Volume 16, Issue 2

Introduction to Special Issue

News over the previous months makes clear all aspects of our society depend upon computers and the data we’ve entrusted to them. We continue to be unprepared by the leverage adversarial actors are able to exercise when they appropriate, expose, or deny access to that data. We have seen hospitals threatened, numerous large enterprises report enormous breaches of personal and credit card data, and the devices in our homes repurposed into attack platforms without our knowledge. Addressing these situations requires that we improve the technology we use, better use the technology we have, simplify the correct uses of technology, and prioritize preventing, detecting, and responding to attacks based upon informed analysis.

In this fourth special issue we have collected seven papers from National Security Agency and U.S. Cyber Command authors. These papers present demonstrated concepts that will improve the technology and the performance of those tasked to defend our systems. Whether your interests are in human factors, cyber planning, secure wireless, or secure networking this issue has something for you. It has been an honor to prepare this issue for you. I hope you find it enlightening.

Grant Wagner
Distinguished Chair, Information Assurance & Cyber National Cryptologic School
National Security Agency

Volume 16, Issue 2 Editorial

Stylized Image of the Word Editorial

Spring 2017

Information Warfare. We used to talk about this as a historical or acadewhich mic issue, one in we could use vignettes or test cases from World War II or Vietnam as instances of deception, operations security, or psychological warfare efforts conducted in an active warfare operation. Everything has changed as we see an active measure information campaign by Russia during the 2016 United States election process, where fake news is considered the norm.

Understanding Operator Fatigue, Frustration, and Cognitive Workload in Tactical Cybersecurity Operations

Abstract:

While the human factors of mission critical systemd weapons systems have been extensively studied, there has been little work on cyber operations. As with any system, the perfect storm of complex tasks in a high-risk environment takes an incredible toll on human operators, leading to errors, decreased performance, and burnout. An extensive studtacticaly of  cyber operations at the National Security Agency found that operator fatigue,  frustration,  and  cognitive  workload  significantly  increase  over  the  course  of  an operation. A discussion of these findings helps us understand the impact that the high-stress, high-risk environment of tactical cyber operations has on its ops such as air traffic control anerators.

Innovating the Prioritization of Cyber Defense

Abstract:

The U.S. Department of Defense (DoD) faces a monumental undertaking in protecting the infrastructure that underpins the entirety of its operations: It must identify and prioritize key terrain  to  dynamically  defend.  This  paper  will  examine  the  criteria  to  identify  critical information systems and infrastructure, will review the process to identify key terrain in cyberspace, and will offer a recommendation on how to more effectively prioritize network defender operations using data analytics.

Enhanced Wireless Performance Improves Security

Abstract:

This paper details how the information security community is benefiting from the rapidly growing need for greater wireless performance and capacity. It seems contradictory that increased performance would make a wireless system more secure, given that it is transporting a larger quantity of data, but this may well be the case. The authors assert that this performance improvement, brought on by the Multiple-Input Multiple-Output antennas’ providing multiple spatial streams, causes the eavesdropper to move closer and closer to eavesdrop on the intended wireless communications or, possibly, to give up entirely.

Friend or Faux: Deception for Cyber Defense

Abstract:

Defensive deception provides promise in rebalancing the asymmetry of cybersecurity. It makes an attacker’s job harder because it does more than just block access; it impacts the decision making causing him or her to waste time and effort as well as expose his or her presence in the network. Pilot studies conducted by NSA research demonstrated the plausibility and necessity for metrics of success including difficulty attacking the system, behavioral changes caused, cognitive and emotional reactions aroused, and attacker strategy changes due to deception. Designing reliable and valid measures of effectiveness is a worthy (though often overlooked) goal for industry and government alike.

Next-Generation Defensive Cyber Operations (DCO) Platform

Abstract:

The  frequency  and  complexity  of  recent  cyber  intrusions  have  made  the  job  of defending networks a daunting task. Signs of suspicious or malicious activity can be found in one of many data sources within the network. Local network defenders are held accountable for preventing cyber intrusions but generally are not provided with adequate tools to aid in prevention and detection. With the variety of local network-defense data sources (for example, log files, network traffic, endpoint artifacts) that must be analyzed for suspicious activity, a network defender’s responsibility has evolved from finding a needle in a haystack to finding parts of a needle from among multiple haystacks. The National Security Agency’s (NSA) next- generation Defensive Cyber Operations (DCO) sensor platform, known as CHUCK (Comprehensive Hunt & Ultimate Cyber Kit), is an initiative to provide a platform for local network defenders to collect large volumes of network-defense data from multiple sources within an environment, thereby enabling detection and discovery of new threats in a secure and timely manner.

Securing Software Defined Networking

Abstract:

Software Defined Networking (SDN) has quickly developed as a technology to manage large-scale rapidly changing network environments at line-speed. This switch to centrally managed network devices potentially brings increased risks to the network infrastructure. If SDN applications can be thought of as programming the network, then SDN controllers must provide a protected environment in the same way that traditional operating systems isolate and protect software. This paper discusses the security concerns of SDN; examines current approaches to incorporating application permissions in SDN controllers, such as security-mode ONOS; and identifies where further work is needed to provide this assurance for operational networks.

Analysis of a Forced-Latency Defense Against Man-in-the-Middle Attacks

Abstract:

Several cryptographic protocols have been proposed to address the Man-in-the-Middle (MitM) attack without the prior exchange of keys. In this paper, one such protocol proposed by Zooko Wilcox-O’Hearn, the forced-latency defense against the chess grandmaster attack, is analyzed. Using the Cryptographic Protocol Shapes Analyzer (CPSA), the security properties of the protocol are validated through a novel use of CPSA’s state features to represent time. A small message-space attack is also uncovered that highlights an assumption that many protocols make, and a solution is proposed that would prevent such an attack against Wilcox-O’Hearn’s protocol.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com