Volume 20, Issue 2

20.2 PNNL Cover

A Note from the Guest Editors

Stilized image of Word Editorial

Spring 2021

Infrastructure Resiliency from a Macro Cyber Perspective

In our 2019 special edition of the Journal of Information Warfare, the foundations for autonomic control for critical infrastructure and operational technology systems were introduced. Herein we build on that foundation by introducing the concept of resiliency from a macro cyber perspective. The prefix ‘macro’ has been applied previously to concepts such as ‘economics’ to differentiate national scale economic concepts such as gross domestic product from ‘micro’ scale economics, which focuses on solvency of, for example, individual homes and businesses. Here we apply the same prefix to resiliency in cyber systems to differentiate between micro cyber resiliency, which we define as ensuring the functionality of individual cyber devices, systems, and networks; and macro cyber resiliency, which we define as ensuring the functionality of interconnected systems comprising control, sensing, and physical elements such as are found in critical infrastructure like the power grid.

Solvability, Operability, and Security for Cyber-Physical Systems: New Computational Methods with Revised Assumptions

Abstract:

This paper discusses the use and integration of disparate but complementary tools for dealing with solvability, operability, and security challenges in Cyber-Physical Systems (CPSs): the Koopman operator for solvability, disjunctive programming for operability, and multi-level optimisation for security. These methods can obviate the need for some of the traditional assumptions used in modelling CPSs. This paper demonstrates the methods’ capabilities and considers ways to advance each method individually. It concludes by discussing how to integrate the different methods and identify useful synergies generated by doing so.

Data-Driven Model Generation for Deception Defence of Cyber-Physical Environments

Abstract:

Cyber deception is a burgeoning defence technique that provides increased detection and slowed attack impact. Deception could be a valuable solution for defending the slow-to-patch and minimally cryptographic industrial Cyber-Physical Systems. However, it is necessary for cyber- physical decoys to appear connected to the physical process of the defended system to be convincing. In this paper, the authors present a machine-learning approach to learn good-enough models of the defended system to drive realistic decoy response. The results of studying this approach with simulated and real building systems are discussed.

Machine Intelligence to Detect, Characterise, and Defend against Influence Operations in the Information Environment

Abstract:

Deceptive content—misleading, falsified, and fabricated—is routinely created and spread online with the intent to create confusion and widen political and social divides. This study presents a comprehensive overview of content intelligence capabilities (WatchOwl– https://watchowl. pnnl.gov/) to detect, describe, and defend against information operations on Twitter as an example social platform to explain the influence of misleading content diffusion and enable those charged with defending against such manipulation and responsive parties to counter it. We first present deep learning models for misinformation and disinformation detection in multilingual and multimodal settings followed by psycho-linguistic analysis across broad deception categories. 

Critical Roles of Information, Analysis, Research, and Operations in the Cyber Realm

Abstract:

PNNL developed an Adaptive Cyber Integration Framework (ACIF) in a pilot program to facilitate the timely sharing of cyber threat information along with the advancement of situational awareness tools to enhance protection against and respond to critical infrastructure cybersecurity threats. ACIF comprises components implemented iteratively to achieve research and mission goals. The ACIF components include data-generation technologies, analytic-tools development and maturation, data enrichment and fusion, trust building with stakeholders, investigative research, analytic rigor, production, and dissemination. Each component, its importance to the ACIF, and how each can be adopted and applied across other information-sharing sectors and domains are discussed as a case study in this paper.

Flexible and Adaptive Malware Identification Using Techniques from Biology

Abstract:

The holy grail in cyber analytics is to find new ways to understand the information we already have access to. One way to do that is to characterize the data into reasonable sizes and then leverage any known information to generate new insights. Biologists have been using a similar process for decades. This paper introduces the MLSTONES tool set that was developed by leveraging biology and bioinformatics, high-performance computing, and statistical algorithms applied to cyber data and specifically to malware. Furthermore, the paper discusses the tool suite, its applications, and how it compares to or can work with other related tools.

Deploying Software-Defined Networking in Operational Technology Environments

Abstract:

Software-Defined Networking for Operational Technologies, referred to as OT-SDN, is a leading technology to secure critical infrastructure and command and control systems. As the name implies, OT-SDN networks are programmable, which allows system owners to utilise the characteristics of their physical processes to inform the security of their network. There are best practices for deploying OT-SDN into an environment, whether it is all at once or over time (hybrid) that the network is converted to SDN technologies. Through the development of data-mining tools and standardised process control, OT SDN can be deployed reliably. These tools will minimise or eliminate any communication failures during the transition and will provide network owners with complete documentation of their network environment. The resulting documentation could enable or facilitate network owners to pass any audits or policy checks (such as Authority to Operate) before being allowed to utilise the OT-SDN infrastructure.

Persistent Engagement and the Private Sector

Abstract:

The concepts of ‘persistent engagement’ and ‘defend forward’ signify a shift in how the U.S. employs its military cyber capabilities. These new concepts reorient U.S. Cyber Command from a reactive response force to a proactive force with continuous engagement that operates outside U.S. military networks to discover and expose adversary activity as well as to execute actions before they harm U.S. national interests. Persistent engagement can form the basis for a whole-of-nation cyber strategy if the private sector is a central player, rather than an afterthought.

Protecting U.S. Army Infrastructure by Enhancing Cybersecurity for Onsite Third-Party Energy Providers

Abstract:

The U.S. Army Office of Energy Initiatives (OEI) facilitates the procurement of independently owned and operated energy generating assets to support energy resilience capabilities at U.S. Army installations. When developing contracts for these assets, OEI implements a set of cybersecurity requirements it has developed based on energy sector consensus guidance. For many energy projects, these OEI Cybersecurity Requirements are the primary set of cybersecurity requirements the U.S. Army applies. For others, the U.S. Department of Defense Risk Management Framework and Cybersecurity Maturity Model Certification provide additional cybersecurity requirements and guidance.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    21 North Broad Street
    Suite 2-H
    Luray, VA 
    22835 
  • 757.581.9550
  • JIW@ArmisteadTec.com