Contested Deployment

As indicated in the 2018 National Defense Strategy and evolving Multi-Domain Operations doctrine, the assumption the homeland will provide a secure space for mobilization and deployment is no longer valid. This integrated research project goes beyond affirming this assumption and contributes to efforts to mitigate the concerns a contested deployment entails. Following the introductory chapter, Chapter 2, “Army Deployments in a Contested Homeland: A Framework for Protection,” explores how current coordination and cooperation mechanisms between the DoD and state and local government may need realignment, with civil authorities preparing themselves to support military mobilization. Chapter 3, “Strategic Seaports and National Defense in a Contested Environment,” examines the 22 strategic seaports across the United States, identifying issues with throughput, structural integrity, security, readiness, funding, and authorities. Chapter 4, “Single Point of Failure,” identifies how strict adherence to a business efficiency model for munition production and distribution may jeopardize the successful employment of military forces. Chapter 5, “The Interstate Highway System: Reinvestment Needed before a Contested Deployment,” provides the status of the deteriorating road network and explains how associated vulnerabilities could be exploited by an adversary. The two appendices provide points for consideration on cyberattacks and defense and the impacts a full mobilization of reserve forces would have on the homeland.https://press.armywarcollege.edu/monographs/1944/thumbnail.jp

Governing autonomous vehicles: emerging responses for safety, liability, privacy, cybersecurity, and industry risks

The benefits of autonomous vehicles (AVs) are widely acknowledged, but there are concerns about the extent of these benefits and AV risks and unintended consequences. In this article, we first examine AVs and different categories of the technological risks associated with them. We then explore strategies that can be adopted to address these risks, and explore emerging responses by governments for addressing AV risks. Our analyses reveal that, thus far, governments have in most instances avoided stringent measures in order to promote AV developments and the majority of responses are non-binding and focus on creating councils or working groups to better explore AV implications. The US has been active in introducing legislations to address issues related to privacy and cybersecurity. The UK and Germany, in particular, have enacted laws to address liability issues, other countries mostly acknowledge these issues, but have yet to implement specific strategies. To address privacy and cybersecurity risks strategies ranging from introduction or amendment of non-AV specific legislation to creating working groups have been adopted. Much less attention has been paid to issues such as environmental and employment risks, although a few governments have begun programmes to retrain workers who might be negatively affected.Comment: Transport Reviews, 201

Compliance analysis for cyber security marine standards : Evaluation of compliance using application lifecycle management tools

The aim of this thesis is to analyse cyber security requirements and notations from marine classification societies and other entities to understand how to meet compliance in current cyber security requirements from maritime class societies and other maritime organizations. The methods used in this research involved a desk review of cyber security requirements from IACS members, IACS UR E 27 and IEC 62443, a survey questionnaire of relevant cyber security standards pertinent to maritime product development, and Polarion, an application lifecycle management solution used to synthesize the cyber security requirements from the maritime class societies and determine their correlations to IEC 62443 as a baseline. Results indicate that IEC 62443 correlates to the standards from DNV and IACS (UR E 27) and majority of the requirements were deemed compliant in compliance gap assessments of a maritime product. The conclusion is that IEC 62443 can be utilised as a baseline cyber requirement with a requirements management tool like Polarion to analyse and satisfy compliance requirements from maritime class societies and maritime organizations that base their cyber security requirements according to IACS UR E27 and IEC 62443-3-3 and should be adopted in addressing future compliance analysis of cyber requirements focusing on autonomous shipping

Laboratory Exercises to Accompany Industrial Control and Embedded Systems Security Curriculum Modules

The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. These successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this critical need, we designed, developed and implemented ICS and ES security curriculum modules with pertinent hands-on laboratory exercises that can be freely adopted across the national setting. This paper describes in detail the modules and the accompanying exercises and proposes future enhancements and extensions to these pedagogical instruments. It highlights the interaction between control and embedded systems security with Presidential Policy Directive 8- the National Preparedness Plan (NPP), cyber risk management, incident handling. To establish the premise the laboratory exercises were developed. This paper outlines the description and content of the modules in the areas of (1) Industrial Control Systems (ICS) Security, (2) embedded systems (ES), and (3) guidelines, standards, and policy. The ICS security modules cover the predominant ICS protocols, ladder logic programming, Human Machine Interface (HMI), defensive techniques, ICS reconnaissance, vulnerability assessment, Intrusion detection, and penetration testing. The ES security modules include topics such as secure firmware programming and authentication mechanisms. In the guidelines, standards, and policy section, the topics covered by the modules include the NPP as it relates to CI protection, risk management, system protection and policy design, and managing operations and controls. An overview of the various hands-on exercises that accompany the course modules is also presented. Further, to evaluate the effectiveness of the pedagogical materials, an initial evaluation was conducted and the survey data were collected, analyzed, and presented. The paper concludes with future enhancements and directives on opportunities for module extensions and course adoption

Cyber-physical security for ports infrastructure

Taking advantage of the benefits associated with digital means has become a main priority for ports globally. The effective and smooth integration of Information Technology (IT) applications and those systems that support the conduct of operations (Operational Technology (OT) systems), along with the accurate “adjustment” of the human factor elements should be viewed as a very critical pillar for optimized safe and efficient operations in ports. The afore mentioned assimilation characterizes cyber-physical systems and entails an extended number of IT and OT modules, systems and tasks involving various data transmission routes that are advancing in a technological and operational level alongside plausible cybersecurity threats. These cybersecurity risks, threats and vulnerabilities are depicted in this article to emphasize the progression of cyber- physical systems in the wider maritime industry and port domains, along with their rising cybersecurity vulnerabilities. Existing and applicable industry and government standards and mandates associated with cybersecurity attempt to impose regulatory compliance and increase asset cybersecurity integrity with reduced emphasis however, in the existing OT (Operational Technology) components and systems. The use of security risk assessment tools and processes that are used in other industrial sectors, such as the Security Risk Assessment (SRA) and the Bow Tie Analysis methods, can support the evaluation of IT/OT infrastructure for cyber-physical security susceptibilities and then assign suitable reactive measures. The implementation of cybersecurity safeguards that arise through the implementation of the MITRE ATT&CK Threat Model can enhance the cybersecurity posture of those assets that support the logistics chain, assuming that they are intermittently adapted following evaluations for their effectiveness and suitability. Finally, the improvement of stakeholder communication and cyber-awareness along with the increase in cyber- physical security resiliency can further be aided by the effective convergence of the segregated cyber and physical security elements of waterside or landside-based IT/OT infrastructure

Malware in the Future? Forecasting of Analyst Detection of Cyber Events

There have been extensive efforts in government, academia, and industry to anticipate, forecast, and mitigate cyber attacks. A common approach is time-series forecasting of cyber attacks based on data from network telescopes, honeypots, and automated intrusion detection/prevention systems. This research has uncovered key insights such as systematicity in cyber attacks. Here, we propose an alternate perspective of this problem by performing forecasting of attacks that are analyst-detected and -verified occurrences of malware. We call these instances of malware cyber event data. Specifically, our dataset was analyst-detected incidents from a large operational Computer Security Service Provider (CSSP) for the U.S. Department of Defense, which rarely relies only on automated systems. Our data set consists of weekly counts of cyber events over approximately seven years. Since all cyber events were validated by analysts, our dataset is unlikely to have false positives which are often endemic in other sources of data. Further, the higher-quality data could be used for a number for resource allocation, estimation of security resources, and the development of effective risk-management strategies. We used a Bayesian State Space Model for forecasting and found that events one week ahead could be predicted. To quantify bursts, we used a Markov model. Our findings of systematicity in analyst-detected cyber attacks are consistent with previous work using other sources. The advanced information provided by a forecast may help with threat awareness by providing a probable value and range for future cyber events one week ahead. Other potential applications for cyber event forecasting include proactive allocation of resources and capabilities for cyber defense (e.g., analyst staffing and sensor configuration) in CSSPs. Enhanced threat awareness may improve cybersecurity.Comment: Revised version resubmitted to journa

Cybersecurity Logging & Monitoring Security Program

With ubiquitous computing becoming pervasive in every aspect of societies around the world and the exponential rise in cyber-based attacks, cybersecurity teams within global organizations are spending a massive amount of human and financial capital on their logging and monitoring security programs. As a critical part of global organizational security risk management processes, it is important that log information is aggregated in a timely, accurate, and relevant manner. It is also important that global organizational security operations centers are properly monitoring and investigating the security use-case alerting based on their log data. In this paper, the author proposes a model for security logging and monitoring which details the inception, implementation, and operations of the program. This entails providing an overview of the logging and monitoring program, its purpose, and structure