Sensitivity analysis for vulnerability mitigation in hybrid networks

The development of cyber‐assured systems is a challenging task, particularly due to the cost and complexities associated with the modern hybrid networks architectures, as well as the recent advancements in cloud computing. For this reason, the early detection of vulnerabilities and threat strategies are vital for minimising the risks for enterprise networks configured with a variety of node types, which are called hybrid networks. Existing vulnerability assessment techniques are unable to exhaustively analyse all vulnerabilities in modern dynamic IT networks, which utilise a wide range of IoT and industrial control devices (ICS). This could lead to having a less optimal risk evaluation. In this paper, we present a novel framework to analyse the mitigation strategies for a variety of nodes, including traditional IT systems and their dependability on IoT devices, as well as industrial control systems. The framework adopts avoid, reduce, and manage as its core principles in characterising mitigation strategies. Our results confirmed the effectiveness of our mitigation strategy framework, which took node types, their criticality, and the network topology into account. Our results showed that our proposed framework was highly effective at reducing the risks in dynamic and resource constraint environments, in contrast to the existing techniques in the literature. © 2022 by the authors. Licensee MDPI, Basel, Switzerland

Statistical models for the characterization, identification and mitigation of distributed attacks in data networks

2016 - 2017The thesis focuses on statistical approaches to model, mitigate, and prevent distributed network attacks. When dealing with distributed network attacks (and, more in general, with cyber-security problems), three fundamental phases/issues emerge distinctly. The first issue concerns the threat propagation across the network, which entails an "avalanche" effect, with the number of infected nodes increasing exponentially as time elapses. The second issue regards the design of proper mitigation strategies (e.g., threat detection, attacker's identification) aimed at containing the propagation phenomenon. Finally (and this is the third issue), it is also desirable to act on the system infrastructure to grant a conservative design by adding some controlled degree of redundancy, in order to face those cases where the attacker has not been yet defeated. The contributions of the present thesis address the aforementioned relevant issues, namely, propagation, mitigation and prevention of distributed network attacks. A brief summary of the main contributions is reported below. The first contribution concerns the adoption of Kendall’s birth-and-death process as an analytical model for threat propagation. Such a model exhibits two main properties: i) it is a stochastic model (a desirable requirement to embody the complexity of real-world networks) whereas many models are purely deterministic; ii) it is able to capture the essential features of threat propagation through a few parameters with a clear physical meaning. By exploiting the remarkable properties of Kendall’s model, the exact solution for the optimal resource allocation problem (namely, the optimal mitigation policy) has been provided for both conditions of perfectly known parameters, and unknown parameters (with the latter case being solved through a Maximum-Likelihood estimator). The second contribution pertains to the formalization of a novel kind of randomized Distributed Denial of Service (DDoS) attack. In particular, a botnet (a network of malicious entities) is able to emulate some normal traffic, by picking messages from a dictionary of admissible requests. Such a model allows to quantify the botnet “learning ability”, and to ascertain the real nature of users (normal or bot) via an indicator referred to as MIR (Message Innovation Rate). Exploiting the considered model, an algorithm that allows to identify a botnet (possibly) hidden in the network has been devised. The results are then extended to the case of a multi-cluster environment, where different botnets are concurrently present in the network, and an algorithm to identify the different clusters is conceived. The third contribution concerns the formalization of the network resilience problem and the consequent design of a prevention strategy. Two statistical frameworks are proposed to model the high availability requirements of network infrastructures, namely, the Stochastic Reward Network (SRN), and the Universal Generating Function (UGF) frameworks. In particular, since in the network environment dealing with multidimensional quantities is crucial, an extension of the classic UGF framework, called Multi-dimensional UGF (MUGF), is devised. [edited by author]XVI n.s

Vulnerability modelling and mitigation strategies for hybrid networks

Hybrid networks nowadays consist of traditional IT components, Internet of Things (IoT) and industrial control systems (ICS) nodes with varying characteristics, making them genuinely heterogeneous in nature. Historically evolving from traditional internet-enabled IT servers, hybrid networks allow organisations to strengthen cybersecurity, increase flexibility, improve efficiency, enhance reliability, boost remote connectivity and easy management. Though hybrid networks offer significant benefits from business and operational perspectives, this integration has increased the complexity and security challenges to all connected nodes. The IT servers of these hybrid networks are high-budget devices with tremendous processing power and significant storage capacity. In contrast, IoT nodes are low-cost devices with limited processing power and capacity. In addition, the ICS nodes are programmed for dedicated functions with the least interference. The available cybersecurity solutions for hybrid networks are either for specific node types or address particular weaknesses. Due to these distinct characteristics, these solutions may place other nodes in vulnerable positions. This study addresses this gap by proposing a comprehensive vulnerability modelling and mitigation strategy. This proposed solution equally applies to each node type of hybrid network while considering their unique characteristics. For this purpose, the industry-wide adoption of the Common Vulnerability Scoring System (CVSS) has been extended to embed the distinct characteristics of each node type in a hybrid network. To embed IoT features, the ‘attack vectors’ and ‘attack complexity vectors’ are modified and another metric “human safety index”, is integrated in the ‘Base metric group’ of CVSS. In addition, the ICS related characteristics are included in the ‘Environmental metric group’ of CVSS. This metric group is further enhanced to reflect the node resilience capabilities when evaluating the vulnerability score. The resilience of a node is evaluated by analysing the complex relationship of numerous contributing cyber security factors and practices. The evolved CVSSR-IoT-ICS framework proposed in the thesis measures the given vulnerabilities by adopting the unique dynamics of each node. These vulnerability scores are then mapped in the attack tree to reveal the critical nodes and shortest path to the target node. The mitigating strategy framework suggests the most efficient mitigation strategy to counter vulnerabilities by examining the node’s functionality, its locality, centrality, criticality, cascading impacts, available resources, and performance thresholds. Various case studies were conducted to analyse and evaluate our proposed vulnerability modelling and mitigation strategies on realistic supply chain systems. These analyses and evaluations confirm that the proposed solutions are highly effective for modelling the vulnerabilities while the mitigation strategies reduce the risks in dynamic and resource-constrained environments. The unified vulnerability modelling of hybrid networks minimises ambiguities, reduces complexities and identifies hidden deficiencies. It also improves system reliability and performance of heterogeneous networks while at the same time gaining acceptance for a universal vulnerability modelling framework across the cyber industry. The contributions have been published in reputable journals and conferences.Doctor of Philosoph

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Information Hacking

The 2016 U.S. presidential election is seen as a masterpiece of effective disinformation tactics. Commentators credit the Russian Federation with a set of targeted, effective information interventions that led to the surprise election of Republican candidate Donald Trump. On this account, Russia hacked not only America’s voting systems, but also American voters, plying them with inaccurate data—especially on Internet platforms—that changed political views. This Essay examines the 2016 election narrative through the lens of cybersecurity; it treats foreign efforts to influence the outcome as information hacking. It critically assesses unstated assumptions of the narrative, including whether these attacks can be replicated; the size of their effect; the role of key influencers in targeted groups; and the normative claim that citizens voted against their preferences. Next, the Essay offers examples of other successful information hacks and argues that these attacks have multiple, occasionally conflicting goals. It uses lessons from cybersecurity to analyze possible responses, including prevention, remediation, and education. Finally, it draws upon the security literature to propose quarantines for suspect information, protection of critical human infrastructure, and whitelists as tactics that defenders might usefully employ to counteract political disinformation efforts

Strategic Landscape, 2050: Preparing the U.S. Military for New Era Dynamics

A series of megatrends will present a major challenge to the United States in the coming decades, exposing it to crises and opportunities on the battlefield and in the market. The U.S. military should stand ready to harness these dynamics to retain its edge in an operational environment marked by increased complexity, speed, and intensity of global developments.https://press.armywarcollege.edu/monographs/1405/thumbnail.jp

EU SUGGESTED BEST PRACTICE DOCUMENT: CRITICAL ANALYSIS AND POLICY RECOMMENDATIONS FOR EU-WIDE HATE CRIME LAWS

This document subjects the various EU hate crime provisions to critical policy analysis, weighing up their pros and cons, and defending aspects of them from inappropriate forms of critique, and then draws some policy conclusions based on a sense of best practice. The aim of identifying best practice is to generate reform suggestions in the form of detailed model legislation. This is contained in the final section of this document. A key point considered is the narrow definition of protected groups under current EU measures. The restrictions to racist forms of hate crime and genocide denial contained in the Framework Decision is not central to the political and constitutional cultures of all member states. Indeed, it has not prevented the criminal law implementation measures of some EU Member States from including a number of other grounds, such as disability, anti-Semitism, or sexual orientation. Certain EU bodies have even encouraged this expansive approach to national implementation, with the FRA stating: ‘In the spirit of non-discrimination, it is certainly preferable to widen criminal law provisions to include equally all grounds of discrimination covered by Article 14 of the ECHR or Article 21 of the Charter of Fundamental Rights of the European Union.’ This criticism would, in practice, suggest a need for Members State supplementing these categories with one of more the following: gender, social origin, genetic features, language, political or any other opinion, membership of a national minority, birth, property or other status, disability, age or sexual orientation. Whilst supporting an expansion of the range of groups covered, the following paragraphs issue a cautionary warning against a massive extension to cover all these groups on grounds of both principle and practical consequences

Transferring prisoners within the EU framework: its cosmopolitan reflections and existing European detention norms

A perverse side-effect of our interconnected world is that also crime crosses more and more borders. As a result, judicial cooperation in criminal matters is crucial before and after a criminal sentence. The increased global connectivity also gave rise to new paradigms in social sciences. As such, the paradigm of cosmopolitanism has been researched extensively in social sciences but has been largely neglected in criminology. By analyzing case law, European detention norms and EU legal instruments the submission critically evaluates cosmopolitanism in the area of EU judicial cooperation in criminal matters and more specifically to the transfer of prisoners. Cosmopolitanism is perfectly reflected in the mutual recognition principle as the cornerstone to develop the EU area of freedom, security and justice, based on notions of equivalence and trust. This principle is justified because every member state signed the European Convention of Human Rights and is a party of the EU Charter on Human Rights. On the other hand, reality revealed that mutual recognition is not absolute and mutual trust cannot be blind. An IRCP study, published in 2011, highlighted the various and often detrimental material prison conditions in different member states. These variances undermine the assumed mutual trust between member states although European detention norms - such as the European Prison Rules and CPT reports’ already exist. These norms aren’t legally binding and are still considered as “soft law”, simultaneously they gain importance due to increased reference in the ECtHR judgments. The cosmopolitan outlook by the member states related to the transfer of prisoners is in this submission highlighted as being both problematic and promising. Hereby it appears as if the EU rhetoric being a “unity in diversity”, by applying mutual recognition, is dominantly used to accommodate member states purposes rather than giving a central role to the individual

MODELLING & SIMULATION HYBRID WARFARE Researches, Models and Tools for Hybrid Warfare and Population Simulation

The Hybrid Warfare phenomena, which is the subject of the current research, has been framed by the work of Professor Agostino Bruzzone (University of Genoa) and Professor Erdal Cayirci (University of Stavanger), that in June 2016 created in order to inquiry the subject a dedicated Exploratory Team, which was endorsed by NATO Modelling & Simulation Group (a panel of the NATO Science & Technology organization) and established with the participation as well of the author. The author brought his personal contribution within the ET43 by introducing meaningful insights coming from the lecture of \u201cFight by the minutes: Time and the Art of War (1994)\u201d, written by Lieutenant Colonel US Army (Rtd.) Robert Leonhard; in such work, Leonhard extensively developed the concept that \u201cTime\u201d, rather than geometry of the battlefield and/or firepower, is the critical factor to tackle in military operations and by extension in Hybrid Warfare. The critical reflection about the time - both in its quantitative and qualitative dimension - in a hybrid confrontation it is addressed and studied inside SIMCJOH, a software built around challenges that imposes literally to \u201cFight by the minutes\u201d, echoing the core concept expressed in the eponymous work. Hybrid Warfare \u2013 which, by definition and purpose, aims to keep the military commitment of both aggressor and defender at the lowest - can gain enormous profit by employing a wide variety of non-military tools, turning them into a weapon, as in the case of the phenomena of \u201cweaponization of mass migrations\u201d, as it is examined in the \u201cDies Irae\u201d simulation architecture. Currently, since migration it is a very sensitive and divisive issue among the public opinions of many European countries, cynically leveraging on a humanitarian emergency caused by an exogenous, inducted migration, could result in a high level of political and social destabilization, which indeed favours the concurrent actions carried on by other hybrid tools. Other kind of disruption however, are already available in the arsenal of Hybrid Warfare, such cyber threats, information campaigns lead by troll factories for the diffusion of fake/altered news, etc. From this perspective the author examines how the TREX (Threat network simulation for REactive eXperience) simulator is able to offer insights about a hybrid scenario characterized by an intense level of social disruption, brought by cyber-attacks and systemic faking of news. Furthermore, the rising discipline of \u201cStrategic Engineering\u201d, as envisaged by Professor Agostino Bruzzone, when matched with the operational requirements to fulfil in order to counter Hybrid Threats, it brings another innovative, as much as powerful tool, into the professional luggage of the military and the civilian employed in Defence and Homeland security sectors. Hybrid is not the New War. What is new is brought by globalization paired with the transition to the information age and rising geopolitical tensions, which have put new emphasis on hybrid hostilities that manifest themselves in a contemporary way. Hybrid Warfare is a deliberate choice of an aggressor. While militarily weak nations can resort to it in order to re-balance the odds, instead military strong nations appreciate its inherent effectiveness coupled with the denial of direct responsibility, thus circumventing the rules of the International Community (IC). In order to be successful, Hybrid Warfare should consist of a highly coordinated, sapient mix of diverse and dynamic combination of regular forces, irregular forces (even criminal elements), cyber disruption etc. all in order to achieve effects across the entire DIMEFIL/PMESII_PT spectrum. However, the owner of the strategy, i.e. the aggressor, by keeping the threshold of impunity as high as possible and decreasing the willingness of the defender, can maintain his Hybrid Warfare at a diplomatically feasible level; so the model of the capacity, willingness and threshold, as proposed by Cayirci, Bruzzone and Gunneriusson (2016), remains critical to comprehend Hybrid Warfare. Its dynamicity is able to capture the evanescent, blurring line between Hybrid Warfare and Conventional Warfare. In such contest time is the critical factor: this because it is hard to foreseen for the aggressor how long he can keep up with such strategy without risking either the retaliation from the International Community or the depletion of resources across its own DIMEFIL/PMESII_PT spectrum. Similar discourse affects the defender: if he isn\u2019t able to cope with Hybrid Threats (i.e. taking no action), time works against him; if he is, he can start to develop counter narrative and address physical countermeasures. However, this can lead, in the medium long period, to an unforeseen (both for the attacker and the defender) escalation into a large, conventional, armed conflict. The performance of operations that required more than kinetic effects drove the development of DIMEFIL/PMESII_PT models and in turn this drive the development of Human Social Culture Behavior Modelling (HCSB), which should stand at the core of the Hybrid Warfare modelling and simulation efforts. Multi Layers models are fundamental to evaluate Strategies and Support Decisions: currently there are favourable conditions to implement models of Hybrid Warfare, such as Dies Irae, SIMCJOH and TREX, in order to further develop tools and war-games for studying new tactics, execute collective training and to support decisions making and analysis planning. The proposed approach is based on the idea to create a mosaic made by HLA interoperable simulators able to be combined as tiles to cover an extensive part of the Hybrid Warfare, giving the users an interactive and intuitive environment based on the \u201cModelling interoperable Simulation and Serious Game\u201d (MS2G) approach. From this point of view, the impressive capabilities achieved by IA-CGF in human behavior modeling to support population simulation as well as their native HLA structure, suggests to adopt them as core engine in this application field. However, it necessary to highlight that, when modelling DIMEFIL/PMESII_PT domains, the researcher has to be aware of the bias introduced by the fact that especially Political and Social \u201cscience\u201d are accompanied and built around value judgement. From this perspective, the models proposed by Cayirci, Bruzzone, Guinnarson (2016) and by Balaban & Mileniczek (2018) are indeed a courageous tentative to import, into the domain of particularly poorly understood phenomena (social, politics, and to a lesser degree economics - Hartley, 2016), the mathematical and statistical instruments and the methodologies employed by the pure, hard sciences. Nevertheless, just using the instruments and the methodology of the hard sciences it is not enough to obtain the objectivity, and is such aspect the representations of Hybrid Warfare mechanics could meet their limit: this is posed by the fact that they use, as input for the equations that represents Hybrid Warfare, not physical data observed during a scientific experiment, but rather observation of the reality that assumes implicitly and explicitly a value judgment, which could lead to a biased output. Such value judgement it is subjective, and not objective like the mathematical and physical sciences; when this is not well understood and managed by the academic and the researcher, it can introduce distortions - which are unacceptable for the purpose of the Science - which could be used as well to enforce a narrative mainstream that contains a so called \u201ctruth\u201d, which lies inside the boundary of politics rather than Science. Those observations around subjectivity of social sciences vs objectivity of pure sciences, being nothing new, suggest however the need to examine the problem under a new perspective, less philosophical and more leaned toward the practical application. The suggestion that the author want make here is that the Verification and Validation process, in particular the methodology used by Professor Bruzzone in doing V&V for SIMCJOH (2016) and the one described in the Modelling & Simulation User Risk Methodology (MURM) developed by Pandolfini, Youngblood et all (2018), could be applied to evaluate if there is a bias and the extent of the it, or at least making clear the value judgment adopted in developing the DIMEFIL/PMESII_PT models. Such V&V research is however outside the scope of the present work, even though it is an offspring of it, and for such reason the author would like to make further inquiries on this particular subject in the future. Then, the theoretical discourse around Hybrid Warfare has been completed addressing the need to establish a new discipline, Strategic Engineering, very much necessary because of the current a political and economic environment which allocates diminishing resources to Defense and Homeland Security (at least in Europe). However, Strategic Engineering can successfully address its challenges when coupled with the understanding and the management of the fourth dimension of military and hybrid operations, Time. For the reasons above, and as elaborated by Leonhard and extensively discussed in the present work, addressing the concern posed by Time dimension is necessary for the success of any military or Hybrid confrontation. The SIMCJOH project, examined under the above perspective, proved that the simulator has the ability to address the fourth dimension of military and non-military confrontation. In operations, Time is the most critical factor during execution, and this was successfully transferred inside the simulator; as such, SIMCJOH can be viewed as a training tool and as well a dynamic generator of events for the MEL/MIL execution during any exercise. In conclusion, SIMCJOH Project successfully faces new challenging aspects, allowed to study and develop new simulation models in order to support decision makers, Commanders and their Staff. Finally, the question posed by Leonhard in terms of recognition of the importance of time management of military operations - nowadays Hybrid Conflict - has not been answered yet; however, the author believes that Modelling and Simulation tools and techniques can represent the safe \u201ctank\u201d where innovative and advanced scientific solutions can be tested, exploiting the advantage of doing it in a synthetic environment