dr hab. inż. Rafał Leszczyna
Employment
- Associate professor at Department of Informatics in Management
Publications
Filters
total: 56
Catalog Publications
Year 2024
-
Activity-based payments: alternative (anonymous) online payment model
PublicationElectronic payments are the cornerstone of web-based commerce. A steady decrease in cash usage has been observed, while various digital payment technologies are taking over. They process sensitive personal information raising concerns about its potentially illicit usage. Several payment models that confront this challenge have been proposed. They offer varying levels of anonymity and readiness for adoption. The aim of this study...
-
Cybersecurity Assessment Methods—Why Aren’t They Used?
PublicationA recent survey of cybersecurity assessment methods proposed in academic and research environments revealed that their adoption in operational settings was extremely scarce. At the same time, the frameworks developed by industrial communities have been met with broad reception. The question arises of what contributed to the success of the methods. To answer it, three-part research that employed evaluation criteria, qualitative...
-
ISO/IEC 27001-Based Estimation of Cybersecurity Costs with Caspea
PublicationIn the contemporary, knowledge-based economy, enterprises are forced to bear the costs related to cybersecurity. While breaches negatively affect companies' budgets, accurate decisions on security investments result in visible savings. At the same time, cybersecurity cost assessment methods that support these decisions are lacking. Caspea addresses the gap by enabling the estimation of costs related to personnel activities involved...
Year 2023
-
Selecting an Applicable Cybersecurity Assessment Framework: Qualitative Metrics-Based Multiple-Factor Analysis
PublicationRecently, a survey of cybersecurity assessment methods focused on general characteristics was conducted. Among its major findings, it revealed the methods’ adoption issues. This paper presents a follow-up to the study. It provides an in-depth analysis of the methods’ adoption-related properties based on qualitative metrics. As a result, the proposals which demonstrate a higher adoption potential were identified. The methods are...
Year 2022
-
Choosing the Right Cybersecurity Solution: A Review of Selection and Evaluation Criteria
PublicationInformation technologies evolve continuously reaching pioneering areas that bring in new cybersecurity challenges. Security engineering needs to keep pace with the advancing cyberthreats by providing innovative solutions. At the same time, the foundations that include security and risk assessment methodologies should remain stable. Experts are offered with an extensive portfolio of solutions and an informed choice of a particular...
-
EE-ISAC—Practical Cybersecurity Solution for the Energy Sector
PublicationA recent survey of cybersecurity assessment methods proposed by the scientific community revealed that their practical adoption constitutes a great challenge. Further research that aimed at identifying the reasons for that situation demonstrated that several factors influence the applicability, including the documentation level of detail, the availability of supporting tools, and the continuity of support. This paper presents the...
Year 2021
-
A Review of Traffic Analysis Attacks and Countermeasures in Mobile Agents' Networks
PublicationFor traditional, message-based communication, traffic analysis has been already studied for over three decades and during that time various attacks have been recognised. As far as mobile agents’ networks are concerned only a few, specific-scope studies have been conducted. This leaves a gap that needs to be addressed as nowadays, in the era of Big Data, the Internet of Things, Smart Infrastructures and growing concerns for privacy,...
-
Aiming at methods’ wider adoption: Applicability determinants and metrics
PublicationNumerous computer science methods and techniques have been proposed by the scientific community. However, depending on the domain, only their minor fraction has met wider adoption. This paper brings attention to the concept of applicability - the notion that is well acknowledged in the scientific field but have not been analysed with respect to determinants, metrics and systematisation. The primary objective of the study was to...
-
Review of Cybersecurity Assessment Methods: Applicability Perspective
PublicationCybersecurity assessments are crucial in building the assurance that vital cyberassets are effectively protected from threats. Multiple assessment methods have been proposed during the decades of the cybersecurity field. However, a systematic literature search described in this paper reveals that their reviews are practically missing. Thus, the primary objective of this research was to fulfil this gap by comprehensively identifying...
Year 2020
-
Estimating the Cost of Cybersecurity Activities with CAsPeA: A Case Study and Comparative Analysis
PublicationContemporary approaches to the estimation of cybersecurity costs in organisations tend to focus on the cost of incidents or technological investments. However, there are other, less transparent costs related to cybersecurity management that need to be properly recognised in order to get a complete picture. These costs are associated with everyday activities and the time spent by employees on cybersecurity-related actions. Such...
-
Evaluating the Cost of Personnel Activities in Cybersecurity Management: A Case Study
PublicationThe methods of cybersecurity costs' evaluation are inclined towards the cost of incidents or technological acquirements. At the same time, there are other, less visible costs related to cybersecurity that require proper recognition. These costs are associated with the actions and the time spent by employees on activities connected to cybersecurity management. The costs form a considerable component of cybersecurity expenditures,...
Year 2019
-
Cybersecurity in the Electricity Sector
PublicationThis book offers a systematic explanation of cybersecurity protection of electricity supply facilities, including discussion of related costs, relevant standards, and recent solutions. The author explains the current state of cybersecurity in the electricity market, and cybersecurity standards that apply in that sector. He then offers a systematic approach to cybersecurity management, including new methods of cybersecurity assessment,...
-
Developing Novel Solutions to Realise the European Energy - Information Sharing & Analysis Centre
PublicationFor more effective decision making in preparation for and response to cyberevents in the energy sector, multilevel situation awareness, from technical to strategic is essential. With an uncertain picture of evolving threats, sharing of the latest cybersecurity knowledge among all sector stakeholders can inform and improve decisions and responses. This paper describes two novel solutions proposed during the formation of the European...
-
Standards with cybersecurity controls for smart grid - A systematic analysis
PublicationIn recent years numerous standards related to the cybersecurity of smart grids have been published, which led to the challenge for operators in obtaining indications that match their specific objectives and contexts. Although several studies approached this problem by providing more or less comprehensive surveys and overviews of smart grid cybersecurity standards, none of them was dedicated to the actual and important subject of...
-
Threat intelligence platform for the energy sector
PublicationIn recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence that interlinks information sharing and fine-grained situation awareness. In this paper a framework which integrates all levels of threat intelligence...
Year 2018
-
A Review of Standards with Cybersecurity Requirements for Smart Grid
PublicationAssuring cybersecurity of the smart grid is indispensable for the reliable operation of this new form of the electricity network. Experts agree that standardised solutions and practices should be applied in the first place. In recent years many new standards for smart grids have been published, which paradoxically results in the difficulty of finding a relevant publication in this plethora of literature. This paper presents results...
-
CIP Security Awareness and Training: Standards and Practice
PublicationThese are critical infrastructure employees who have access to the critical cyber assets in the first place. This situation is well recognized by international and national standardization bodies which recommend security education, training and awareness as one of the key elements of critical infrastructure protection. In this chapter the standards are identified and their relevant areas are described. A practical implementation...
-
Cybersecurity and Privacy in Standards for Smart Grids – a Comprehensive Survey
PublicationResilient information and communications technologies are a prerequisite for reliable operation of smart grid. In recent years, many standards for the new form of electricity network have been proposed, which results in operators and other smart grid stakeholders having difficulties in finding the documents which can be related to their particular problems. The purpose of this paper is to bring in all smart grid standards that...
-
Standards on Cyber Security Assessment of Smart Grid
PublicationSecurity evaluation of communication systems in smart grid poses a great challenge to the developers and operators. In recent years many new smart grid standards were proposed, which paradoxically results in the difficulty in finding a relevant publication in this plethora of literature. This paper presents the results of a systematic analysis which aimed at addressing this issue by identifying standards that present sound security...
Year 2017
-
Metoda szacowania kosztu zarządzania bezpieczeństwem informacji i przykład jej zastosowania w zakładzie opieki zdrowotnej
PublicationKażdego roku rośnie liczba ataków komputerowych na jednostki administracji publicznej. Aby się przed nimi chronić instytucje powinny inwestować w skuteczne środki ochrony. W artykule przedstawiono metodę wspomagającą podejmowanie decyzji dotyczących tych inwestycji poprzez wskazanie kosztu jaki dana organizacja będzie musiała ponieść na działania zapewniające odpowiedni poziom bezpieczeństwa. W artykule opisano również studium...
-
Nauczanie zagadnień cyberbezpieczeństwa w Unii Europejskiej – trendy, wyzwania
PublicationZnaczenie edukacji, szkoleń i podnoszenia świadomości zagadnień cyberbezpieczeństwa jest dziś, w erze społeczeństwa informacyjnego powszechnie uznane. W ostatnich latach w Unii Europejskiej pojawiło się wiele nowych inicjatyw związanych między innymi z rozwijaniem programów uniwersyteckich, przygotowywaniem specjalistycznych i profilowanych szkoleń, uruchamianiem masowych otwartych kursów online, a także badaniami opinii publicznej...
Year 2016
-
Badanie sieci świadomości sytuacyjnej dla infrastruktury elektroenergetycznej
PublicationWspółczesne systemy elektroenergetyczne są narażone na nowe rodzaje zagrożeń. Są one spowodowane lukami w zabezpieczeniach oraz słabościami architektonicznymi związanymi z szerszym zastosowaniem technologii teleinformatycznych (ICT) w tych systemach. Połączenie sieci elektroenergetycznych z Internetem naraża je na nowego rodzaju niebezpieczeństwa, takie jak ataki APT (ang. Advanced Persistent Threats) lub rozproszona odmowa usługi...
-
CIP Security Awareness and Training: Standards and Practice
PublicationThese are critical infrastructure employees who have access to the critical cyber assets in the first place. This situation is well recognised by international and national standardisation bodies which recommend security education, training and awareness as one of the key elements of critical infrastructure protection. In this chapter the standards are identified and their relevant areas are described. A practical implementation...
-
Koncepcja platformy wymiany informacji o incydentach cyberbezpieczeństwa dla krajowego systemu elektroenergetycznego
PublicationArtykuł opisuje wybrane zagadnienia związane z cyberbezpieczeństwem w sektorze elektroenergetyki. Jednym z elementów zapewniania bezpieczeństwa sieci elektro-energetycznej jest efektywna wymiana informacji o incydentach bezpieczeństwa. W jej ramach wszystkie zaangażowane podmioty systemu elektroenergetycznego, tj.: elektrownie, operatorzy systemów przesyłowych, operatorzy systemów dystrybucyjnych, dostawcy rozwiązań bezpieczeństwa,...
-
Nauczanie zarządzania bezpieczeństwem informacji: standardy i sposoby nauczania
PublicationPracownicy są najważniejszym ogniwem w ochronie informacji wewnątrz organizacji, gdyż to właśnie oni posiadają regularny dostęp do jej zasobów informacyjnych. Fakt ten jest dobrze rozpoznany przez krajowe oraz międzynarodowe instytucje standaryzujące, które w publikowanych normach zalecają kształcenie, szkolenia i podnoszenie świadomości pracowników jako kluczowy element strategii ochrony informacji przedsiębiorstw. W artykule...
-
Security Requirements and Controls for Incident Information Sharing in the Polish Power System
PublicationAmong the strategies of protecting information assets of the power system, sharing of information about current cybersecurity incidents between energy operators appears to be a prerequisite. Exchange of information leads to the effective detection of attacks and exploited vulnerabilities as well as the identification of countermeasures. This paper presents the results of continuation of our works on developing a secure and efficient...
-
Situational Awareness Network for the Electric Power System: the Architecture and Testing Metrics
PublicationThe contemporary electric power system is highly dependent on Information and Communication Technologies which results in its exposure to new types of threats, such as Advanced Persistent Threats (APT) or Distributed-Denial-of-Service (DDoS) attacks. The most exposed components are Industrial Control Systems in substations and Distributed Control Systems in power plants. Therefore, it is necessary to ensure the cyber security of...
Year 2015
-
Approaching Secure Industrial Control Systems
PublicationThis study presents a systematic approach to secure industrial control systems based on establishing a business case followed by the development of a security programme. To support these two fundamental activities the authors propose a new method for security cost estimation and a security assessment scheme. In this study they explain the cost evaluation technique and illustrate with a case study concerning the assessment of the...
-
Evaluation of Open Source SIEM for Situation Awareness Platform in the Smart Grid Environment
PublicationThe smart grid as a large-scale system of systems has an exceptionally large surface exposed to cyber-attacks, including highly evolved and sophisticated threats such as Advanced Persistent Threats (APT) or Botnets. When addressing this situation the usual cyber security technologies are prerequisite, but not sufficient. The smart grid requires developing and deploying an extensive ICT infrastructure that supports significantly...
-
Security Information Sharing for the Polish Power System
PublicationThe Polish Power System is becoming increasingly more dependent on Information and Communication Technologies which results in its exposure to cyberattacks, including the evolved and highly sophisticated threats such as Advanced Persistent Threats or Distributed Denial of Service attacks. The most exposed components are SCADA systems in substations and Distributed Control Systems in power plants. When addressing this situation...
-
Testing Situation Awareness Network for the Electrical Power Infrastructure
PublicationThe contemporary electrical power infrastructure is exposed to new types of threats. The cause of such threats is related to the large number of new vulnerabilities and architectural weaknesses introduced by the extensive use of Information and Communication Technologies (ICT) in such complex critical systems. The power grid interconnection with the Internet exposes the grid to new types of attacks, such as Advanced Persistent...
-
Testy platformy SAN dla sektora elektroenergetycznego
PublicationWspółczesna infrastruktura elektroenergetyczna jest narażona na zagrożenia związane z dużą liczbą nowych luk i słabo- ści architektonicznych wynikających z szerszego wykorzystania technologii informacyjnych i komunikacyjnych (ang. Information and Communication Technologies – ICT). Połączenie infrastruktury elektroenergetycznej z Internetem naraża ją na nowe rodzaje ataków, takie jak ataki typu APT (ang. Advanced Persistent Threats)...
Year 2014
-
Data Model Development for Security Information Sharing in Smart Grids
PublicationThe smart grid raises new security concerns which require novel solutions. It is commonly agreed that to protect the grid, the effective collaboration and information sharing between the relevant stakeholders is prerequisite. Developing a security information sharing platform for the smart grid is a new research direction which poses several challenges related to the highly distributed and heterogeneous character of the grid. In...
-
Security information sharing for smart grids: Developing the right data model
PublicationThe smart grid raises new security concerns which require novel solutions. It is commonly agreed that to protect the grid the effective collaboration and information sharing between the relevant stakeholders is prerequisite. Developing a security information sharing platform for the smart grid is a new research direction which poses several challenges related to the highly distributed and heterogeneous character of the grid. In...
Year 2013
-
Agents in Simulation of Cyberattacks to Evaluate Security of Critical Infrastructures
PublicationIn the last years critical infrastructures have become highly dependent on the information technologies and exposed to cyberattacks. Because the effects of the attacks can be detrimental, it is crucial to comprehensively asses the security of the infrastructures' information systems. This chapter describes MAlSim - the simulator of malicious software based on software agents, developed for the needs of a testbed for critical infrastructures...
-
Cost assessment of computer security activities
PublicationComprehensive cost-benefit analysis plays a crucial role in the decision-making process when it comes to investments in information security solutions. The cost of breaches needs to be analysed in the context of spending on protection measures. However, no methods exist that facilitate the quick and rough prediction of true expenditures on security protection systems. Rafal Leszczyna of Gdansk University of Technology presents...
-
ENISA Study: Challenges in Securing Industrial Control Systems
PublicationIn 2011, the European Network and Information Security Agency (ENISA) conducted a study in the domain of Industrial Control Systems (ICS). Its objective was to obtain the current view on the ICS protectionprimarily in Europe but also in the international context. The portrait' included threats, risks, and challenges in the area of ICS protection as well as national, pan European, and international initiatives on ICS security. The...
-
Evaluating Security and Resilience of Critical Networked Infrastructures after Stuxnet
PublicationThe chapter presents the current configuration of the simulation environment for the evaluations of the security and resilience of critical networked infrastructures, which enables simulations of Stuxnet-like attacks. The configuration includes new features added to the MAlSim - Mobile Agent Malware Simulator after the advent of Stuxnet in reference to the experiments aiming at the security evaluation of a power plant which we...
Year 2012
-
Security and Anonymity in Agent Systems
PublicationMany agent systems have been developed and suggested for commercial application. However, in spite of the significant potential offered by the agent paradigm, the lack of such important properties as security, anonymity and untracebility especially in open dynamical environment, such as the Internet, has blocked the active implementation of agent technologies. Protecting agent systems poses a more demanding challenge comparing...
-
Software Agents for Computer Network Security
PublicationThe chapter presents applications of multi-agent technology for design and implementation of agent-based systems intended to cooperatively solve several critical tasks in the area of computer network security. These systems are Agent-based Generator of Computer Attacks (AGCA), Multi-agent Intrusion Detection and Protection System (MIDPS), Agent-based Environment for Simulation of DDoS Attacks and Defense (AESAD) and Mobile Agent...
Year 2011
-
Approach to security assessment of critical infrastructures' information systems
PublicationThis study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation...
Year 2010
-
Simulating malware with MAlSim
PublicationThis paper describes MAlSim - Mobile Agent Malware Simulator - a mobile agent framework developed to address one of the most important problems related to the simulation of attacks against information systems, i.e. the lack of adequate tools for reproducing behaviour of malicious software (malware). The framework can be deployed over the network of an arbitrary information system and it aims at simulating behaviour of each instance...
Year 2009
-
Podejście do oceny bezpieczeństwa IT infrastruktur krytycznych
PublicationArtykuł przedstawia podejście do oceny bezpieczeństwa systemów informacyjnych stosowanych w infrastrukturach krytycznych. Prezentowany sposób oceny polega na dokładnej rekonstrukcji ocenianego systemu informacyjnego w laboratorium bezpieczeństwa IT, a następ-nie symulowaniu potencjalnych zagrożeń w systemie. Podejście zostało zastosowane przy weryfikacji bezpieczeństwa elektrowni. W rozdziale został opisany jeden z eksperymentów...
-
Security Assessment of a Turbo-Gas Power Plant
PublicationCritical infrastructures are exposed to new threats due to the large number of vulnerabilities and architectural weaknesses introduced by the extensive use of information and communication technologies. This paper presents the results of an exhaustive security assessment for a turbo-gas power plant.
Year 2008
-
MAlSim - Mobile Agent Malware Simulator
PublicationOne of the problems related to the simulation of attacks against critical infrastructures is the lack of adequate tools for the simulation of malicious software (malware). Malware attacks are the most frequent in the Internet and they pose a serious threat against critical networked infrastructures. To address this issue we developed Mobile Agent Malware Simulator (MAISim). The framework uses the technology of mobile agents and...
-
Security Evaluation of IT Systems Underlying Critical Networked Infrastructures
PublicationCritical infrastructures have become highly dependent on information and communication technology (ICT). The drawback of this situation is that the consequences of disturbances of the underlying ICT networks may be serious as cascading effects can occur. This raises a high demand for security assurance, with a high importance assigned to security evaluations. In this paper we present an experiment-centric approach for the characterisation...
-
Simulating Malware with MAlSim
PublicationThis paper describes MAlSim - Mobile Agent Malware Simulator - a mobile agent framework developed to address one of the most important problems related to the simulation of attacks against information systems i.e. the lack of adequate tools for reproducing behaviour of malicious software (malware). The framework can be deployed over the network of an arbitrary information system and it aims at simulating behaviour of each instance...
Year 2007
-
Anonymity Architecture for Mobile Agent Systems
PublicationThe paper presents a new security architecture for MAS, which supports anonymity of agent owners. The architecture is composed of two main elements: Module I: Untraceability Protocol Infrastructure and Module II: Additional Untraceability Support. Module I is based on the recently proposed untraceability protocol for MAS and it forms the core of the anonymity architecture, which can be supported by the ele- ments of the second...
Year 2006
-
An untraceability protocol for mobile agents and its enhanced security study
PublicationArtykuł przedstawia rozszerzoną analizę bezpieczeństwa zaproponowanego przez nas protokołu ochrony przed tropieniem (ang. untraceability protocol) dla agentów mobilnych. Jak dotąd, tak systematyczna analiza bezpieczeństwa nie została przeprowadzona. Co więcej, istniejące znane analizy bezpieczeństwa koncentrują się wyłącznie na atakujących wewnętrznych. Uważamy, że stworzona przez nas lista kontrolna ataków może posłużyć jako...
-
Architecture supporting security of agent systems
PublicationW rozprawie zaproponowano nową architekturę bezpieczeństwa wspomagającą anonimowość w systemach agentowych. Moduł I architektury zapewnia funkcjonalność protokołu ochrony przed tropieniem (ang. untraceability), z tą zaletą, że nie wprowadza ograniczeń wobec agentów samodzielnie ustalających trasę własnej wędrówki. Stanowi rdzeń architektury, który zaimplementowano jako rozszerzenie platformy agentowej JADE, udostępniane publicznie...
seen 3986 times