Modelling the Influential Factors Embedded in the Proportionality Assessment in Military Operations

The ongoing decade was believed to be a peaceful one. However, contemporary conflicts, and in particular, ongoing wars prove the opposite as they show the increase in context complexity when defining their goals as well as execution strategies for building means and methods for achieving them by gaining advantage against their adversaries through the engagement of well-established targets. At the core of the engagement decision relies the principle of proportionality which brings in a direct relation the expected unintended effects on civilian side with the anticipated intended effects on military side. While the clusters of effects involved in the proportionality assessment are clear, the process itself is subjective, governed by different dimensions of uncertainty, and represents the responsibility of military Commanders. Thus, a complex socio-technical process where different clusters of influential factors (e.g., military, technical, socio-ethical) play a role in the decisions made. Having said that, the objective of this research is to capture and cluster these factors, and further to model their influence in the proportionality decision-making process. This decision support system produces military targeting awareness to the agents involved in the processes of building, executing, and assessing military operations. To accomplish the aim of this research, a Design Science Research methodological approach is taken for capturing and modelling the influential factors as a socio-technical artefact in the form of a Bayesian Belief Network (BBN) model. The model proposed is further evaluated through demonstration on three different cases in respect to real military operations incidents and scenarios existing in the scientific literature in this research field. Hence, through this demonstration, it is illustrated and interpreted how the factors identified influence proportionality decisions when assessing target engagement as being proportional or disproportional. In these cases, corresponding measures for strengthening proportionality and reducing disproportionality in military operations are considered.Modelling the Influential Factors Embedded in the Proportionality Assessment in Military OperationspublishedVersio

Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future

A Prototype Tool for Distinguishing Attacks and Technical Failures in Industrial Control Systems

Critical Infrastructures (CIs) are governed by Industrial Control Systems (ICSs). Modern ICSs do not operate in isolation anymore, but they are connected to the Internet. This transformation introduced numerous advantages, however, there are a few drawbacks as well. Integration with the Internet has left ICS exposed to potential cyber-attacks. Additionally, ICSs could also encounter technical failures during operation. Consequently, it is crucial to distinguish between attacks and technical failures to initiate an appropriate response. There is a deficiency of robust technology to assist operators in distinguishing attacks and technical failures in an ICS environment. However, a framework is proposed to construct Bayesian Network (BN) models that would help to distinguish between attacks and technical failures for different observable problems in our previous work. There are tools available to implement such BN models, but these tools are not appropriate to use in an ICS environment. In order to address this limitation, this paper develops and demonstrates a prototype tool for swift identification of the major cause (Intentional Attack/Accidental Technical Failure) in case of an abnormal behaviour in a component of ICS.The proposed tool enables BN models to automatically update prior probabilities based on the historical data and/or expert knowledge corresponding to the application. The developed tool can be further evaluated and used to distinguish between attacks and technical failures during operation in CIs where ICSs are employed

Holding on to Compliance While Adopting DevSecOps: An SLR

The software industry has witnessed a growing interest in DevSecOps due to the premises of integrating security in the software development lifecycle. However, security compliance cannot be disregarded, given the importance of adherence to regulations, laws, industry standards, and frameworks. This study aims to provide an overview of compliance aspects in the context of DevSecOps and explore how compliance is ensured. Furthermore, this study reveals the trends of compliance according to the extant literature and identifies potential directions for further research in this context. Therefore, we carried out a systematic literature review on the integration of compliance aspects in DevSecOps, which rigorously followed the guidelines proposed by Kitchenham and Charters. We found 934 articles related to the topic by searching five bibliographic databases (163) and Google Scholar (771). Through a rigorous selection process, we selected 15 papers as primary studies. Then, we identified the compliance aspects of DevSecOps and grouped them into three main categories: compliance initiation, compliance management, and compliance technicalities. We observed a low number of studies; therefore, we encourage further efforts into the exploration of compliance aspects, their automated integration, and the development of metrics to evaluate such a process in the context of DevSecOps.publishedVersio

Alarming! Security Aspects of the Wireless Vehicle: Review

publishedVersio

Modelling Responsible Digital Security Behaviour for Countering Social Media Manipulation

While the digital environment, and in particular social media, surrounds not only human's identity and its societal functions projection, e.g., institutional and financial aspects, it also captures both individual and collective thoughts regarding former, ongoing, and future concepts, trends, and incidents placed in the physical world, in the digital environment, or in both which could impact both individual and collective consciousness, behaviour, and attitude towards different dimensions of reality. Accordingly, an initial attempt to define and model responsible digital security behaviour was made and ongoing discourses and AI-based solutions for tackling and containing social manipulation mechanisms exist in this domain. Noteworthily is that dedicated attention to understanding and modelling responsible digital security behaviour in social media for tackling and/or countering social media manipulation, e.g., disinformation and misinformation, still lacks. To this end, this research aims (i) to capture the factors influencing user behaviour towards tackling and/or countering social media manipulation, (ii) to build a Machine Learning model that assesses user's responsibility in relation to tackling and/or countering social media manipulation mechanisms, and (iii) propose a set of socio-technical recommendations for building resilience to such mechanisms. To accomplish these research objectives, a Design Science Research methodological approach is taken by designing, developing, and evaluating the model proposed through exemplification. Finally, this research aims to enhance digital security awareness and resilience to social media manipulation of users and policy decision-makers to manage and further extend in a responsible and safe way the digital environment.</p

Tackling uncertainty through probabilistic modelling of proportionality in military operations

Just as every neuron in a biological neural network is a reinforcement learning agent, thus a component of a large and advanced structure is de facto a model, the two main components forming the principle of proportionality in military operations can be seen and are as a matter of fact two different entities and models. These are collateral damage depicting the unintentional effects affecting civilians and civilian objects, and military advantage symbolizing the intentional effects contributing to achieving the military objectives defined for military operation conducted. These two entities are complex processes relying on available information, projection on time to the moment of target engagement through estimation and are strongly dependent of common-sense reasoning and decision making. As a deduction, these two components and the proportionality decision result are processes surrounded by various sources and types of uncertainty. However, the existing academic and practitioner efforts in understanding the meaning, dimensions, and implications of the proportionality principle are considering military-legal and ethical lenses, and less technical ones. Accordingly, this research calls for a movement from the existing vision of interpreting proportionality in a possibilistic way to a probabilistic way. Henceforth, this research aims to build two probabilistic Machine Learning models based on Bayesian Belief Networks for assessing proportionality in military operations. The first model embeds a binary classification approach assessing if the engagement is proportional or disproportional, and the second model that extends this perspective based on previous research to perform multi-class classification for assessing degrees of proportionality. To accomplish this objective, this research follows the Design Science Research methodology and conducts an extensive literature for building and demonstrating the model proposed. Finally, this research intends to contribute to designing and developing explainable and responsible intelligent solutions that support human-based military targeting decision-making processes involved when building and conducting military operations.</p

Alarming! Security Aspects of the Wireless Vehicle: Review

The auto-mobile industry has grown to become an integral part of our day – to – day life. The introduction of wireless vehicles definitely have to pass through the analysis of potential security threats and vulnerabilities, and robust security architecture should be designed that are able to cope with these threats and vulnerabilities. In this work, we have identified various categories of research in &apos;Cyber Security of a wireless vehicle &apos; and mainly focused on &apos;In – Vehicle Network &apos; to identify various potential security threats and vulnerabilities as well as the suitable security solutions. In addition to providing a survey of related academic efforts, we have also outlined several key issues and open research questions

Probability elicitation for Bayesian networks to distinguish between intentional attacks and accidental technical failures

Both intentional attacks and accidental technical failures can lead to abnormal behaviour in components of industrial control systems. In our previous work, we developed a framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two classes, including knowledge elicitation to construct the directed acyclic graph of BN models. In this paper, we add a systematic method for knowledge elicitation to construct the Conditional Probability Tables (CPTs) of BN models, thereby completing a holistic framework to distinguish between attacks and technical failures. In order to elicit reliable probabilities from experts, we need to reduce the workload of experts in probability elicitation by reducing the number of conditional probabilities to elicit and facilitating individual probability entry. We utilise DeMorgan models to reduce the number of conditional probabilities to elicit as they are suitable for modelling opposing influences i.e., combinations of influences that promote and inhibit the child event. To facilitate individual probability entry, we use probability scales with numerical and verbal anchors. We demonstrate the proposed approach using an example from the water management domain