Comprehensive Security Framework for Global Threats Analysis

Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios

Intelligence within BAOR and NATO's Northern Army Group

During the Cold War the UK's principal military role was its commitment to the North Atlantic Treaty Organisation (NATO) through the British Army of the Rhine (BAOR), together with wartime command of NATO's Northern Army Group. The possibility of a surprise attack by the numerically superior Warsaw Pact forces ensured that great importance was attached to intelligence, warning and rapid mobilisation. As yet we know very little about the intelligence dimension of BAOR and its interface with NATO allies. This article attempts to address these neglected issues, ending with the impact of the 1973 Yom Kippur War upon NATO thinking about warning and surprise in the mid-1970s. It concludes that the arrangements made by Whitehall for support to BAOR from national assets during crisis or transition to war were - at best - improbable. Accordingly, over the years, BAOR developed its own unique assets in the realm of both intelligence collection and special operations in order to prepare for the possible outbreak of conflict

Multiple Case Comparison of the In-Transit Visibility Business Process

Over the past decade, the Department of Defense has developed an In-transit Visibility capability. Despite significant funding and research in developing this capability, the initial deployment in support of Operation ENDURING FREEDOM (OEF) in 2001 highlighted an ongoing problem to achieve ITV within the U.S. Air Force. Initial results from Headquarters USAF initiated studies point to a need to focus on business processes related ITV management. This research employed a multiple case study design embedded in a functional benchmarking process to solicit ITV management best practices from leaders in the civilian logistics industry and to identify gaps between their practices and those of the Air Force. The data collection method used electronic mail as a portal to conducting subject matter expert interviews. Using the data collected from the benchmarking partners, the research recognized 19 best practices and compared the civilian and military environments in 41 areas. This evaluation highlighted gaps between practices used in the civilian industry and those used by the Air Force. These gaps served as areas of opportunity in which the Air Force can evaluate alternative management practices in an effort to improve the ITV process. Using these gaps as a foundation, the research proposed fourteen recommendations for action

Advanced Topics in Systems Safety and Security

This book presents valuable research results in the challenging field of systems (cyber)security. It is a reprint of the Information (MDPI, Basel) - Special Issue (SI) on Advanced Topics in Systems Safety and Security. The competitive review process of MDPI journals guarantees the quality of the presented concepts and results. The SI comprises high-quality papers focused on cutting-edge research topics in cybersecurity of computer networks and industrial control systems. The contributions presented in this book are mainly the extended versions of selected papers presented at the 7th and the 8th editions of the International Workshop on Systems Safety and Security—IWSSS. These two editions took place in Romania in 2019 and respectively in 2020. In addition to the selected papers from IWSSS, the special issue includes other valuable and relevant contributions. The papers included in this reprint discuss various subjects ranging from cyberattack or criminal activities detection, evaluation of the attacker skills, modeling of the cyber-attacks, and mobile application security evaluation. Given this diversity of topics and the scientific level of papers, we consider this book a valuable reference for researchers in the security and safety of systems

Estimating Defensive Cyber Operator Decision Confidence

As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause grave damage to the network and host systems. The Cyber Intruder Alert Testbed (CIAT), a synthetic task environment (STE), was expanded to include investigative pattern of behavior monitoring and confidence reporting capabilities. By analyzing the behavior and confidence of participants while they conducted cyber-based investigations, this research was able to identify a mapping between investigative patterns of behavior and decision confidence. The total time spent on a decision, the time spent using different investigative tools, and total number of tool transitions, were all factors which influenced the reported confidence of participants when conducting cyber-based investigations

Constraining Ground Force Exercises of NATO and the Warsaw Pact

Confidence and security building measures (CSBMs) have long been the neglected stepchild of serious arms control analysis. Some view CSBMs as arms control junk food, frivolous, unworkable, or even detrimental. Others are so enamored of the concept that they expect proposals to be accepted as prima facie desirable. After all, the very term confidence and security connotes stability and peace. The problem with both positions is often the dearth of hard analysis in support of the ideas put forward and the abstract nature of the discussions of security building. As witnessed in the contrast between the quiet success of the 1972 Incidents at Sea Agreement and the disastrous Trojan Horse episode of ancient Greece, CSBMs can have good or bad results. It is necessary to sort out analytically which CSBMs make sense to enhance security in Europe. This study aims to do that in the case of one important type of CSBM: constraints on the military ground exercises of NATO and the Warsaw Treaty Organization (WTO or Warsaw Pact)

Counter-intelligence in a command economy

We provide the first thick description of the KGB’s counter-intelligence function in the Soviet command economy. Based on documentation from Lithuania, the paper considers KGB goals and resources in relation to the supervision of science, industry, and transport; the screening of business personnel; the management of economic emergencies; and the design of economic reforms. In contrast to a western market regulator, the role of the KGB was to enforce secrecy, monopoly, and discrimination. As in the western market context, regulation could give rise to perverse incentives with unintended consequences. Most important of these may have been adverse selection in the market for talent. There is no evidence that the KGB was interested in the costs of its regulation or in mitigating the negative consequences