Summer 2017

Most of the papers in this latest edition of the Journal of Information Warfare represent the best presentations from the 2017 International Conference on Cyber Warfare and Security (ICCWS) held in Dayton, Ohio, and co-sponsored by Wright State University and the U.S. Air Force Institute of Technology (AFIT). This issue of JIW contains a wide variety of research focusing on the broad spectrum of cyber warfare, with an emphasis on Industrial Control Systems (ICS), 

Abstract:

Conventional cyber attack management is reactive, which is ineffective in curbing sophisticated adversaries, especially Advanced Persistent Threats (APTs). There is an immediate need for proactive cyber-security measures that reflect the adaptive and dynamic nature of these adversaries. Using empirical evidence of observations and interviews conducted at the Industrial Control Systems Computer Emergency Response Team’s (ICS-CERTs) Red-Team/Blue-Team cyber-security training exercise held at Idaho National Laboratory (INL), this paper highlights the human aspects of cyber attacks, with a specific focus on adversarial intrusion chains, adaptability after attack disruptions, and group dynamics.

Abstract:

Components within modern automobiles communicate across a Controller Area Network (CAN), which has been demonstrated to be vulnerable to external adversarial attention. To better integrate effective security for the CAN protocol at the design level, the standard can be defined in temporal logic. Translating the temporal logic into a module for a real-time network emulator complements a greater goal to reduce security testing overhead. Comparing performance metrics while attempting to exploit modified CAN designs provides analysts with a readily accessible source of information as to whether a solution can be supported by module developers in industry.

Abstract:

This paper presents an open-source tool to support the quantitative assessment of software reliability and cyber security. The tool enables assessment of a system’s security from penetration-testing data and can be used to estimate the number of vulnerabilities remaining. This approach will enable organisations that acquire software to establish quantitative requirements for inclusion in contracts, thereby providing clear requirements for software and system developers to meet. The tool will enable contractors to regularly assess the security of their software, which will facilitate the identification and reporting of programs that may fail to achieve contractually specified security objectives.

Abstract: 

Vehicles currently on the market are more like computers on wheels than most consumers would even begin to imagine. In fact, consumers rarely consider whether their new vehicles could be hacked in a fashion similar to their home PCs. Recently, attacks on vehicles have been brought into the spotlight, a reality that is making vehicle cyber security a priority with both vehicle manufacturers and politicians, and through both manufacturers’ designs and U.S. Senate bills. This paper explores the means by which a vehicle could potentially be hacked, what ramifications come from a hacking attack, and how a vehicle could be protected against attacks.

Abstract:

In this paper, the security of an increasingly popular concept called System on a Chip (SoC) is considered. SoC consists of pairing a Field Programmable Gate Array (FPGA) and a processor on a single chip. The researchers contend that security is permanently influenced by initial design decisions; and, if aware of the trade-offs, designers incorporating SoCs into their systems can improve security of their applications.

Abstract:

This article presents an overview of cyberspace operational cognition within the North Atlantic Treaty Organization (NATO). This paper likens submarine warfare tactics used during the Cold War to current cyberspace tactics used in modern warfare. As the European Union moves toward a market governed by digital economies, the influx of cyber security technologies and nation-state support should match this influx to prevent, holistically, malicious compromise. 

Abstract:

By utilising existing infrastructure, Power Line Communication (PLC) is a cost- effective, practical solution that supports home automation and critical national infrastructure systems. However, current home automation PLC implementations are inherently unsecure, susceptible to network intrusion, and vulnerable to unauthorised configuration changes. 

Abstract:

This  paper  presents  general  strategies  for  cyber  war  gaming  of  Cyber-Physical Systems (CPSs) that are used for cyber security research at the U.S. Army Research Laboratory (ARL).