are complex and not all policies are global. Organizations can create their own policies, determine how private keys are protected, CA’s are constructed along with life cycles of the certs (NIST, 2013). This also becomes expensive because each organization has to address each issue. PKI’s also have High Availability issues and need to be authenticated through an online server.

NIST and the Government has provided and research in finding solutions to these problems of Cryptography , PKI’s and secure communication for Deploying a Smart Grid Infrastructure. In dealing with constrained devices seeding a Deterministic Random Bit Generator on a device before distribution. Also a KDF could derive new keys.

For Cryptographic module upgrades, the average life cycle is 20 years and the testing cycles are longer. Also the devices like Smart Meters can be more expensive to replace millions of them. Considerations that NIST provides is to:

• Use approved cryptographic algorithms published by The NIST Computer Security Division
• Independently validated cryptographic implementations should be preferred.
• Crypto Modules that can support algorithm and key Length Flexibility should be preferred over the ones that cannot change.
• Design protocols that able for alternative crypto algorithms.
• Random number generators because much of the Smart Grid devices have only a limited source. (NIST, 2013)

 

Key Management

The Validity period for CRL’s have a NotBefore and NotAfter date. When issuing Certificates to personnel whose job will change within a few years, the CRL should be a short time, a few years. But when issue in got a matching that will expect to have a long period then the CRL should be of many years (10 years) than to just a few (NIST, 2013). When Smart Grids Certificate expires and is a request is rejected, this could cause a major system malfunction.

The government with its policies NIST and future outlook on the Smart Grid and bringing it to the future, has designed policies and practices to better bridge this gap of old equipment that cannot maintain a more secure environment to the devices of the Now and Future that can.

A real world example of this transition is by a company called AltaLink. This is Alberta’s largest electricity transmission provider (Alacatel-Lucent, 2014). They are in the process of a 4 year upgrade of the distribution and Communication infrastructure. The Smart Grid goes along a 12,000 KM transmission and it has upgraded 65 of 300 substations (Alacatel-Lucent, 2014).

The accomplishments have been

• Centralized Authentication and logging
• Security policies for each service through ACL’s, MAC-pinning, IP Bandwidth filters.
• Centrally Managed and monitored firewall
• Comprehensive password protection at different levels.

 

Smart Grid success should be completely wrapped in security and Alcatel believes that they have and are achieving this from Top Management down.

 

Research and Development

 

The Networking and Information Technology Research and Development (NITRD) Program is a Cyber Approach that the Nation uses to federally fund breakthroughs in advancing Technologies like Cybersecurity. The main goals of this program is to provide research and development for

• US Technical leadership in advanced Networking, Computing systems
• Meeting the federal government needs for Advanced Technology
• Accelerate the development of these technologies to be a world leader in S&T, improve education, training.

This program has comes from the High Performance Computing act of 1991 and America COMPETES Act of 2007 (Public Law 110-69).(NITRD, 2014)

The Cyber Security and Information Assurance (CSIA) Interagency Working Group organizes and coordinate the events of the CSIA program. This program is set up to  prevent, resist, detect, respond to, and/or recover from actions that compromise or threaten to compromise the availability, integrity, or confidentiality of computer- and network-based systems. (NITRD, 2014).

This program is designed to provide the infrastructure and communications needed in the economy like Smart Grids and the Critical infrastructure. This also supports National Defense and HMS with all concerns and attention to the Internet and network security; confidentiality, availability, and integrity of information and computer-based systems. This also handles future hardware and software research in security of the computers and networks.

Organizations and federal agencies use this information in research and development to strengthen their cyber networks and security in all aspects. Laws and Acts that are passed with this provide a framework and standard that the agencies need to protect the nations network and data specifically.

Recommendations

They can also specifically improve their cyber security techniques to make their networks a moving target in cyberspace. Creating a cyberspace that is trusted environment and when disasters or unplanned events occur, they will be easily identified and mitigated. New Smart technology will allow us to have smarter control over the systems and strengthen the infrastructure that will not easily allow a natural disaster accident or attack to overtake the system.

 

Government Role

 

Within research and development is probably the most important aspect and approach of Cybersecurity with many benefits. The government created DARPA for research and this is The Defense Advanced Research Projects Agency and it started in 1958 to prevent strategic surprises against the US national security (DARPA, 2014). This agency uses Diverse Performers and use different approaches to advance knowledge and technology through research that address the current practical problems.

One real world example that the government and DARPA are using to do this is by a new MEMEX program. This program addresses the web search of today in that it uses a one size fits all approach and does not work well with specific government use cases. The way it works now is that it is a manual process that doesn’t save sessions and it doesn’t organize the results beyond a list of links to click onto.

DARPA has created the MEMEX program that will develop software that advances online search capabilities. The goal is to invent better methods for sharing information and getting the info.  These developments will improve content discovery, information extraction, information retrieval and other search functions (DARPA, 2014). MEMEX will also use this to concentrate on Department of Defense missions like: Fighting Human Trafficking. This issue is large within Law Enforcement, Military and intelligence operations. They also plan to three main areas which are: domain-specific indexing, domain-specific search and DoD-specific applications.

 

Conclusion

 

Protecting our nation’s Cyberspace is an all-around effort by all parties and sides. With governments of Local, State and National along with Banks and Corporations in a dire need to protect Cyberspace. We have discovered that digital forensics to determine who a culprit might be is not enough in overall security and Real-time Forensic analysis is needed for a Real-time approach to security. Smart Grids are a critical aspect for our national security because it is part of our critical infrastructure and Cyber protection is not just an option. Remote Agent technologies is also a power tool that can provide detailed inspection of networks, apply patch management along with numerous services. Smart Card technology is emerging to become more secure and in the push that the Smart Card will have many functions to a point that only one card can be issued to a person for all types of processes is a coming reality. Finally Research and Development is critical in the overall improvement of our cyber networks to keep the US as a leading figure in Cybersecurity in incorporating government and companies together to secure our world.

 

 

 

 

 

 

 

 

 

 

 

Resources

 

NASA. National Aeronautics and Space Administration, (2014). Remote agent. Retrieved from website: http://ti.arc.nasa.gov/tech/asr/planning-and-scheduling/remote-agent/faq/

 

HSPD. U.S. Department of Agriculture, (2014). Two-factor authentication. Retrieved from website: http://hspd12.usda.gov/twofactor.html

 

MULTOS. (2014). Security architecture. Retrieved from http://www.multos.com/technology/security_architecture/

 

CardWerk. (2013). Multos smart card operating system. Retrieved from http://www.cardwerk.com/smartcards/MULTOS/

 

NITRD. Executive Office of the President of the United States, (2014). Cyber security and information assurance interagency working group (csia iwg). Retrieved from website: http://www.nitrd.gov/nitrdgroups/index.php?title=Interagency_Working_Group_on_Cyber_Security_and_Information_Assurance_(CSIA_IWG)

 

Alacatel-Lucent. (2014). Altalink: Implementing an end-to-end smart grid security strategy. Retrieved from http://www2.alcatel-lucent.com/blogs/gridtalk/issue-1/implementing-an-end-to-end-smart-grid-security-strategy/

 

DARPA. Department of Defense, Defense Advanced Research Projects Agency. (2014). Darpa. Retrieved from website: http://www.darpa.mil/our_work/

 

NIST. U.S. Department of Commerce, National Institute of Standards and Technology. (2013). Guidelines for smart grid cybersecurity: Vol. 1, smart grid cybersecurity strategy, architecture, and high-level requirements (NISTIR 7628 Revision 1). Gaithersburg, MD: Computer Security Division, Information Technology Laboratory.

 

Tiwari, V., Shailendra, G., Tiwari, R., & K, M. (2010). Computational analysis of .net remoting and mobile agent in distributed environment. JOURNAL OF COMPUTING, 2(6), 34-39. Retrieved from http://arxiv.org/ftp/arxiv/papers/1006/1006.4538.pdf

 

The Smart Grid Interoperability Pane Cyber Security Working Group

Click to access nistir-7628_total.pdf

 

Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, May 29, 2009. Available at: http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf.

 

Shelfer, K. (2002). Smart card evolution. In (7 ed., Vol. 45, pp. 83-88). Retrieved from http://www91.homepage.villanova.edu/william.wagner/ITFS/SmartCardEvolCACM.pdf

 

Metke, A. (2010). Security technology for smart grid networks. TRANSACTIONS ON SMART GRID,,1(1), 99-107.

 

Post, D. (2009). In search of Jefferson’s moose: Notes on the state of cyberspace. Chapters 1-7

 

UMUC. (2012)Vulnerability Assessment. CSEC 670 Cybersecurity Capstone. Document posted in University of Maryland University College CSEC 670 online classroom, archived at: http://webtycho.umuc.edu

 

Mukkamala, S. Department of Computer Science, New Mexico Tech. (2005). Identifying significant features for network forensic analysis using artificial intelligent techniques. Retrieved from website: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.14.8291&rep=rep1&type=pdf

 

Garfinkel, S. (2010). Digital forensics research: The next 10 years. Unpublished raw data, Naval Postgraduate School, Monterey, CA, Retrieved from http://www.dtic.mil/dtic/tr/fulltext/u2/a549288.pdf

 

NIST Special Publication 800-137 Draft December 2010

 

NIST. National 5 Institute of Standards and Technology, (2013 ). Improving critical infrastructure cybersecurity executive order 13636. Retrieved from website: http://www.nist.gov/itl/upload/preliminary-cybersecurity-framework.pdf

 

 

Tarala, J. (2011, Feb). A real-time approach to continuous monitoring. Retrieved from http://www.sans.org/reading-room/analysts-program/netwitness-splunk-monitoring

 

Solera. (2014). The leader in big data security analytics and advanced threat protection. Retrieved from http://www.soleranetworks.com/about/us/

 

Siemens. (2012). Smart grid cybersecurity. Retrieved from http://www.smartsec-europe.com/White Paper – Smart Grid Cyber Security – Siemens.pdf

 

Hinden, R. (2013, Nov 26). Security // attacks & breaches. Retrieved from http://www.informationweek.com/security/attacks-and-breaches/what-it-can-teach-utilities-about-cybersecurity-and-smart-grids/d/d-id/1112734