Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence

Cyber threat intelligence is the provision of evidence-based knowledge about existing or emerging threats. Benefits of threat intelligence include increased situational awareness and efficiency in security operations and improved prevention, detection, and response capabilities. To process, analyze, and correlate vast amounts of threat information and derive highly contextual intelligence that can be shared and consumed in meaningful times requires utilizing machine-understandable knowledge representation formats that embed the industry-required expressivity and are unambiguous. To a large extend, this is achieved by technologies like ontologies, interoperability schemas, and taxonomies. This research evaluates existing cyber-threat-intelligence-relevant ontologies, sharing standards, and taxonomies for the purpose of measuring their high-level conceptual expressivity with regards to the who, what, why, where, when, and how elements of an adversarial attack in addition to courses of action and technical indicators. The results confirmed that little emphasis has been given to developing a comprehensive cyber threat intelligence ontology with existing efforts not being thoroughly designed, non-interoperable and ambiguous, and lacking semantic reasoning capability

Owl ontology quality assessment and optimization in the cybersecurity domain

The purpose of this dissertation is to assess the quality of ontologies in patterns perceived by cybersecurity context. A content analysis between ontologies indicated that there were more pronounced differences in OWL ontologies in the cybersecurity field. Results showed an increase of relevance from expressivity to variability. Additionally, no differences were found in strategies used in most of the incidents. The ontology background needs to be emphasized to understand the quality of the phenomena. In addition, ontologies are a means of representing an area of knowledge through their semantic structure. The search of information and integration of data from different origins provides a common base that guarantees the coherence of the data. This can be categorized and described in a normative way. The unification of information with the world that surrounds us allows to create synergies between entities and relationships. However, the area of cybersecurity is one of the real-world domains where knowledge is uncertain. It is therefore necessary to analyze the challenges of choosing the appropriate representation of un-structured information. Vulnerabilities are identified, but incident response is not an automatic mechanism for understanding and processing unstructured text found on the web.O objetivo desta dissertação foi avaliar a qualidade das ontologias, em padrões percebidos pelo contexto de cibersegurança. Uma análise de conteúdo entre ontologias indicou que havia diferenças mais pronunciadas por ontologias OWL no campo da cibersegurança. Os resultados mostram um aumento da relevância de expressividade para a variabilidade. Além disso, não foram encontradas diferenças em estratégias utilizadas na maioria dos incidentes. O conhecimento das ontologias precisa de ser enfatizado para se entender os fenómenos de qualidade. Além disso, as ontologias são um meio de representar uma área de conhecimento através da sua estrutura semântica e facilita a pesquisa de informações e a integração de dados de diferentes origens, pois fornecem uma base comum que garante a coerência dos dados, categorizados e descritos, de forma normativa. A unificação da informação com o mundo que nos rodeia permite criar sinergias entre entidades e relacionamentos. No entanto, a área de cibersegurança é um dos domínios do mundo real em que o conhecimento é incerto e é fundamental analisar os desafios de escolher a representação apropriada de informações não estruturadas. As vulnerabilidades são identificadas, mas a resposta a incidentes não é um mecanismo automático para se entender e processar textos não estruturados encontrados na web

Cyberattack ontology: a knowledge representation for cyber supply chain security

Cyberattacks on cyber supply chain (CSC) systems and the cascading impacts have brought many challenges and different threat levels with unpredictable consequences. The embedded networks nodes have various loopholes that could be exploited by the threat actors leading to various attacks, risks, and the threat of cascading attacks on the various systems. Key factors such as lack of common ontology vocabulary and semantic interoperability of cyberattack information, inadequate conceptualized ontology learning and hierarchical approach to representing the relationships in the CSC security domain has led to explicit knowledge representation. This paper explores cyberattack ontology learning to describe security concepts, properties and the relationships required to model security goal. Cyberattack ontology provides a semantic mapping between different organizational and vendor security goals has been inherently challenging. The contributions of this paper are threefold. First, we consider CSC security modelling such as goal, actor, attack, TTP, and requirements using semantic rules for logical representation. Secondly, we model a cyberattack ontology for semantic mapping and knowledge representation. Finally, we discuss concepts for threat intelligence and knowledge reuse. The results show that the cyberattack ontology concepts could be used to improve CSC security

Supporting the Discovery, Reuse, and Validation of Cybersecurity Requirements at the Early Stages of the Software Development Lifecycle

The focus of this research is to develop an approach that enhances the elicitation and specification of reusable cybersecurity requirements. Cybersecurity has become a global concern as cyber-attacks are projected to cost damages totaling more than $10.5 trillion dollars by 2025. Cybersecurity requirements are more challenging to elicit than other requirements because they are nonfunctional requirements that requires cybersecurity expertise and knowledge of the proposed system. The goal of this research is to generate cybersecurity requirements based on knowledge acquired from requirements elicitation and analysis activities, to provide cybersecurity specifications without requiring the specialized knowledge of a cybersecurity expert, and to generate reusable cybersecurity requirements. The proposed approach can be an effective way to implement cybersecurity requirements at the earliest stages of the system development life cycle because the approach facilitates the identification of cybersecurity requirements throughout the requirements gathering stage. This is accomplished through the development of the Secure Development Ontology that maps cybersecurity features and the functional features descriptions in order to train a classification machine-learning model to return the suggested security requirements. The SD-SRE requirements engineering portal was created to support the application of this research by providing a platform to submit use case scenarios and requirements and suggest security requirements for the given system. The efficacy of this approach was tested with students in a graduate requirements engineering course. The students were presented with a system description and tasked with creating use case scenarios using the SD-SRE portal. The entered models were automatically analyzed by the SD-SRE system to suggest the security requirements. The results showed that the approach can be an effective approach to assist in the identification of security requirements

Consortium for Robotics and Unmanned Systems Education and Research (CRUSER) 2019 Annual Report

Prepared for: Dr. Brian Bingham, CRUSER DirectorThe Naval Postgraduate School (NPS) Consortium for Robotics and Unmanned Systems Education and Research (CRUSER) provides a collaborative environment and community of interest for the advancement of unmanned systems (UxS) education and research endeavors across the Navy (USN), Marine Corps (USMC) and Department of Defense (DoD). CRUSER is a Secretary of the Navy (SECNAV) initiative to build an inclusive community of interest on the application of unmanned systems (UxS) in military and naval operations. This 2019 annual report summarizes CRUSER activities in its eighth year of operations and highlights future plans.Deputy Undersecretary of the Navy PPOIOffice of Naval Research (ONR)Approved for public release; distribution is unlimited

Consortium for Robotics and Unmanned Systems Education and Research (CRUSER) 2019 Annual Report

Prepared for: Dr. Brian Bingham, CRUSER DirectorThe Naval Postgraduate School (NPS) Consortium for Robotics and Unmanned Systems Education and Research (CRUSER) provides a collaborative environment and community of interest for the advancement of unmanned systems (UxS) education and research endeavors across the Navy (USN), Marine Corps (USMC) and Department of Defense (DoD). CRUSER is a Secretary of the Navy (SECNAV) initiative to build an inclusive community of interest on the application of unmanned systems (UxS) in military and naval operations. This 2019 annual report summarizes CRUSER activities in its eighth year of operations and highlights future plans.Deputy Undersecretary of the Navy PPOIOffice of Naval Research (ONR)Approved for public release; distribution is unlimited

Competition in World Politics: Knowledge, Strategies and Institutions

The "return of great power competition" between (among others) the US, China, Russia and the EU is a major topic in contemporary public debate. But why do we think of world politics in terms of "competition"? Which information and which rules enable states and other actors in world politics to "compete" with one another? Which competitive strategies do they pursue in the complex environment of modern world politics? This cutting-edge edited collection discusses these questions from a unique interdisciplinary perspective. It offers a fresh account of competition in world politics, looking beyond its military dimensions to questions of economics, technology and prestige

Aligning cybersecurity management with enterprise risk management in the financial industry

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonRecent years have opened debates amongst academics, practitioners and regulators on how the financial industry’s risk resiliency depends on its ability to handle risk holistically. The financial industry is found to be motivated not only by protection purposes or assurance but also by its interest in gaining more return on investment, compliance and effectiveness. It is noticeable that in recent years there has been considerable interest in organisational risk resiliency, but there are still unanswered questions as to why organisations are unsuccessful in applying effective security practice at all levels. Having a robust mechanism to deal with a variety of risks efficiently and in alignment with the organisational strategy has always been something that organisations struggle to accomplish. Changes in internal and external pressures have required organisations to turn their attention from silo operational and managerial risk controls to strategic approaches that can ensure the optimal achievement of the organisation’s mission, strategy and objectives. This research was intended to investigate possible approaches for enabling a more enhanced strategic approach to respond to the extended exposure to all types of risks: to move towards an approach that combines enterprise-wide risk governance with anticipation (proactive response). On the basis that the two types of organisational risk functions cannot be addressed in isolation, this research explored whether the realignment of risk control and risk oversight of the Cybersecurity Management (CsM) and Enterprise Risk Management (ERM) support the establishment of enterprise-wide risk governance. This research responds to the need for harmonised risk handling, reporting, analysis, mitigation and resiliency across an entire organisation. Alignment, in the form of interconnectivity and partnership, can place an entire organisation in a more enhanced state of security through a unified perspective of control, accountability and decision-making. While debates in this subject area have been centred on separate disciplines of ERM, this research posits that CsM and alignment together can further sustain an organisational risk strategy, as together they execute all capabilities in an integrative manner rather than using siloed controls. The nature of this research is mainly qualitative, as it seeks to explore and interpret the qualitative aspects of the problem. The research was undertaken by considering secondary (literature review, systematic literature evaluation) and primary qualitative data (semi-structured interviews). Weighing up the evidence, it was found that an enterprise-wide alignment of CsM with ERM can enhance risk reporting, analysis, mitigation and resiliency. However, incorporating both strategies in a unique mechanism appears to be an infrequent approach in the industry. To facilitate a more enhanced strategic approach, this research has examined the effectiveness and sustainability of an integrated CsM-ERM Strategic Alignment Framework to support financial organisations in managing their exposure to risks in a strategic manner that employs all efforts towards a single end: to protect and to sustain comprehensive capabilities for the achievement of organisational goals

Extending Two-Dimensional Knowledge Management System Theory with Organizational Activity Systems\u27 Workflow Dynamics

Between 2005 and 2010 and across 48 countries, including the United States, an increasing positive correlation emerged between national intellectual capital and gross domestic product per capita. The problem remains organizations operating with increasingly complex knowledge networks often lose intellectual capital resulting from ineffective knowledge management practices. The purpose of this study was to provide management opportunities to reduce intellectual capital loss. The first research question addressed how an enhanced intelligent, complex, and adaptive system (ICAS) model could clarify management\u27s understanding of organizational knowledge transfer. The second research question addressed how interdisciplinary theory could become more meaningfully infused to enhance management practices of the organization\u27s knowledge ecosystem. The nature of this study was phenomenological to gain deeper understanding of individual experiences related to knowledge flow phenomena. Data were collected from a single historical research dataset containing 11 subject interviews and analyzed using Moustakas\u27 heuristic framework. Original interviews were collected in 2012 during research within a military unit, included in this study based on theme alignment. Organizational, knowledge management, emergent systems, and cognition theories were synthesized to enhance understandings of emergent ICAS forces. Individuals create unique ICAS flow emergent force dynamics in relation to micro- and macro-meso sensemaking and sensegiving. Findings indicated individual knowledge work significantly shapes emergent ICAS flow dynamics. Collectively enhancing knowledge stewardship over time could foster positive social change by improving national welfare