Towards the Development of a Defensive Cyber Damage and Mission Impact Methodology

The purpose of this research is to establish a conceptual methodological framework that will facilitate effective cyber damage and mission impact assessment and reporting following a cyber-based information incidents. Joint and service guidance requires mission impact reporting, but current efforts to implement such reporting have proven ineffective. This research seeks to understand the impediments existing in the current implementation and to propose an improved methodology. The research employed a hybrid historical analysis and case study methodology for data collection through extensive literature review, examination of existing case study research and interviews with Air Force members and civilian personnel employed as experts in cyber damage and mission impact assessment of Air Force networks. Nine respondents provided valuable first-hand information about the current implementation cyber damage and mission impact assessment. This research identified several critical impediments to current mission impact assessment efforts on Air Force networks. Based upon these findings, a proposal is made for a new operations-focused defensive cyber damage and mission impact methodology. The methodology will address the critical impediments identified and will result in profound benefits in other areas of cyber asset protection. Recommendations for conceptual implementation and operationalization are presented and related future research topics are discussed

Concurrent Biological, Electromagnetic Pulse, And Cyber Attacks - A Challenge To The Interagency Response

The U.S. including its military depends on an electrical grid and electricity-based critical infrastructure. An electromagnetic pulse (EMP) and cyber attack can disable not just a significant portion of the electrical grid and critical infrastructure, but also the networkcentric military response to such an attack. There is a large range of actors that might attempt EMP attacks against the U.S.. Health surveillance systems are network-centric, and if mass destruction is the goal of an adversary, launching a biological attack concurrently with EMP and cyber attacks may achieve this goal. Current agency response plans focus on one WMD attack at a time but combined attacks without emergency management plans may compromise a timely response. An EMP and cyber attack could amplify the effects of a biological attack because the loss of the electrical grid and electricity-based critical infrastructure could disable detection and response efforts as well as disrupt interagency efforts to coordinate a medical response. EMP is often perceived as science fiction because the immediate effect does not result in loss of life, but the cascading failures of critical infrastructure will affect civilian and military capabilities to support survival and recovery. Key steps to mitigate the catastrophic effects of an EMP attack should be taken and include: prevent an attack in the first place, prepare so personnel can respond after an attack, protect the critical infrastructure to limit the impact, and recover after an attack to restore power and critical infrastructure

A parallelized database damage assessment approach after cyberattack for healthcare systems

In the current Internet of things era, all companies shifted from paper-based data to the electronic format. Although this shift increased the efficiency of data processing, it has security drawbacks. Healthcare databases are a precious target for attackers because they facilitate identity theft and cybercrime. This paper presents an approach for database damage assessment for healthcare systems. Inspired by the current behavior of COVID-19 infections, our approach views the damage assessment problem the same way. The malicious transactions will be viewed as if they are COVID-19 viruses, taken from infection onward. The challenge of this research is to discover the infected transactions in a minimal time. The proposed parallel algorithm is based on the transaction dependency paradigm, with a time complexity O((M+NQ+Nˆ3)/L) (M = total number of transactions under scrutiny, N = number of malicious and affected transactions in the testing list, Q = time for dependency check, and L = number of threads used). The memory complexity of the algorithm is O(N+KL) (N = number of malicious and affected transactions, K = number of transactions in one area handled by one thread, and L = number of threads). Since the damage assessment time is directly proportional to the denial-of-service time, the proposed algorithm provides a minimized execution time. Our algorithm is a novel approach that outperforms other existing algorithms in this domain in terms of both time and memory, working up to four times faster in terms of time and with 120,000 fewer bytes in terms of memory

Survival in the e-conomy: 2nd Australian information warfare & security conference 2001

This is an international conference for academics and industry specialists in information warfare, security, and other related fields. The conference has drawn participants from national and international organisations

Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees\u27 behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization

ICT aspects of power systems and their security

This report provides a deep description of four complex Attack Scenarios that have as final goal to produce damage to the Electric Power Transmission System. The details about protocols used, vulnerabilities, devices etc. have been for obvious reasons hidden, and the ones presented have to be understood as mere (even if realistic) simplified versions of possible power systems.JRC.DG.G.6-Security technology assessmen

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Evaluating Information Assurance Control Effectiveness on an Air Force Supervisory Control and Data Acquisition (SCADA) System

Supervisory Control and Data Acquisition (SCADA) systems are increasingly being connected to corporate networks which has dramatically expanded their attack surface to remote cyber attack. Adversaries are targeting these systems with increasing frequency and sophistication. This thesis seeks to answer the research question addressing which Information Assurance (IA) controls are most significant for network defenders and SCADA system managers/operators to focus on in order to increase the security of critical infrastructure systems against a Stuxnet-like cyber attack. This research applies the National Institute of Science and Technology (NIST) IA controls to an attack tree modeled on a remote Stuxnet-like cyber attack against the WPAFB fuels operation. The probability of adversary success of specific attack scenarios is developed via the attack tree. Then an impact assessment is obtained via a survey of WPAFB fuels operation subject matter experts (SMEs). The probabilities of adversary success and impact analysis are used to create a Risk Level matrix, which is analyzed to identify recommended IA controls. The culmination of this research identified 14 IA controls associated with mitigating an adversary from gaining remote access and deploying an exploit as the most influential for SCADA managers, operators and network defenders to focus on in order to maximize system security against a Stuxnet-like remote cyber attack