Volume 14, Issue 2

Volume 14, Issue 2 Editorial

Stylized Image of the Word Editorial

APRIL 2015

In April 2014, Peregrine collaborated on a special edition of the Journal of Information Warfare (JIW), with every article being written by a serving member of the National Security Agency (NSA) staff. Our staff worked closely with the Information Assurance Directorate (IAD) personnel during a six month period to bring together an exciting issue. Here is a quote from Neal Ziring, the Technical Director for the National Security Agency’s Information Assurance Directorate (IAD) on that effort – “The April 2014 issue of JIW was the first time that NSA IAD worked with an academic journal to create a special issue. It was a great learning experience for some of our internal experts, and also helped raise awareness of some of our important mission challenges among academic researchers in this field.”

The Future of Cyber Operations and Defense


National and economic security of most nations have become dependent on cyberspace. Protection of cyberspace will depend, in part, on successful cyber operations. Cyberspace is the domain in which these operations take place, and it is evolving rapidly, through increased use of virtualization and cloud services, ubiquitous mobility, and the integration of cyber systems into the physical world. To be successful in this future environment, cyber operations will need to be supported by more defensible systems, to be informed by a greater understanding of system state and threat actors, and to be more adaptive.

Training Cyber Forces without Warfighting


Collective and individual training for military cyber operations poses challenges not faced by industry, academia, or other governmental areas. The warfighting mission comes with unique issues scarcely dealt with by the modern United States, such as foreign attacks taking place on United States’ infrastructure. As a result, there are limited existing processes to draw upon. Effective training is further hampered by lack of operational experience. This paper discusses the challenges of gaining experience in cyber operations, explores several avenues for obtaining real-world operational experience outside of warfare, and considers the applicability of those operational scenarios to training.

Understanding the Co-Evolution of Cyber Defenses and Attacks to Achieve Enhanced Cybersecurity


This article examines the notion of cyberattack-and-defend co-evolution as a mechanism to better understand the influences that the opposing forces have on each other. The concept of co-evolution has been most commonly applied to a biological context involving living organisms and nature-based adaptations, but it can be applied to technological domains as well. Cybersecurity strategies based solely on technological features of attack-and-defend adaptations do not immediately reveal a co-evolutionary relationship and are typically seen more as cyber arms races. In order to leverage cyber co-evolution in support of cybersecurity, the human-driven behaviors of cyberattack-and-defend adaptations have to be incorporated. In other words, the mission must serve to drive human motives and goals, and in many cases, must limit the scope of an attacker’s adaptations.

Changing the Future of Cyber-Situational Awareness


The proliferation of Internet of Things (IoT) devices will change the face of cyber situational awareness from one focused on centralizing and homogenizing data feeds to one struggling to identify triggers from inordinate amounts of data. IoT devices, anticipated to grow to 20-40 billion by 2020, will both increase the potential visibility and granularity of cyber situational awareness and will significantly complicate the effort. The sheer increase in communications will raise the noise floor and will force more advanced analytics and data parsing to identify appropriate triggers. In addition to the influx of data and traffic, IoT devices also have the potential to introduce server security concerns to any network.

The Need for Digital Identity in Cyberspace Operations


Digital identity is an online or networked identity in cyberspace for an individual, organization, or entity to uniquely describe a person or a thing and contains information about the entity’s relationships. A critical challenge in cybersecurity and cyberspace operations is knowing with whom or what one is defending. Currently, it can be difficult to accurately determine the identity of a person or entity in cyberspace. A unified and verified identification system for each entity or component of an IT system is needed. This paper will identify the challenges and opportunities that digital identity technologies introduce for cybersecurity and cyberspace operations.

Moving Big-Data Analysis from a ‘Forensic Sport’ to a ‘Contact Sport’ Using Machine Learning and Thought Diversity


Data characterization, trending, correlation, and sense making are almost always performed after the data is collected. As a result, big-data analysis is an inherently forensic (after-the-fact) process. In order for network defenders to be more effective in the big-data collection, analysis, and intelligence reporting mission space, first-order analysis (initial characterization and correlation) must be a contact sport—that is, must happen at the point and time of contact with the data—on the sensor. This paper will use actionable examples: (1) to advocate for running Machine-Learning (ML) algorithms on the sensor as it will result in more timely, more accurate (fewer false positives), automated, scalable, and usable analyses; (2) discuss why establishing thought-diverse (variety of opinions, perspectives, and positions) analytic teams to perform and produce analysis will not only result in more effective collection, analysis, and sense making, but also increase network defenders’ ability to counter and/or neuter adversaries’ ability to deny, degrade, and destabilize U.S. networks.

On the Role of Malware Analysis for Technical Intelligence in Active Cyber Defense


This paper discusses the critical role collection and analysis of malware must play in active cyber defense. The importance of determining the operational characteristics, strengths, and weaknesses of an adversary’s weapons and equipment has led to the establishment of technical intelligence (TECHINT) as a discipline in military intelligence. Software, particularly malware, fills the role of weapons in cyberspace. Malware analysis offers significant opportunities to understand adversary capabilities and intent, thus facilitating an effective cyberspace defense. This paper provides background, discusses potential TECHINT gains from malware, and considers how this knowledge may enhance an active cyber-defense strategy.

I Want My Smartphone. I Want It Now. And I Want to Connect to Everything from Anywhere… Now!


Even the classified enterprise is going mobile. Trolls and Luddites cannot prevent it. But the bridge to be crossed to mobility nirvana (a secure, cheap, and user-beloved system) is still rickety with many places where one can fall into the chasm of lost data. The forces of malware, user sloth, shoddy component design, and poor system architecture are arrayed against safe passage. But one is not alone. Assisting the crossing are a number of laws requiring privacy and security measures, government programs that induce superior products, policies written for both public and private sector enterprises, standards bodies, and, most of all customers demanding security from vendors. This paper will look at the mobility mission, the threat to mobile, the secure enterprise architectures using defense in depth, the state of security in system components and how that is being improved through a number of efforts, and the impact of new technology.

Defending Cyberspace with Software-Defined Networks


Software-Defined networking (SDN) presents a new way of thinking about and operating communication networks that is revolutionizing the networking industry. This paper first describes how a core tenet of SDN—a logically centralized network control plane—enables dynamic, fast, and predictable changes in network behavior. Next, the authors show how network operators can use this capability to transform defensive cyber operations from today’s labor-intensive, static processes into automated, agile responses that are capable of dealing with tomorrow’s cyber threats.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.
















Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455