ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains

What Ukraine Taught NATO about Hybrid Warfare

Russia’s invasion of Ukraine in 2022 forced the United States and its NATO partners to be confronted with the impact of hybrid warfare far beyond the battlefield. Targeting Europe’s energy security, Russia’s malign influence campaigns and malicious cyber intrusions are affecting global gas prices, driving up food costs, disrupting supply chains and grids, and testing US and Allied military mobility. This study examines how hybrid warfare is being used by NATO’s adversaries, what vulnerabilities in energy security exist across the Alliance, and what mitigation strategies are available to the member states. Cyberattacks targeting the renewable energy landscape during Europe’s green transition are increasing, making it urgent that new tools are developed to protect these emerging technologies. No less significant are the cyber and information operations targeting energy security in Eastern Europe as it seeks to become independent from Russia. Economic coercion is being used against Western and Central Europe to stop gas from flowing. China’s malign investments in Southern and Mediterranean Europe are enabling Beijing to control several NATO member states’ critical energy infrastructure at a critical moment in the global balance of power. What Ukraine Taught NATO about Hybrid Warfare will be an important reference for NATO officials and US installations operating in the European theater.https://press.armywarcollege.edu/monographs/1952/thumbnail.jp

Cyber-Attack Modeling Analysis Techniques: An Overview

YesCyber attack is a sensitive issue in the world of Internet security. Governments and business organisations around the world are providing enormous effort to secure their data. They are using various types of tools and techniques to keep the business running, while adversaries are trying to breach security and send malicious software such as botnets, viruses, trojans etc., to access valuable data. Everyday the situation is getting worse because of new types of malware emerging to attack networks. It is important to understand those attacks both before and after they happen in order to provide better security to our systems. Understanding attack models provide more insight into network vulnerability; which in turn can be used to protect the network from future attacks. In the cyber security world, it is difficult to predict a potential attack without understanding the vulnerability of the network. So, it is important to analyse the network to identify top possible vulnerability list, which will give an intuitive idea to protect the network. Also, handling an ongoing attack poses significant risk on the network and valuable data, where prompt action is necessary. Proper utilisation of attack modelling techniques provide advance planning, which can be implemented rapidly during an ongoing attack event. This paper aims to analyse various types of existing attack modelling techniques to understand the vulnerability of the network; and the behaviour and goals of the adversary. The ultimate goal is to handle cyber attack in efficient manner using attack modelling techniques

Hybrid Warfare

This book is available as open access through the Bloomsbury Open Access programme and is available on www.bloomsburycollections.com. Hybrid Warfare refers to a military strategy that blends conventional warfare, so-called ‘irregular warfare’ and cyber-attacks with other influencing methods, such as fake news, diplomacy and foreign political intervention. As Hybrid Warfare becomes increasingly commonplace, there is an imminent need for research bringing attention to how these challenges can be addressed in order to develop a comprehensive approach towards Hybrid Threats and Hybrid Warfare. This volume supports the development of such an approach by bringing together practitioners and scholarly perspectives on the topic and by covering the threats themselves, as well as the tools and means to counter them, together with a number of real-world case studies. The book covers numerous aspects of current Hybrid Warfare discourses including a discussion of the perspectives of key western actors such as NATO, the US and the EU; an analysis of Russia and China’s Hybrid Warfare capabilities; and the growing threat of cyberwarfare. A range of global case studies – featuring specific examples from the Baltics, Taiwan, Ukraine, Iran and Catalonia – are drawn upon to demonstrate the employment of Hybrid Warfare tactics and how they have been countered in practice. Finally, the editors propose a new method through which to understand the dynamics of Hybrid Threats, Warfare and their countermeasures, termed the ‘Hybridity Blizzard Model’. With a focus on practitioner insight and practicable International Relations theory, this volume is an essential guide to identifying, analysing and countering Hybrid Threats and Warfare

Struggling to strike the right balance between interests at stake:The ‘Yarovaya’, ‘Fake news’ and ‘Disrespect’ laws as examples of ill-conceived legislation in the age of modern technology

The article deals with the legislative amendments that have been recently adopted in the Russian Federation, the so-called ‘Yarovaya’ law, the ‘fake news’ law and the ‘disrespect’ law. It explains the essence and problems of implementation of the above-mentioned legal instruments and assesses them from the human rights angle. It is established that the rather complex laws under analysis pose significant threats to the human rights and fundamental freedoms of individuals, including privacy, data protection and freedom of expression, and introduce other additional negative effects to the Russian society and economy. While in the adoption of such legislation it is crucial to give due weight to the involved interests, the used examples indicate that the State’s interests seem to prevail at the cost of the rights and freedoms of those who need to be adequately protected

Multi-Attribute SCADA-Specific Intrusion Detection System for Power Networks

The increased interconnectivity and complexity of supervisory control and data acquisition (SCADA) systems in power system networks has exposed the systems to a multitude of potential vulnerabilities. In this paper, we present a novel approach for a next-generation SCADA-specific intrusion detection system (IDS). The proposed system analyzes multiple attributes in order to provide a comprehensive solution that is able to mitigate varied cyber-attack threats. The multiattribute IDS comprises a heterogeneous white list and behavior-based concept in order to make SCADA cybersystems more secure. This paper also proposes a multilayer cyber-security framework based on IDS for protecting SCADA cybersecurity in smart grids without compromising the availability of normal data. In addition, this paper presents a SCADA-specific cybersecurity testbed to investigate simulated attacks, which has been used in this paper to validate the proposed approach

Hybrid Warfare

This book is available as open access through the Bloomsbury Open Access programme and is available on www.bloomsburycollections.com. Hybrid Warfare refers to a military strategy that blends conventional warfare, so-called ‘irregular warfare’ and cyber-attacks with other influencing methods, such as fake news, diplomacy and foreign political intervention. As Hybrid Warfare becomes increasingly commonplace, there is an imminent need for research bringing attention to how these challenges can be addressed in order to develop a comprehensive approach towards Hybrid Threats and Hybrid Warfare. This volume supports the development of such an approach by bringing together practitioners and scholarly perspectives on the topic and by covering the threats themselves, as well as the tools and means to counter them, together with a number of real-world case studies. The book covers numerous aspects of current Hybrid Warfare discourses including a discussion of the perspectives of key western actors such as NATO, the US and the EU; an analysis of Russia and China’s Hybrid Warfare capabilities; and the growing threat of cyberwarfare. A range of global case studies – featuring specific examples from the Baltics, Taiwan, Ukraine, Iran and Catalonia – are drawn upon to demonstrate the employment of Hybrid Warfare tactics and how they have been countered in practice. Finally, the editors propose a new method through which to understand the dynamics of Hybrid Threats, Warfare and their countermeasures, termed the ‘Hybridity Blizzard Model’. With a focus on practitioner insight and practicable International Relations theory, this volume is an essential guide to identifying, analysing and countering Hybrid Threats and Warfare

Anomaly diagnosis in industrial control systems for digital forensics

Over several decades, Industrial Control Systems (ICS) have become more interconnected and highly programmable. An increasing number of sophisticated cyber-attacks have targeted ICS with a view to cause tangible damage. Despite the stringent functional safety requirements mandated within ICS environments, critical national infrastructure (CNI) sectors and ICS vendors have been slow to address the growing cyber threat. In contrast with the design of information technology (IT) systems, security of controls systems have not typically been an intrinsic design principle for ICS components, such as Programmable Logic Controllers (PLCs). These factors have motivated substantial research addressing anomaly detection in the context of ICS. However, detecting incidents alone does not assist with the response and recovery activities that are necessary for ICS operators to resume normal service. Understanding the provenance of anomalies has the potential to enable the proactive implementation of security controls, and reduce the risk of future attacks. Digital forensics provides solutions by dissecting and reconstructing evidence from an incident. However, this has typically been positioned from a post-incident perspective, which inhibits rapid triaging, and effective response and recovery, an essential requirement in critical ICS. This thesis focuses on anomaly diagnosis, which involves the analysis of and discrimination between different types of anomalous event, positioned at the intersection between anomaly detection and digital forensics. An anomaly diagnosis framework is proposed that includes mechanisms to aid ICS operators in the context of anomaly triaging and incident response. PLCs have a fundamental focus within this thesis due to their critical role and ubiquitous application in ICS. An examination of generalisable PLC data artefacts produced a taxonomy of artefact data types that focus on the device data generated and stored in PLC memory. Using the artefacts defined in this first stage, an anomaly contextualisation model is presented that differentiates between cyber-attack and system fault anomalies. Subsequently, an attack fingerprinting approach (PLCPrint) generates near real-time compositions of memory fingerprints within 200ms, by correlating the static and dynamic behaviour of PLC registers. This establishes attack type and technique provenance, and maintains the chain-of-evidence for digital forensic investigations. To evaluate the efficacy of the framework, a physical ICS testbed modelled on a water treatment system is implemented. Multiple PLC models are evaluated to demonstrate vendor neutrality of the framework. Furthermore, several generalised attack scenarios are conducted based on techniques identified from real PLC malware. The results indicate that PLC device artefacts are particularly powerful at detecting and contextualising an anomaly. In general, we achieve high F1 scores of at least 0.98 and 0.97 for anomaly detection and contextualisation, respectively, which are highly competitive with existing state-of-the-art literature. The performance of PLCPrint emphasises how PLC memory snapshots can precisely and rapidly provide provenance by classifying cyber-attacks with an accuracy of 0.97 in less than 400ms. The proposed framework offers a much needed novel approach through which ICS components can be rapidly triaged for effective response