Volume 14, Issue 4

Volume 14, Issue 4 Editorial

Stylized Image of the Word Editorial

FALL 2015

I want to thank all subscribers and authors for your support of the Journal of Information Warfare (JIW). The number of papers submitted has increased dramatically; and, as always, we welcome new submissions. Our rigorous double-blind peer-review process remains unchanged: through this process, we are able to collect objective feedback for all submissions. In addition to our regular issues, we continue to produce a special edition each April with the National Security Agency (NSA). In 2016, we will also be collaborating with USCYBERCOM for this special edition.

Cybersecurity and Global Governance

ABSTRACT

To understand better the challenges of developing a unified system of global cyber governance, a comparative analysis of national cybersecurity strategy and frameworks in 10 countries and the European Union from diverse regions in both the developed and developing world was conducted. Based on empirical research and an analysis of national and international cybersecurity strategies and policies, this paper explores the challenges and benefits of establishing a global legal and policy framework for cyber activity that advances the goals of national intelligence and technological innovation, while enhancing confidence and improving legal certainty in the global electronic marketplace.

A Human-Centric Approach to Cybersecurity: Securing the Human in the Era of Cyberphobia

ABSTRACT

Cybersecurity relates to the threats posed to a nation’s critical infrastructure, but should not be limited to the traditional concept of national security. The militarization of the cybersecurity discourse has produced a security dilemma, which is not sufficiently addressing the needs of people. This article highlights this shortcoming and views cybersecurity through a human-centric perspective. The challenge ahead is to establish a governance regime for cyberspace that successfully addresses human rights norms.

Dissuasion, Disinformation, Dissonance: Complexity and Autocritique as Tools of Information Warfare

ABSTRACT

This paper argues that the cyber terrain offers opportunities for developing strategies and tactics of information warfare which are based on the techniques already deployed by anti- establishment actors: détournement, satire, and the appropriation and subversion of pre-existing media artefacts. It also argues that the inherent complexity, diversity, and apparent anarchy of the online realm aids, rather than threatens, the effective exercise of influence. Finally, it contends that information warfare and influence must be conducted through media, which are integral to the experience of the intended targets, and suggests that recent developments in gaming merit investigation.

Locating Zero-Day Exploits with Coarse-Grained Forensics

ABSTRACT

This paper describes a novel coarse-grained forensics capability for locating zero-day exploits by recording and correlating on-host actions with network packets, with no discernible impact on user experience. The technology builds upon the Bear micro-kernel, a clean-slate custom OS specifically designed with modern Intel security features and Multics style protections. The capability provides an alternative to fine-grained techniques, such as memory taint tracking, that are intractable approaches for high-volume Internet facing servers. Two associated network attack scenarios, modelled from typical website designs, are described in order to illustrate how the technique can be used, and the associated results are presented.

Culture and Cyber Behaviours: DNS Defending

ABSTRACT

The Domain Name System (DNS) provides the Internet mapping information that many applications rely on for proper functioning. DNS software is a popular and potent attack vector. Many DNS attacks can be prevented through the adoption of DNS security extensions (DNSSEC). DNSSEC provides assurance of data authenticity (Arends et al. 2005). Even though DNSSEC standard has been in place over a decade, adoption has remained uneven; therefore, cultural values and DNSSEC adoption and rejection rates were examined in this study. The findings reveal activity in several dimensions, thus, implying that DNSSEC behaviours and cultural values may be co-related.

What Are the Metrics of Cyber Warfare? How Does One Measure Success?

ABSTRACT

This paper continues the process of laying the groundwork for a new comprehensive academic theory on Cyber Macht (Cyber Power). In this particular paper, the authors focus on trying to determine the metrics of cyber operations; in other words, how does one measure success? The ability to measure and validate success is always a crucial metric in the performance of a task; and in this case, the conduct of IO campaigns is no different.

Vulnerability by Design in Mobile Network Security

ABSTRACT

The GSM network, commonly called 2G, was designed during the 1980s when the Cold War was still ongoing. Due to political pressure from European governments, the security of GSM was deliberately made weak to allow easy interception by law enforcement agencies. Despite strengthened security in subsequent mobile network technologies of 3G and 4G, the weak security of 2G represents the ‘weakest link’ and thereby limits the security level of mobile networks in general. This article describes the evolution of mobile network security architectures, analyses their security vulnerabilities, and proposes solutions to mitigate the threats posed by these vulnerabilities.

Detection of DNS-Based Covert Channels

ABSTRACT

A compromised network will normally have some form of covert communication system installed. Covert communication channels can take many forms and can remain undetected until a major data breach has taken place. Compromised networks allow hackers to access private and confidential information so that they can engage in illegal behaviours such as data exfiltration. This article demonstrates that DNS-based covert channels have particular traffic signatures that can be detected in order to mitigate data exfiltration and malware command, and to control traffic.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com