AN AUTOMATED POST-EXPLOITATION MODEL FOR OFFENSIVE CYBERSPACE OPERATIONS

The Department of Defense (DOD) uses vulnerability assessment tools to identify necessary patches for its many cyber systems to mitigate cyberspace threats and exploitation. If an organization misses a patch, or a patch cannot be applied in a timely manner, for instance, to minimize network downtime, then measuring and identifying the impact of such unmitigated vulnerabilities is offloaded to red teaming or penetration testing services. Most of these services concentrate on initial exploitation, which stops short of realizing the larger security impact of post-exploitation actions and are a scarce resource that cannot be applied to all systems in the DOD. This gap in post-exploitation services results in an increased susceptibility to offensive cyberspace operations (OCO). This thesis expands upon the automated initial exploitation model of the Cyber Automated Red Team Tool (CARTT), initially developed at the Naval Postgraduate School, by developing and implementing automated post-exploitation for OCO. Implementing post-exploitation automation reduces the workload on red teams and penetration testers by providing necessary insight into the impact of exploited vulnerabilities. Patching these weaknesses will result in increased availability, confidentiality, and integrity of DOD cyberspace systems.Outstanding ThesisLieutenant, United States NavyApproved for public release. Distribution is unlimited

An Assessment of North Korean Threats and Vulnerabilities in Cyberspace

This thesis answers the fundamental questions of what North Korean capabilities and intent in cyberspace are and what North Korean threats and vulnerabilities are associated with these. It argues that although North Korea’s cyberspace resources and capabilities have increased and reached a level that represents an advanced persistent threat, its cyberspace operations have remained restrained and regional. It also argues that North Korea’s valuable assets include its ability to control cyberspace within North Korea and its ability to engage in cyberspace activities and operations from abroad. The thesis recommends that the United States government exploit these assets by denying and disrupting the use of cyberspace by covert cyber units outside of North Korea, as well as by enabling and ensuring the less monitored and less controlled use of cyberspace by civilians inside of North Korea

Army Support of Military Cyberspace Operations: Joint Contexts and Global Escalation Implications

View the Executive SummaryMilitary cyberspace operations have evolved significantly over the past 2 decades and are now emerging into the realm of military operations in the traditional domains of land, sea, and air. The goal of this monograph is to provide senior policymakers, decisionmakers, military leaders, and their respective staffs with a better understanding of Army cyberspace operations within the context of overall U.S. military cyberspace operations. It examines the development of such operations in three major sections. First, it looks at the evolution of Department of Defense cyberspace operations over the past decade to include the founding of U.S. Cyber Command from its roots in various military units focused on defensive and offensive cyberspace operations. Second, it examines the evolution of the Army implementation of cyberspace operations toward the initial establishment of Army Cyber Command as well as recent efforts to establish Fort Gordon, Georgia as the center of gravity for Army cyberspace activities. Third, it explores the role of cyberspace operations in the escalation of international conflict, focusing on the sufficiency of the current cyberspace force structure to address an international environment of multiple actors interacting with varying degrees of tension.https://press.armywarcollege.edu/monographs/1470/thumbnail.jp

Implications of Service Cyberspace Component Commands for Army Cyberspace Operations

The first 7 years of U.S. Cyber Command operations are paved with milestones that mark the steady operationalization of modern cyberspace as the newest domain of military conflict as well as a realm of international power. The creation of the Cyber Mission Force and Joint Force Headquarters-Cyber are significant steps toward improving the timeliness and effectiveness of cyberspace operations that directly support combatant commands and the whole-of-government responses to cyberspace threats. It focuses on the central question: “What is the context in which different military services approach cyberspace component operations internally as well as with the Department of Defense?”https://press.armywarcollege.edu/monographs/1381/thumbnail.jp

Cyber Threat Reports 07 Mar - 20 Mar 2017

Army Cyber Institute Cyber Threat Report Tech Trends: Stories and Highlights Data leak exposes 36k Boeing employees. Engineers exfiltrate data by blinking hard drives\u27 LEDs. Necurs Botnet gets proxy module with DDoS capabilities. Cloudbleed: Websites leaked crypto keys, passwords, more due to Cloudflare bug. Google Demonstrates first ever SHA-1 hash collision

Cyber Threat Report 01 May - 16 May 2018

Army Cyber Institute Cyber Threat Report Tech Trends: Stories and Highlights Well-Trained Staff Is Your Best Defense Vs. IoT Cyberattacks Crabby Ransomware Nests in Compromised Websites Justice Dept. & F.B.I. Investigating Cambridge Analytica 25% of Businesses Hit with Cryptojacking in the Cloud Google and Microsoft Reveal New Spectre Attac

Cyberattacks and the Covert Action Statute: Toward a Domestic Legal Framework for Offensive Cyberoperations

Cyberattacks are capable of penetrating and disabling vital national infrastructure, causing catastrophic economic harms, and approximating the effects of war, all from remote locations and without the use of conventional weapons. They can be nearly impossible to attribute definitively to their sources and require relatively few resources to launch. The United States is vulnerable to cyberattacks but also uniquely capable of carrying out cyberattacks of its own. To do so effectively, the United States requires a legal regime that is well suited to cyberattacks\u27 unique attributes and that preserves executive discretion while inducing the executive branch to coordinate with Congress. The trouble is that it is unclear which domestic legal framework should govern these attacks. The military and intelligence communities have disputed which of their respective legal regimes should control. The choice between these frameworks raises important issues about the policy benefits of the executive branch keeping Congress informed regarding cyberattacks that it conducts. It also raises constitutional questions about the branches\u27 respective roles in warmaking when the chosen course of conduct blurs the line between an intelligence operation and an act of war. This Note argues that, in the absence of an independent congressional authorization to use force against a target, the covert action statute, which demands written reports from the president to the congressional intelligence committees in advance of operations, should presumptively govern, and that the president should issue an executive order to that effect

AUTOMATED CYBER OPERATIONS MISSION DATA REPLAY

The Persistent Cyber Training Environment (PCTE) has been developed as the joint force solution to provide a single training environment for cyberspace operations. PCTE offers a closed network for Joint Cyberspace Operations Forces, which provides a range of training solutions from individual sustainment training to mission rehearsal and post-operation analysis. Currently, PCTE does not have the ability to replay previously executed training scenarios or external scenarios. Replaying cyber mission data on a digital twin virtual network within PCTE would support operator training as well as enable development and testing of new strategies for offensive and defensive cyberspace operations. A necessary first step in developing such a tool is to acquire network specifications for a target network, or to extract network specifications from a cyber mission data set. This research developed a program design and proof-of-concept tool, Automated Cyber Operations Mission Data Replay (ACOMDR), to extract a portion of the network specifications necessary to instantiate a digital twin network within PCTE from cyber mission data. From this research, we were able to identify key areas for future work to increase the fidelity of the network specification and replay cyber events within PCTE.Captain, United States Marine CorpsApproved for public release. Distribution is unlimited

Współczesny wielowarstwowy krajobraz cyberbezpieczeństwa i pojawiające się nano-zagrożenia. Przegląd

Presented article attempts to identify the key node located in the three-tier model of cyberspace, the node which is characterized by the greatest potential impact on the other elements essential for the functioning of the whole network, especially in the securitycontext. Based on the network analysis, it was proposed to place the ‘persona’ in the center of interest, in other words the human factor. In this way – regardless of the future direction of the further development of artificial intelligence – an individual adversaryis able to dispose the historically unprecedented ability to put an impact on the critical and – potentially – military infrastructure of the state. Thus, individual digitally-skilled person is capable of destabilizing the post-industrial society not only in the context of network/computer security, but also physical security (through the cyber-physical systems)