Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp

Introductory Computer Forensics

INTERPOL (International Police) built cybercrime programs to keep up with emerging cyber threats, and aims to coordinate and assist international operations for ?ghting crimes involving computers. Although signi?cant international efforts are being made in dealing with cybercrime and cyber-terrorism, ?nding effective, cooperative, and collaborative ways to deal with complicated cases that span multiple jurisdictions has proven dif?cult in practic

Détecter et survivre aux intrusions : exploration de nouvelles approches de détection, de restauration, et de réponse aux intrusions

Computing platforms, such as embedded systems or laptops, are built with layers of preventive security mechanisms to reduce the likelihood of attackers successfully compromising them. Nevertheless, given time and despite decades of improvements in preventive security, intrusions still happen. Therefore, systems should expect intrusions to occur, thus they should be built to detect and to survive them. Commodity Operating Systems (OSs) are deployed with intrusion detection solutions, but their ability to survive them is limited. State-of-the-art approaches from industry or academia either involve manual procedures, loss of availability, coarse-grained responses, or non-negligible performance overhead. Moreover, low-level components, such as the BIOS, are increasingly targeted by sophisticated attackers to implant stealthy and resilient malware. State-of-the-art solutions, however, mainly focus on boot time integrity, leaving the runtime part of the BIOS—known as the System Management Mode (SMM)—a prime target. This dissertation shows that we can build platforms that detect intrusions at the BIOS level and survive intrusions at the OS level. First, by demonstrating that intrusion survivability is a viable approach for commodity OSs. We develop a new approach that address various limitations from the literature, and we evaluate its security and performance. Second, by developing a hardware-based approach that detects attacks at the BIOS level where we demonstrate its feasibility with multiple detection methods.Les systèmes informatiques, tels que les ordinateurs portables ou les systèmes embarqués, sont construits avec des couches de mécanismes de sécurité préventifs afin de réduire la probabilité qu'un attaquant les compromettent. Néanmoins, malgré des décennies d'avancées dans ce domaine, des intrusions surviennent toujours. Par conséquent, nous devons supposer que des intrusions auront lieu et nous devons construire nos systèmes afin qu'ils puissent les détecter et y survivre. Les systèmes d'exploitation généralistes sont déployés avec des mécanismes de détection d'intrusion, mais leur capacité à survivre à une intrusion est limitée. Les solutions de l'état de l'art nécessitent des procédures manuelles, comportent des pertes de disponibilité, ou font subir un fort coût en performance. De plus, les composants de bas niveau tels que le BIOS sont de plus en plus la cible d'attaquants cherchant à implanter des logiciels malveillants, furtifs, et résilients. Bien que des solutions de l'état de l'art garantissent l'intégrité de ces composants au démarrage, peu s'intéressent à la sécurité des services fournis par le BIOS qui sont exécutés au sein du System Management Mode (SMM). Ce manuscrit montre que nous pouvons construire des systèmes capables de détecter des intrusions au niveau du BIOS et y survivre au niveau du système d'exploitation. Tout d'abord, nous démontrons qu'une approche de survivabilité aux intrusions est viable et praticable pour des systèmes d'exploitation généralistes. Ensuite, nous démontrons qu'il est possible de détecter des intrusions au niveau du BIOS avec une solution basée sur du matériel

Digitalisation For Sustainable Infrastructure: The Road Ahead

In today’s tumultuous and fast-changing times, digitalisation and technology are game changers in a wide range of sectors and have a tremendous impact on infrastructure. Roads, railways, electricity grids, aviation, and maritime transport are deeply affected by the digital and technological transition, with gains in terms of competitiveness, cost-reduction, and safety. Digitalisation is also a key tool for fostering global commitment towards sustainability, but the race for digital infrastructure is also a geopolitical one. As the world’s largest economies are starting to adopt competitive strategies, a level playing field appears far from being agreed upon. Why are digitalisation and technology the core domains of global geopolitical competition? How are they changing the way infrastructure is built, operated, and maintained? To what extent will road, rail, air, and maritime transport change by virtue of digitalisation, artificial intelligence, and the Internet of Things? How to enhance cyber protection for critical infrastructure? What are the EU’s, US’ and China’s digital strategies?Publishe

A patient agent controlled customized blockchain based framework for internet of things

Although Blockchain implementations have emerged as revolutionary technologies for various industrial applications including cryptocurrencies, they have not been widely deployed to store data streaming from sensors to remote servers in architectures known as Internet of Things. New Blockchain for the Internet of Things models promise secure solutions for eHealth, smart cities, and other applications. These models pave the way for continuous monitoring of patient’s physiological signs with wearable sensors to augment traditional medical practice without recourse to storing data with a trusted authority. However, existing Blockchain algorithms cannot accommodate the huge volumes, security, and privacy requirements of health data. In this thesis, our first contribution is an End-to-End secure eHealth architecture that introduces an intelligent Patient Centric Agent. The Patient Centric Agent executing on dedicated hardware manages the storage and access of streams of sensors generated health data, into a customized Blockchain and other less secure repositories. As IoT devices cannot host Blockchain technology due to their limited memory, power, and computational resources, the Patient Centric Agent coordinates and communicates with a private customized Blockchain on behalf of the wearable devices. While the adoption of a Patient Centric Agent offers solutions for addressing continuous monitoring of patients’ health, dealing with storage, data privacy and network security issues, the architecture is vulnerable to Denial of Services(DoS) and single point of failure attacks. To address this issue, we advance a second contribution; a decentralised eHealth system in which the Patient Centric Agent is replicated at three levels: Sensing Layer, NEAR Processing Layer and FAR Processing Layer. The functionalities of the Patient Centric Agent are customized to manage the tasks of the three levels. Simulations confirm protection of the architecture against DoS attacks. Few patients require all their health data to be stored in Blockchain repositories but instead need to select an appropriate storage medium for each chunk of data by matching their personal needs and preferences with features of candidate storage mediums. Motivated by this context, we advance third contribution; a recommendation model for health data storage that can accommodate patient preferences and make storage decisions rapidly, in real-time, even with streamed data. The mapping between health data features and characteristics of each repository is learned using machine learning. The Blockchain’s capacity to make transactions and store records without central oversight enables its application for IoT networks outside health such as underwater IoT networks where the unattended nature of the nodes threatens their security and privacy. However, underwater IoT differs from ground IoT as acoustics signals are the communication media leading to high propagation delays, high error rates exacerbated by turbulent water currents. Our fourth contribution is a customized Blockchain leveraged framework with the model of Patient-Centric Agent renamed as Smart Agent for securely monitoring underwater IoT. Finally, the smart Agent has been investigated in developing an IoT smart home or cities monitoring framework. The key algorithms underpinning to each contribution have been implemented and analysed using simulators.Doctor of Philosoph

The Treatment of Advanced Persistent Threats on Windows Based Systems

Advanced Persistent Threat (APT) is the name given to individuals or groups who write malicious software (malware) and who have the intent to perform actions detrimental to the victim or the victims' organisation. This thesis investigates ways in which it is possible to treat APTs before, during and after the malware has been laid down on the victim's computer. The scope of the thesis is restricted to desktop and laptop computers with hard disk drives. APTs have different motivations for their work and this thesis is agnostic towards their origin and intent. Anti-malware companies freely present the work of APTs in many ways but summarise mainly in the form of white papers. Individually, pieces of these works give an incomplete picture of an APT but in aggregate it is possible to construct a view of APT families and pan-APT commonalities by comparing and contrasting the work of many anti-malware companies; it as if there are alot of the pieces of a jigsaw puzzle but there is no box lid available with the complete picture. In addition, academic papers provide proof of concept attacks and observations, some of which may become used by malware writers. Gaps in, and extensions to, the public knowledge may be filled through inference, implication, interpolation and extrapolation and form the basis for this thesis. The thesis presents a view of where APTs lie on windows-based systems. It uses this view to create and build generic views of where APTs lie on Hard Disc Drives on Windows based systems using the Lockheed Martin Cyber Kill Chain. This is then used to treat APTs on Windows based IT systems using purpose-built software in such a way that the malware is negated by. The thesis does not claim to find all malware on but it demonstrates how to increase the cost of doing business for APTs, for example by overwriting unused disc space so APTs cannot place malware there. The software developed was able to find Indicators of Compromise on all eight Hard Disc Drives provided for analysis. Separately, from a corpus of 228 files known to be associated with malware it identified approximately two thirds as Indicators of Compromise

Towards a Peaceful Development of Cyberspace - Challenges and Technical Measures for the De-escalation of State-led Cyberconflicts and Arms Control of Cyberweapons

Cyberspace, already a few decades old, has become a matter of course for most of us, part of our everyday life. At the same time, this space and the global infrastructure behind it are essential for our civilizations, the economy and administration, and thus an essential expression and lifeline of a globalized world. However, these developments also create vulnerabilities and thus, cyberspace is increasingly developing into an intelligence and military operational area – for the defense and security of states but also as a component of offensive military planning, visible in the creation of military cyber-departments and the integration of cyberspace into states' security and defense strategies. In order to contain and regulate the conflict and escalation potential of technology used by military forces, over the last decades, a complex tool set of transparency, de-escalation and arms control measures has been developed and proof-tested. Unfortunately, many of these established measures do not work for cyberspace due to its specific technical characteristics. Even more, the concept of what constitutes a weapon – an essential requirement for regulation – starts to blur for this domain. Against this background, this thesis aims to answer how measures for the de-escalation of state-led conflicts in cyberspace and arms control of cyberweapons can be developed. In order to answer this question, the dissertation takes a specifically technical perspective on these problems and the underlying political challenges of state behavior and international humanitarian law in cyberspace to identify starting points for technical measures of transparency, arms control and verification. Based on this approach of adopting already existing technical measures from other fields of computer science, the thesis will provide proof of concepts approaches for some mentioned challenges like a classification system for cyberweapons that is based on technical measurable features, an approach for the mutual reduction of vulnerability stockpiles and an approach to plausibly assure the non-involvement in a cyberconflict as a measure for de-escalation. All these initial approaches and the questions of how and by which measures arms control and conflict reduction can work for cyberspace are still quite new and subject to not too many debates. Indeed, the approach of deliberately self-restricting the capabilities of technology in order to serve a bigger goal, like the reduction of its destructive usage, is yet not very common for the engineering thinking of computer science. Therefore, this dissertation also aims to provide some impulses regarding the responsibility and creative options of computer science with a view to the peaceful development and use of cyberspace

An exploration of virtual criminal investigations in Ghana : legal issues and challenges

The widespread cybercrime has caused changes and brought about a need for new investigative skills, laws and enforcement procedures to attack these obstacles. Since technological crimes committed through the information superhighway or the internet is evolving very rapidly, efficacious enforcement of cybercrime is becoming extremely challenging. Cybercrime is both a national and international issue and local legislation alone cannot be able to combat the menace. Digital evidence permeates every aspect of the average person's life in today's society and no matter what you are doing these days, a digital footprint is probably being created and contains some type of digital evidence that can be recovered through digital forensic investigation It requires stringent laws, skilled personnel, well-established institutions, and transnational response. To efficaciously combat cybercrime, countries, states or governments must establish an independent anti-cybercrime unit and design national guidelines for digital evidence collections to combat the canker. This thesis, therefore, presents an examination of the virtual crime or cybercrime investigation challenges and legal issues on electronic evidence in Ghana. The study examines the existing cybercrime laws and practices in Ghana and makes a comparative study from other jurisdictions. Also, the study draws a survey from the international legal framework on cybercrime and electronic evidence on various methods and procedures that can be used to conduct digital forensic search and seizure of electronic evidence and investigation when cybercrimes occur. Recommendations were made which include formulation of stringent laws, establishing the national Cybercrime investigation Strategy and policies, the establishment of national guidelines for digital evidence collections, develop anti-cybercrime tool-kit for the collection of digital evidence, the establishment of digital forensic training institutions in all regions of Ghana for hands-on skilled based training for law enforcement officers and judges to ensure efficiency in the process of digital forensic investigation and prosecution of cybercrimes in Ghana are given.Police PracticeD. Phil. (Criminal Justice