Ground station as a service reference architectures and cyber security attack tree analysis

As the Ground Station as a Service (GSaaS) paradigm transforms space infrastructure operations, new attack surface emerges for malicious actors. While the space community generally refers to GSaaS as a singular model, there are several flavors of these systems. After a description of the general GSaaS network's basic structure, this paper presents an analysis of four reference architectures of GSaaS. On the basis of this systems engineering analysis, a cybersecurity analysis of the critical nodes will be carried out through the attack tree method. Later the cybersecurity implication both of technical and strategic characteristic of GSaaS networks will be discussed and put in relation with the current state of space cyberwarfare landscape

Reconfigurable Radio Systems : Towards Secure Collaboration for Peace Support and Public Safety

As military priorities are shifting from invasion defense to crisis management and peace support operations, the capability to partake in efficient inter-organizational collaboration is becoming increasingly important for armed forces across Europe. The “solidarity clause” of the Treaty of Lisbon, which entered into force on December 1st 2009, dictates that all EU member states shall act jointly if another member state is the target of a terrorist attack or the victim of a natural or man-made disaster. Sweden has gone even further, stating that it will not remain passive if a member state or another Nordic country is attacked, and expects these countries to act in the same manner if Sweden is attacked. This declaration obligates Sweden to be able to collaborate successfully with allied partners, both within own territories and abroad. Application-based collaboration tools for use in unpredictable settings, requiring high user mobility and network survivability, put high demands on the underlying ICT systems in order to function correctly. Networks employing the TErrestrial Trunked RAdio (TETRA) standard are becoming pervasive as platforms for interagency collaboration in crisis response. Although these networks provide many benefits compared to legacy technology they lack the possibility to offer secure, infrastructure-less and disruption-tolerant communication in challenging environments. Emerging ICT such as MANET-based Reconfigurable Radio Systems (RRS) shows potential for overcoming these problems, in addition to resolving issues of technical heterogeneity. The Common Tactical Radio System (GTRS) is an RRS being developed by the Swedish Armed Forces, intended to be the future ICT system for all parts of the forces, used both in national and international mission settings. However, remaining challenges include threats of node compromisation and adversary network infiltration, as well as the safeguarding of confidential information shared by collaborating parties and preventing information leakage. This paper contributes by (i) giving a summary of recent work in mechanisms for achieving information security in tactical MANETs and Hastily Formed Networks for disaster response. The paper also (ii) presents in-progress work towards the design of a gossip-based cross-layer Distributed Intrusion Detection System (DIDS) for the GTRS system, which takes resource constraints of portable devices into account, and offloads traffic analysis and anomaly detection to more powerful “Big Brother” nodes. An outline of the proposed DIDS architecture is presented, and the paper (iii) suggests future work towards offering a dependable and trustworthy communications platform for efficient and secure inter-organizational collaboration

Secure Tactical Communications for Inter-Organizational Collaboration : The Role of Emerging Information and Communications Technology, Privacy Issues, and Cyber Threats on the Digital Battlefield

The development within the area of information and communications technology (ICT) has been rapid during the last couple of decades. Advancements in mobile technology, such as smartphones and other portable devices with embedded sensors, rapid expansion of communications infrastructure, and increased spectrum utilization, has had a major impact on civilian society, but increasingly also on professional organizations such as the Swedish Armed Forces. While this technology allows for enhanced capabilities in the areas of command and control, situational awareness, and information management, it also leads to new challenges in such areas as cyber security and privacy. For armed forces in many parts of the world, being able to deploy in new types of missions, such as humanitarian assistance and response operations due to natural or man-made disasters, is an increasingly sought-after capability. Such operations commonly require collaboration amongst several heterogeneous organizations, which in turn requires technical as well as organizational interoperability. While the actors must be able to share certain information efficiently, with regards to integrity and availability, sensitive or classified information must be safeguarded in terms of confidentiality. This thesis is concerned with studying emerging ICT for use on the battlefield of tomorrow, investigating how it can lead to more effective operations, and what preconditions that must be met in order for the technology to be of utility for inter-organizational collaboration. In particular, the thesis studies how an acceptable level of information security can be upheld in interconnected tactical communications networks. It is found that Mobile Ad-hoc Networks, Software-Defined Radio and Cognitive Radio are emerging technologies that, while still immature, can contribute to improved capabilities for communications, command and control, and information collection. Furthermore, Hastily Formed Networks is found to be an effective framework for collaboration between heterogeneous actors. However, in order for emerging ICTs to provide military utility, several non-technical requirements must be met. These include usability, trust, legality, cost, and verifying that the technology is in accordance with current military doctrine. Antagonistic as well as unintentional threats must also be mitigated, including information leaks caused by cyberattacks or insiders, and possible consequences of reduced user privacy. Besides to the Swedish Armed Forces, this thesis should be of interest to armed forces of comparable countries, and for professional organizations faced with similar challenges. Among the drawn conclusions, the thesis recommends continuously evaluating emerging ICT in support of new capabilities, through academic research as well as internal concept development. Adopting an incremental and modular process is also recommended when developing or procuring new ICT systems, instead of making long-term investments in proprietary technology. Furthermore, a focus should be put on promoting military requirements in future civilian ICT standards. In this way development costs can be reduced, while facilitating tactical use of commercial off-the-shelf products. Regarding information security in tactical networks for inter-organizational collaboration the thesis concludes that employing best-effort methods could allow for efficient information exchange between actors, while upholding acceptable risk levels regarding data leakage.Informations- och kommunikationsteknik (IKT) har under de senaste årtiondena varit under stark utveckling. Ökad tillgänglighet av mobil teknik, såsom smarta mobiltelefoner och andra bärbara enheter med inbyggda sensorer, kraftig utbyggnad av kommunikationsinfrastruktur samt framsteg inom spektrumeffektivitet, har haft en stor betydelse för civilsamhället samt i ökande grad även för insatsorganisationer såsom Försvarsmakten. Tekniken bidrar till ökad förmåga till ledning, situationsuppfattning och informationshantering, men medför samtidigt flera utmaningar inom områden som cybersäkerhet och personlig integritet. Nya uppgifter som parallellt kommit i fokus för försvarsmakter i många länder inkluderar förmågan att kunna delta i stödjande insatser i samband med naturkatastrofer, terrorattacker, eller att kunna erbjuda humanitärt bistånd i internationella miljöer. Sådana insatser kräver vanligtvis samverkan mellan många olika heterogena organisationer, vilket medför ett behov av såväl teknisk som organisatorisk interoperabilitet. Viss information måste kunna delas effektivt mellan de ingående aktörerna med avseende på riktighet och tillgänglighet, samtidigt som känsliga uppgifter måste skyddas avseende sekretess. I denna avhandling studeras taktiskt användande av framväxande IKT på morgondagens slagfält, hur tekniken kan bidra till mer effektiva operationer, samt vilka förutsättningar och krav som måste uppfyllas för att tekniken ska kunna vara till nytta vid interorganisatorisk samverkan. Särskilt undersöks möjligheten att upprätthålla en acceptabel nivå av informationssäkerhet i gemensamma taktiska sambandssystem, samtidigt som dessa kan användas effektivt under påfrestande förhållanden. Avhandlingen finner att tekniker som mobila ad hoc-nätverk, mjukvarudefinierad radio och kognitiv radio, trots att de ännu är omogna, kan komma att bidra till förbättrade eller helt nya förmågor inom bland annat samband, ledning och informationsinhämtning. Vidare dras slutsatsen att ramverket Hastily Formed Networks är effektivt för samverkan mellan heterogena aktörer. För att framväxande IKT ska kunna vara av militär nytta krävs dock att flera icke-tekniska krav kan mötas. Dessa inkluderar användbarhet, tillit, legalitet, kostnad, samt att tekniken ligger i linje med rådande militär doktrin. Såväl antagonistiska som oavsiktliga hot måste samtidigt hanteras, såsom informationsläckor orsakade av cyberattacker eller insiders, samt konsekvensen av en minskad personlig integritet för användarna. Avhandlingen förväntas vara av intresse för såväl Försvarsmakten som organisationer med liknande förutsättningar i Sverige och jämförbara länder. Som slutsats rekommenderas i avhandlingen att framväxande IKT till stöd för nya förmågor kontinuerligt utvärderas genom såväl akademisk forskning som intern konceptutveckling, samt att en inkrementell och modulär modell bör väljas vid utveckling och anskaffning, snarare än att göra omfattande investeringar i proprietär teknik. Fokus bör även vara på att tidigt få med militära krav i civila IKT-standarder. På så vis kan utvecklingskostnader reduceras, samtidigt som militär användning av kommersiellt tillgängliga produkter förenklas. En slutsats gällande informationssäkerhet är att man med metoder som baseras på så kallad ”best-effort” kan effektivisera utbytet i ett gemensamt informationssystem, samtidigt som risken för dataläckage kan behållas på en acceptabel nivå

Automated Network Node Discovery and Topology Analysis

This Master's Thesis describes the design and development of an architecture for automated network node discovery and topology analysis, implemented as an extension to the network management and provisioning system NETadmin. The architecture includes functionality for flexible network model assessment, using a method for versatile comparison between off-line database models and real-world models. These models are populated by current node data collected by network sensors. The presented architecture supports (1) efficient creation and synchronization of network topology information (2) accurate recognition of new, replaced and upgraded nodes, including rogue nodes that may exhibit malicious behavior, and (3) provides an extension of an existing vendor-neutral enterprise network management and provisioning system. An evaluation of the implementation shows evidence of accurate discovery and classification of unmatched hosts in a live customer production network with over 400 nodes, and presents data on performance and scalability levels. The work was carried out at Netadmin System i Sverige AB, in Linköping, Sweden

Säkerhet i cybermiljön

Den snabba utvecklingen inom IT-området under de senaste decennierna har haft stor betydelse för Försvarsmaktens verksamhet men har samtidigt även inneburit många nya möjligheter för det civila samhället. I synnerhet har framsteg inom sensorteknik, datateknik och kommunikationsteknik inneburit att man idag kan inhämta, överföra, lagra, och analysera stora mängder data på ett snabbare och mer effektivt sätt än tidigare. Detta har kommit till nytta inom bland annat system för ledningsstöd, stridsledning, underrättelsetjänst och logistik. På samma gång har dock komplexiteten, de inbördes systemberoendena och volymerna data som hanteras i informationssystemen ökat kraftigt. I kombination med att karaktären på Försvarsmaktens verksamhet medför särskilda krav på systemsäkerhet och skydd mot antagonistiska hot, är upprätthållandet av en tillräcklig säkerhetsnivå i cybermiljön en utmaning. Att kunna skydda viktiga informationstillgångar mot förekommande risker är samtidigt en nödvändighet för att den nya tekniken ska kunna bidra till militär nytta. Förmågan att kunna verka i cybermiljön måste utvecklas och regelbundet tränas i fredstid, för att denna ska kunna stå till förfogande vid behov. Försvarsmakten är på väg mot en högre grad av mognad och förståelse för cybermiljöns förutsättningar och krav. Det krävs dock ett kontinuerligt arbete inom flera områden för att cybermiljön och de system som ingår i denna ska bidra till en reell effekt. De aspekter som belyses i denna rapport bedöms vara av särskild vikt.Teknisk Prognos 201

Non-State Actors in Cyberspace Operations

The growing importance of cyberspace to modern society, and its increasing use as an arena for dispute, is becoming a national security concern for governments and armed forces globally. The special characteristics of cyberspace, such as its asymmetric nature, the lack of attribution, the low cost of entry, the legal ambiguity, and its role as an efficient medium for protest, crime, espionage and military aggression, makes it an attractive domain for nation-states as well as non-state actors in cyber conflict. This paper studies the various non-state actors who coexist in cyberspace, examines their motives and incitements, and analyzes how and when their objectives coincide with those of nation-states. Literature suggests that many nations are currently pursuing cyberwarfare capabilities, oftentimes by leveraging criminal organizations and irregular forces. Employment of such non-state actors as hacktivists, patriot hackers, and cybermilitia in state-on-state cyberspace operations has also proved to be a usable model for conducting cyberattacks. The paper concludes that cyberspace is emerging as a new tool for state power that will likely reshape future warfare. However, due to the lack of concrete cyberwarfare experience, and the limited encounters of legitimate cyberattacks, it is hard to precisely assess future effects, risks and potentials

Best-Effort Data Leakage Prevention in Inter-Organizational Tactical MANETs

Reconfigurable Radio Systems (RRS), based on technologies such as Software Defined Radio (SDR) and Mobile Ad-hoc Networks (MANETs) offer considerable advantages for military operations, such as increased network survivability and interoperability. The RRS-based Common Tactical Radio System (GTRS), currently in development by the Swedish Armed Forces, is designed for use in diverse geographical settings and for purposes varying from international combat missions to national contingency operations. However, protecting these networks from attacks and safeguarding the carried information against leaks is an ongoing research challenge, especially in combined scenarios where tactical data may flow across organizational boundaries. This paper presents a best-effort approach to Data Leakage Prevention (DLP) for inter-organizational RRS-based networks. The proposed architecture makes use of data mining techniques and an efficient n-dimensional clustering algorithm which has previously been successfully used for real-time anomaly detection in critical infrastructure protection. The DLP architecture is developed as an extension to the GTRS system, modeled and simulated in OPNET™ Modeler. Our results show that common data leaks can be efficiently identified by the proposed scheme, while keeping the important false positive rate at a very low level