Cyber Security

Developing a Cyber Operations Computational Ontology

Abstract: 

Cyber operations lack models, methodologies, and mechanisms to describe relevant data and knowledge. This problem is directly reflected when cyber operations are conducted, and their effects assessed, and it can produce dissonance and disturbance in corresponding decision-making processes and communication between different military actors.

Best Practices for Designing and Conducting Cyber-Physical-System War Games

Abstract:

Cyber war games have been shown to be useful for a broad range of purposes. The authors describe and compare  methods for  designing  realistic war games  in  the  domain of Cyber Physical Systems (CPS), review general methods for conducting war games, and illustrate best practices to assist researchers and practitioners in planning their own war games. 

Projected Territoriality: A Case Study of the Infrastructure of Russian Digital Borders

Abstract:

This  article  attempts  to  demonstrate  how  territoriality  can  be  projected  into cyberspace with respect to the infrastructure of a country. It is a case study of the delineation, protection, and control processes of Russia’s so-called digital borders. By combining analysis of border studies, information technology studies, and Russian studies, this article provides an interdisciplinary overview of the infrastructure of the Russian segment of the Internet and examines the principles and practises behind the Russian implementation of the concept of a national  segment  of  the Internet as an infrastructural element of delineating digital borders and achieving a functional digital sovereignty.

Towards a Reconceptualisation of Cyber Risk: An Empirical and Ontological Study

Abstract:

The prominence and use of the concept of cyber risk has been rising in recent years. This paper presents empirical investigations focused on two important and distinct groups within the broad community of cyber-defence professionals and researchers: (1) cyber practitioners and (2) developers of cyber ontologies.

Uncertain Security Community: Building Western Cyber-Security Order

Abstract:

Leading NATO countries (such as the United States, the United Kingdom, Germany, and France) are rather like-minded when it comes to cyber-threat assessments and cyber-security policy priorities. They share common security values and norms and identify common cyber threats. In this regard, they can be identified as members of the same security community. However, when it comes to strategies for building cyber security, there is disparity among them.

Cyber Apprenticeship: A Traditional Solution to a Vexing New Problem

Abstract:

This paper proposes a new approach to a relatively new and often vexing problem facing many businesses today: meeting the growing demands for a trained and certified cyber-security workforce. The proposed approach uses the traditional apprenticeship model, combined with the targeting of rural candidates as a mechanism to develop a greater loyalty to any firm making the investment.

Cyber Security in the Context of Armenia-NATO Cooperation

Abstract:

NATO is one of the main actors in the development and modernisation of the national security architecture of Armenia. One of the main research goals of the authors is to understand the qualitative and quantitative framework of Armenia-NATO cooperation. From this perspective, the authors of this article analyse cyber-security cooperation between Armenia and NATO based on DOTMLPF II components.

Preparation, Modelling, and Visualisation of Cyber Common Operating Pictures for National Cyber Security Centres

Abstract:

Common Operating Pictures (COPs) have long been a common denominator of effective cyber defence operations (for example, in law enforcement and the military). COPs are widely used to represent, visualise, and assess situations. In recent years, Cyber COPs (CCOPs) have become important in establishing cyber situational awareness. 

Should ‘RuNet 2020’ Be Taken Seriously? Contradictory Views about Cyber Security Between Russia and the West

Abstract:

Russia aims to create an independent state information system that ensures the network’s overall stability by controlling the Internet routing architecture inside Russia. A tightly regulated and secure ‘information space’ will not only ensure stronger defence against external attacks, but also increase offensive capabilities.

An Open-Source Tool to Support the Quantitative Assessment of Cyber Security for Software Intensive System Acquisition

Abstract:

This paper presents an open-source tool to support the quantitative assessment of software reliability and cyber security. The tool enables assessment of a system’s security from penetration-testing data and can be used to estimate the number of vulnerabilities remaining. This approach will enable organisations that acquire software to establish quantitative requirements for inclusion in contracts, thereby providing clear requirements for software and system developers to meet. The tool will enable contractors to regularly assess the security of their software, which will facilitate the identification and reporting of programs that may fail to achieve contractually specified security objectives.

Managing Cybercrimes through the Implementation of Security Measures

Abstract:

Today’s global environment has seen tremendous growth in the number of online transactions and Internet subscribers. This increase is creating a situation in which businesses are now largely dependent on information systems and their inherent technologies. The increase, however, is also causing a rise in the volume and extent of cybercrimes and security lapses.

Security-Information Flow in the South African Public Sector

Abstract:

Information-security management programs are becoming increasingly important in enabling organisations to promote a high level of accountability and good governance. Organisations need accurate and relevant real-time information to make effective and efficient decisions pertaining to cyber threats and attacks. Based on a qualitative study, this article introduces and discusses the components of an information-security management program.

The Role of the U.S. Military in Cyberspace

Abstract:

As the United States has grown dependent on cyberspace, the U.S. military has come to have an increasingly important role to play in protecting U.S. national interests in the cyber domain. In addition to operating and defending its own cyberspace resources and supporting other military missions, the U.S. military must now be prepared to defend the country as a whole. These missions require the military to innovate and to collaborate effectively with a whole host of international, governmental, and private sector actors.

A Century of Convergence: Technology, Ideology, and U.S. National Security

Abstract:

‘Convergence’ is a term typically used to denote the conflation of several technologies. In a larger sense, convergence can signify the blending of technology, law, policy, doctrine, and capability in ways that boost knowledge and power for those who compel or defend states. The world has become globalized in the sense that virtually anyone, anywhere, can be targeted. These awesome powers of surveillance and force are still growing, but their oversight lags far behind. Ironically, efforts to limit surveillance have helped to spur the overall growth of surveillance capabilities, in part to answer the growing demand for intelligence for precision targeting. Understanding the origins and current breadth of that gap is key to resolving it.

Cybersecurity and Global Governance

ABSTRACT

To understand better the challenges of developing a unified system of global cyber governance, a comparative analysis of national cybersecurity strategy and frameworks in 10 countries and the European Union from diverse regions in both the developed and developing world was conducted. Based on empirical research and an analysis of national and international cybersecurity strategies and policies, this paper explores the challenges and benefits of establishing a global legal and policy framework for cyber activity that advances the goals of national intelligence and technological innovation, while enhancing confidence and improving legal certainty in the global electronic marketplace.

A Human-Centric Approach to Cybersecurity: Securing the Human in the Era of Cyberphobia

ABSTRACT

Cybersecurity relates to the threats posed to a nation’s critical infrastructure, but should not be limited to the traditional concept of national security. The militarization of the cybersecurity discourse has produced a security dilemma, which is not sufficiently addressing the needs of people. This article highlights this shortcoming and views cybersecurity through a human-centric perspective. The challenge ahead is to establish a governance regime for cyberspace that successfully addresses human rights norms.

A Case Study in the Security of Network-enabled Devices

ABSTRACT

It is becoming increasingly common for appliances and other electronic devices to be network-enabled for usability and automation purposes. There have been fears that malicious users can control such devices remotely. Since the installation base of such network-enabled household devices is still relatively small, we examine the types of vulnerabilities that another such appliance has, the network-enabled printer, which is commonly found in the education and business sector. In this paper we analyze the source of the vulnerabilities and present detailed threat scenarios. In addition, we examine four organizations in Australia and Europe. Based on the results of the case study, we draw conclusions on the effects of an information warfare attack using network-enabled devices as the medium.

If You Go Down to the Internet Today – Deceptive Honeypots

ABSTRACT

This is preliminary research into the effectiveness of deceptive defensive measures in particular honeypots that use deceit as a primary defensive and offensive mechanism. Initial research has been conducted using the Deception Tool Kit and its ability to fool commonly available network scanning tools such as Nessus and Nmap The preliminary research indicates that these deceptive tools have a place in modern network defense architecture.

Accessing Security Incident Information on the Internet

ABSTRACT

Computer security Incident Response teams have emerged due to the increase of computer crime. These can be national, international or organization based. Maintaining a CSIRT poses a number of problems. In this paper the authors describe two of the technical problems that CSIRT’s have, the storage and the acquisition of incident data. The paper describes a system based on the CORBA model that can be used for the efficient management of the incident recording database. The proposal also provides for alternative ways of accessing the database by companies and security analysts.

Dominating the Attacker: Use of Intelligence and Counterintelligence in Cyberwarfare

ABSTRACT

In the event of cyberwarfare the defender must harden the attacker’s target by secure design,
a defined security perimeter, and a suite of tools. Indeed, the defender must be ever alert and ready to react to attack. Over many years, defenders in traditional warfare have learned to predict the style, magnitude and possible outcomes of a physical attack, and how to deceive and confuse an attacker with the objective of changing the outcome. Perhaps the cyberwarfare defender can take a similar approach, by employing intelligence and counterintelligence techniques that are superior to those of the attacker.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com