Cyber Warfare: International Security Intelligence

This essay will investigate the cyber threats presented on UAVs, which are now the backbone of the US arsenal on the war on terror. In addition, it will assess whether the US government are taking serious measures to counter the threat that cyber warfare could implicate on their drone fleets. Finally, the paper suggests some policy recommendations to combat that threat

Securing critical utility systems & network infrastructures

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2009As infra-estruturas críticas de TI para serviços públicos são apoiadas por inúmeros sistemas complexos. Estes sistemas permitem a gestão e recolha de informação em tempo-real, constituindo a base para a gestão eficiente das operações. A utilização, cada vez mais frequente, de software e hardware (Commercial Off-The-Shelf, COTS) em sistemas SCADA permitiu grandes beneficios financeiros na aquisição e desenvolvimento de soluções técnicas que suportam os serviços públicos. O uso de hardware e software COTS em sistemas SCADA transferiu para as infra-estruturas críticas os problemas de segurança de uma infraestrutura de TI empresarial. Neste contexto, um desafio para as equipas de gestão operacional dos sistemas de TI é a gestão eficaz dos sistemas e redes que compõem as infra-estruturas críticas dos serviços públicos. Apesar de estas organizações adoptarem, cada vez mais, normas e melhores práticas que visam melhorar a gestão, operações e processos de configuração. Este projecto de investigação propõe-se a desenvolver um estudo comparativo de plataformas de gestão integrada no contexto dos sistemas SCADA que suportam serviços públicos. Adicionalmente, este projecto de investigação irá desenvolver estudos acerca de perfis operacionais dos Sistemas Operativos que suportam a infra-estrutura IT dos serviços públicos críticos. Este projecto de investigação irá descrever como as decisões estratégicas de gestão têm impacto nas operações de gestão de uma infra-estrutura TI.Modern critical utility IT infrastructures are supported by numerous complex systems. These systems allow real-time management and information collection, which is the basis of efficient service management operations. The usage of commercial off-the-shelf (COTS) hardware and software in SCADA systems allowed for major financial advantages in purchasing and developing technical solutions. On the other hand, this COTS hardware and software generalized usage in SCADA systems, exposed critical infrastructures to the security problems of a corporate IT infrastructure. A significant challenge for IT teams is managing critical utility IT infrastructures even upon adopting security best practices that help management, operations and configuration of the systems and network components that comprise those infrastructures. This research project proposes to survey integrated management software that can address the specific security constraints of a SCADA infrastructure supported by COTS software. Additionally, this research project proposes to investigate techniques that will allow the creation of operational profiles of Operating Systems supporting critical utility IT infrastructures. This research project will describe how the strategic management decisions impact tactical operations management of an IT environment. We will investigate desirable technical management elements in support of the operational management

A Comprehensive Cybersecurity Defense Framework for Large Organizations

There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient. This work, represented through design science research, developed a model to understand comprehensive cybersecurity defense, addressing the lack of standard requirements in large organizations. A systemic literature review and content analysis were conducted to form seven criteria statements for understanding comprehensive cybersecurity defense. The seven criteria statements were then validated by a panel of expert cyber defenders utilizing the Delphi consensus process. Based on the approved criteria, the team of cyber defenders facilitated the development of a Comprehensive Cybersecurity Defense Framework prototype for understanding cybersecurity defense. Through the Delphi process, the team of cyber defense experts ensured the framework matched the seven criteria statements. An additional and separate panel of stakeholders conducted the Delphi consensus process to ensure a non-biased evaluation of the framework. The comprehensive cybersecurity defense framework is developed through the data collected from two distinct and separate Delphi panels. The framework maps risk management, behavioral, and defense in depth frameworks with cyber defense roles to offer a comprehensive approach to cyber defense in large companies, agencies, or organizations. By defining the cyber defense tasks, what those tasks are trying to achieve and where best to accomplish those tasks on the network, a comprehensive approach is reached

Cyber security research frameworks for coevolutionary network defense

Cyber security is increasingly a challenge for organizations everywhere. Defense systems that require less expert knowledge and can adapt quickly to threats are strongly needed to combat the rise of cyber attacks. Computational intelligence techniques can be used to rapidly explore potential solutions while searching in a way that is unaffected by human bias. Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger, more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm --Abstract, page iv

Cyber Analogies

This anthology of cyber analogies will resonate with readers whose duties call for them to set strategies to protect the virtual domain and determine the policies that govern it. Our belief is that learning is most effective when concepts under consideration can be aligned with already-existing understanding or knowledge. Cyber issues are inherently tough to explain in layman's terms. The future is always open and undetermined, and the numbers of actors and the complexity of their relations are too great to give definitive guidance about future developments. In this respect, historical analogies, carefully developed and properly applied, help indicate a direction for action by reducing complexity and making the future at least cognately manageable.US Cyber CommandIntroduction: Emily O. Goldman & John Arquilla; The Cyber Pearl Harbor:James J. Wirtz: Applying the Historical Lessons of Surprise Attack to the Cyber Domain: The Example of the United Kingdom:Dr Michael S. Goodman: The Cyber Pearl Harbor Analogy: An Attacker’s Perspective: Emily O. Goldman, John Surdu, & Michael Warner: “When the Urgency of Time and Circumstances Clearly Does Not Permit...”: Redelegation in Nuclear and Cyber Scenarios: Peter Feaver & Kenneth Geers; Comparing Airpower and Cyberpower: Dr. Gregory Rattray: Active Cyber Defense: Applying Air Defense to the Cyber Domain: Dorothy E. Denning & Bradley J. Strawser: The Strategy of Economic Warfare: A Historical Case Study and Possible Analogy to: Contemporary Cyber Warfare: Nicholas A. Lambert: Silicon Valley: Metaphor for Cybersecurity, Key to Understanding Innovation War: John Kao: The Offense-Defense Balance and Cyber Warfare: Keir Lieber: A Repertory of Cyber Analogies: Robert Axelro

Who\u27s In and Who\u27s Out?: What\u27s Important in the Cyber World?

The aim of this paper is to offer an introduction to the exploding field of cybersecurity by asking what are the most important concepts or topics that a new member of the field of cybersecurity should know. This paper explores this question from three perspectives: from the realm of business and how the cyber world is intertwined with modern commerce, including common weaknesses and recommendations, from the academic arena examining how cybersecurity is taught and how it should be taught in a classroom or laboratory environment, and lastly, from the author’s personal experience with the cyber world. Included information includes scholarly journals, news sources, special interest books, academic curricula, and relevant experience. By blending together information procured from these three distinct environments, this paper proposes a number of the most important concepts and lessons that one should know as they begin their career, whether professional or academic, in the cyber world

Modeling Cyber Situational Awareness through Data Fusion

Cyber attacks are compromising networks faster than administrators can respond. Network defenders are unable to become oriented with these attacks, determine the potential impacts, and assess the damages in a timely manner. Since the observations of network sensors are normally disjointed, analysis of the data is overwhelming and time is not spent efficiently. Automation in defending cyber networks requires a level of reasoning for adequate response. Current automated systems are mostly limited to scripted responses. Better defense tools are required. This research develops a framework that aggregates data from heterogeneous network sensors. The collected data is correlated into a single model that is easily interpreted by decision-making entities. This research proposes and tests an impact rating system that estimates the feasibility of an attack and its potential level of impact against the targeted network host as well the other hosts that reside on the network. The impact assessments would allow decision makers to prioritize attacks in real-time and attempt to mitigate the attacks in order of their estimated impact to the network. The ultimate goal of this system is to provide computer network defense tools the situational awareness required to make the right decisions to mitigate cyber attacks in real-time

Dealing with the Malicious Insider

This paper looks at a number of issues relating to the malicious insider and the nature of motivation, loyalty and the type of attacks that occur. The paper also examines the changing environmental, social, cultural and business issues that have resulted in an increased exposure to the insider threat. The paper then discusses a range of measures that can be taken to reduce both the likelihood of an attack and the impact that such an attack may have. These measures should be driven by focused and effective risk management processes