Multi-Criteria Selection of Capability-Based Cybersecurity Solutions

Given the increasing frequency and severity of cyber attacks on information systems of all kinds, there is interest in rationalized approaches for selecting the “best” set of cybersecurity mitigations. However, what is best for one target environment is not necessarily best for another. This paper examines an approach to the selection that uses a set of weighted criteria, where the security engineer sets the weights based on organizational priorities and constraints. The approach is based on a capability-based representation for defensive solutions. The paper discusses a group of artifacts that compose the approach through the lens of Design Science research and reports performance results of an instantiation artifact

National Security Space Launch

The United States Space Force’s National Security Space Launch (NSSL) program, formerly known as the Evolved Expendable Launch Vehicle (EELV) program, was first established in 1994 by President William J. Clinton’s National Space Transportation Policy. The policy assigned the responsibility for expendable launch vehicles to the Department of Defense (DoD), with the goals of lowering launch costs and ensuring national security access to space. As such, the United States Air Force Space and Missile Systems Center (SMC) started the EELV program to acquire more affordable and reliable launch capability for valuable U.S. military satellites, such as national reconnaissance satellites that cost billions per satellite. In March 2019, the program name was changed from EELV to NSSL, which reflected several important features: 1.) The emphasis on “assured access to space,” 2.) transition from the Russian-made RD-180 rocket engine used on the Atlas V to a US-sourced engine (now scheduled to be complete by 2022), 3.) adaptation to manifest changes (such as enabling satellite swaps and return of manifest to normal operations both within 12 months of a need or an anomaly), and 4.) potential use of reusable launch vehicles. As of August 2019, Blue Origin, Northrop Grumman Innovation Systems, SpaceX, and United Launch Alliance (ULA) have all submitted proposals. From these, the U.S. Air Force will be selecting two companies to fulfill approximately 34 launches over a period of five years, beginning in 2022. This paper will therefore first examine the objectives for the NSSL as presented in the 2017 National Security Strategy, Fiscal Year 2019, Fiscal Year 2020, and Fiscal Year 2021 National Defense Authorization Acts (NDAA), and National Presidential Directive No. 40. The paper will then identify areas of potential weakness and gaps that exist in space launch programs as a whole and explore the security implications that impact the NSSL specifically. Finally, the paper will examine how the trajectory of the NSSL program could be adjusted in order to facilitate a smooth transition into new launch vehicles, while maintaining mission success, minimizing national security vulnerabilities, and clarifying the defense acquisition process.No embargoAcademic Major: EnglishAcademic Major: International Studie

Applying model-based systems engineering to architecture optimization and selection during system acquisition

2018 Fall.Includes bibliographical references.The architecture selection process early in a major system acquisition is a critical step in determining the overall affordability and technical performance success of a program. There are recognized deficiencies that frequently occur in this step such as poor transparency into the final selection decision and excessive focus on lowest cost, which is not necessarily the best value for all of the stakeholders. This research investigates improvements to the architecture selection process by integrating Model-Based Systems Engineering (MBSE) techniques, enforcing rigorous, quantitative evaluation metrics with a corresponding understanding of uncertainties, and stakeholder feedback in order to generate an architecture that is more optimized and trusted to provide better value for the stakeholders. Three case studies were analyzed to demonstrate this proposed process. The first focused on a satellite communications System of Systems (SoS) acquisition to demonstrate the overall feasibility and applicability of the process. The second investigated an electro-optical remote sensing satellite system to compare this proposed process to a current architecture selection process typified by the United States Department of Defense (U.S. DoD) Analysis of Alternatives (AoA). The third case study analyzed the evaluation of a service-oriented architecture (SOA) providing satellite command and control with cyber security protections in order to demonstrate rigorous accounting of uncertainty through the architecture evaluation and selection. These case studies serve to define and demonstrate a new, more transparent and trusted architecture selection process that consistently provides better value for the stakeholders of a major system acquisition. While the examples in this research focused on U.S. DoD and other major acquisitions, the methodology developed is broadly applicable to other domains where this is a need for optimization of enterprise architectures as the basis for effective system acquisition. The results from the three case studies showed the new process outperformed the current methodology for conducting architecture evaluations in nearly all criteria considered and in particular selects architectures of better value, provides greater visibility into the actual decision making, and improves trust in the decision through a robust understanding of uncertainty. The primary contribution of this research then is improved information support to an architecture selection in the early phases of a system acquisition program. The proposed methodology presents a decision authority with an integrated assessment of each alternative, traceable to the concerns of the system's stakeholders, and thus enables a more informed and objective selection of the preferred alternative. It is recommended that the methodology proposed in this work is considered for future architecture evaluations

A toolbox for Artificial Intelligence Algorithms in Cyber Attacks Prevention and Detection

Dissertation presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThis Thesis provides a qualitative view on the usage of AI technology in cybersecurity strategy of businesses. It explores the field of AI technology today, and how it is a good technology to implement into Cyber Security. The Internet and Informational technology have transformed the world of today. There is no doubt that it has created huge opportunities for global economy and humanity. The fact that Businesses of today is thoroughly dependent on the Internet and Information Systems has also exposed new vulnerabilities in terms of cybercrimes performed by a diversity of hackers, criminals, terrorists, the state and the non-state actors. All Public, private companies and government agencies are vulnerable for cybercrimes, none is left fully protected. In the recent years AI and machine learning technology have become essential to information security, since these technologies can analyze swiftly millions of datasets and tracking down a wide range of cyber threats. Alongside With the increasingly growth of automation in businesses, is it realistic that cybersecurity can be removed from human interaction into fully independent AI Applications to cover the businesses Information System Architecture of businesses in the future? This is a very interesting field those resources really need to deep into to be able to fully take advantage of the fully potential of AI technology in the usage in the field of cybersecurity. This thesis will explore the usage of AI algorithms in the prevention and detection of cyberattack in businesses and how to optimize its use. This knowledge will be used to implement a framework and a corresponding hybrid toolbox application that its purpose is be to be useful in every business in terms of strengthening the cybersecurity environment

Dynamic Capabilities in Cybersecurity Intelligence: A Meta-Synthesis to Enhance Protection Against Cyber Threats

Advanced cybersecurity threats with automated capabilities are on the rise in industries such as finance, healthcare, technology, retail, telecoms, and transportation, as well as government. It is necessary to conduct analyses of cybersecurity-related resources and capabilities to build cybersecurity intelligence (CI). The purpose of this paper is to suggest a dynamic capability in a cybersecurity intelligence (DCCI) model based on existing literature that helped firms reduce risks of cyber violations and advance the development of systems and the life cycle of firms. Through a meta-synthesis, an abduction and induction approach through eight methodological steps analyzed in forty-seven case studies the presence of cybersecurity capabilities to build CI. Combining theoretical and practical information security maturity models as a foundation, we understand capabilities building to improve the predictability of cyber incidents. The results evidenced four second-order dimensions to build CI named doing, enabling, improving, and managing cybersecurity, and eight first-order outcomes to represent the DCCI model. This research makes an unprecedented contribution to international and national scenarios, as it will allow firms to innovate their resource management processes and abilities to enable better cybersecurity projects and reduce the impacts of potential cyberattacks with the probability of eradicating vulnerabilities

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

A national cybersecurity management framework for developing countries

Abstract : Please refer to full text to view abstract.D.Phil. (Computer Science

UXS AUTHENTICATION AND KEY EXCHANGE REQUIREMENTS FOR MULTIDOMAIN OPERATION AND JOINT INTEROPERABILITY

Within the Joint All Domain Command and Control (C2) sensor network and the Navy’s Project Overmatch, unmanned systems (UxS) are a shared capability that extends reach and capacity of the military force to enhance tactics in contested spaces. This has increased research into interoperable network frameworks to securely and efficiently C2 distributed UxS forces. To date, antiquated technologies, stove-piped and proprietary business practices limit or obscure the pursuit of emerging industry techniques that provide security features required for today’s modernized force—leaving more questions than facts. Moreover, UxS power and processing limitations and constrained operating environments prohibit the use of existing modern communications protocols. However, developments in message layer security (MLS), a secure and efficient group communication protocol, could be the ideal choice for UxS teaming. This thesis documents results gathered from a qualitative study that finds MLS the best option for UxS group security and efficiency. It also documents the integration of MLS into the ScanEagle unmanned aerial vehicle (UAV) and Naval Information Warfare Pacific CASSMIR unmanned surface vehicle (USV). The implementation provides a concept of operation to demonstrate the use of MLS to provide secure and efficient C2 and exchange of data between the UAV and USV in a multi-domain ad-hoc network configuration. The experiments conducted are in a virtual environment and the physical UxS.Lieutenant, United States NavyLieutenant, United States NavyApproved for public release. Distribution is unlimited