Wargames as Data: Addressing the Wargamer's Trilemma

Policymakers often want the very best data with which to make decisions--particularly when concerned with questions of national and international security. But what happens when this data is not available? In those instances, analysts have come to rely on synthetic data-generating processes--turning to modeling and simulation tools and survey experiments among other methods. In the cyber domain, where empirical data at the strategic level are limited, this is no different--cyber wargames are quickly becoming a principal method for both exploring and analyzing the security challenges posed by state and non-state actors in cyberspace. In this chapter, we examine the design decisions associated with this method.Comment: 3 figure

Design requirements for generating deceptive content to protect document repositories

For nearly 30 years, fake digital documents have been used to identify external intruders and malicious insider threats. Unfortunately, while fake files hold potential to assist in data theft detection, there is little evidence of their application outside of niche organisations and academic institutions. The barrier to wider adoption appears to be the difficulty in constructing deceptive content. The current generation of solutions principally: (1) use unrealistic random data; (2) output heavily formatted or specialised content, that is difficult to apply to other environments; (3) require users to manually build the content, which is not scalable, or (4) employ an existing production file, which creates a protection paradox. This paper introduces a set of requirements for generating automated fake file content: (1) enticing, (2) realistic, (3) minimise disruption, (4) adaptive, (5) scalable protective coverage, (6) minimise sensitive artefacts and copyright infringement, and (7) contain no distinguishable characteristics. These requirements have been drawn from literature on natural science, magical performances, human deceit, military operations, intrusion detection and previous fake file solutions. These requirements guide the design of an automated fake file content construction system, providing an opportunity for the next generation of solutions to find greater commercial application and widespread adoption

Cyber-SHIP: Developing Next Generation Maritime Cyber Research Capabilities

As a growing global threat, cyber-attacks can cost millions of dollars or endanger national stability and human lives. While relatively well understood in most sectors, it is becoming clear that, although the maritime sector is becoming more digitally advanced (e.g., autonomy), it is not well protected against cyber or cyber-physical attacks and accidents. To help improve sector-wide safety and resiliency, the University of Plymouth (UoP) is creating a specialised maritime-cyber lab, which combines maritime technology and traditional cyber-security labs. This is in response to the lack of research and mitigation capabilities and will create a new resource capability for academia, government, and industry research into maritime cybersecurity risks and threats. These lab capabilities will also enhance existing maritime-cyber capabilities across the world, including risk assessment frameworks, cybersecurity ranges/labs, ship simulators, mariner training programmes, autonomous ships, etc. The goal of this paper is to explain the need for next generation maritime-cyber research capabilities, and demonstrate how something like the proposed Cyber-SHIP Lab (Hardware, Software, Information and Protections) will help industry, government, and academia understand and mitigate cyber threats in the maritime sector. The authors believe a next generation cyber-secure lab should host a range of real, non-simulated, maritime systems. With multiple configurations to mirror existing bridge system set-ups, the technology can be studied for individual system weakness as well as the system-of-systems vulnerabilities. Such as lab would support a range of research that cannot be achieved with simulators alone and help support the next generation of cyber-secure marine systems. </jats:p

China Digital Silk Road And Indonesia Digital Transformation

The Belt and Road Initiative (BRI), the signature project of the Xi Jinping regime, has established a wide range of lofty goals that would usher in a new chapter of China's integration into the global market system and expand Chinese influence. Notably, China's now-powerful digital companies and cyberspace power actively sought a significant position in this massive statist effort under the policy banner of establishing a Digital Silk Road. Under this project, Beijing has multiple policy mechanisms to spread its digital power. Indonesia's enormous digital economy potential has become a significant target of this project. Using the qualitative method and analyzing two-level games by Robert D Putnam, this research will explain the relationship of Indonesian domestic actors concerning China's digital silk road. This research argues that the digital silk road in Indonesia has made more progress than other BRI projects because the DSR has integrated with the government, private sectors, and parliament's need for digital transformation. When the approval rating of domestic stakeholders is high, the success of the cooperation will be high too

Deceptive Self-Attack for Cyber-Defense

The asymmetry between cyber-defense and cyber-offense is well-known; defenders must perfectly protect their systems, while attackers need only find one flaw. Defensive cyber-deception has been proposed as a way to mitigate this problem, by using various techniques designed to require attackers to defend themselves from misdirection, false data, and counter-attack. In this paper, we propose a new cyber-deception technique: deceptive self-attack (DSA). DSA modifies network and systems to give the appearance that an unknown third party is also at work attacking the same systems. It is our contention that the presence of this (deceptive) adversary pressures real adversaries in novel ways useful to cyber-defense; and discuss these effects. As a study in DSA, we present and evaluate SoundTheAlarm, a SMT-solver based system for generating deceptive self-attack network traffic. SoundTheAlarm uses public attack signatures from the Suricata intrusion detection system to automatically generate network traffic consistent with a particular cyber-attack signature

Gemini Principles

Up to 30% of annual spend across the built environment is lost in inefficiencies related to poor quality data1. This is seen in lost productivity due to underperforming economic and social infrastructure. Effective information management will enable better decisions, leading to financial savings, improved performance and service, and better outcomes for business and society per whole-life pound. To make this possible an information management framework is necessary. This paper seeks to build consensus on foundational definitions and guiding values – the Gemini Principles – and to begin enabling alignment on the approach to information management across the built environment.Funded by the Centre for Digital Built Britai

Cyber Flag: A Realistic Cyberspace Training Construct

As is well understood, the rapidly unfolding challenges of cyberspace is a fundamental warfare paradigm shift revolutionizing the way future wars will be fought and won. A significant test for the Air Force (indeed any organization with a credible presence in cyberspace) will be providing a realistic training environment that fully meets this challenge. Why create another Flag level exercise? Realistic training (that which is effective, comprehensive and coordinated) is crucial to success in time of war. Red Flag provides dominant training within the air domain and now with the evolution of cyberspace, a comprehensive training environment is necessary to meet this growing and broadening threat. This Thesis builds on the Red Flag tactical training exercise in order to define a future environment that combines the air, space and cyberspace domains with specific emphasis on cyberspace capabilities and threats. Red Flag has and continues to be a great tactical training exercise; Cyber Flag would use the best practices of Red Flag (and other realistic training venues) to define a future training environment for the cyberspace domain. There is no better training than the hands-on realism associated with participation in an exercise such as Red Flag. Secretary Michael W. Wynne has a vision for dominant operations in cyberspace comparable to the Air Force\u27s global, strategic omnipresence in air and space. This bold vision requires a combination of joint coordination, skilled forces and a realistic training environment to bring them all together; Cyber Flag is the suggested vehicle for accomplishing this