Volume 18, Issue 4

A Note from Our Guest Editors

Stilized image of the word Editorial

Winter 2019

Preparing for a Future of Critical Infrastructure under Autonomic Control

This special edition of the Journal of Information Warfare explores foundations of key technol-ogies that we believe will drive a revolution in control of critical infrastructure systems. This revolution is needed because of the importance of these systems (i.e., providing most of the basic functionality required to sustain life and livelihood on a national and global scale), the growing prevalence of networked sensing and control that operates these systems, and the increasingly hostile and fast-acting ecosystem that challenges them on a daily basis. It is our assertion that in the near future increasing autonomy will be necessary for subsystems and their components to react quickly enough (and proactively position themselves) against the threats they face. This has the added benefitof freeing up humans to act in a supervisory and strategic decision-making loop that resides above the lower-level subsystems and component control—but it also comes with an added cost of designing systems so that, when they take autonomous action, it is transparent to humans and the motivations for and impact of those actions are also communicated and controllable by human operators. The goal is to make human decision-making more impactful and at a time scale that is appropriate for human cognition.

Adversarial Artificial Intelligence: State of the Malpractice

Abstract:

ArtificialIntelligence (AI), widely deployed in society, is rapidly becoming the next major battleground. Our society depends on the power of AI to solve problems in multiple domains—including commercial, infrastructural, and military systems. But AI is also vulnerable to a variety of attacks, some of which are common across many types and deployments of AI.

A Context-Centred Research Approach to Phishing and Operational Technology in Industrial Control Systems

Abstract:

Advanced persistent threats that leverage phishing against OT are cyberattacks that endanger critical infrastructure assets nationwide. Today phishing, a human focused exploit, constitutes 91%  of successful attack vectors against federal assets. This means Human-Introduced Cyber Vulnerabilities (HICV) are the weakest cyber link. The success of these attacks also suggests HICV are neither well understood nor mitigated. To characterise HICV and provide the necessary context in which they exist, this paper introduces a research approach derived from the mature sci-ence of social ecology. The desired end result of this research is an HICV-focused risk assessment framework.

Cyber Threat Screening Using a Queuing-Based Game-Theoretic Approach

Abstract:

Dynamic and uncertain security environments, such as cyber systems, often involve strategic interactions among multiple decision-making agents. In this paper, the authors consider a cybersecurity setting in which a system administrator (defender) has to screen malicious service requests from an attacker seeking to exhaust available cyber resources and inconvenience users with legitimate requests. This paper proposes a novel cyber-threat inspection model, based on Stackelberg games, that unifiesaspects of Threat Security Games with the Erlang-B queuing framework to provide equilibrium strategies for both the attacker and defender.

A Technical and Policy Toolkit for Cyber Deterrence and Stability

Abstract:

This study seeks to assist policymakers and scholars in building a theoretical, policy, and technical framework to address cyber conflict.Based on an analysis of deterrence theory and application and prior arms control regimes, the study presents a toolkit of policies and actions for national governments based on elements of deterrence and arms control that analysis demonstrates are potentially applicable to cyber conflict.The study illustrates how these could be prospectively applied in a treaty framework to facilitate attribution of hostile cyber actions.

Towards Automated Cyber Mission Modelling

Abstract:

Large-scale enterprises execute a full range of missions to satisfy objectives. Healthy enterprises should acquire and maintain mission awareness (which requires reasoning) over mis-sion models that identify the structure and character of missions along with their related cyber resources. Models are typically constructed by subject matter experts using a time- and labour-in-tensive manual process. This paper describes a novel framework comprising high-level processes that model mission essential functions and mission threads, as well as recognising active instances. This framework enables data-driven, semi-automated modelling to construct accurate, timely mission representations necessary for mission assurance and mission mapping.

An Automated, Disruption-Tolerant Device Authentication and Key Management Framework for Critical Systems

Abstract:

Key management is critical to secure operation. Distributed control systems, such as Supervisory Control and Data Acquisition (SCADA) systems, have unique operational requirements that make conventional key management solutions less effectiveand burdensome. This paper pres-ents a novel Kerberos-based framework for automated, disruption-tolerant key management for control system environments. Experimental tests and their results are presented to quantify the expected performance overhead of this approach. Additionally, Zeek sensor analytics are presented to aid in monitoring the health and security of the key management framework operation.

Safer and Optimised Vulnerability Scanning for Operational Technology through Integrated and Automated Passive Monitoring and Active Scanning

Abstract:

Vulnerability scanning of embedded sensors and controllers have a history of causing disruption and malfunction within operational technology environments. Traditional information technology vulnerability scanning generally consists of blunt exercising all or a large population of test conditions to understand how equipment responds. Often the large number and varied conditions of the tests are too much for embedded systems to handle. This paper presents a methodol-ogy and framework for integrating passive monitoring and active scanning techniques to optimise the type and amount of necessary active communication tests while achieving acceptable levels of device and vulnerability discovery. 

Enabling Situational Awareness in Operational Technology Environments through Software Defined Networkin

Abstract:

Network situational awareness has long been associated with the task of aggregating system logs to determine activity and events ongoing in the network. However, this current method of obtaining situational awareness does not clearly address the mission of a facility or organisation, the key customers at stake, and the real-time statuses of the critical infrastructures. 

Software-Defined Networking Traffic Engineering Process for Operational Technology Networks

Abstract: 

Network designs are often functional with little consideration for security. Growth and maintenance of critical infrastructure, mission-focused networks can be ad hoc and can preclude large-scale technology replacements, reconfigurations,or even patching. These restrictions are contributing factors to increased vulnerabilities. 

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com