AiCEF: An AI-assisted Cyber Exercise Content Generation Framework Using Named Entity Recognition

Content generation that is both relevant and up to date with the current threats of the target audience is a critical element in the success of any Cyber Security Exercise (CSE). Through this work, we explore the results of applying machine learning techniques to unstructured information sources to generate structured CSE content. The corpus of our work is a large dataset of publicly available cyber security articles that have been used to predict future threats and to form the skeleton for new exercise scenarios. Machine learning techniques, like named entity recognition (NER) and topic extraction, have been utilised to structure the information based on a novel ontology we developed, named Cyber Exercise Scenario Ontology (CESO). Moreover, we used clustering with outliers to classify the generated extracted data into objects of our ontology. Graph comparison methodologies were used to match generated scenario fragments to known threat actors' tactics and help enrich the proposed scenario accordingly with the help of synthetic text generators. CESO has also been chosen as the prominent way to express both fragments and the final proposed scenario content by our AI-assisted Cyber Exercise Framework (AiCEF). Our methodology was put to test by providing a set of generated scenarios for evaluation to a group of experts to be used as part of a real-world awareness tabletop exercise

Analysis of a South African cyber-security awareness campaign for schools using interdisciplinary communications frameworks

To provide structure to cyber awareness and educational initiatives in South Africa, Kortjan and Von Solms (2014) developed a five-layer cyber-security awareness and education framework. The purpose of the dissertation is to determine how the framework layers can be refined through the integration of communication theory, with the intention to contribute towards the practical implications of the framework. The study is approached qualitatively and uses a case study for argumentation to illustrate how the existing framework can be further developed. Drawing on several comprehensive campaign planning models, the dissertation illustrates that not all important campaign planning elements are currently included in the existing framework. Proposed changes in the preparation layer include incorporating a situational and target audience analysis, determining resources allocated for the campaign, and formulating a communication strategy. Proposed changes in the delivery layer of the framework are concerned with the implementation, monitoring and adjustment, as well as reporting of campaign successes and challenges. The dissertation builds on, and adds to, the growing literature on the development of campaigns for cyber-security awareness and education aimed at children

Developing and evaluating cybersecurity competencies for students in computing programs

Changes due to technological development in the workplace are putting pressure on academia to keep pace with the changing nature of work. Due to the growing need for cybersecurity professionals, universities improve their cybersecurity programs to develop qualified cybersecurity competencies. The purpose of this study is to validate the cybersecurity knowledge, skills, and abilities (KSAs) competencies of cybersecurity degree programs using a fuzzy linguistic group decision-making method. This study shows that cybersecurity knowledge is essential, along with technical skills and human abilities for cybersecurity professionals.</jats:p

Strategies for Recruiting Cybersecurity Professionals in the Financial Service Industry

The cybersecurity market is the fastest growing market in the United States; as such, leaders in financial institutions recognize their businesses are vulnerable, as money is accessible within computerized banking systems. The purpose of this multiple case study was to explore what strategies financial service leaders- use to recruit cybersecurity professionals. The conceptual framework for this study was the hierarchy of needs and stakeholder management theory. Data collection involved company archival documents and semistructured, open-ended interviews with 5 financial service leaders in the Midlands area of South Carolina who recruited skilled cybersecurity professionals to support long-term business sustainability. Coding, clustering, and theme development evolved through coding key words and actions, drawing ideas together into clusters, and evolving the prominent ideas into themes. During data analysis, the theoretical propositions underwent a sequential process, which included coding the data by hand. The use of member checking and methodological triangulation increased the trustworthiness of the study. Analysis revealed 3 themes: increased training, broadened social networking, and improved communication. Financial service leaders can use training to educate and recruit new cybersecurity professionals. Also, findings suggest the need for training to improve social networking and communicate as a team to increase profitability. The findings from this study may contribute to social change by helping business owners recruit skilled professionals to prevent or reduce cybersecurity threats

FROM DROPPING BOMBS TO BLASTING BITS: ENVISIONING TACTICAL OPERATIONS IN THE INFORMATION ENVIRONMENT BY EMULATING THE EVOLUTION OF AIR-GROUND INTEGRATION

A gap exists in the United States military at the tactical level in organization, capabilities, and authorities to conduct operations in the information environment (OIE). This thesis identifies a potential solution by analyzing and applying lessons learned from air-ground integration: a dimension of warfare that was once a novel concept comparable to modern information, cyber, and space. Air-ground integration evolved from strategic reconnaissance in World War I to modern attack helicopters, hand-launched killer drones, and tactical joint terminal attack controllers (JTACs). Today, JTACs provide the ground commander with an air-ground integration expert at the tactical edge, equipped with lethal and nonlethal capabilities, and who falls under authorities that vary by location and type of operation. The JTAC qualification is recognized across the joint force and NATO and minimizes the number of pilots needed at ground units. This thesis argues that creating an information, cyber, and space equivalent to the JTAC could enable the joint force to more effectively conduct tactical OIE. This multi-domain terminal effects controller (MDTEC) would be jointly certified, qualified, and designated to advise ground commanders on the information environment, employ tactical information tools, and leverage joint information, cyber, and space assets to create effects.Master Sergeant, United States Marine CorpsApproved for public release. Distribution is unlimited

Distinguishing Acts of War in Cyberspace: Assessment Criteria, Policy Considerations, and Response Implications

View the Executive SummaryDetermining an act of war in the traditional domains of land, sea, and air often involves sophisticated interactions of many factors that may be outside the control of the parties involved. This monograph seeks to provide senior policymakers, decisionmakers, military leaders, and their respective staffs with essential background on this topic as well as introduce an analytical framework for them to utilize according to their needs. It develops this theme in four major sections. First, it presents the characterization of cyberspace to establish terms for broader dialogue as well as to identify unique technical challenges that the cyberspace domain may introduce into the process of distinguishing acts of war. Second, it explores assessment criteria involved with assaying cyber incidents to determine if they represent aggression and possible use of force; and if so, to what degree? Third, it looks at the policy considerations associated with applying such criteria by examining relevant U.S. strategies as well as the strategies of other key countries and international organizations, and considers how nonstate actors may affect U.S. deliberations. Fourth, it examines the influences that course of action development and implementation may have on the assessment of cyberspace incidents, such as reliable situational awareness, global and domestic environment considerations, and options and their related risks and potential consequences. It argues that the United States must also expect and accept that other nations may reasonably apply the criteria we develop to our own actions in cyberspace.https://press.armywarcollege.edu/monographs/1481/thumbnail.jp

Volume II Acquisition Research Creating Synergy for Informed Change, Thursday 19th Annual Acquisition Research Proceedings

ProceedingsApproved for public release; distribution is unlimited

Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges

Organizational information system users (OISU) that are victimized by cyber threats are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, it has been argued that cybersecurity competency is critical for advancing economic prosperity and maintaining national security. The fact remains that technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. All OISUs, from accountants to cybersecurity forensics experts, can place organizational assets at risk. However, that risk is increased when OISUs do not have the cybersecurity competency necessary for operating an information system (IS). The main goal of this research study was to propose and validate, using subject matter experts (SME), a reliable hands-on prototype assessment tool for measuring the cybersecurity competency of an OISU. To perform this assessment, SMEs validated the critical knowledge, skills, and abilities (KSA) that comprise the cybersecurity competency of OISUs. Primarily using the Delphi approach, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: KSAs, KSA measures, KSA measure weights, and cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 of this study performed five semi-structured SME interviews before using the Delphi method and anonymous online surveys of 30 cybersecurity SMEs to validate OISU cybersecurity KSAs found in literature and United States government (USG) documents. The results of Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). In Phase 2, two rounds of the Delphi method with anonymous online surveys of 15 SMEs were used to propose and validate OISU cybersecurity KSA measures. The results of Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). In Phase 3, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate OISU cybersecurity KSA weights. The results of Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). When Phase 3 was completed, the MyCyberKSAsTM prototype assessment tool was developed using the results of Phases 1-3, and Phase 4 was initiated. In Phase 4, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate an OISU cybersecurity competency threshold (index score) of 80%, which was then integrated into the MyCyberKSAsTM prototype tool. Before initiating Phase 5, the MyCyberKSAsTM prototype tool was fully tested by 10 independent testers to verify the accuracy of data recording by the tool. After testing of the MyCyberKSAsTM prototype tool was completed, Phase 5 of this study was initiated. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype tool. Upon completion of Phase 5, data analysis of the cybersecurity competency results of the 54 OISUs was conducted. Data analysis was conducted in Phase 5 by computing levels of dispersion and one-way analysis of variance (ANOVA). The results of the ANOVA data analysis from Phase 5 revealed that annual cybersecurity training and job function are significant, showing differences in OISU cybersecurity competency. Additionally, ANOVA data analysis from Phase 5 showed that age, cybersecurity certification, gender, and time with company were not significant thus showing no difference in OISU cybersecurity competency. The results of this research study were validated by SMEs as well as the MyCyberKSAsTM prototype tool; and proved that the tool is capable of assessing the cybersecurity competency of an OISU. The ability for organizations to measure the cybersecurity competency of OISUs is critical to lowering risks that could be exploited by cyber threats. Moreover, the ability for organizations to continually measure the cybersecurity competency of OISUs is critical for assessing workforce susceptibility to emerging cyber threats. Furthermore, the ability for organizations to measure the cybersecurity competency of OISUs allows organizations to identify specific weaknesses of OISUs that may require additional training or supervision, thus lowering risks of being exploited by cyber threats

Strategic Latency Unleashed: The Role of Technology in a Revisionist Global Order and the Implications for Special Operations Forces

The article of record may be found at https://cgsr.llnl.govThis work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory in part under Contract W-7405-Eng-48 and in part under Contract DE-AC52-07NA27344. The views and opinions of the author expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC. ISBN-978-1-952565-07-6 LCCN-2021901137 LLNL-BOOK-818513 TID-59693This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory in part under Contract W-7405-Eng-48 and in part under Contract DE-AC52-07NA27344. The views and opinions of the author expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC. ISBN-978-1-952565-07-6 LCCN-2021901137 LLNL-BOOK-818513 TID-5969