Teaching Security Defense Through Web-Based Hacking at the Undergraduate Level

The attack surface for hackers and attackers is growing every day. Future cybersecurity professionals must have the knowledge and the skills to defend against these cyber attacks. Learning defensive techniques and tools can help defend against today’s attacks but what about tomorrow\u27s? As the types of attacks change so must the cybersecurity professional. The only way for the cybersecurity professional to achieve this nimbleness is to understand the structural anatomy of the various attack types. Understanding the threat environment is the key to future success. Security defense through offensive techniques should and can be taught at the undergraduate level. Using the OWASP Mutillidae project [5], students can have a self-contained, sandbox environment for dissecting and discussing cyber attacks

Improving resilience to cyber-attacks by analysing system output impacts and costs

Cyber-attacks cost businesses millions of dollars every year, a key component of which is the cost of business disruption from system downtime. As cyber-attacks cannot all be prevented, there is a need to consider the cyber resilience of systems, i.e. the ability to withstand cyber-attacks and recover from them. Previous works discussing system cyber resilience typically either offer generic high-level guidance on best practices, provide limited attack modelling, or apply to systems with special characteristics. There is a lack of an approach to system cyber resilience evaluation that is generally applicable yet provides a detailed consideration for the system-level impacts of cyber-attacks and defences. We propose a methodology for evaluating the effectiveness of actions intended to improve resilience to cyber-attacks, considering their impacts on system output performance, and monetary costs. It is intended for analysing attacks that can disrupt the system function, and involves modelling attack progression, system output production, response to attacks, and costs from cyber-attacks and defensive actions. Studies of three use cases demonstrate the implementation and usefulness of our methodology. First, in our redundancy planning study, we considered the effect of redundancy additions on mitigating the impacts of cyber-attacks on system output performance. We found that redundancy with diversity can be effective in increasing resilience, although the reduction in attack-related costs must be balanced against added maintenance costs. Second, our work on attack countermeasure selection shows that by considering system output impacts across the duration of an attack, one can find more cost-effective attack responses than without such considerations. Third, we propose an approach to mission viability analysis for multi-UAV deployments facing cyber-attacks, which can aid resource planning and determining if the mission can conclude successfully despite an attack. We provide different implementations of our model components, based on use case requirements.Open Acces

Reducing the Threat of State-to-State Cyber Attack against Critical Infrastructure through International Norms and Agreements

The global proliferation of networked computer systems within the public and private sectors presents an increased opportunity for malicious cyber attacks to disrupt the daily functions of governments, national emergency systems, the global economy, and our modern way of life. The potentially pandemic nature of network failures presents opportunities for states to work together to identify key infrastructure sectors of shared interest and formulate international norms and strategies to protect them from cyber attacks and prevent cascading failures within modern society. Nation-states that share information infrastructure critical to modern social functions will have a vested interest in protecting these systems from cyber attacks while mitigating their own inclination to attack these same networks. This paper outlines the state-to-state cyber threat to critical-system infrastructures and the role international agreements can play in limiting this threat. The paper has been structured as follows. It begins by defining a critical system and discussing the actors who pose threats to these systems and the motivations behind their decisions. This is followed by a detailed description of a hypothetical scenario that depicts the methods by which one state could attack another state’s critical infrastructure, to include the motivations behind the attack. In conclusion, it makes recommendations regarding the development of an international agreement designed to limit this specific type of attack

Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things

In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line societycritical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest

Proportionality and its Applicability in the Realm of Cyber Attacks

With an ever-increasing reliance on State cyber-attacks, the need for an international treaty governing the actions of Nation-States in the realm of cyberwarfare has never been greater. States now have the ability to cause unprecedented civilian loss with their cyber actions. States can destroy financial records, disrupt stock markets, manipulate cryptocurrency, shut off nuclear reactors, turn off power grids, open dams, and even shut down air traffic control systems with the click of a mouse. This article argues that any cyber-attack launched with a reasonable expectation to inflict “incidental loss of civilian life, injury to civilians, or damage to civilian objects,” must be subject to the existing laws of proportionality. This article further examines the broader concept of proportionality, and the difficulties associated with applying a proportionality analysis to an offensive cyber-strike. This paper asserts that the ambiguities and complexities associated with applying the law of proportionality—in its current state and within a cyber context—will leave civilian populations vulnerable to the aggressive cyber actions of the world’s cyber powers. Consequently, this article stresses the necessity of developing a proportionality standard within a unified international cyberwarfare convention and asserts that such a standard is required in order to prevent the creation of a pathway towards lethal cyber aggressions unrestrained by the laws of war

Responding to Election Meddling in the Cyberspace: An International Law Case Study on the Russian Interference in the 2016 Presidential Election

International law is not the most perfect legal regime, and, perhaps to no one’s surprise, it is even less perfect in cyberspace. The United States has been a victim to a series of malicious cyber operations in recent years, and the key question is how to respond to and deter them. This Article offers a detailed survey of the Russian interference in the 2016 presidential election in the context of international law. Adapting the framework created by Tallinn Manual 2.0 , the Article examines the international legal basis of the response measures employed by the United States and other possible alternative responses to the Russian operation. It concludes that none of these responses are both squarely supported by international law and desirable as a matter of national security police. This Article intends to show that international law contains considerable gray areas in the cyber realm that allow sophisticated adversaries like Russia to harm the core interest of the United States without substantial legal repercussions. The Article concludes by suggesting that a deterrence mechanism based on proactive national security policy would be more effective and practical than one based on international law

Warfighting for cyber deterrence: a strategic and moral imperative

Theories of cyber deterrence are developing rapidly. However, the literature is missing an important ingredient—warfighting for deterrence. This controversial idea, most commonly associated with nuclear strategy during the later stages of the Cold War, affords a number of advantages. It provides enhanced credibility for deterrence, offers means to deal with deterrence failure (including intrawar deterrence and damage limitation), improves compliance with the requirements of just war and ultimately ensures that strategy continues to function in the post-deterrence environment. This paper assesses whether a warfighting for deterrence approach is suitable for the cyber domain. In doing so, it challenges the notion that warfighting concepts are unsuitable for operations in cyberspace. To do this, the work constructs a conceptual framework that is then applied to cyber deterrence. It is found that all of the advantages of taking a warfighting stance apply to cyber operations. The paper concludes by constructing a warfighting model for cyber deterrence. This model includes passive and active defences and cross-domain offensive capabilities. The central message of the paper is that a theory of victory (strategy) must guide the development of cyber deterrence

Modeling Coupled Nonlinear Multilayered Dynamics: Cyber Attack and Disruption of an Electric Grid

We study the consequences of cyberattack, defense, and recovery in systems for which a physical system is enabled by a cyber system by extending previous applications of models from the population biology of disease to the cyber system and coupling the state of the cyber system to the physical system, using the synchronous model for the electric grid. In analogy to disease models in which individuals are susceptible, infected, or recovered, in the cyber system, components can be uncompromised and vulnerable to attack, uncompromised and temporarily invulnerable to attack, compromised, or reset and thus not able to contribute to the performance of the physical system. We model cyber defensive countermeasures in analogy to the adaptive immune system. We link the physical and cyber systems through a metric of performance of the physical system that depends upon the state of the cyber system using (i) a generic nonlinear relationship between the state of the cyber system and the performance of the physical system and (ii) the synchronous motor model of an electric grid consisting of a utility with many customers whose smart meters can become compromised, in which a steady state in the difference in rotor angles is the metric of performance. We use the coupled models, both of which have emergent properties, to investigate two situations. First, when an attacker that relies on stealth compromise is hidden until it is either detected during routine maintenance or an attack is initiated. The probability that compromise remains undetected declines with time and the level of compromise increases with time. Because of these dynamics, an optimal time of attack emerges, and we explore how it varies with parameters of the cyber system. Second, we illustrate one of the Electric Power Research Institute scenarios for the reverse engineering of Advanced Metering Infrastructure (AMI) by coupling the synchronous motor equations for the generator and utility to the model of compromise. We derive a canonical condition for grid failure that relates the level of compromise at the time of detection of compromise and the dissipation parameter in the synchronous motor model. We conclude by discussing the innovative aspects of our methods, which include (i) a fraction of decoy components in the cyber system, which are not connected to the rest of the cyber system or the physical system and thus do not spread compromise but increase the probability of detection of compromise, (ii) allowing components of the cyber system to return to the un-compromised state either temporarily invulnerable or immediately vulnerable, (iii) adaptive Defensive Counter Measures that respond in a nonlinear fashion to attack and compromise (in analogy to killer T cells of the immune system), (iv) a generic metric of performance of the physical system that depends upon the state of the cyber system, and (v) coupling a model of the electric grid to the model of compromise of the cyber system that leads to a condition for failure of the grid in terms of parameters of both compromise and the synchronous motor model, directions for future investigations, and connections to recent studies on broadly the same topics. We include a pseudocode as an Appendix and indicate how to obtain R script for the models from the first author.publishedVersio

Hybrid threats, cyber warfare and NATO's comprehensive approach for countering 21st century threats: mapping the new frontier of global risk and security management

The end of the so-called ‘Cold War’ has seen a change in the nature of present threats and with it to the overall role and mission of NATO, the North Atlantic Treaty Organization. The collapse of the Soviet Union and the Warsaw Pact in 1991 also removed the original raison d’etre of the Alliance: the prospect of having to repel a Soviet led attack by the Warsaw Pact on the West through the so called ‘Fulda gap’ in Germany (referring to the German lowlands between Frankfurt am Main and the former East German border which was regarded as the most likely terrain for an armour led Soviet breakout) was replaced by the recognition of the need to counter new – often hybrid – threats, which have little in common with bygone acts of interstate aggression. These new, modern threats to global peace, prosperity and security seriously threaten the present steady state environment at home (before the backdrop of the ongoing asymmetric conflicts in Afghanistan, Pakistan and Iraq) and warrant a comprehensive, multi-stakeholder driven response. Multimodal, low intensity, kinetic as well as non-kinetic threats to international peace and security including cyber war, low intensity asymmetric conflict scenarios, global terrorism, piracy, transnational organized crime, demographic challenges, resources security, retrenchment from globalization and the proliferation of weapons of mass destruction were identified by NATO as so called “Hybrid Threats” (cf BI-SC Input for a New NATO Capstone Concept for The Military Contribution to Countering Hybrid Enclosure 1 to 1500/CPPCAM/FCR/10-270038 and 5000 FXX/0100/TT-0651/SER: NU0040, dated 25 August 2010). NATO’s Bi-Strategic Command Capstone Concept describes these Hybrid Threats as ‘those posed by adversaries, with the ability to simultaneously employ conventional and non-conventional means adaptively in pursuit of their objectives.’ (See Hybrid Threats Description in 1500/CPPCAM/FCR/10-270038 and 5000 FXX/0100/TT-0651/SER: NU0040 dated 25 August 2010: Paragraph 7). Having identified this kind of emerging threat, NATO is working on a comprehensive conceptual framework, (the Capstone Concept) which provides the framework for identifying and discussing such threats and possible multi-stakeholder responses. In essence, Hybrid Threats faced by NATO and its non-military partners require a comprehensive approach allowing a wide spectrum of responses, kinetic and non-kinetic by military and non-military actors (see “Updated List of Tasks for the Implementation of the Comprehensive Approach Action Plan and the Lisbon Summit Decisions on the Comprehensive Approach”, dated 4 march 2011, p 1-10, paragraph 1). NATO Allied Command Transformation (ACT) supported by the US Joint Forces Command Joint Irregular Warfare Centre (USJFCOM JIWC) and the US National Defence University (NDU) conducted specialised workshops related to “Assessing Emerging Security Challenges in the Globalised Environment (Countering Hybrid Threats) Experiment” in 2011(cf NATO’s Transnet network on Countering Hybrid Threats (CHT) at https://transnet.act.nato.int/WISE/Transforma1/ACTIPT/JOUIPT). The workshops of the experiment took place in Brussels, Belgium and Tallinn, Estonia and had the aim of identifying possible threats and to discuss some or the key implications that need to be addressed in countering such risks & challenges. Essential is the hypothesis that such a response will have to be in partnership with other stakeholders such as international and regional organizations as well as representatives of business and commerce. This short article introduces the reader to a new form of global threat scenario and the possibilities of response and deterrence within their wider legal and political context