Education for Cognitive Agility: Improved Understanding and Governance of Cyberpower

publishedVersio

Expanding alliance: ANZUS cooperation and Asia–Pacific security

Is an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? Overview The alliance between Australia and the US, underpinned by the formal ANZUS Treaty of 1951, continues to be a central part of Australian defence and security thinking and an instrument of American policy in the Asia–Pacific. How is it that an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? The answer is partly—and importantly—that the core values of the ANZUS members are strongly aligned, and successive Australian governments and American presidential administrations have seen great value in working with like-minded partners to ensure Asia–Pacific security. Far from becoming a historical curiosity, today it’s not just relevant, but of greater importance than has been the case in the past few decades. To explore new ideas on how to strengthen the US–Australia alliance, ASPI conducted a high-level strategic dialogue in Honolulu in July this year. Discussions canvassed the future strategic environment; the forthcoming Australian Defence White Paper; budget, sovereignty and expectation risks; and cooperation in the maritime, land, air, cyber, space and intelligence domains. A key purpose of the Honolulu dialogue was to help ASPI develop policy recommendations on the alliance relationship for government. This report is the product of those discussions

SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization

Threat Intelligence in Support of Cyber Situation Awareness

Despite technological advances in the information security field, attacks by unauthorized individuals and groups continue to penetrate defenses. Due to the rapidly changing environment of the Internet, the appearance of newly developed malicious software or attack techniques accelerates while security professionals continue in a reactive posture with limited time for identifying new threats. The problem addressed in this study was the perceived value of threat intelligence as a proactive process for information security. The purpose of this study was to explore how situation awareness is enhanced by receiving advanced intelligence reports resulting in better decision-making for proper response to security threats. Using a qualitative case study methodology a purposeful sample of 13 information security professionals were individually interviewed and the data analyzed through Nvivo 11 analytical software. The research questions addressed threat intelligence and its impact on the security analyst\u27s cognitive situation awareness. Analysis of the data collected indicated that threat intelligence may enhance the security analyst\u27s situation awareness, as supported in the general literature. In addition, this study showed that the differences in sources or the lack of an intelligence program may have a negative impact on determining the proper security response in a timely manner. The implications for positive social change include providing leaders with greater awareness through threat intelligence of ways to minimize the effects of cyber attacks, which may result in increasing business and consumer confidence in the protection of personal and confidential information

The Land, Space, and Cyberspace Nexus: Evolution of the Oldest Military Operations in the Newest Military Domains

Over the last century, the domains of air, space, and cyberspace have joined the traditional warfighting domains of land and sea. While the doctrine for land operations is relatively mature, the doctrine for space and cyberspace continue to evolve, often in an unstructured manner. This monograph examines the relationships among these domains and how they apply to U.S. Army and joint warfighting. It concentrates on the central question: How are U.S. military operations in the newest domains of space and cyberspace being integrated with operations in the traditional domain of land? This inquiry is divided into three major sections: • Existing Doctrine: This section presents an overview of the current state of joint and U.S. Army doctrinal development for each of the domains of land, space, and cyberspace. • Operations in Multiple Domains: This section examines the concept of cross-domain synergy and its ability to enhance globally integrated operations. • Future Operations: This section explores probable future operating environments as well as the resulting implications for U.S. Army and joint force development. It includes recommendations for policymakers and senior leaders regarding the future development and integration of space and cyberspace doctrine. Anticipated future trends favor the decreased emphasis on traditional large-scale land operations and increased frequency and intensity of conflict in space and cyberspace, perhaps even where these newer domains may become preeminent for a given operation. The joint staff’s pursuit of achieving cross-domain synergy in planning and operations offers a credible method to face some of the challenges of the future joint force, but this will likely remain an evolutionary vice revolutionary endeavor.https://press.armywarcollege.edu/monographs/1399/thumbnail.jp

Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability

[ES] La presente tesis doctoral realiza un análisis en detalle de los elementos de decisión necesarios para mejorar la comprensión de la situación en ciberdefensa con especial énfasis en la percepción y comprensión del analista de un centro de operaciones de ciberseguridad (SOC). Se proponen dos arquitecturas diferentes basadas en el análisis forense de flujos de datos (NF3). La primera arquitectura emplea técnicas de Ensemble Machine Learning mientras que la segunda es una variante de Machine Learning de mayor complejidad algorítmica (lambda-NF3) que ofrece un marco de defensa de mayor robustez frente a ataques adversarios. Ambas propuestas buscan automatizar de forma efectiva la detección de malware y su posterior gestión de incidentes mostrando unos resultados satisfactorios en aproximar lo que se ha denominado un SOC de próxima generación y de computación cognitiva (NGC2SOC). La supervisión y monitorización de eventos para la protección de las redes informáticas de una organización debe ir acompañada de técnicas de visualización. En este caso, la tesis aborda la generación de representaciones tridimensionales basadas en métricas orientadas a la misión y procedimientos que usan un sistema experto basado en lógica difusa. Precisamente, el estado del arte muestra serias deficiencias a la hora de implementar soluciones de ciberdefensa que reflejen la relevancia de la misión, los recursos y cometidos de una organización para una decisión mejor informada. El trabajo de investigación proporciona finalmente dos áreas claves para mejorar la toma de decisiones en ciberdefensa: un marco sólido y completo de verificación y validación para evaluar parámetros de soluciones y la elaboración de un conjunto de datos sintéticos que referencian unívocamente las fases de un ciberataque con los estándares Cyber Kill Chain y MITRE ATT & CK.[CA] La present tesi doctoral realitza una anàlisi detalladament dels elements de decisió necessaris per a millorar la comprensió de la situació en ciberdefensa amb especial èmfasi en la percepció i comprensió de l'analista d'un centre d'operacions de ciberseguretat (SOC). Es proposen dues arquitectures diferents basades en l'anàlisi forense de fluxos de dades (NF3). La primera arquitectura empra tècniques de Ensemble Machine Learning mentre que la segona és una variant de Machine Learning de major complexitat algorítmica (lambda-NF3) que ofereix un marc de defensa de major robustesa enfront d'atacs adversaris. Totes dues propostes busquen automatitzar de manera efectiva la detecció de malware i la seua posterior gestió d'incidents mostrant uns resultats satisfactoris a aproximar el que s'ha denominat un SOC de pròxima generació i de computació cognitiva (NGC2SOC). La supervisió i monitoratge d'esdeveniments per a la protecció de les xarxes informàtiques d'una organització ha d'anar acompanyada de tècniques de visualització. En aquest cas, la tesi aborda la generació de representacions tridimensionals basades en mètriques orientades a la missió i procediments que usen un sistema expert basat en lògica difusa. Precisament, l'estat de l'art mostra serioses deficiències a l'hora d'implementar solucions de ciberdefensa que reflectisquen la rellevància de la missió, els recursos i comeses d'una organització per a una decisió més ben informada. El treball de recerca proporciona finalment dues àrees claus per a millorar la presa de decisions en ciberdefensa: un marc sòlid i complet de verificació i validació per a avaluar paràmetres de solucions i l'elaboració d'un conjunt de dades sintètiques que referencien unívocament les fases d'un ciberatac amb els estàndards Cyber Kill Chain i MITRE ATT & CK.[EN] This doctoral thesis performs a detailed analysis of the decision elements necessary to improve the cyber defence situation awareness with a special emphasis on the perception and understanding of the analyst of a cybersecurity operations center (SOC). Two different architectures based on the network flow forensics of data streams (NF3) are proposed. The first architecture uses Ensemble Machine Learning techniques while the second is a variant of Machine Learning with greater algorithmic complexity (lambda-NF3) that offers a more robust defense framework against adversarial attacks. Both proposals seek to effectively automate the detection of malware and its subsequent incident management, showing satisfactory results in approximating what has been called a next generation cognitive computing SOC (NGC2SOC). The supervision and monitoring of events for the protection of an organisation's computer networks must be accompanied by visualisation techniques. In this case, the thesis addresses the representation of three-dimensional pictures based on mission oriented metrics and procedures that use an expert system based on fuzzy logic. Precisely, the state-of-the-art evidences serious deficiencies when it comes to implementing cyber defence solutions that consider the relevance of the mission, resources and tasks of an organisation for a better-informed decision. The research work finally provides two key areas to improve decision-making in cyber defence: a solid and complete verification and validation framework to evaluate solution parameters and the development of a synthetic dataset that univocally references the phases of a cyber-attack with the Cyber Kill Chain and MITRE ATT & CK standards.Llopis Sánchez, S. (2023). Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19424

Non-Contact Warfare: A Strategy for Future

Examining events after World War II shows that the emerging technological environment is shaping the future. The shift in operational doctrine from ‘massing of forces’ to ‘massing of effects’ with a quantum reduction in physical contact between adversarial forces has been scripted. Future conflict trends are likely to be diffused, diverse and disruptive. Expanding security-arena from traditional to non-traditional domains necessitates a nuanced doctrinal approach. The escalation levers are looking at non-military and military means of contestation.   &nbsp