Maturing International Cooperation to Address the Cyberspace Attack Attribution Problem

One of the most significant challenges to deterring attacks in cyberspace is the difficulty of identifying and attributing attacks to specific state or non-state actors. The lack of technical detection capability moves the problem into the legal realm; however, the lack of domestic and international cyberspace legislation makes the problem one of international cooperation. Past assessments have led to collective paralysis pending improved technical and legal advancements. This paper demonstrates, however, that any plausible path to meaningful defense in cyberspace must include a significant element of international cooperation and regime formation. The analytical approach diverges from past utilitarian-based assessments to understand the emerging regime, or implicit and explicit principles, norms, rules, and decision-making procedures, around which actor expectations are beginning to converge in the area of cyberspace attack attribution. The analysis applies a social-practice perspective of regime formation to identify meaningful normative and political recommendations. Various hypotheses of regime formation further tailor the recommendations to the current maturity level of international cooperation in this issue area. Examining international cooperation in cyberspace and methods for maturing international cooperation to establish attribution in other domains inform political mitigations to the problem of cyberspace attack attribution. Potential solutions are analyzed with respect to four recent cyberspace attacks to illustrate how improved international cooperation might address the problem. Finally, a counterfactual analysis, or thought experiment, of how these recommendations might have been applied in the case of rampant Chinese cyber espionage inform specific current and future opportunities for implementation. Although timing is difficult to predict, the growing frequency and scope of cyber attacks indicate the window of opportunity to address the problem before some form of cataclysmic event is closing

The status and use of computer network attacks in international humanitarian law.

The information revolution has transformed both modern societies and the way in which they conduct warfare. This thesis analyses the status of computer network attacks in international law and examines their treatment under the laws of armed conflict. A computer network attack is any operation designed to disrupt, deny, degrade or destroy information resident in computers and computer networks, or the computers and networks themselves. The first part of the thesis deals with a States right to resort to force and uses the U.N. Charter system to analyse whether and at what point a computer network attack will amount to a use of force or an armed attack, and examines the permitted responses against such an attack. The second part of the thesis addresses the applicability of international humanitarian law to computer network attacks by determining under what circumstances these attacks will constitute an armed conflict. It concludes that the jus in bello will apply where the perceived intention of the attacking party is to cause deliberate harm and the foreseeable consequence of the acts includes injury, death damage or destruction. In examining the regulation of these attacks under the Jus in bello the author addresses the legal issues associated with this method of attack in terms of the current law and examines the underlying debates which are shaping the modern laws applicable in armed conflict. Participants in conflicts are examined as increased civilianisation of the armed forces is moving in lock-step with advances in technology. Computer network attacks also present new issues for the law relating to targeting and precautions in attack which are addressed; objects subject to special protections, and their digital counterparts are also examined. Finally the thesis addresses computer network attacks against the laws relating to means and methods of warfare, including the law of weaponry, perfidy and the particular issues relating to digital property

Ethical and Unethical Hacking

The goal of this chapter is to provide a conceptual analysis of ethical, comprising history, common usage and the attempt to provide a systematic classification that is both compatible with common usage and normatively adequate. Subsequently, the article identifies a tension between common usage and a normativelyadequate nomenclature. ‘Ethical hackers’ are often identified with hackers that abide to a code of ethics privileging business-friendly values. However, there is no guarantee that respecting such values is always compatible with the all-things-considered morally best act. It is recognised, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the ‘all things considered’ sense, while society may agree more easily on the determination of who is one in the ‘business-friendly’ limited sense. The article concludes by suggesting a pragmatic best-practice approach for characterising ethical hacking, which reaches beyond business-friendly values and helps in the taking of decisions that are respectful of the hackers’ individual ethics in morally debatable, grey zones

Best Practices and Recommendations for Cybersecurity Service Providers

This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing. Based on a brief outline of dilemmas that cybersecurity service providers may experience in their daily operations, it discusses data handling policies and practices of cybersecurity vendors along the following five topics: customer data handling; information about breaches; threat intelligence; vulnerability-related information; and data involved when collaborating with peers, CERTs, cybersecurity research groups, etc. There is, furthermore, a discussion of specific issues of penetration testing such as customer recruitment and execution as well as the supervision and governance of penetration testing. The chapter closes with some general recommendations regarding improving the ethical decision-making procedures of private cybersecurity service providers

The Ethics of Cybersecurity

This open access book provides the first comprehensive collection of papers that provide an integrative view on cybersecurity. It discusses theories, problems and solutions on the relevant ethical issues involved. This work is sorely needed in a world where cybersecurity has become indispensable to protect trust and confidence in the digital infrastructure whilst respecting fundamental values like equality, fairness, freedom, or privacy. The book has a strong practical focus as it includes case studies outlining ethical issues in cybersecurity and presenting guidelines and other measures to tackle those issues. It is thus not only relevant for academics but also for practitioners in cybersecurity such as providers of security software, governmental CERTs or Chief Security Officers in companies

Strategic Latency Unleashed: The Role of Technology in a Revisionist Global Order and the Implications for Special Operations Forces

The article of record may be found at https://cgsr.llnl.govThis work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory in part under Contract W-7405-Eng-48 and in part under Contract DE-AC52-07NA27344. The views and opinions of the author expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC. ISBN-978-1-952565-07-6 LCCN-2021901137 LLNL-BOOK-818513 TID-59693This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory in part under Contract W-7405-Eng-48 and in part under Contract DE-AC52-07NA27344. The views and opinions of the author expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC. ISBN-978-1-952565-07-6 LCCN-2021901137 LLNL-BOOK-818513 TID-5969

U.S. strategic cyber deterrence options

The U.S. government appears incapable of creating an adequate strategy to alter the behavior of the wide variety of malicious actors seeking to inflict harm or damage through cyberspace. This thesis provides a systematic analysis of contemporary deterrence strategies and offers the U.S. the strategic option of active cyber defense designed for continuous cybered conflict. It examines the methods and motivations of the wide array of malicious actors operating in the cyber domain. The thesis explores how the theories of strategy and deterrence underpin the creation of strategic deterrence options and what role deterrence plays with respect to strategies, as a subset, a backup, an element of one or another strategic choice. It looks at what the government and industry are doing to convince malicious actors that their attacks will fail and that risk of consequences exists. The thesis finds that contemporary deterrence strategies of retaliation, denial and entanglement lack the conditions of capability, credibility, and communications that are necessary to change the behavior of malicious actors in cyberspace. This research offers a midrange theory of active cyber defense as a way to compensate for these failings through internal systemic resilience and tailored disruption capacities that both frustrate and punish the wide range of malicious actors regardless of origin or intentions. The thesis shows how active cyber defense is technically capable and legally viable as an alternative strategy in the U.S. to strengthen the deterrence of cyber attacks

Untangling the Web: A Guide To Internet Research

[Excerpt] Untangling the Web for 2007 is the twelfth edition of a book that started as a small handout. After more than a decade of researching, reading about, using, and trying to understand the Internet, I have come to accept that it is indeed a Sisyphean task. Sometimes I feel that all I can do is to push the rock up to the top of that virtual hill, then stand back and watch as it rolls down again. The Internet—in all its glory of information and misinformation—is for all practical purposes limitless, which of course means we can never know it all, see it all, understand it all, or even imagine all it is and will be. The more we know about the Internet, the more acute is our awareness of what we do not know. The Internet emphasizes the depth of our ignorance because our knowledge can only be finite, while our ignorance must necessarily be infinite. My hope is that Untangling the Web will add to our knowledge of the Internet and the world while recognizing that the rock will always roll back down the hill at the end of the day

Active offensive cyber situational awareness: theory and practice

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.There is an increasing gap between the progress of technological systems and the successful exploitation of these systems through cyber-attack. Whilst the mechanism and scope of cyberspace is progressing with each passing day, risk factors and the ability to process the required amount of data from cyberspace efficiently are proving to be major obstacles to achieving desired outcomes from cyber operations. This, coupled with the dramatic increase in the numbers of cyber attackers, who are constantly producing new ways of attacking and paralysing cyber systems for political or financial gain, is a critical issue for countries that have linked their major infrastructures with Internet applications. The defensive methods currently applied to counter these evolving attacks are no longer sufficient, due to their preventive and reactive nature. This research has developed a new Active Situational Awareness theoretical model for Active Defence that aims to enhance the agility and quality of cyber situational awareness in organisations in order to counter cyber attacks. Situational Awareness (SA) is a crucial component in every organisation. It helps in the assessment of an immediate situation in relation to the environment. Current SA models adopt a reactive attitude, which responds to events and works in passive manner to any progressing enemy cyber attack. This creates a defensive mind-set and consequently influences the operator to process and utilise knowledge only within the concept of attack prevention. Thus, one can assume that operators will only gather certain knowledge after the occurrence of an attack, instead of actively searching for new intelligence to create new knowledge about the cyber attack before it takes place. This research study introduces a new approach that incorporates an Active Defence posture; namely, a ‘winning attitude’ that conforms to the military stratagems of Sun Tzu, where operators always engage attackers directly in order to create new knowledge in an agile manner by deploying active intelligence-gathering techniques to inform active defence postures in cyberspace. This also allows the system being protected to remain one step ahead of the attackers to ultimately defeat them and thwart any costly attacks. To back these statements, this study issued a survey to 200 cyber defence and security experts in order to collect data on their opinions concerning the current state of Active SA. Structural Equation Modelling (SEM) was then employed to analyse the data gathered from the survey. The results of the analysis revealed significant importance of Active Offensive Intelligence gathering in enhancing Cyber SA. The SEM showed there is a significant impact on SA Agility and Quality from Active Intelligence gathering activities. Further to this, the SEM results informed the design of the serious gaming environments utilised in this research to verify the SEM causality model. Also, the SEM informed the design of a SA assessment metric, where a behavioural anchor rating scale was used along with ground truth to measure participant SA performance. The results of this experiment revealed that there was 2 times better enhancement in cyber Situational awareness among those who did utilise active measures compared with participants who did not which mean almost double and this shows the importance of offensive intelligence gathering in enhancing cyber SA and speed up defender decision making and OODA loop. This research provided for the first time a novel theory for active cyber SA that is aligned with military doctrine. Also, a novel assessment framework and approaches for evaluating and quantifying cyber SA performance was developed in this research study. Finally, a serious gaming environment was developed for this research and used to evaluate the active SA theory which has an impact on training, techniques and practice Deception utilisation by Active groups revealed the importance of having deception capabilities as part of active tools that help operators to understand attackers’ intent and motive, and give operators more time to control the impact of cyber attacks. However, incorrect utilisation of deception capabilities during the experiment led operators to lose control over cyber attacks. Active defence is required for future cyber security. However, this trend towards the militarisation of cyberspace demands new or updated laws and regulations at an international level. Active intelligence methods define the principal capability at the core of the new active situational awareness model order in to deliver enhanced agility and quality in cyber SA.Abu Dhabi Police General Head Quarter

Personality Identification from Social Media Using Deep Learning: A Review

Social media helps in sharing of ideas and information among people scattered around the world and thus helps in creating communities, groups, and virtual networks. Identification of personality is significant in many types of applications such as in detecting the mental state or character of a person, predicting job satisfaction, professional and personal relationship success, in recommendation systems. Personality is also an important factor to determine individual variation in thoughts, feelings, and conduct systems. According to the survey of Global social media research in 2018, approximately 3.196 billion social media users are in worldwide. The numbers are estimated to grow rapidly further with the use of mobile smart devices and advancement in technology. Support vector machine (SVM), Naive Bayes (NB), Multilayer perceptron neural network, and convolutional neural network (CNN) are some of the machine learning techniques used for personality identification in the literature review. This paper presents various studies conducted in identifying the personality of social media users with the help of machine learning approaches and the recent studies that targeted to predict the personality of online social media (OSM) users are reviewed