Scale Inside-Out: Rapid Mitigation of Cloud DDoS Attacks

The distributed denial of service (DDoS) attacks in cloud computing requires quick absorption of attack data. DDoS attack mitigation is usually achieved by dynamically scaling the cloud resources so as to quickly identify the onslaught features to combat the attack. The resource scaling comes with an additional cost which may prove to be a huge disruptive cost in the cases of longer, sophisticated, and repetitive attacks. In this work, we address an important problem, whether the resource scaling during attack, always result in rapid DDoS mitigation? For this purpose, we conduct real-time DDoS attack experiments to study the attack absorption and attack mitigation for various target services in the presence of dynamic cloud resource scaling. We found that the activities such as attack absorption which provide timely attack data input to attack analytics, are adversely compromised by the heavy resource usage generated by the attack. We show that the operating system level local resource contention, if reduced during attacks, can expedite the overall attack mitigation. The attack mitigation would otherwise not be completed by the dynamic scaling of resources alone. We conceived a novel relation which terms “Resource Utilization Factor” for each incoming request as the major component in forming the resource contention. To overcome these issues, we propose a new “Scale Inside-out” approach which during attacks, reduces the “Resource Utilization Factor” to a minimal value for quick absorption of the attack. The proposed approach sacrifices victim service resources and provides those resources to mitigation service in addition to other co-located services to ensure resource availability during the attack. Experimental evaluation shows up to 95 percent reduction in total attack downtime of the victim service in addition to considerable improvement in attack detection time, service reporting time, and downtime of co-located services

LAYING THE FOUNDATION FOR A MINIATUAIRZED SCADA TESTBED TO BE BUILT AT CSUSB

This culminating experience sought to lay the foundation for a miniaturized physical SCADA testbed to be built at California State University San Bernardino to enable students to apply the cybersecurity knowledge, skills and abilities in a fun and engaging environment while learning about what SCADA is, how it works, and how to improve the security of it. This project was conducted in response to a growing trend of cybersecurity attacks that have targeted our critical infrastructure systems through SCADA systems which are legacy systems that manage critical infrastructure systems within the past 10 years. Since SCADA systems require constant availability, it makes it hard to test the security of these devices which is why testbeds have been designed to analyze how a cyber-attack affects these systems in a safe environment. To build a SCADA testbed at CSUSB this project designed a requirements documentation based on the following questions so that the next person that wants to accomplish this task can take the requirements outlined and build a miniaturized physical SCADA testbed. To craft the appropriate requirements documentation this project aimed to answer the following questions: Q1. How can a miniaturized SCADA testbed be built for a school environment using open-source architecture? Q2. What critical infrastructure sectors can be easily implemented into a physical SCADA testbed? Q3. Which cyber-attacks can be easily replicable in a SCADA scenario-based environment? Q4. How should SCADA scenarios be modeled for an implementation into this testbed? To answer these questions, research was conducted utilizing scholarly articles on currently available SCADA testbeds, conducted interviews with individuals that have built SCADA testbeds, and distributed a survey to different SCADA professionals to build a requirement documentation for the miniaturized SCADA testbed, which included functional and nonfunctional requirements, use case diagrams and detailed use cases. After gathering the data from 3 different interviews with SCADA professionals and aggregating responses of the surveys we crafted a requirements documentation which includes a requirements documentation, detailed use cases, use case diagrams, and a classes and relationship chart so that the next individual who works on this project can use these ideas and begin construction of a miniaturized SCADA testbed at CSUSB

What Ukraine Taught NATO about Hybrid Warfare

Russia’s invasion of Ukraine in 2022 forced the United States and its NATO partners to be confronted with the impact of hybrid warfare far beyond the battlefield. Targeting Europe’s energy security, Russia’s malign influence campaigns and malicious cyber intrusions are affecting global gas prices, driving up food costs, disrupting supply chains and grids, and testing US and Allied military mobility. This study examines how hybrid warfare is being used by NATO’s adversaries, what vulnerabilities in energy security exist across the Alliance, and what mitigation strategies are available to the member states. Cyberattacks targeting the renewable energy landscape during Europe’s green transition are increasing, making it urgent that new tools are developed to protect these emerging technologies. No less significant are the cyber and information operations targeting energy security in Eastern Europe as it seeks to become independent from Russia. Economic coercion is being used against Western and Central Europe to stop gas from flowing. China’s malign investments in Southern and Mediterranean Europe are enabling Beijing to control several NATO member states’ critical energy infrastructure at a critical moment in the global balance of power. What Ukraine Taught NATO about Hybrid Warfare will be an important reference for NATO officials and US installations operating in the European theater.https://press.armywarcollege.edu/monographs/1952/thumbnail.jp

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime

Cyber Threats and NATO 2030: Horizon Scanning and Analysis

The book includes 13 chapters that look ahead to how NATO can best address the cyber threats, as well as opportunities and challenges from emerging and disruptive technologies in the cyber domain over the next decade. The present volume addresses these conceptual and practical requirements and contributes constructively to the NATO 2030 discussions. The book is arranged in five short parts...All the chapters in this book have undergone double-blind peer review by at least two external experts.https://scholarworks.wm.edu/asbook/1038/thumbnail.jp

Historical events and supply chain disruption : chemical, biological, radiological and cyber events

Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2003.Includes bibliographical references (leaves 98-113).In the wake of the attacks of September 11, 2001, terrorism emerged as a legitimate threat not just to society, but to corporations as well. This new threat has challenged old business rules and prompted companies to rethink their supply chain operations. However, the events of September 11th were not the first or the only disruptions that the business world had experienced. This thesis reviews past historical events that simulate the effects of a terrorist attack and extracts lessons that can be applied by today's corporations to prepare for future attacks or disruptions. The types of events studied include Biological, Chemical, Radiological and Cyber disruptions. Through the analysis and synthesis of each event's impact, the following generalized recommendations emerged: Prior warnings and events should be acknowledged, studied and utilized. Government intervention may strain operations under disruptive stress. Alternate sourcing should be considered to ease supply issues. Disruptions should be approached in a comprehensive and forthright manner. A security and safety culture should be fostered to prevent disruptions and control their spread. Systems should be prepared to quickly operate in isolation during a disruption. Finally, impact is frequently less severe then initially predicted. Through the events described and these recommendations, this thesis aims to provide lessons for firms to manage their supply chains through future disruptions.by Reshma P. Lensing.M.Eng.in Logistic