Assessment of Ecosystems Damages Caused by Russian War against Ukraine

The question of the impact of war on ecosystems still remains secondary in the internal and external policy of states, society and the agenda of international organizations. From the point of view of losses in monetary terms, the values of ecosystem damages obtained in the work, which are a consequence of the impact of hostilities on the environment, correspond to the annual budgets of the largest countries in the world or exceed them. The presented calculations significantly exceed the known normative methods, the use of which in the conditions of war is limited in space and time. Objective difficulties associated with the uncertainty of many processes of the development of ecological systems and their reaction to the multifactorial impact of war are also significant limitations. Therefore, as part of the study, a method of assessing the impact of war on the environment is proposed, which is based on the patterns of energy flows in ecosystems from the moment it is binding by producers. This made it possible to take into account in the calculations the principle of functional integrity of the ecological system, according to which the destruction or damage of the components of a functionally whole environment will necessarily cause negative phenomena in the development of ecological systems. The results are presented in the form of real values of ecological losses in energy and monetary equivalents, as consequences of the loss of ecosystem services. As the results of the research show, the minimum amount of damage to ecosystems from Russian tanks is 43,500 USD per day. Environmental damage from Russian fighter jets has been estimated at $1.5 billion per week since the start of the war. Noise from military operations causes losses of at least 2.3 billion US dollars per year. The obtained results create prerequisites for improving the system of ensuring environmental safety at the local, state, and international levels and transferring the obtained solutions into safety-shaping practice.

Fuzzy Risk Assessment Method for Airborne Network Security Based on AHP-TOPSIS

With the exponential increase in information security risks,ensuring the safety of aircraft heavily relies on the accurate performance of risk assessment.However,experts possess a limited understanding of fundamental security elements,such as assets,threats,and vulnerabilities,due to the confidentiality of airborne networks,resulting in cognitive uncertainty.Therefore,the Pythagorean fuzzy Analytic Hierarchy Process(AHP)Technique for Order Preference by Similarity to an Ideal Solution(TOPSIS)is proposed to address the expert cognitive uncertainty during information security risk assessment for airborne networks.First,Pythagorean fuzzy AHP is employed to construct an index system and quantify the pairwise comparison matrix for determining the index weights,which is used to solve the expert cognitive uncertainty in the process of evaluating the index system weight of airborne networks.Second,Pythagorean fuzzy the TOPSIS to an Ideal Solution is utilized to assess the risk prioritization of airborne networks using the Pythagorean fuzzy weighted distance measure,which is used to address the cognitive uncertainty in the evaluation process of various indicators in airborne network threat scenarios.Finally,a comparative analysis was conducted.The proposed method demonstrated the highest Kendall coordination coefficient of 0.952.This finding indicates superior consistency and confirms the efficacy of the method in addressing expert cognition during information security risk assessment for airborne networks.

Design & Test of an Advanced Web Security Analysis Tool (AWSAT)

Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.

A New Model for Network Security Situation Assessment of the Industrial Internet

To address the problem of network security situation assessment in the Industrial Internet,this paper adopts the evidential reasoning(ER)algorithm and belief rule base(BRB)method to establish an assessment model.First,this paper analyzes the influencing factors of the Industrial Internet and selects evaluation indicators that contain not only quantitative data but also qualitative knowledge.Second,the evaluation indicators are fused with expert knowledge and the ER algorithm.According to the fusion results,a network security situation assessment model of the Industrial Internet based on the ER and BRB method is established,and the projection covariance matrix adaptive evolution strategy(P-CMA-ES)is used to optimize the model parameters.This method can not only utilize semiquantitative information effectively but also use more uncertain information and prevent the problem of combinatorial explosion.Moreover,it solves the problem of the uncertainty of expert knowledge and overcomes the problem of low modeling accuracy caused by insufficient data.Finally,a network security situation assessment case of the Industrial Internet is analyzed to verify the effectiveness and superiority of the method.The research results showthat this method has strong applicability to the network security situation assessment of complex Industrial Internet systems.It can accurately reflect the actual network security situation of Industrial Internet systems and provide safe and reliable suggestions for network administrators to take timely countermeasures,thereby improving the risk monitoring and emergency response capabilities of the Industrial Internet.

AssessITS: Integrating Procedural Guidelines and Practical Evaluation Metrics for Organizational IT and Cybersecurity Risk Assessment

In today’s digitally driven landscape, robust Information Technology (IT) risk assessment practices are essential for safeguarding systems, digital communication, and data. This paper introduces “AssessITS,” an actionable method designed to provide organizations with comprehensive guidelines for conducting IT and cybersecurity risk assessments. Drawing extensively from NIST 800-30 Rev 1, COBIT 5, and ISO 31000, “AssessITS” bridges the gap between high-level theoretical standards and practical implementation challenges. The paper outlines a step-by-step methodology that organizations can simply adopt to systematically identify, analyze, and mitigate IT risks. By simplifying complex principles into actionable procedures, this framework equips practitioners with the tools needed to perform risk assessments independently, without too much reliance on external vendors. The guidelines are developed to be straightforward, integrating practical evaluation metrics that allow for the precise quantification of asset values, threat levels, vulnerabilities, and impacts on confidentiality, integrity, and availability. This approach ensures that the risk assessment process is not only comprehensive but also accessible, enabling decision-makers to implement effective risk mitigation strategies customized to their unique operational contexts. “AssessITS” aims to enable organizations to enhance their IT security strength through practical, actionable guidance based on internationally recognized standards.

Security Risk Assessment in Container Terminals:Empirical Evidence from Greece

The most prominent risk assessment techniques are founded on the values of measuring and controlling the frequency and the consequences of risks in order to assure an“acceptable level”of“safeness”mainly in the lines of environmental,health and hygiene and port product issues.This paper examines security risk assessment approaches within the emerging role of ports.This paper contributes to the current literature by considering the ports of Greece as a case in point and by measuring the degree of its security risk orientation based on certain valid risk factors drawn from the current literature.Moreover,it presents a security risk assessment methodology into the domain of port container terminals.Their potential for ports were quantitatively and qualitatively assessed by discussing issues of security approaches within the maritime industry,in order to facilitate improvement strategies.A two-dimension empirical study was conducted,in a time range of ten years(2010-2020)in order to provide evidence regarding security risk assessment in the port container terminal of Thessaloniki,in Greece.The findings of this study have significant strategic policy implications and shed more light on the role of security risks in the overall risk orientation of container terminals in practice.Finally,further research directions in security risk in ports are proposed.

Information Security Evaluation of Industrial Control Systems Using Probabilistic Linguistic MCDM Method

Industrial control systems(ICSs)are widely used in various fields,and the information security problems of ICSs are increasingly serious.The existing evaluation methods fail to describe the uncertain evaluation information and group evaluation information of experts.Thus,this paper introduces the probabilistic linguistic term sets(PLTSs)to model the evaluation information of experts.Meanwhile,we propose a probabilistic linguistic multi-criteria decision-making(PL-MCDM)method to solve the information security assessment problem of ICSs.Firstly,we propose a novel subscript equivalence distance measure of PLTSs to improve the existing methods.Secondly,we use the Best Worst Method(BWM)method and Criteria Importance Through Inter-criteria Correlation(CRITIC)method to obtain the subjective weights and objective weights,which are used to derive the combined weights.Thirdly,we use the subscript equivalence distance measure method and the combined weight method to improve the probabilistic linguistic Visekriterijumska Optimizacija I Kompromisno Resenje(PL-VIKOR)method.Finally,we apply the proposed method to solve the information security assessment problem of ICSs.When comparing with the existing methods such as the probabilistic linguistic Tomada deDecisão Iterativa Multicritério(PL-TODIM)method and probabilistic linguistic Technique for Order Preference by Similarity to Ideal Solution(PL-TOPSIS)method,the case example shows that the proposed method can provide more reasonable ranking results.By evaluating and ranking the information security level of different ICSs,managers can identify problems in time and guide their work better.

Research on Assessment Model of Information System Security Based on Various Security Factors

With the rapid development of network technology, the meaning of layers and attributes in respect of information system security must be extended based on the understanding of the concept of information system security. The layering model (LM) of information system security and the five-attribute model (FAM) based on security factors were put forward to perfect the description and modeling of the information system security framework. An effective framework system of risk calculation and assessment was proposed, which is based on FAM.

Security Assessment of Distribution System with Distributed Photovoltaic

In order to evaluate the safe and stable operation of distribution network with the distributed photovoltaic (PV), the?security of distribution network is researched. On the basis of electricity supply security, voltage quality and network losses,?the index system of static security is established. The paper simulates the uncertainty and random characteristics of PV by OpenDSS. The typical scenes that PV accessed to the distribution network are designed.?The paper summarizes the results of voltage fluctuation and network losses and uses indices to quantify it under different scenes. Based on the index system, the paper proposes some recommendations on PV permeability, interconnected locations, dispersion degrees and power factors when the distributed PV accessed to the distribution network.

Security Risk Assessment of Cyber Physical Power System Based on Rough Set and Gene Expression Programming

Risk assessment is essential for the safe and reliable operation of cyber physical power system. Traditional security risk assessment methods do not take integration of cyber system and physical system of power grid into account. In order to solve this problem, security risk assessment algorithm of cyber physical power system based on rough set and gene expression programming is proposed. Firstly, fast attribution reduction based on binary search algorithm is presented. Secondly, security risk assessment function for cyber physical power system is mined based on gene expression programming. Lastly, security risk levels of cyber physical power system are predicted and analyzed by the above function model. Experimental results show that security risk assessment function model based on the proposed algorithm has high efficiency of function mining, accuracy of security risk level prediction and strong practicality. © 2014 Chinese Association of Automation.

Research about Online Security Warning and Risk Assessment of Power Grid Based on Energy Management System

In this paper, online security warning and risk assessment of power grid are proposed, based on data from EMS （Energy Management System）, combined with information of real-time operation state, component status and external operating environment. It combines the two factors, contingency likelihood and severity, that determine system reliability, into risk indices on different loads and operation modes, which provide precise evaluation of the power grid＇s security performance. According to these indices, it can know the vulnerable area of the system and whether the normal operating mode or repair mode is over-limited or not, and provide decision-making support for dispatchers. Common cause outages and equipment-aging are considered in terms of the establishment of outage model. Multiple risk indices are defined in order to reflect the risk level of the power grid more comprehensively.

Research on Methods of Ecological Security Assessment of the Middle and Lower Reaches of Liaohe River Based on GIS

Ecological security assessment and early warning research possess the attributes of spatiality, non-linearity and randomicity, so we must process much spatial information. Spatial analysis and data management are the advantages of GIS, which can define distribution trend and spatial relations of environmental factors, and show ecological security pattern graphically. Spatial differences of ecological security assessment based on GIS are discussed in this paper, of which the middle and lower reaches of the Liaohe River is taken as a study case. First, to work out pressure-state-response (P-S-R) assessment indicators system, and investigate in person and gather information; second, to digitize the watershed; third, to quantize and calculate by the fuzzy method; last, to construct GIS grid database, and expound spatial differences of ecological security by GIS interpolation and assembly analysis.

Risk assessment of water security in Haihe River Basin during drought periods based on D-S evidence theory

The weights of the drought risk index （DRI）, which linearly combines the reliability, resiliency, and vulnerability, are difficult to obtain due to complexities in water security during drought periods. Therefore, drought entropy was used to determine the weights of the three critical indices. Conventional simulation results regarding the risk load of water security during drought periods were often regarded as precise. However, neither the simulation process nor the DRI gives any consideration to uncertainties in drought events. Therefore, the Dempster-Shafer （D-S） evidence theory and the evidential reasoning algorithm were introduced, and the DRI values were calculated with consideration of uncertainties of the three indices. The drought entropy and evidential reasoning algorithm were used in a case study of the Haihe River Basin to assess water security risks during drought periods. The results of the new DRI values in two scenarios were compared and analyzed. It is shown that the values of the DRI in the D-S evidence algorithm increase slightly from the original results of Zhang et al. （2005）, and the results of risk assessment of water security during drought periods are reasonable according to the situation in the study area. This study can serve as a reference for further practical application and planning in the Haihe River Basin, and other relevant or similar studies.

A Fuzzy Set-Based Approach for Model-Based Internet-Banking System Security Risk Assessment

A fuzzy set-based evaluation approach is demonstrated to assess the security risks for internet-banking System. The Internet-banking system is semi-formally described using Unified Modeling Language （UML） to specify the behavior and state of the system on the base of analyzing the existing qualitative risk assessment methods. And a quantitative method based on fuzzy set is used to measure security risks of the system, A case study was performed on the WEB server of the Internet-banking System using fuzzy-set based assessment algorithm to quantitatively compute the security risk severity. The numeric result also provides a method to decide the most critical component which should amuse the system administrator enough attention to take the appropriate security measure or controls to alleviate the risk severity. The experiments show this method can be used to quantify the security properties for the Internet-banking System in practice.

SMINER:Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases

Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems.Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage.Therefore,it is an essential task to discover unrestricted and misimplemented behaviors of a system.However,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in detail.Also,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities.This paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors.SMINER first collects unit test cases for the target system from the official repository.Next,preprocess the collected code fragments.SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing.To demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.

A Quantitative Security Metric Model for Security Controls:Secure Virtual Machine Migration Protocol as Target of Assessment

Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the Info Sec Research Council's hard problems list. Almost all the efforts in defining absolute security metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure(ARM), Performance Improvement Factor(PIF), and Cost/Benefit Measure(CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine(VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no standard protocol is available specifically for secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.

A Novel IoT Architecture, Assessment of Threats and Their Classification withMachine Learning Solutions

The Internet of Things(IoT)will significantly impact our social and economic lives in the near future.Many Internet of Things(IoT)applications aim to automate multiple tasks so inactive physical objects can behave independently of others.IoT devices,however,are also vulnerable,mostly because they lack the essential built-in security to thwart attackers.It is essential to perform the necessary adjustments in the structure of the IoT systems in order to create an end-to-end secure IoT environment.As a result,the IoT designs that are now in use do not completely support all of the advancements that have been made to include sophisticated features in IoT,such as Cloud computing,machine learning techniques,and lightweight encryption techniques.This paper presents a detailed analysis of the security requirements,attack surfaces,and security solutions available for IoT networks and suggests an innovative IoT architecture.The Seven-Layer Architecture in IoT provides decent attack detection accuracy.According to the level of risk they pose,the security threats in each of these layers have been properly categorized,and the essential evaluation criteria have been developed to evaluate the various threats.Also,Machine Learning algorithms like Random Forest and Support Vector Machines,etc.,and Deep Learning algorithms like Artificial Neural Networks,Q Learning models,etc.,are implemented to overcome the most damaging threats posing security breaches to the different IoT architecture layers.

Water Security-based Hydrological Regime Assessment Method for Lakes with Extreme Seasonal Water Level Fluctuations：A Case Study of Poyang Lake,China

Extreme seasonal water level fluctuations characterize natural floodplain lakes in monsoon regions, which are crucial for ensuring lake water security, including flood prevention water supply and health of aquatic ecosystem. In order to achieve this goal, we established a hydrological regime assessment method based on a set of hydrological indicators for lakes with heavy seasonal water level fluctuations. The results suggest that time-sensitive hydrological indicators and specific time scales for various water security aspects must be considered. We discovered that it is more practical and meaningful to combine the water level classification derived from statistical analyses with characteristic hydrological values linked to water security. The case study of Poyang Lake results show that there are no discernable trends of Poyang Lake water regime status over the last 35 years, and the two periods of poor status are in accordance with climate variation in the lake basin area. Scholars and policy makers should focus on both floods and droughts, which are the main water security problems for Poyang Lake. It is hoped that this multi-scale and multi-element hydrological regime assessment method will provide new guidelines and methods for other international scholars of river and lake water assessment.

Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals

The information society depends increasingly on risk assessment and management systems as means to adequately protect its key information assets.The availability of these systems is now vital for the protection and evolution of companies.However,several factors have led to an increasing need for more accurate risk analysis approaches.These are:the speed at which technologies evolve,their global impact and the growing requirement for companies to collaborate.Risk analysis processes must consequently adapt to these new circumstances and new technological paradigms.The objective of this paper is,therefore,to present the results of an exhaustive analysis of the techniques and methods offered by the scientific community with the aim of identifying their main weaknesses and providing a new risk assessment and management process.This analysis was carried out using the systematic review protocol and found that these proposals do not fully meet these new needs.The paper also presents a summary of MARISMA,the risk analysis and management framework designed by our research group.The basis of our framework is the main existing risk standards and proposals,and it seeks to address the weaknesses found in these proposals.MARISMA is in a process of continuous improvement,as is being applied by customers in several European and American countries.It consists of a risk data management module,a methodology for its systematic application and a tool that automates the process.

Robustness Assessment of Wind Power Generation Considering Rigorous Security Constraints for Power System: A Hybrid RLO-IGDT Approach

Fossil fuel depletion and environmental pollution problems promote development of renewable energy(RE)glob-ally.With increasing penetration of RE,operation security and economy of power systems(PS)are greatly impacted by fluctuation and intermittence of renewable power.In this paper,information gap decision theory(IGDT)is adapted to handle uncertainty of wind power generation.Based on conventional IGDT method,linear regulation strategy(LRS)and robust linear optimization(RLO)method are integrated to reformulate the model for rigorously considering security constraints.Then a robustness assessment method based on hybrid RLO-IGDT approach is proposed for analyzing robustness and economic performance of PS.Moreover,a risk-averse linearization method is adapted to convert the proposed assessment model into a mixed integer linear programming(MILP)problem for convenient optimization without robustness loss.Finally,results of case studies validate superiority of proposed method in guaranteeing operation security rigorously and effectiveness in assessment of RSR for PS without overestimation.Index Terms-Hybrid RLO-IGDT approach,information gap decision theory(IGDT),operation security,robustness assessment,robustness security region(RSR).