Current Trends in Small Unmanned Aircraft Systems: Implications for U.S. Special Operations Forces

This paper assesses current trends in small unmanned aircraft systems (sUAS) technology and its applications to the Special Operations Forces (SOF) community. Of critical concern to SOF is that commercial-off-the-shelf (COTS) sUAS technologies are relatively inexpensive, improving at a dramatic rate, and widely available throughout the world. Insurgents, terrorists, violent extremist organizations (VEOs) and other nefarious actors have used COTS sUAS to conduct offensive attacks as well as to develop battlefield situation awareness; these technological improvements combined with their widespread availability will require enhanced and rapidly adaptive counter-sUAS measures in the future. To understand the most current trends in the unmanned aircraft systems (UAS) technology and their applicability to SOF, this paper analyzes the definition and classification of sUAS, their major applications, and characteristics. In the military context, UAS are principally used for intelligence, surveillance, and reconnaissance (ISR), border security, counterinsurgency, attack and strike, target identification and designation, communications relay, electronic attack, remote sensing, and aerial mapping. As technology improves, smaller versions of sUAS will be used by both friendly operators and maligned actors (insurgents, terrorists, VEOs, nation states) as force multipliers for military operations. As armed forces around the world continue to invest in research and development of sUAS technologies, there will be tremendous potential to revolutionize warfare, particularly in context of special operations. Consequently, the use of sUAS technology by SOF is likely to escalate over the next decade, as is the likelihood of sUAS countermeasures due to the availability of the technology within nefarious organizations

INTEGRATION OF INTELLIGENCE TECHNIQUES ON THE EXECUTION OF PENETRATION TESTS (iPENTEST)

Penetration Tests (Pentests) identify potential vulnerabilities in the security of computer systems via security assessment. However, it should also benefit from widely recognized methodologies and recommendations within this field, as the Penetration Testing Execution Standard (PTES). The objective of this research is to explore PTES, particularly the three initial phases: 1. Pre-Engagement Interactions; 2. Intelligence Gathering; 3. Threat Modeling; and ultimately to apply Intelligence techniques to the Threat Modeling phase. To achieve this, we will use open-source and/or commercial tools to structure a process to clarify how the results were reached using the research inductive methodology. The following steps were implemented: i) critical review of the “Penetration Testing Execution Standard (PTES)”; ii) critical review of Intelligence Production Process; iii) specification and classification of contexts in which Intelligence could be applied; iv) definition of a methodology to apply Intelligence Techniques to the specified contexts; v) application and evaluation of the proposed methodology to real case study as proof of concept. This research has the ambition to develop a model grounded on Intelligence techniques to be applied on PTES Threat Modeling phase

Data-driven framework and experimental validation for security monitoring of networked systems

Cyber attacks have become more prevalent in the last few years, and several attacks have made headlines worldwide. It has become a lucrative business for cybercriminals who are motivated by financial gains. Other motives include political, social and espionage. Organisations are spending a vast amount of money from their IT budget to secure their critical assets from such attacks, but attackers still find ways to compromise these assets. According to a recent data breach report from IBM, the cost of a data breach is estimated to be around $4.24 million, and on average, it takes 287 days to detect and contain such breaches. Cyber attacks are continuing to increase, and no organisation is immune to such attacks, as demonstrated recently by the cyber attack on FireEye, a leading global cybersecurity firm. This thesis aims to develop a data-driven framework for the security monitoring of networked systems. In this framework, models for detecting cyberattack stages, predicting cyber attacks using time series forecasting and the IoC model were developed to detect attacks that the security monitoring tools may have missed. In the cyberattack stage detection, the Cyber Kill Chain was leveraged and then mapped the detection modules to the various stages of the APT lifecycle. In the cyber prediction model, time series based feature forecasting was utilised to predict attacks to help system administrators take preventative measures. The Indicator of Compromise (IoC) model used host-based features to help detect IoCs more accurately. The main framework utilises network, host and IoC features. In these three models, the prediction accuracy of 91.1% and 98.8% was achieved for the APT and IoC models, while the time series forecasting model produced a reasonable low mean absolute error (MAE) and root mean square error (RMSE) score. The author also contributed to another paper on effective feature selection methods using deep feature abstraction in the form of unsupervised auto-encoders to extract more features. Wrapper-based feature selection techniques were then utilised using Support Vector Machine (SVM), Naive Bayes and Decision tree to select the highest-ranking features. Artificial Neural Networks (ANN) classifier was then used to distinguish impersonation from normal traffic. The contribution of the author to this paper was on the feature selection methods. This model achieved an overall accuracy of 99.5%. It is anticipated that these models will allow decision-makers and systems administrators to take proactive approaches to secure their systems and reduce data breaches

Development and Validation of a Proof-of-Concept Prototype for Analytics-based Malicious Cybersecurity Insider Threat in a Real-Time Identification System

Insider threat has continued to be one of the most difficult cybersecurity threat vectors detectable by contemporary technologies. Most organizations apply standard technology-based practices to detect unusual network activity. While there have been significant advances in intrusion detection systems (IDS) as well as security incident and event management solutions (SIEM), these technologies fail to take into consideration the human aspects of personality and emotion in computer use and network activity, since insider threats are human-initiated. External influencers impact how an end-user interacts with both colleagues and organizational resources. Taking into consideration external influencers, such as personality, changes in organizational polices and structure, along with unusual technical activity analysis, would be an improvement over contemporary detection tools used for identifying at-risk employees. This would allow upper management or other organizational units to intervene before a malicious cybersecurity insider threat event occurs, or mitigate it quickly, once initiated. The main goal of this research study was to design, develop, and validate a proof-of-concept prototype for a malicious cybersecurity insider threat alerting system that will assist in the rapid detection and prediction of human-centric precursors to malicious cybersecurity insider threat activity. Disgruntled employees or end-users wishing to cause harm to the organization may do so by abusing the trust given to them in their access to available network and organizational resources. Reports on malicious insider threat actions indicated that insider threat attacks make up roughly 23% of all cybercrime incidents, resulting in $2.9 trillion in employee fraud losses globally. The damage and negative impact that insider threats cause was reported to be higher than that of outsider or other types of cybercrime incidents. Consequently, this study utilized weighted indicators to measure and correlate simulated user activity to possible precursors to malicious cybersecurity insider threat attacks. This study consisted of a mixed method approach utilizing an expert panel, developmental research, and quantitative data analysis using the developed tool on simulated data set. To assure validity and reliability of the indicators, a panel of subject matter experts (SMEs) reviewed the indicators and indicator categorizations that were collected from prior literature following the Delphi technique. The SMEs’ responses were incorporated into the development of a proof-of-concept prototype. Once the proof-of-concept prototype was completed and fully tested, an empirical simulation research study was conducted utilizing simulated user activity within a 16-month time frame. The results of the empirical simulation study were analyzed and presented. Recommendations resulting from the study also be provided

Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructures

Critical infrastructure (CI) typically refers to the essential physical and virtual systems, assets, and services that are vital for the functioning and well-being of a society, economy, or nation. However, the rapid proliferation and dynamism of today\u27s cyber threats in digital environments may disrupt CI functionalities, which would have a debilitating impact on public safety, economic stability, and national security. This has led to much interest in effective cybersecurity solutions regarding automation and intelligent decision-making, where AI-based modeling is potentially significant. In this paper, we take into account “Rule-based AI” rather than other black-box solutions since model transparency, i.e., human interpretation, explainability, and trustworthiness in decision-making, is an essential factor, particularly in cybersecurity application areas. This article provides an in-depth study on multi-aspect rule based AI modeling considering human interpretable decisions as well as security automation and intelligence for CI. We also provide a taxonomy of rule generation methods by taking into account not only knowledge-driven approaches based on human expertise but also data-driven approaches, i.e., extracting insights or useful knowledge from data, and their hybridization. This understanding can help security analysts and professionals comprehend how systems work, identify potential threats and anomalies, and make better decisions in various real-world application areas. We also cover how these techniques can address diverse cybersecurity concerns such as threat detection, mitigation, prediction, diagnosis for root cause findings, and so on in different CI sectors, such as energy, defence, transport, health, water, agriculture, etc. We conclude this paper with a list of identified issues and opportunities for future research, as well as their potential solution directions for how researchers and professionals might tackle future generation cybersecurity modeling in this emerging area of study

Opportunities and challenges posed by disruptive and converging information technologies for Australia\u27s future defence capabilities: A horizon scan

Introduction: The research project\u27s objective was to conduct a comprehensive horizon scan of Network Centric Warfare (NCW) technologies—specifically, Cyber, IoT/IoBT, AI, and Autonomous Systems. Recognised as pivotal force multipliers, these technologies are critical to reshaping the mission, design, structure, and operations of the Australian Defence Force (ADF), aligning with the Department of Defence (Defence)’s offset strategies and ensuring technological advantage, especially in the Indo-Pacific\u27s competitive landscape. Research process: Employing a two-pronged research approach, the study first leveraged scientometric analysis, utilising informetric mapping software (VOSviewer) to evaluate emerging trends and their implications on defence capabilities. This approach facilitated a broader understanding of the interdisciplinary nature of defence technologies, identifying key areas for further exploration. The subsequent survey study, engaging 415 professionals and six experts across STEM, law enforcement, and ICT, aimed to assess the impact, deployment likelihood, and developmental timelines of the identified technologies. Findings: Key findings revealed significant overlaps in technology clusters, highlighting 11 specific technologies or trends as potential force multipliers for the ADF. Among these, Cyber and AI technologies were recognised for their immediate potential and urgency, suggesting a prioritisation for development investment. The analysis presented a clear imperative for urgent and prioritised technological investments, specifically in Cyber and AI technologies, followed by IoT/IoBT and autonomous systems technologies. The recommended strategic focus entails enhancing cyber security of critical infrastructure, optimising network communications, and harnessing smart sensors, among others. Implications: To maintain a competitive edge, the ADF and the Australian government must commit to significant investments in these priority technologies. This involves not only advancing the technological frontier but also fostering a flexible, innovation-friendly environment conducive to leveraging non-linear opportunities in technology innovation. Such an approach requires a concerted effort from both public and private sectors to invest resources effectively, ensuring the ADF\u27s adaptability and strategic overmatch in a rapidly changing technological landscape. Conclusion: Ultimately, this research illuminates the path forward for the ADF and Defence at large, highlighting the need for strategic investments in emerging technologies. By identifying strategic gaps, potential alliances, and sovereign technologies of high potential, this report serves as a blueprint for enhancing Australia\u27s defence capabilities and securing its strategic interests in the face of global technological shifts

Expanding Australia\u27s defence capabilities for technological asymmetric advantage in information, cyber and space in the context of accelerating regional military modernisation: A systemic design approach

Introduction. The aim of the project was to conduct a systemic design study to evaluate Australia\u27sopportunities and barriers for achieving a technological advantage in light of regional military technological advancement. It focussed on the three domains of (1) cybersecurity technology, (2) information technology, and (3) space technology. Research process. Employing a systemic design approach, the study first leveraged scientometric analysis, utilising informetric mapping software (VOSviewer) to evaluate emerging trends and their implications on defence capabilities. This approach facilitated a broader understanding of the interdisciplinary nature of defence technologies, identifying key areas for further exploration. The subsequent survey study, engaging 828 professionals across STEM, space, aerospace, defence/ law enforcement, and ICT, aimed to assess the impact, deployment likelihood, and developmental timelines of the identified technologies. Finally, five experts were interviewed to help elaborate on the findings in the survey and translate them into implications for the ADF. Findings. Key findings revealed significant overlaps in technology clusters, highlighting ten specific technologies or trends as potential force multipliers for the ADF. Among these, cybersecurity of critical infrastructure and optimisation and other algorithmic technologies were recognised for their immediate potential and urgency, suggesting a prioritisation for development investment. The analysis presented a clear imperative for urgent and prioritised technological investments, specifically in cybersecurity and information technologies, followed by space technologies. The research also suggested partnerships that Australia should develop to keep ahead in terms of regional military modernisation. Implications. To maintain a competitive edge, there is an urgent need for investment in the development and application of these technologies, as nearly all disruptive technologies identified for their potential impact, deployment/utilization likelihood, extensive use, and novelty for defence purposes are needed in the near-term (less than 5 years – cybersecurity and information technologies) or medium-term (less than 10 years – space technologies). In line with this, technology investments should be prioritized as follows: Priority 1 includes Cyber Security of critical infrastructure and optimization algorithms; Priority 2 encompasses Unmanned and autonomous systems and weapons, Deep/Machine Learning, and Space-based command and communications systems; and Priority 3 involves Industry 4.0 technologies, Quantum technology, Electromagnetic and navigation warfare systems, Hypersonic weapons, and Directed energy weapons. At the policy level, underfunding, bureaucratic inertia and outdated procurement models needed to be addressed to enhance agility of innovation. More critically, Australia needed to come up with creative ways to recruit, train and retain human capital to develop, manage and use these sophisticated technologies. Finally, in order to maintain a lead over competitors (China, Russia, Iran, North Korea) in the regional military technology competition, the survey and interviews indicate that Australia should continue its military technology alliances with long-standing partners (US, Europe, Israel), broaden its collaborations with more recent partners (Japan, Singapore, South Korea), and establish partnerships with new ones (India, Malaysia, Vietnam, Pacific Island nations). Conclusion. This study sheds light on the future direction for the ADF and Defence in general, underscoring the importance of strategic investments in up-and-coming technologies. By pinpointing strategic voids, potential partnerships, and sovereign technologies with high potential, this report acts as a roadmap for bolstering Australia’s defence capabilities and safeguarding its strategic interests amidst regional technological changes

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures can be considered as large scale Cyber Physical Systems (CPS). Therefore, when designing, implementing, and operating systems for Critical Infrastructure Protection (CIP), the boundaries between physical security and cybersecurity are blurred. Emerging systems for Critical Infrastructures Security and Protection must therefore consider integrated approaches that emphasize the interplay between cybersecurity and physical security techniques. Hence, there is a need for a new type of integrated security intelligence i.e., Cyber-Physical Threat Intelligence (CPTI). This book presents novel solutions for integrated Cyber-Physical Threat Intelligence for infrastructures in various sectors, such as Industrial Sites and Plants, Air Transport, Gas, Healthcare, and Finance. The solutions rely on novel methods and technologies, such as integrated modelling for cyber-physical systems, novel reliance indicators, and data driven approaches including BigData analytics and Artificial Intelligence (AI). Some of the presented approaches are sector agnostic i.e., applicable to different sectors with a fair customization effort. Nevertheless, the book presents also peculiar challenges of specific sectors and how they can be addressed. The presented solutions consider the European policy context for Security, Cyber security, and Critical Infrastructure protection, as laid out by the European Commission (EC) to support its Member States to protect and ensure the resilience of their critical infrastructures. Most of the co-authors and contributors are from European Research and Technology Organizations, as well as from European Critical Infrastructure Operators. Hence, the presented solutions respect the European approach to CIP, as reflected in the pillars of the European policy framework. The latter includes for example the Directive on security of network and information systems (NIS Directive), the Directive on protecting European Critical Infrastructures, the General Data Protection Regulation (GDPR), and the Cybersecurity Act Regulation. The sector specific solutions that are described in the book have been developed and validated in the scope of several European Commission (EC) co-funded projects on Critical Infrastructure Protection (CIP), which focus on the listed sectors. Overall, the book illustrates a rich set of systems, technologies, and applications that critical infrastructure operators could consult to shape their future strategies. It also provides a catalogue of CPTI case studies in different sectors, which could be useful for security consultants and practitioners as well

Development of a Cybersecurity Skills Index: A Scenarios-Based, Hands-On Measure of Non-IT Professionals\u27 Cybersecurity Skills

Completing activities online are a part of everyday life, both professionally and personally. But, conducting daily operations, interacting, and sharing information on the Internet does not come without its risks as well as a potential for harm. Substantial financial and information losses for individuals, organizations, and governments are reported regularly due to vulnerabilities as well as breaches caused by insiders. Although advances in Information Technology (IT) have been significant over the past several decades when it comes to protection of corporate information systems (IS), human errors and social engineering appear to prevail in circumventing such IT protections. While most employees may have the best of intentions, without cybersecurity skills they represent the weakest link in an organization’s IS security. Skills are defined as the combination of knowledge, experience, and ability to do something well. Cybersecurity skills correspond to the skills surrounding the hardware and software required to execute IS security to mitigate cyber-attacks. The main goal of this research study was to develop a scenarios-based, hands-on measure of non-IT professionals’ cybersecurity skills. As opposed to IT professionals, end-users are one of the weakest links in the cybersecurity chain, due to their limited cybersecurity skills. Historically, non-IT professionals (i.e., office assistants, managers, executives) have access to sensitive data and represent 72% to 95% of cybersecurity threats to organizations. This study addressed the problem of threats to organizational IS due to vulnerabilities and breaches caused by employees. Current measures of cybersecurity skills of non-IT professionals are based on self-reported surveys and were found inaccurate. Prior IS and medical research found participants view scenarios as nonintrusive and unintimidating. Therefore, this research study utilized scenarios with observable hands-on tasks to measure and quantify cybersecurity skills of non-IT professionals. This study included developmental research with a sequential-exploratory approach to combine qualitative and quantitative data collection. To ensure validity and reliability of the Cybersecurity Skills Index (CSI), a panel of 18 subject matter experts (SMEs) reviewed the CSI following the Delphi expert methodology. The SMEs’ responses were incorporated into the development of an iPad application (app) prototype (MyCyberSkills™). Following the iPad app prototype development, eight SMEs provided feedback on the scenarios, tasks, and scoring of the app using the Delphi technique. Furthermore, pilot testing of the app was conducted by manually collecting and scoring the hands-on task performance of a group of 21 non-IT professionals. The manually collected data were compared to the app computed results to ensure reliability and validity. All revisions were incorporated into the prototype prior to the start of the empirical research phase. Once the iPad app prototype was completed and fully tested, the quantitative research phase used the prototype to collect data and document the results of the measure. Participants from multiple public organizations were asked to complete the scenarios-based, hands-on tasks as presented in the prototype. Following the pre-analysis data screening, this study used a combination of descriptive statistics and one-way analysis of variance (ANOVA) to address the research questions. Results from 188 participants indicate that educational level and experience using technology appear to be significant demographic variables when it comes to the level of cybersecurity skills demonstrated by non-IT professionals. Moreover, job function, hours accessing the Internet, or primary online activity did not appear to be significant variables when it comes to the level of cybersecurity skills of this population. This research validated that the CSI benchmarking index could be used to assess an individual’s cybersecurity skills level. As organizations continue to rely on the Internet for conducting their daily operations, understanding an employee’s cybersecurity skills level is critical to securing an organization’s IS. Moreover, the CSI operationalized into the MyCyberSkills™ iPad app prototype can be used to assess an organization’s employee’s demonstrated skills on cybersecurity tasks. Furthermore, assessing the cybersecurity skills levels of employees could provide an organization insight into what is needed to further mitigate threats due to vulnerabilities and breaches caused by employees. Discussions and implications for future research are provided