DDoS Capability and Readiness - Evidence from Australian Organisations

A common perception of cyber defence is that it should protect systems and data from malicious attacks, ideally keeping attackers outside of secure perimeters and preventing entry. Much of the effort in traditional cyber security defence is focused on removing gaps in security design and preventing those with legitimate permissions from becoming a gateway or resource for those seeking illegitimate access. By contrast, Distributed Denial of Service (DDoS) attacks do not use application backdoors or software vulnerabilities to create their impact. They instead utilise legitimate entry points and knowledge of system processes for illegitimate purposes. DDoS seeks to overwhelm system and infrastructure resources so that legitimate requests are prevented from reaching their intended destination. For this thesis, a literature review was performed using sources from two perspectives. Reviews of both industry literature and academic literature were combined to build a balanced view of knowledge of this area. Industry and academic literature revealed that DDoS is outpacing internet growth, with vandalism, criminal and ideological motivations rising to prominence. From a defence perspective, the human factor remains a weak link in cyber security due to proneness for mistakes, oversights and the variance in approach and methods expressed by differing cultures. How cyber security is perceived, approached, and applied can have a critical effect on the overall outcome achieved, even when similar technologies are implemented. In addition, variance in the technical capabilities of those responsible for the implementation may create further gaps and vulnerabilities. While discussing technical challenges and theoretical concepts, existing literature failed to cover the experiences held by the victim organisations, or the thoughts and feelings of their personnel. This thesis addresses these identified gaps through exploratory research, which used a mix of descriptive and qualitative analysis to develop results and conclusions. The websites of 60 Australian organisations were analysed to uncover the level and quality of cyber security information they were willing to share and the methods and processes they used to engage with their audience. In addition, semi-structured interviews were conducted with 30 employees from around half of those websites analysed. These were analysed using NVivo12 qualitative analysis software. The difficulty experienced with attracting willing participants reflected the comfort that organisations showed with sharing cyber security information and experiences. However, themes found within the results show that, while DDoS is considered a valid threat, without encouragement to collaborate and standardise minimum security levels, firms may be missing out on valuable strategies to improve their cyber security postures. Further, this reluctance to share leads organisations to rely on their own internal skill and expertise, thus failing to realise the benefits of established frameworks and increased diversity in the workforce. Along with the size of the participant pool, other limitations included the diversity of participants and the impact of COVID-19 which may have influenced participants' thoughts and reflections. These limitations however, present opportunity for future studies using greater participant numbers or a narrower target focus. Either option would be beneficial to the recommendations of this study which were made from a practical, social, theoretical and policy perspective. On a practical and social level, organisational capabilities suffer due to the lack of information sharing and this extends to the community when similar restrictions prevent collaboration. Sharing of knowledge and experiences while protecting sensitive information is a worthy goal and this is something that can lead to improved defence. However, while improved understanding is one way to reduce the impact of cyber-attacks, the introduction of minimum cyber security standards for products, could reduce the ease at which devices can be used to facilitate attacks, but only if policy and effective governance ensures product compliance with legislation. One positive side to COVID-19's push to remote working, was an increase in digital literacy. As more roles were temporarily removed from their traditional physical workplace, many employees needed to rapidly accelerate their digital competency to continue their employment. To assist this transition, organisations acted to implement technology solutions that eased the ability for these roles to be undertaken remotely and as a consequence, they opened up these roles to a greater pool of available candidates. Many of these roles are no longer limited to the geographical location of potential employees or traditional hours of availability. Many of these roles could be accessed from almost anywhere, at any time, which had a positive effect on organisational capability and digital sustainability

INTER-ENG 2020

These proceedings contain research papers that were accepted for presentation at the 14th International Conference Inter-Eng 2020 ,Interdisciplinarity in Engineering, which was held on 8–9 October 2020, in Târgu Mureș, Romania. It is a leading international professional and scientific forum for engineers and scientists to present research works, contributions, and recent developments, as well as current practices in engineering, which is falling into a tradition of important scientific events occurring at Faculty of Engineering and Information Technology in the George Emil Palade University of Medicine, Pharmacy Science, and Technology of Târgu Mures, Romania. The Inter-Eng conference started from the observation that in the 21st century, the era of high technology, without new approaches in research, we cannot speak of a harmonious society. The theme of the conference, proposing a new approach related to Industry 4.0, was the development of a new generation of smart factories based on the manufacturing and assembly process digitalization, related to advanced manufacturing technology, lean manufacturing, sustainable manufacturing, additive manufacturing, and manufacturing tools and equipment. The conference slogan was “Europe’s future is digital: a broad vision of the Industry 4.0 concept beyond direct manufacturing in the company”

Jornadas Nacionales de Investigación en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigación en ciberseguridad: Vigo, 21 a 23 de junio de 2023

Jornadas Nacionales de Investigación en Ciberseguridad (8ª. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernización tecnolóxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida