On the Probability of Predicting and Mapping Traditional Warfare Measurements to the Cyber Warfare Domain

Part 3: Peace, War, Cyber-Security and ICTInternational audienceCyber warfare is a contentious topic, with no agreement on whether this is a real possibility or an unrealistic extension of the physical battlefield. This article will not debate the validity and legality of the concept of cyber warfare, but will assume its existence based on prior research. To that end the article will examine research available on traditional warfare causes, elements and measurement techniques. This is done to examine the possibility of mapping traditional warfare measurements to cyber warfare. This article aims to provide evidence towards the probability of predicting and mapping traditional warfare measurements to the cyber warfare domain. Currently the only way of cyber warfare measurement is located in traditional information security techniques, but these measurements often do not adequately describe the extent of the cyber domain. Therefore, this paper aims to identify a set of criteria to aid in the prediction of cyber warfare probability

Pro-active visualization of cyber security on a National Level : a South African case study

The need for increased national cyber security situational awareness is evident from the growing number of published national cyber security strategies. Governments are progressively seen as responsible for cyber security, but at the same time increasingly constrained by legal, privacy and resource considerations. Infrastructure and services that form part of the national cyber domain are often not under the control of government, necessitating the need for information sharing between governments and commercial partners. While sharing of security information is necessary, it typically requires considerable time to be implemented effectively. In an effort to decrease the time and effort required for cyber security situational awareness, this study considered commercially available data sources relating to a national cyber domain. Open source information is typically used by attackers to gather information with great success. An understanding of the data provided by these sources can also afford decision makers the opportunity to set priorities more effectively. Through the use of an adapted Joint Directors of Laboratories (JDL) fusion model, an experimental system was implemented that visualized the potential that open source intelligence could have on cyber situational awareness. Datasets used in the validation of the model contained information obtained from eight different data sources over a two year period with a focus on the South African .co.za sub domain. Over a million infrastructure devices were examined in this study along with information pertaining to a potential 88 million vulnerabilities on these devices. During the examination of data sources, a severe lack of information regarding the human aspect in cyber security was identified that led to the creation of a novel Personally Identifiable Information detection sensor (PII). The resultant two million records pertaining to PII in the South African domain were incorporated into the data fusion experiment for processing. The results of this processing are discussed in the three case studies. The results offered in this study aim to highlight how data fusion and effective visualization can serve to move national cyber security from a primarily reactive undertaking to a more pro-active model