Methodology to Perform Cyber Lethality Assessment

The Naval Surface Warfare Center, Dahlgren Division (NSWCDD) Lethality and Effectiveness Branch is the Navy’s subject matter experts (SME) on target vulnerability, weapon lethality, and weapon effectiveness. Branch personnel currently exercise expertise in the kinetic and directed energy weapon domains. When the Navy develops weapons in the kinetic and directed energy domains, there are clear and well established procedures and methodologies for performing target characterization that support weapon-target pairing. Algorithms exist to describe the likelihood of damage effects. It is natural that in the paradigm shift to cyberspace warfare that the Branch provide these same services to the warfighter in the cyber domain. In simplistic terms, cyberspace lethality is the opposite side of the cybersecurity coin. Rather than protecting own-systems, a cyber-offensive capability is applied to an adversary’s network to disrupt normal operations. However, there are currently no established procedures or methodologies for performing cyberspace target vulnerability characterization (CTVC) or cyber lethality and effectiveness analyses. Nor is there any organization currently dedicated to performing these tasks. Previous efforts were conducted stand-alone and did not produce a meaningful or accepted methodology. This dissertation is intended to research existing lethality prediction processes for kinetic and directed energy weapons and modify them for the new cyber weapon realm such that the new methodologies will allow analysts to perform effective and efficient CTVC and cyber weapon lethality performance assessments. The methodology will be presented to the Joint Technical Coordinating Group for Munitions Effectiveness for consideration and adaptation. The cyber lethality research and methodology development has the support of NSWCDD management which has designated cyber warfare engineering to be a thrust within the NSWCDD 2015-2020 Strategic Plan. This thrust includes providing support for offensive cyber operations through the experimentation, development, test and evaluation, training, integration, and certification of combat and weapon systems that will allow the naval commander to project power by the application of force in or through cyberspace

CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information

Machine learning has become mainstream across industries. Numerous examples proved the validity of it for security applications. In this work, we investigate how to reverse engineer a neural network by using only power side-channel information. To this end, we consider a multilayer perceptron as the machine learning architecture of choice and assume a non-invasive and eavesdropping attacker capable of measuring only passive side-channel leakages like power consumption, electromagnetic radiation, and reaction time. We conduct all experiments on real data and common neural net architectures in order to properly assess the applicability and extendability of those attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our experiments show that the side-channel attacker is capable of obtaining the following information: the activation functions used in the architecture, the number of layers and neurons in the layers, the number of output classes, and weights in the neural network. Thus, the attacker can effectively reverse engineer the network using side-channel information. Next, we show that once the attacker has the knowledge about the neural network architecture, he/she could also recover the inputs to the network with only a single-shot measurement. Finally, we discuss several mitigations one could use to thwart such attacks.Comment: 15 pages, 16 figure

A Framework for Evaluating Security in the Presence of Signal Injection Attacks

Sensors are embedded in security-critical applications from medical devices to nuclear power plants, but their outputs can be spoofed through electromagnetic and other types of signals transmitted by attackers at a distance. To address the lack of a unifying framework for evaluating the effects of such transmissions, we introduce a system and threat model for signal injection attacks. We further define the concepts of existential, selective, and universal security, which address attacker goals from mere disruptions of the sensor readings to precise waveform injections. Moreover, we introduce an algorithm which allows circuit designers to concretely calculate the security level of real systems. Finally, we apply our definitions and algorithm in practice using measurements of injections against a smartphone microphone, and analyze the demodulation characteristics of commercial Analog-to-Digital Converters (ADCs). Overall, our work highlights the importance of evaluating the susceptibility of systems against signal injection attacks, and introduces both the terminology and the methodology to do so.Comment: This article is the extended technical report version of the paper presented at ESORICS 2019, 24th European Symposium on Research in Computer Security (ESORICS), Luxembourg, Luxembourg, September 201

Post-Westgate SWAT : C4ISTAR Architectural Framework for Autonomous Network Integrated Multifaceted Warfighting Solutions Version 1.0 : A Peer-Reviewed Monograph

Police SWAT teams and Military Special Forces face mounting pressure and challenges from adversaries that can only be resolved by way of ever more sophisticated inputs into tactical operations. Lethal Autonomy provides constrained military/security forces with a viable option, but only if implementation has got proper empirically supported foundations. Autonomous weapon systems can be designed and developed to conduct ground, air and naval operations. This monograph offers some insights into the challenges of developing legal, reliable and ethical forms of autonomous weapons, that address the gap between Police or Law Enforcement and Military operations that is growing exponentially small. National adversaries are today in many instances hybrid threats, that manifest criminal and military traits, these often require deployment of hybrid-capability autonomous weapons imbued with the capability to taken on both Military and/or Security objectives. The Westgate Terrorist Attack of 21st September 2013 in the Westlands suburb of Nairobi, Kenya is a very clear manifestation of the hybrid combat scenario that required military response and police investigations against a fighting cell of the Somalia based globally networked Al Shabaab terrorist group.Comment: 52 pages, 6 Figures, over 40 references, reviewed by a reade

Trick or Heat? Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks

Temperature sensing and control systems are widely used in the closed-loop control of critical processes such as maintaining the thermal stability of patients, or in alarm systems for detecting temperature-related hazards. However, the security of these systems has yet to be completely explored, leaving potential attack surfaces that can be exploited to take control over critical systems. In this paper we investigate the reliability of temperature-based control systems from a security and safety perspective. We show how unexpected consequences and safety risks can be induced by physical-level attacks on analog temperature sensing components. For instance, we demonstrate that an adversary could remotely manipulate the temperature sensor measurements of an infant incubator to cause potential safety issues, without tampering with the victim system or triggering automatic temperature alarms. This attack exploits the unintended rectification effect that can be induced in operational and instrumentation amplifiers to control the sensor output, tricking the internal control loop of the victim system to heat up or cool down. Furthermore, we show how the exploit of this hardware-level vulnerability could affect different classes of analog sensors that share similar signal conditioning processes. Our experimental results indicate that conventional defenses commonly deployed in these systems are not sufficient to mitigate the threat, so we propose a prototype design of a low-cost anomaly detector for critical applications to ensure the integrity of temperature sensor signals.Comment: Accepted at the ACM Conference on Computer and Communications Security (CCS), 201

Human and animal models for translational research on neurodegeneration: Challenges and opportunities from South America

Facing the alarming growth of dementia and neurodegenerative conditions has become a critical priority across the globe (Alzheimer´s Disease International, 2009;Lancet, 2015;Shah et al., 2016;Parra et al., 2018). Neurodegenerative diseases are the most frequent cause of dementia, representing a burden for public health systems (especially in middle and middle-high income countries). Although most research on this subject is concentrated in first-world centers, growing efforts in South American countries (SACs) are affording important breakthroughs. This emerging agenda poses not only new challenges for the region, but also new opportunities for the field at large. SACs have witnessed a promising development of relevant research in humans and animals, giving rise to new regional challenges. As highlighted in a recent experts? consensus paper Latin-American countries (LAC), and SACs in particular (Parra et al., 2018), face a critical situation. Higher demographic rates and the predicted prevalence of dementia have reached and even exceeded those of developing countries. In SACs, low- and middle-income countries (e.g., Bolivia, Paraguay), the prevalence of dementia will double that of high-income countries, while upper-middle-income countries in the region (e.g., Argentina, Brazil, Chile, Colombia, Peru, Uruguay, and Venezuela) will experience the greatest impact of dementia. The WHO estimated that the standardized prevalence of dementia in Latin America was 8.5%, but multiple SACs have been underrepresented or underestimated in such a calculation (Parra et al., 2018). Moreover, raw prevalence rates across studies are characterized by high variability within and between countries (e.g., Argentina: 8.3; Brazil: 7.1-2.0; Chile: 4.4-7.0; Colombia: 6.0; Peru: 6.72-9.3; Uruguay: 3.1; Venezuela: 5.7-13,7) (Parra et al., 2018). In addition, most of these studies are undermined by various limitations and methodological problems. Even considering these data, SACs possess the highest global prevalence of dementia after North Africa/Middle East in people above the age of 60 (Parra et al., 2018). Moreover, the harmonization of global strategies against dementia in these contexts is hindered not only by reduced epidemiological data, but also by the lack of standardized clinical practice, insufficient training of physicians, limited resources, and poor governmental support, let alone poverty and more general cultural barriers and stigmas. All of these factors have impacted the type and amount of research conducted in SACs. A regional network, based on multiinstitutional actors from research, governmental, and private sectors is fundamental to overcome these challenges (Parra et al., 2018).Fil: Ibanez Barassi, Agustin Mariano. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Houssay. Instituto de Neurociencia Cognitiva. Fundación Favaloro. Instituto de Neurociencia Cognitiva; Argentina. Instituto de Neurología Cognitiva. Laboratorio de Psicología Experimental y Neurociencia; Argentina. Universidad Autónoma del Caribe; Colombia. Universidad Adolfo Ibañez; ChileFil: Sedeño, Lucas. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Houssay. Instituto de Neurociencia Cognitiva. Fundación Favaloro. Instituto de Neurociencia Cognitiva; Argentina. Instituto de Neurología Cognitiva. Laboratorio de Psicología Experimental y Neurociencia; ArgentinaFil: García, Adolfo Martín. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Houssay. Instituto de Neurociencia Cognitiva. Fundación Favaloro. Instituto de Neurociencia Cognitiva; Argentina. Instituto de Neurología Cognitiva. Laboratorio de Psicología Experimental y Neurociencia; Argentina. Universidad Nacional de Cuyo. Facultad de Educación Elemental y Especial; ArgentinaFil: Deacon, Robert. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Houssay. Instituto de Neurociencia Cognitiva. Fundación Favaloro. Instituto de Neurociencia Cognitiva; Argentina. Instituto de Neurología Cognitiva. Laboratorio de Psicología Experimental y Neurociencia; Argentina. Universidad de Chile; ChileFil: Cogram, Patricia. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Houssay. Instituto de Neurociencia Cognitiva. Fundación Favaloro. Instituto de Neurociencia Cognitiva; Argentina. Instituto de Neurología Cognitiva. Laboratorio de Psicología Experimental y Neurociencia; Argentina. Universidad de Chile; Chil

Modelos de padrões espaciais como apoio ao ordenamento do espaço marítimo português

Sea space is increasingly occupied and leading to rising pressures on species and habitats. Marine and coastal policy framework is acknowledging this fact and using Maritime Spatial Planning (MSP) as a tool for achieving a better integrated management and planning of maritime spaces. The European Directive on Maritime Spatial Planning (Directive 2014/89/EU) aims to achieve an integrated approach to marine governance, whilst securing and maintaining the healthy status of marine and coastal waters, following an Ecosystem Based Management Approach (EBM). Moreover, Member States must produce plans until 2021. In 2014, Portugal enacted the law establishing the Basis of the National Maritime Space and in 2015 followed the framework for elaboration of the national Maritime Spatial Plan, named as Situation Plan. The Portuguese Situation Plan, developed for Mainland, Madeira and Extended Platform Subdivisions was approved in December 2019. This thesis’ main contribution is the development of a set of spatial patterns for addressing coasts and seas with comparable information, moving away from the sectorial approach to the sea. The patterns are used to classify maritime spaces and gather evidence on potentials opportunities and challenges for the development of regions. Therefore, this thesis develops methodological approaches for planners and managers to support the MSP process in a time and resource data limited setting using the Portuguese Mainland Subdivision as a case study. The approaches are easy to use, accessible and easily understood by planners and decision-makers. Most of the outputs were produced in the forms of maps showing combined information, and in some cases, different scenarios for selection of best available options. The focus was given to environmental impacts conservation and socio-ecological assessment in line with an EBM approach. The tools presented in this thesis can be of value in the years to come to provide MSP with relevant information to support an EBM approach to the sea management of ocean uses.O espaço marinho está cada vez mais ocupado conduzindo a pressões crescentes sobre as espécies e habitats. O quadro político marinho e costeiro está a reconhecer este facto e a utilizar o Ordenamento do Espaço Marítimo (OEM) como um instrumento para alcançar uma melhor gestão e planeamento integrados dos espaços marítimos. A Diretiva Europeia sobre Ordenamento do Espaço Marítimo (Diretiva 2014/89/UE) visa alcançar uma abordagem integrada da governação marinha, assegurando e mantendo simultaneamente o estado saudável das águas marinhas e costeiras, seguindo uma abordagem de Gestão Baseada em Ecossistemas (GBE). Além disso, os Estados Membros devem produzir planos até 2021. Em 2014, Portugal promulgou a lei que estabelece a Base do Espaço Marítimo Nacional e em 2015 seguiu-se o quadro para a elaboração do Plano de Ordenamento do Espaço Marítimo Nacional, denominado Plano de Situação. O Plano de Situação Português desenvolvido para o Continente, Madeira e Subdivisões da Plataforma Alargada foi aprovado em dezembro de 2019. A principal contribuição desta tese é o desenvolvimento de um conjunto de padrões espaciais para abordar espaços costeiros e marinhos com informação comparável, afastando-se da abordagem sectorial ao mar. Os padrões são utilizados para classificar os espaços marítimos e recolher informações sobre potenciais oportunidades e desafios para o desenvolvimento das regiões. Esta tese desenvolve abordagens metodológicas para planeadores para apoiar o processo do OEM num contexto limitado de tempo e recursos, utilizando a Subdivisão Portuguesa do Continente como um estudo de caso. As abordagens são fáceis de utilizar, acessíveis e facilmente compreendidas por planeadores e decisores políticos. A maioria dos resultados foram produzidos sob a forma de mapas mostrando informação combinada, e em alguns casos, mostrando diferentes cenários para seleção das melhores opções disponíveis. O foco foi atribuído à conservação dos impactos ambientais e à avaliação sócio-ecológica, em linha com uma abordagem GBE. As ferramentas apresentadas nesta tese são úteis para fornecer ao OEM informações relevantes para apoiar uma abordagem GBE para a gestão dos oceanos.Programa Doutoral em Ciência, Tecnologia e Gestão do Ma