Ground station as a service reference architectures and cyber security attack tree analysis

As the Ground Station as a Service (GSaaS) paradigm transforms space infrastructure operations, new attack surface emerges for malicious actors. While the space community generally refers to GSaaS as a singular model, there are several flavors of these systems. After a description of the general GSaaS network's basic structure, this paper presents an analysis of four reference architectures of GSaaS. On the basis of this systems engineering analysis, a cybersecurity analysis of the critical nodes will be carried out through the attack tree method. Later the cybersecurity implication both of technical and strategic characteristic of GSaaS networks will be discussed and put in relation with the current state of space cyberwarfare landscape

Cyber threat intelligence sharing: Survey and research directions

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities

Reconfigurable Radio Systems : Towards Secure Collaboration for Peace Support and Public Safety

As military priorities are shifting from invasion defense to crisis management and peace support operations, the capability to partake in efficient inter-organizational collaboration is becoming increasingly important for armed forces across Europe. The “solidarity clause” of the Treaty of Lisbon, which entered into force on December 1st 2009, dictates that all EU member states shall act jointly if another member state is the target of a terrorist attack or the victim of a natural or man-made disaster. Sweden has gone even further, stating that it will not remain passive if a member state or another Nordic country is attacked, and expects these countries to act in the same manner if Sweden is attacked. This declaration obligates Sweden to be able to collaborate successfully with allied partners, both within own territories and abroad. Application-based collaboration tools for use in unpredictable settings, requiring high user mobility and network survivability, put high demands on the underlying ICT systems in order to function correctly. Networks employing the TErrestrial Trunked RAdio (TETRA) standard are becoming pervasive as platforms for interagency collaboration in crisis response. Although these networks provide many benefits compared to legacy technology they lack the possibility to offer secure, infrastructure-less and disruption-tolerant communication in challenging environments. Emerging ICT such as MANET-based Reconfigurable Radio Systems (RRS) shows potential for overcoming these problems, in addition to resolving issues of technical heterogeneity. The Common Tactical Radio System (GTRS) is an RRS being developed by the Swedish Armed Forces, intended to be the future ICT system for all parts of the forces, used both in national and international mission settings. However, remaining challenges include threats of node compromisation and adversary network infiltration, as well as the safeguarding of confidential information shared by collaborating parties and preventing information leakage. This paper contributes by (i) giving a summary of recent work in mechanisms for achieving information security in tactical MANETs and Hastily Formed Networks for disaster response. The paper also (ii) presents in-progress work towards the design of a gossip-based cross-layer Distributed Intrusion Detection System (DIDS) for the GTRS system, which takes resource constraints of portable devices into account, and offloads traffic analysis and anomaly detection to more powerful “Big Brother” nodes. An outline of the proposed DIDS architecture is presented, and the paper (iii) suggests future work towards offering a dependable and trustworthy communications platform for efficient and secure inter-organizational collaboration

Secure Tactical Communications for Inter-Organizational Collaboration : The Role of Emerging Information and Communications Technology, Privacy Issues, and Cyber Threats on the Digital Battlefield

The development within the area of information and communications technology (ICT) has been rapid during the last couple of decades. Advancements in mobile technology, such as smartphones and other portable devices with embedded sensors, rapid expansion of communications infrastructure, and increased spectrum utilization, has had a major impact on civilian society, but increasingly also on professional organizations such as the Swedish Armed Forces. While this technology allows for enhanced capabilities in the areas of command and control, situational awareness, and information management, it also leads to new challenges in such areas as cyber security and privacy. For armed forces in many parts of the world, being able to deploy in new types of missions, such as humanitarian assistance and response operations due to natural or man-made disasters, is an increasingly sought-after capability. Such operations commonly require collaboration amongst several heterogeneous organizations, which in turn requires technical as well as organizational interoperability. While the actors must be able to share certain information efficiently, with regards to integrity and availability, sensitive or classified information must be safeguarded in terms of confidentiality. This thesis is concerned with studying emerging ICT for use on the battlefield of tomorrow, investigating how it can lead to more effective operations, and what preconditions that must be met in order for the technology to be of utility for inter-organizational collaboration. In particular, the thesis studies how an acceptable level of information security can be upheld in interconnected tactical communications networks. It is found that Mobile Ad-hoc Networks, Software-Defined Radio and Cognitive Radio are emerging technologies that, while still immature, can contribute to improved capabilities for communications, command and control, and information collection. Furthermore, Hastily Formed Networks is found to be an effective framework for collaboration between heterogeneous actors. However, in order for emerging ICTs to provide military utility, several non-technical requirements must be met. These include usability, trust, legality, cost, and verifying that the technology is in accordance with current military doctrine. Antagonistic as well as unintentional threats must also be mitigated, including information leaks caused by cyberattacks or insiders, and possible consequences of reduced user privacy. Besides to the Swedish Armed Forces, this thesis should be of interest to armed forces of comparable countries, and for professional organizations faced with similar challenges. Among the drawn conclusions, the thesis recommends continuously evaluating emerging ICT in support of new capabilities, through academic research as well as internal concept development. Adopting an incremental and modular process is also recommended when developing or procuring new ICT systems, instead of making long-term investments in proprietary technology. Furthermore, a focus should be put on promoting military requirements in future civilian ICT standards. In this way development costs can be reduced, while facilitating tactical use of commercial off-the-shelf products. Regarding information security in tactical networks for inter-organizational collaboration the thesis concludes that employing best-effort methods could allow for efficient information exchange between actors, while upholding acceptable risk levels regarding data leakage.Informations- och kommunikationsteknik (IKT) har under de senaste årtiondena varit under stark utveckling. Ökad tillgänglighet av mobil teknik, såsom smarta mobiltelefoner och andra bärbara enheter med inbyggda sensorer, kraftig utbyggnad av kommunikationsinfrastruktur samt framsteg inom spektrumeffektivitet, har haft en stor betydelse för civilsamhället samt i ökande grad även för insatsorganisationer såsom Försvarsmakten. Tekniken bidrar till ökad förmåga till ledning, situationsuppfattning och informationshantering, men medför samtidigt flera utmaningar inom områden som cybersäkerhet och personlig integritet. Nya uppgifter som parallellt kommit i fokus för försvarsmakter i många länder inkluderar förmågan att kunna delta i stödjande insatser i samband med naturkatastrofer, terrorattacker, eller att kunna erbjuda humanitärt bistånd i internationella miljöer. Sådana insatser kräver vanligtvis samverkan mellan många olika heterogena organisationer, vilket medför ett behov av såväl teknisk som organisatorisk interoperabilitet. Viss information måste kunna delas effektivt mellan de ingående aktörerna med avseende på riktighet och tillgänglighet, samtidigt som känsliga uppgifter måste skyddas avseende sekretess. I denna avhandling studeras taktiskt användande av framväxande IKT på morgondagens slagfält, hur tekniken kan bidra till mer effektiva operationer, samt vilka förutsättningar och krav som måste uppfyllas för att tekniken ska kunna vara till nytta vid interorganisatorisk samverkan. Särskilt undersöks möjligheten att upprätthålla en acceptabel nivå av informationssäkerhet i gemensamma taktiska sambandssystem, samtidigt som dessa kan användas effektivt under påfrestande förhållanden. Avhandlingen finner att tekniker som mobila ad hoc-nätverk, mjukvarudefinierad radio och kognitiv radio, trots att de ännu är omogna, kan komma att bidra till förbättrade eller helt nya förmågor inom bland annat samband, ledning och informationsinhämtning. Vidare dras slutsatsen att ramverket Hastily Formed Networks är effektivt för samverkan mellan heterogena aktörer. För att framväxande IKT ska kunna vara av militär nytta krävs dock att flera icke-tekniska krav kan mötas. Dessa inkluderar användbarhet, tillit, legalitet, kostnad, samt att tekniken ligger i linje med rådande militär doktrin. Såväl antagonistiska som oavsiktliga hot måste samtidigt hanteras, såsom informationsläckor orsakade av cyberattacker eller insiders, samt konsekvensen av en minskad personlig integritet för användarna. Avhandlingen förväntas vara av intresse för såväl Försvarsmakten som organisationer med liknande förutsättningar i Sverige och jämförbara länder. Som slutsats rekommenderas i avhandlingen att framväxande IKT till stöd för nya förmågor kontinuerligt utvärderas genom såväl akademisk forskning som intern konceptutveckling, samt att en inkrementell och modulär modell bör väljas vid utveckling och anskaffning, snarare än att göra omfattande investeringar i proprietär teknik. Fokus bör även vara på att tidigt få med militära krav i civila IKT-standarder. På så vis kan utvecklingskostnader reduceras, samtidigt som militär användning av kommersiellt tillgängliga produkter förenklas. En slutsats gällande informationssäkerhet är att man med metoder som baseras på så kallad ”best-effort” kan effektivisera utbytet i ett gemensamt informationssystem, samtidigt som risken för dataläckage kan behållas på en acceptabel nivå

Automated Network Node Discovery and Topology Analysis

This Master's Thesis describes the design and development of an architecture for automated network node discovery and topology analysis, implemented as an extension to the network management and provisioning system NETadmin. The architecture includes functionality for flexible network model assessment, using a method for versatile comparison between off-line database models and real-world models. These models are populated by current node data collected by network sensors. The presented architecture supports (1) efficient creation and synchronization of network topology information (2) accurate recognition of new, replaced and upgraded nodes, including rogue nodes that may exhibit malicious behavior, and (3) provides an extension of an existing vendor-neutral enterprise network management and provisioning system. An evaluation of the implementation shows evidence of accurate discovery and classification of unmatched hosts in a live customer production network with over 400 nodes, and presents data on performance and scalability levels. The work was carried out at Netadmin System i Sverige AB, in Linköping, Sweden

Säkerhet i cybermiljön

Den snabba utvecklingen inom IT-området under de senaste decennierna har haft stor betydelse för Försvarsmaktens verksamhet men har samtidigt även inneburit många nya möjligheter för det civila samhället. I synnerhet har framsteg inom sensorteknik, datateknik och kommunikationsteknik inneburit att man idag kan inhämta, överföra, lagra, och analysera stora mängder data på ett snabbare och mer effektivt sätt än tidigare. Detta har kommit till nytta inom bland annat system för ledningsstöd, stridsledning, underrättelsetjänst och logistik. På samma gång har dock komplexiteten, de inbördes systemberoendena och volymerna data som hanteras i informationssystemen ökat kraftigt. I kombination med att karaktären på Försvarsmaktens verksamhet medför särskilda krav på systemsäkerhet och skydd mot antagonistiska hot, är upprätthållandet av en tillräcklig säkerhetsnivå i cybermiljön en utmaning. Att kunna skydda viktiga informationstillgångar mot förekommande risker är samtidigt en nödvändighet för att den nya tekniken ska kunna bidra till militär nytta. Förmågan att kunna verka i cybermiljön måste utvecklas och regelbundet tränas i fredstid, för att denna ska kunna stå till förfogande vid behov. Försvarsmakten är på väg mot en högre grad av mognad och förståelse för cybermiljöns förutsättningar och krav. Det krävs dock ett kontinuerligt arbete inom flera områden för att cybermiljön och de system som ingår i denna ska bidra till en reell effekt. De aspekter som belyses i denna rapport bedöms vara av särskild vikt.Teknisk Prognos 201