528 research outputs found

    Simulation for Cybersecurity: State of the Art and Future Directions

    Get PDF
    In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans in cybersecurity research. The proposed way forward section posits that the advancement of collecting and accessing sociotechnological data to inform models, the creation of new theoretical constructs, and the integration and improvement of behavioral models are needed to advance cybersecurity efforts

    Cyber Threats and Healthcare Organizations: A Public Health Preparedness Perspective

    Get PDF
    Healthcare in the United States, heavily reliant on digital technology in service provision, has recently seen an increase risk of cyberattacks. Coordinated electronic medical records, imaging, pharmaceutical services, lab services and even treatment devices all rely on electronic connectivity and represent critical services that must be secured from cyber threats. Hospitals have become increasingly complex systems, and this often makes the organization more vulnerable to failure. Planning for these events is often hard for hospitals because their main charge is to provide life-saving care to patients as they need it. This is a relatively new threat to healthcare organizations, and there has not been limited research on this hazard and its impacts on healthcare organizations. Therefore, the aim of the first study was to assess the trend of successful major malware attacks on healthcare organizations in the United States between 2016 and 2017. Previous research found limited research specific to malware attacks and found most articles covering ransomware were restricted to news articles. A content analysis was conducted on articles from two well-renowned health IT organizations. This study identified 49 attack cases across 27 states. Based on previously reported statistics, the number of identified cases was low meaning healthcare organizations are not reporting their attacks. A true risk assessment cannot be completed by the industry until a more representative trend analysis can be completed. The aim of the second study was to assess the organizational outcomes of a malware attack on a healthcare organization. Previous research on this health hazard discussed healthcare’s lack of preparedness for this new threat but did not delve in to the organization’s response, mitigation, and recovery from attacks. Therefore, qualitative interviews were conducted with key stakeholders from three organizations that suffered malware attacks during the years 2016-2017. Topics covered were system impact, system recovery and business continuity, and changes to organizational preparedness efforts. One of the main findings from this study was the realization by health stakeholders how connected their organization, and therefore the provision of care, has become. Participants also discussed their lack of full understanding on the potential impact these attacks could have on their organizations before their attack, including the loss of every digital system within their facility. A need was expressed across all facilities that more information about these attacks need to become shared across the industry to better prepare organizations and protect patient safety. The final aim of the final study was to examine organizational preparedness efforts and to identify the organizational barriers to mitigating the threats arising from cyberattacks. A survey was conducted among healthcare emergency mangers to assess their perceptions of preparedness for cyber threats. While the majority of respondents reported feeling either confident or very confident in both their individual and their organizational ability to respond to a cyber attack, their responses regarding preparedness actions their organization has taken against cyber threats were lacking. When it comes to events like ransomware, where attack impacts are still not fully understood, the healthcare industry remains less prepared. In conclusion, these studies indicate a need for data related to cyberattacks to be collected in a central repository that is either made public or shared among healthcare stakeholders. In order to best prepare their organizations, there needs to be accurate risk assessments completed and areas for preparedness with the best return on investment can then be identified. Cyberattacks are only expected to increase over the next five years. Patient care is put at risk during each of these attacks and it is essential for healthcare organizations to be better prepared for this new hazard to keep the organization\u27s patients, workers, and community safe

    Successful Operational Cyber Security Strategies for Small Businesses

    Get PDF
    Cybercriminals threaten strategic and efficient use of the Internet within the business environment. Each year, cybercrimes in the United States cost business leaders approximately 6billion,andglobally,6 billion, and globally, 445 billion. The purpose of this multiple case study was to explore the operational strategies chief information security officers of high-technology companies used to protect their businesses from cyberattacks. Organizational learning theory was the conceptual framework for the study. The population of the study was 3 high-technology business owners operating in Florida who have Internet expertise and successfully protected their businesses from cyberattacks. Member checking and methodological triangulation were used to valid the data gathered through semistructured interviews, a review of company websites, and social media pages. Data were analyzed using thematic analysis, which supported the identification of 4 themes: effective leadership, cybersecurity awareness, reliance on third-party vendors, and cybersecurity training. The implications of this study for positive social change include a safe and secure environment for conducting electronic transactions, which may result in increased business and consumer confidence strengthened by the protection of personal and confidential information. The creation and sustainability of a safe Internet environment may lead to increased usage and trust in online business activities, leading to greater online business through consumer confidence and communication

    Threats on the horizon: Understanding security threats in the era of cyber-physical systems

    Get PDF
    Disruptive innovations of the last few decades, such as smart cities and Industry 4.0, were made possible by higher integration of physical and digital elements. In today's pervasive cyber-physical systems, connecting more devices introduces new vulnerabilities and security threats. With increasing cybersecurity incidents, cybersecurity professionals are becoming incapable of addressing what has become the greatest threat climate than ever before. This research investigates the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The findings were that the majority of known actors were from the US and Russia, most victims were from western states and geographic origin tended to reflect global affairs. The most commonly targeted asset was information, with the majority of attack modes relying on privilege abuse. The key feature observed was extensive internal security breaches, most often a result of human error. This tends to show that access in any form appears to be the source of vulnerability rather than incident specifics due to a fundamental trade-off between usability and security in the design of computer systems. This provides fundamental evidence of the need for a major reevaluation of the founding principles in cybersecurity

    What Ukraine Taught NATO about Hybrid Warfare

    Get PDF
    Russia’s invasion of Ukraine in 2022 forced the United States and its NATO partners to be confronted with the impact of hybrid warfare far beyond the battlefield. Targeting Europe’s energy security, Russia’s malign influence campaigns and malicious cyber intrusions are affecting global gas prices, driving up food costs, disrupting supply chains and grids, and testing US and Allied military mobility. This study examines how hybrid warfare is being used by NATO’s adversaries, what vulnerabilities in energy security exist across the Alliance, and what mitigation strategies are available to the member states. Cyberattacks targeting the renewable energy landscape during Europe’s green transition are increasing, making it urgent that new tools are developed to protect these emerging technologies. No less significant are the cyber and information operations targeting energy security in Eastern Europe as it seeks to become independent from Russia. Economic coercion is being used against Western and Central Europe to stop gas from flowing. China’s malign investments in Southern and Mediterranean Europe are enabling Beijing to control several NATO member states’ critical energy infrastructure at a critical moment in the global balance of power. What Ukraine Taught NATO about Hybrid Warfare will be an important reference for NATO officials and US installations operating in the European theater.https://press.armywarcollege.edu/monographs/1952/thumbnail.jp

    The Cybercrime Triangle

    Get PDF
    Information technology can increase the convergence of three dimensions of the crime triangle due to the spatial and temporal confluence in the virtual world. In other words, its advancement can lead to facilitating criminals with more chances to commit a crime against suitable targets living in different real-world time zones without temporal and spatial orders. However, within this mechanism, cybercrime can be discouraged “…if the cyber-adversary is handled, the target/victim is guarded, or the place is effectively managed” (Wilcox & Cullen, 2018, p. 134). In fact, Madensen and Eck (2013) assert that only one effective controller is enough to prevent a crime. Given this condition of the crime triangle, it must be noted that each of these components (the offender, the target, and the place) or controllers (i.e., handler, guardian, and manager) can play a pivotal role in reducing cybercrime. To date, scholars and professionals have analyzed the phenomenon of cybercrime and developed cybercrime prevention strategies relying predominantly on cybercrime victimization (suitable targets) but have yet to utilize the broader framework of the crime triangle commonly used in the analysis and prevention of crime. More specifically, the dimensions of cybercrime offenders, places, or controllers have been absent in prior scientific research and in guiding the establishment and examination of cybercrime prevention strategies. Given this gap, much remains to be known as to how these conceptual entities operate in the virtual realm and whether they share similarities with what we know about other crimes in the physical world. Thus, the purpose of this study is to extend the application of the “Crime Triangle,” a derivative of Routine Activity Theory, to crime events in the digital realm to provide scholars, practitioners, and policy makers a more complete lens to improve understanding and prevention of cybercrime incidents. In other words, this dissertation will endeavor to devise a comprehensive framework for our society to use to form cybersecurity policies to implement a secure and stable digital environment that supports continued economic growth as well as national security. The findings of this study suggest that both criminological and technical perspectives are crucial in comprehending cybercrime incidents. This dissertation attempts to independently explore these three components in order to portray the characteristics of cybercriminals, cybercrime victims, and place management. Specifically, this study first explores the characteristics of cybercriminals via a criminal profiling method primarily using court criminal record documents (indictments/complaints) provided by the FIU law library website. Second, the associations between cybercrime victims, digital capable guardianship, perceived risks of cybercrime, and online activity are examined using Eurobarometer survey data. Third, the associations between place management activities and cybercrime prevention are examined using “Phishing Campaign” and “Cybersecurity Awareness Training Program” data derived from FIU’s Division of Information Technology

    Hacking for peace: the case for cyber coercion

    Get PDF
    Are cyber capabilities a useful method for coercive diplomacy? If so, what conditions favor successful cyber coercion to produce a desired victim response? This research explores how cyber coercion can be used as a tool of statecraft to change an adversary’s behavior and examines two cases over three temporal values. Examining the two cases of North Korea versus Sony and Russia versus Estonia illustrates practical lessons about the constraints and abilities of the employment of cyber coercion as well as how victim responses operate on a spectrum and can change over time. In examining George’s seven factors that favor coercive diplomacy and applying them to these cases, this research reveals four additional factors that ought to be included when addressing the dynamics that contribute to a victim changing their behavior in response to cyber coercion. The difference between a low-level attack (e.g. web defacement) compared with a high-level attack (e.g. paralyzing backbone servers) communicates two vastly different levels of threat to a victim and incurs extremely different costs for the victim. These technical aspects of cyber statecraft and their ramifications for cyber coercion are not covered by George’s earlier works on coercive diplomacy, as few people in the 1990s were even considering cyber as a threat landscape. This research does not provide one generalizable theory of how to conduct cyber coercion; rather, it provides a Utilitarian theory that identifies additional factors that favor cyber coercion and contributes to a conditional generalization. Further, it introduces the idea of examining this change in behavior over time to properly assess the impact of cyber coercion on the totality of the victim’s behavior. Extending the time intervals reveals additional critical data necessary to fully analyze the nature of a cyber coercion dyad. Finally, it provides a hybrid method to attain attribution by fusing social science methodology with cybersecurity techniques. Together, this data and method serve to correct the conventional wisdom on two influential cases; this research traces the process that proves why a correction for each case is warranted; and, it shows how the choices an aggressor makes in its cyber coercive strategy can result in different outcomes for the victims

    Cyber defensive capacity and capability::A perspective from the financial sector of a small state

    Get PDF
    This thesis explores ways in which the financial sectors of small states are able todefend themselves against ever-growing cyber threats, as well as ways these states can improve their cyber defense capability in order to withstand current andfuture attacks. To date, the context of small states in general is understudied. This study presents the challenges faced by financial sectors in small states with regard to withstanding cyberattacks. This study applies a mixed method approach through the use of various surveys, brainstorming sessions with financial sector focus groups, interviews with critical infrastructure stakeholders, a literature review, a comparative analysis of secondary data and a theoretical narrative review. The findings suggest that, for the Aruban financial sector, compliance is important, as with minimal drivers, precautionary behavior is significant. Countermeasures of formal, informal, and technical controls need to be in place. This study indicates the view that defending a small state such as Aruba is challenging, yet enough economic indicators indicate it not being outside the realm of possibility. On a theoretical level, this thesis proposes a conceptual “whole-of-cyber” model inspired by military science and the VSM (Viable Systems Model). The concept of fighting power components and governance S4 function form cyber defensive capacity’s shield and capability. The “whole-of-cyber” approach may be a good way to compensate for the lack of resources of small states. Collaboration may be an only out, as the fastest-growing need will be for advanced IT skillsets

    Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 1)

    Get PDF
    In 2014 NATO’s Center of Excellence-Defence Against Terrorism (COE-DAT) launched the inaugural course on “Critical Infrastructure Protection Against Terrorist Attacks.” As this course garnered increased attendance and interest, the core lecturer team felt the need to update the course in critical infrastructure (CI) taking into account the shift from an emphasis on “protection” of CI assets to “security and resiliency.” What was lacking in the fields of academe, emergency management, and the industry practitioner community was a handbook that leveraged the collective subject matter expertise of the core lecturer team, a handbook that could serve to educate government leaders, state and private-sector owners and operators of critical infrastructure, academicians, and policymakers in NATO and partner countries. Enabling NATO’s Collective Defense: Critical Infrastructure Security and Resiliency is the culmination of such an effort, the first major collaborative research project under a Memorandum of Understanding between the US Army War College Strategic Studies Institute (SSI), and NATO COE-DAT. The research project began in October 2020 with a series of four workshops hosted by SSI. The draft chapters for the book were completed in late January 2022. Little did the research team envision the Russian invasion of Ukraine in February this year. The Russian occupation of the Zaporizhzhya nuclear power plant, successive missile attacks against Ukraine’s electric generation and distribution facilities, rail transport, and cyberattacks against almost every sector of the country’s critical infrastructure have been on world display. Russian use of its gas supplies as a means of economic warfare against Europe—designed to undermine NATO unity and support for Ukraine—is another timely example of why adversaries, nation-states, and terrorists alike target critical infrastructure. Hence, the need for public-private sector partnerships to secure that infrastructure and build the resiliency to sustain it when attacked. Ukraine also highlights the need for NATO allies to understand where vulnerabilities exist in host nation infrastructure that will undermine collective defense and give more urgency to redressing and mitigating those fissures.https://press.armywarcollege.edu/monographs/1951/thumbnail.jp
    • …
    corecore