Exploring the motivation behind cybersecurity insider threat and proposed research agenda

Cyber exploitation and malicious activities have become more sophisticated. Insider threat is one of the most significant cyber security threat vector, while posing a great concern to corporations and governments. An overview of the fundamental motivating forces and motivation theory are discussed. Such overview is provided to identify motivations that lead trusted employees to become insider threats in the context of cyber security. A research agenda with two sequential experimental research studies are outlined to address the challenge of insider threat mitigation by a prototype development. The first proposed study will classify data intake feeds, as recognized and weighted by cyber security experts, in an effort to establish predictive analytics of novel correlations of activities that may lead to cyber security incidents. It will also develop approach to identify how user activities can be compared against an established baseline, the user’s network cyber security pulse, with visualization of simulated users’ activities. Additionally, the second study will explain the process of assessing the usability of a developed visualization prototype that intends to present correlated suspicious activities requiring immediate action. Successfully developing the proposed prototype via feeds aggregation and an advanced visualization from the proposed research could assist in the mitigation of malicious insider threat

Malicious Digital Penetration of United States Weaponized Military Unmanned Aerial Vehicle Systems: A National Security Perspective Concerning the Complexity of Military UAVs and Hacking

The United States’ (US) military unmanned aerial vehicle (UAV) has seen increased usage under the post 9/11 military engagements in the Middle East, Afghanistan, and within American borders. However, the very digital networks controlling these aircrafts are now enduring malicious intrusions (hacking) by America’s enemies. . The digital intrusions serve as a presage over the very digital networks the US relies upon to safeguard its national security and interests and domestic territory. The complexity surrounding the hacking of US military UAVs appears to be increasing, given the advancements in digital networks and the seemingly inauspicious nature of artificial intelligence and autonomous systems. Being most victimized by malicious digital intrusions, the US continues its military components towards growing dependence upon digital networks in advancing warfare and national security and interests. Thus, America’s netcentric warfare perspectives may perpetuate a chaotic environment where the use of military force is the sole means of safeguarding its digital networks

The Role of a Microservice Architecture on cybersecurity and operational resilience in critical systems

Critical systems are characterized by their high degree of intolerance to threats, in other words, their high level of resilience, because depending on the context in which the system is inserted, the slightest failure could imply significant damage, whether in economic terms, or loss of reputation, of information, of infrastructure, of the environment, or human life. The security of such systems is traditionally associated with legacy infrastructures and data centers that are monolithic, which translates into increasingly high evolution and protection challenges. In the current context of rapid transformation where the variety of threats to systems has been consistently increasing, this dissertation aims to carry out a compatibility study of the microservice architecture, which is denoted by its characteristics such as resilience, scalability, modifiability and technological heterogeneity, being flexible in structural adaptations, and in rapidly evolving and highly complex settings, making it suited for agile environments. It also explores what response artificial intelligence, more specifically machine learning, can provide in a context of security and monitorability when combined with a simple banking system that adopts the microservice architecture.Os sistemas críticos são caracterizados pelo seu elevado grau de intolerância às ameaças, por outras palavras, o seu alto nível de resiliência, pois dependendo do contexto onde se insere o sistema, a mínima falha poderá implicar danos significativos, seja em termos económicos, de perda de reputação, de informação, de infraestrutura, de ambiente, ou de vida humana. A segurança informática de tais sistemas está tradicionalmente associada a infraestruturas e data centers legacy, ou seja, de natureza monolítica, o que se traduz em desafios de evolução e proteção cada vez mais elevados. No contexto atual de rápida transformação, onde as variedades de ameaças aos sistemas têm vindo consistentemente a aumentar, esta dissertação visa realizar um estudo de compatibilidade da arquitetura de microserviços, que se denota pelas suas caraterísticas tais como a resiliência, escalabilidade, modificabilidade e heterogeneidade tecnológica, sendo flexível em adaptações estruturais, e em cenários de rápida evolução e elevada complexidade, tornando-a adequada a ambientes ágeis. Explora também a resposta que a inteligência artificial, mais concretamente, machine learning, pode dar num contexto de segurança e monitorabilidade quando combinado com um simples sistema bancário que adota uma arquitetura de microserviços

Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security

Cyber Supply Chain (CSC) system is complex which involves different sub-systems performing various tasks. Security in supply chain is challenging due to the inherent vulnerabilities and threats from any part of the system which can be exploited at any point within the supply chain. This can cause a severe disruption on the overall business continuity. Therefore, it is paramount important to understand and predicate the threats so that organization can undertake necessary control measures for the supply chain security. Cyber Threat Intelligence (CTI) provides an intelligence analysis to discover unknown to known threats using various properties including threat actor skill and motivation, Tactics, Techniques, and Procedure (TT and P), and Indicator of Compromise (IoC). This paper aims to analyse and predicate threats to improve cyber supply chain security. We have applied Cyber Threat Intelligence (CTI) with Machine Learning (ML) techniques to analyse and predict the threats based on the CTI properties. That allows to identify the inherent CSC vulnerabilities so that appropriate control actions can be undertaken for the overall cybersecurity improvement. To demonstrate the applicability of our approach, CTI data is gathered and a number of ML algorithms, i.e., Logistic Regression (LG), Support Vector Machine (SVM), Random Forest (RF), and Decision Tree (DT), are used to develop predictive analytics using the Microsoft Malware Prediction dataset. The experiment considers attack and TTP as input parameters and vulnerabilities and Indicators of compromise (IoC) as output parameters. The results relating to the prediction reveal that Spyware/Ransomware and spear phishing are the most predictable threats in CSC. We have also recommended relevant controls to tackle these threats. We advocate using CTI data for the ML predicate model for the overall CSC cyber security improvement

National cybersecurity strategies:review and analysis of evaluation frameworks

Abstract. National cybersecurity strategies (NCSS) are becoming increasingly important for society. They provide essential support for the development of both digital and traditional infrastructure, and a well-designed strategy can have a tremendous positive impact on a country. Therefore, for developers of a new strategy or researchers of previously published ones, it is good to understand the current state of the art on evaluating national cybersecurity strategy documents. Unfortunately, while there is some research on these strategies and comparisons between them, the published work is superficial. Moreover, the publications do not disclose their research methods, so it is challenging to evaluate their results. These limitations make it difficult to rely on previous research. Objectives and proposed activities to achieve the desired outcomes form an essential part of a national cybersecurity strategy. However, little research on them exists. The relevant NCSS guides focus on structuring the entire drafting process at a high level, without details or suggestions on subtopics such as typical objectives or activities. This thesis addresses the research question: How are activities and objectives defined in the evaluation frameworks, and how do they relate to each other? In particular, can they be analyzed in a replicable way so that a body of knowledge of common and valuable objectives and activities in NCSS could be built? It turns out that the existing definitions for objectives are lax. There is no consensus between NCSS writers or researchers in this domain on defining an objective or activity. As a result, these are readily mixed in the source documents, and the analytical frameworks that were studied are not extracting them reliably from the source documents. The constructive analysis is one way of consistently defining the objectives and activities and applying a practical inference method to discover the connections between them. This approach was tested with the source material available from the previous works. By applying the method in this research, objectives, and activities were classified more rigorously. The classification work enabled a better understanding of the activities and further analysis of their relationships, which were then documented and organized into a graph representation. That graph of objectives and activities can help readers and developers of future strategies to think about how to organize the goals of their NCSS. Furthermore, this research could provide a way for systematically expanding the body of knowledge about the requirements and dependencies, thus making it more straightforward to include objectives and activities in future strategies. Finally, several future research avenues are discussed, which would expand the knowledge about the NCSS documents and begin to track their evolution more robustly over time. For example, there are avenues for both manual analysis and machine-learning-based unsupervised learning methods that could be applied for further insights

A conceptual framework for cyber counterintelligence

Abstract :D.Com (Computer Science

Barriers to implementation of the (SA) National Cybersecurity Policy Framework

Thesis (M.M. (Security))--University of the Witwatersrand, Faculty of Commerce, Law and Management, Graduate School of Public and Development Management, 2016Technological advancement have seen South African government departments, state owned entities and private companies using cyberspace as a platform of interaction and the storage of information. Technological advancements have a positive impact due to the compression of space, time and thereby ensuring fastpaced interaction across borders. These technological advancements have, however resulted in most organisations, both private and public, becoming prone to cybercrimes and related incidents. In an initiative aimed at countering these threats, the South African government has passed various laws. The National Cybersecurity Policy Framework (NCPF) is a South African Policy framework aimed at countering an increase in the occurrence of cybercrimes and related incidents. This research analyses the status in the implementation of the NCPF objectives allocated to the Department of Telecommunications and Postal Services (DTPS). Then the barriers in the Implementation are unpacked guided by the literature reviewed and finally recommendations on how to counter the identified barriers are provided post the data collection. The report firstly provides an outline of the global perspectives on cybersecurity which is followed by the regional cybersecurity measures, and then the national cybersecurity measures proposed by the South African Government department are outlined. The latter parts of the report focuses on the NCPF in terms of its scope, goals, objectives and stakeholders. Finally, focus is shifted to the DTPS as a chosen area of research wherein data was collected in a form of one-on-one, semi-structured interviews with relevant parties. The results of this research are presented as a narrative description that is synthesised to develop the theoretical conjecture and empirical generalisation of the entire research. This research uncovered that there are numerous barriers in the implementation of the NCPF both within the DTPS as well as between the DTPS and various stakeholders entrusted with the implementation responsibility. The last chapter consists of general conclusions made by the researcher based on the research conducted which is then followed by recommended countermeasures which will be communicated to the DTPS as well as all stakeholders who will be affected by the proposed recommendations.GR201

A Survey on Intrusion Detection Systems for Fog and Cloud Computing

The rapid advancement of internet technologies has dramatically increased the number of connected devices. This has created a huge attack surface that requires the deployment of effective and practical countermeasures to protect network infrastructures from the harm that cyber-attacks can cause. Hence, there is an absolute need to differentiate boundaries in personal information and cloud and fog computing globally and the adoption of specific information security policies and regulations. The goal of the security policy and framework for cloud and fog computing is to protect the end-users and their information, reduce task-based operations, aid in compliance, and create standards for expected user actions, all of which are based on the use of established rules for cloud computing. Moreover, intrusion detection systems are widely adopted solutions to monitor and analyze network traffic and detect anomalies that can help identify ongoing adversarial activities, trigger alerts, and automatically block traffic from hostile sources. This survey paper analyzes factors, including the application of technologies and techniques, which can enable the deployment of security policy on fog and cloud computing successfully. The paper focuses on a Software-as-a-Service (SaaS) and intrusion detection, which provides an effective and resilient system structure for users and organizations. Our survey aims to provide a framework for a cloud and fog computing security policy, while addressing the required security tools, policies, and services, particularly for cloud and fog environments for organizational adoption. While developing the essential linkage between requirements, legal aspects, analyzing techniques and systems to reduce intrusion detection, we recommend the strategies for cloud and fog computing security policies. The paper develops structured guidelines for ways in which organizations can adopt and audit the security of their systems as security is an essential component of their systems and presents an agile current state-of-the-art review of intrusion detection systems and their principles. Functionalities and techniques for developing these defense mechanisms are considered, along with concrete products utilized in operational systems. Finally, we discuss evaluation criteria and open-ended challenges in this area