International Scientific Journals
of Scientific Technical Union of Mechanical Engineering "Industry 4.0"

Aviation security as a topical area of scientific research is marked contrast to other application tasks of security sector. The specific nature aims at dealing with research objects that differ in considerable uncertainty of identification and description. In such a case, the requirements for aviation security systems are constantly becoming more complex, and the methodology of scientific research on security issues lags far behind the common trend of civil aviation development.
In the last few years, the trend to improve aviation security management systems in transportation industry has become a transition from classical schemes of regulatory management to schemes of computer-assisted management using procedures with the challenge of reducing the human factor. In fact, the human factor is not the only criterion for management in such systems. We can identify a number of factors that reduce the effectiveness of security management in the current system, and their impact is not fully investigated. A system analysis of these factors shows that each of them is not only related to the human factor, but the parameters of these factors’ influence on the management efficiency are largely determined by the human component. In this case, the human factor becomes the main criterion for optimal aviation security management. There is a problem of minimizing the negative impact of the human factor on aviation security management procedures. The authors of this work offer and study an original approach to solving this problem.

Medical facilities are distinctive types of premises accessible by a wide range of visitors seven days a week. They are places characterized by a high concentration of civilians and low-level security against the occurrence of various types of emergencies. Undoubtedly, terrorism is one of them. From a security point of view, hospitals are soft terrorist targets. Given the topicality of terrorism, we must address the question whether sufficient security is ensured for medical facilities. The aim of this paper is to point out the key role of security management in the overall management of hospitals. It will also outline some shortcomings in technical and operational security applications for their premises. The paper further discusses the effectiveness of crisis plans and emergency management exercises, as those are the primary conditions of successful emergency management.

Virtual Private Networks (VPN) enable usage of the public Internet infrastructure to build se-cure and reliable connections providing functionally of private corporate IT networks. Back in 90s VPN were created to mainly allow access to corporate resources for employees who work remotely and/or travel. Today, VPN can be used to gain access to geographically isolated and highly protected Internet resources like websites, interactive platforms and more. Such VPN are good for protecting Internet users’ privacy and enhance their security especially when using public free Wi-Fi networks. Indeed, now VPN are used more and more and gain popularity for exactly those reasons – provide almost universal access and protect privacy of millions Internet users. This paper reviews building blocks and procedure to build our own VPN. This way power users are in full control of their privacy and security when using public Internet infrastructure while also gain access to otherwise restricted online resources.

The Broadband Mobile Satellite Services (B-MSS) are extremely important not only for government (army and police), but for  many civil applications as car, aero, railway and ship communications. Probably they will be part of the future 5-G network development and their security work is very important too. The solving of the main B-MSS security problems needs entirely new approach. The aim of this paper is to analyze two new radio-communication principles, named Spatial Correlation Processing – Random Phase Spread Coding, from security point of view. They were proposed by the author a decade before as antenna transmit-receive beam forming methods with many applications in microwave frequency bands too.

The unstoppable growth of security flaws makes the developers more patient in integrating different security defenses in the application development! Most of the security breaches are due to uninformed or unqualified developers! The good part is that Internet provides a large amount of rules/documentations/guidelines/tools free for use to help the developers in their work! But as the coin has two sides each web application needs to provide two parts of security flaws protection. The first level of defense is the well known protection from the outside world, called user input validation! And the second side is to ensure that the application works without a problem! Which means to protect it from inside out by integrating what is called code contracts! Even thought those two types of protection have similar purposes there is a difference which we are going to present in the research!

This report focuses on vulnerabilities on web-applications and web-sites from Cross-Site Scripting attacks (XSS). The different types of XSS attacks are examined: DOM-based, active and passive attacks. The spread of XSS attacks across platforms – government and financial institutions, transportation companies, hospitality and entertainment has been analyzed. Research and analysis of the security of corporate websites and their resistance to XSS attacks have been carried out. The basic guidelines for preventing valuable data theft and unauthorized access to websites and applications from XSS attacks are reviewed and systematized.

As Unmanned Aircraft Systems (UAS) are converging an Internet of Things-like infrastructure, always connected to the internet, cryptographic security becomes a primary concern to ensure confidential, but even more importantly tamper-proof transport of data. Another emerging problem is the high number of unregistered drone flights, with no regard towards airspace regulations. The wellestablished and standardized processes of Public Key Infrastructure (PKI) can be utilized for electronic identification of drones and associating them to the owner, while providing encryption and integrity protection of data. Nowadays various companies provide PKI for drones. This material summarizes the trends, challenges, possibilities of hardware-based on-board secure storage of secrets and describes a possible solution for government-level electronic administration of drones and owners.

This work is inspired by the current problems of confronting organized crime, which in part controls illegal markets. Thus, it is also aimed at highlighting the most significant aspects of the research into illegal markets, whose knowledge enables the creation of effective strategic preferences in the fight against organized crime, whose actions have a number of negative implications for state security. Modern criminal organizations are profitable and market-oriented, and the methods of acting used are combined with the criminal and method of the operation of contemporary business organizations. The knowledge of the organization’s specifics and functioning of illegal markets enables the proper selection of methods to more efficiently counter the destructive actions of criminal organizations that control the illegal market. In fact, the destructive action of criminal organizations reflects directly on the state of security by increasing the level of corruption, the level of money laundering and the infiltration of organized crime into legal economic flows, the spread of illegal markets and the increase of the crime rate, but also the ability to generate criminal profits, increasing the economic power of criminal structures that is recursively used for influence on government holders.

Study outlines the contours and the magnitude of the asymmetry in the opposition of cyber defense against hackers. Propose a
model that reflects the dynamics of the opposition on both sides and the impact of the listed disproportions. It consist a functional analysis of the differences between organizational and technical approaches applied from both sides. Contains research into why even the most highly protected systems suffer from successful hacking attacks. The analysis sheds light on the magnitude of pressure exerted by malicious actors on cyber security for organizations and the disproportionate response from experts who protect information systems and networks.

Industry 4.0 includes the integration of Safety and Security. Their interconnection (influencing) is assumed. Application of control systems within Safety and Security changes the static principle to dynamic, assumes identification of all production and distribution processes, data mobility as a part of BIG DATA technology and human factor activity while ensuring the functionality of relevant applications. Industry Strategy 4.0 requires a proactive approach in risk analysis, based on the implementation of Safety and Security principles in the development and design phase of machines and complex technologies in the context of the use of CPS principles. It is important that rapid responses to the system’s problems are monitored effectively, with simultaneous exchange of information at individual levels in the production process.

The strategic initiative Industry 4.0 implies integration of Cyber-Physical Production Systems (CPPS), Internet of Things (IoT) and cloud computing, leading to what is called “smart factory”. The lack of theoretical foundation and methodologies for development of CPPS creates barriers that may hamper the adoption, commercialization, and market success of the new CPPS applications. Standardization and digitalization are at the heart of the methodologies for developing intelligent cyber-physical production systems. OPC UA is the only recommended communication standard within the RAMI reference architecture. Here comes the main purpose of the paper to analyze OPC UA in respect to the information model creation and measures to ensure security of applications. An important place in the paper is devoted to the specification of standardized information models of other organizations, such as those of the ISA-95 (IEC-62264).

The Fourth Industrial Revolution implies a total change in our way of life. To be adequate to the new security threats stemming from high technology, we need to analyze and evaluate them from the point of view of people’s security.