Cyber Security

Accessing Security Incident Information on the Internet


Computer security Incident Response teams have emerged due to the increase of computer crime. These can be national, international or organization based. Maintaining a CSIRT poses a number of problems. In this paper the authors describe two of the technical problems that CSIRT’s have, the storage and the acquisition of incident data. The paper describes a system based on the CORBA model that can be used for the efficient management of the incident recording database. The proposal also provides for alternative ways of accessing the database by companies and security analysts.

Dominating the Attacker: Use of Intelligence and Counterintelligence in Cyberwarfare


In the event of cyberwarfare the defender must harden the attacker’s target by secure design,
a defined security perimeter, and a suite of tools. Indeed, the defender must be ever alert and ready to react to attack. Over many years, defenders in traditional warfare have learned to predict the style, magnitude and possible outcomes of a physical attack, and how to deceive and confuse an attacker with the objective of changing the outcome. Perhaps the cyberwarfare defender can take a similar approach, by employing intelligence and counterintelligence techniques that are superior to those of the attacker.

Design of a High Performance Implementation of the Rijndael Cipher Using Three-Level Architecture


For a long period of time, the Data Encryption Standard (DES) was considered as a standard for the symmetric key encryption. It has a key length of 64 bits. Due to the vast growing of processing speed, this small key length can easily be broken. According to the National Institute of Standards and Technology (NIST), the Advanced Encryption Standard (AES) will replace DES, as it is based on a key length of 128-bits or more. In the present paper, a design of a high performance implementation of the AES cipher will be proposed. An experimental performance evaluation of the proposed design will be provided. The experimental study will be applied for different block size lengths of the message to be encrypted. The performance of the proposed design will be evaluated considering a set of criteria such as the average execution encryption time per round, average encryption speed, speedup, and efficiency.

Cybersecurity’s Can of Worms


Security frameworks are reassessed and recreated in response to political paradigm shifts or revolutions, as was the case at the abrupt end of the Cold War. The two decades since however, have seen the advent of a different type of revolution, namely that of information and communication technologies, leading to a world interconnected and globalised as never before. The daily reliance on cyberspace and its criminal usage by some raises questions of security for individuals, states and international systems alike. Given this level of dependence and interdependence it is surprising to note how little these aspects feature in current security frameworks. The aim of this paper is to address cybersecurity in relation to Hansen and Nissenbaum’s view of the Copenhagen School and as a result to propose an initial alternative model.

Survivability in Cyberspace Using Diverse Replicas: A Game-Theoretic Approach


Survivability represents the quantified ability of a system, subsystem, equipment, process or procedure to function continually during and after a disturbance. Almost invariably, replication of a subsystem or procedure is necessary to meet a system’s survivability requirements. Diversity will prevent the same fault or attack from damaging all the replicas so that they can continue the mission. This research shows that the more dangerous vulnerabilities (that is, those that affect more replicas) in a system are sometimes less likely to be exploited. This work uses the mathematical framework of game theory to show the significance of replica diversity for mission survival in cyberspace.

Antivirus False-Positive Alerts, Evading Malware Detection, and Cybersecurity Issues


The continuous development of evolving malware types creates a need to study and understand how antivirus products detect and alert users. This paper investigates today’s antivirus solutions and how their false-positive alerts affect software development and the distribution process. The authors discuss and demonstrate how antivirus detection deals with bespoke applications and how this can be reversed and manipulated to evade detection, allowing the process to be used by malicious software developers. The paper also demonstrates how an undetected malicious piece of software can be developed without using advanced hiding techniques, which will also be capable of overcoming reputation-based detection systems.

Strategic Communication for Cyber-security Leadership


The purpose of this paper is to form a preliminary hypothesis about how to identify characteristics that a leader needs to focus on when aiming at cyber-security leadership. The paper studies the key concepts and terms of cyber security and presents the physical world and the cyber world framework. The paper refers to a system model of a society and uses that model to analyze the results of two limited media surveys about cyber-related newspaper articles.  The media surveys indicate a strong need to organize the cyber world.

Critical Infrastructure Protection Policy: The Israeli Experience


This article presents the Critical Infrastructure Protection (CIP) policy in Israel and analyses its evolution. Israel established a centralist national critical infrastructure protection system in late 2002, which was implemented rather harmoniously. However, the evolving cyber-environment has led to renewed discussions. After years of discontent, a comprehensive review of national cyber-posture was conducted in 2011. Significant policy changes, fostering coordinated cooperation between public, security, academic, and private sectors, are now in progress. This examination of the Israeli CIP approach may assist policy-making in other countries.

PrEP: A Framework for Malware & Cyber Weapons


The contemporary debate over cybersecurity rests on a set of linguistic artifacts that date from the Cold War. Attempting to glean a starting point for debate over use of terms such as ‘cyber attack’ or ‘cyber war’ is difficult, largely because there is little agreement on what constitutes a weapon in cyberspace. This paper proposes a new framework to classify malware and cyber weapons based on the different pieces of malicious code that constitute them, then evaluates competing definitions of cyber weapons, and concludes with implications for this approach.

Radio Frequency Fingerprinting through Preamble Manipulation


This paper demonstrates a novel and complementary approach to exploiting physical-layer differences among wireless devices. This research records packets with standard-length IEEE 802.11b preambles using a software defined radio, manipulates the recorded preambles by shortening their length, then replays the altered packets toward the transceivers under test. Five transceiver types from three manufacturers are distinguishable by analysing differences in packet reception with respect to preamble length with greater than 99% accuracy using a small number of test packets.  The results demonstrate that preamble manipulation is effective for multi-factor device authentication, network intrusion detection, and remote transceiver type fingerprinting.

Cyber-Mugging: Summary and Analysis of a Simulated ICS/SCADA Attack


In a representative Industrial Control System (ICS)/Supervisory Control And Data Acquisition (SCADA) laboratory environment, a simulated cyber attack suggests that an attacker with a low to moderate level of technical proficiency may utilize common, publicly-available tools and techniques to obtain complete control of the ICS environment. The cyber-physical relationship between information systems and industrial machinery has created environments where limited resources may be leveraged to trigger significant physical effects. The feasibility that such an incident has the potential to cause significant disruptive effects directly challenges the current paradigm that state-level resources are required to inflict catastrophic results.

Securing the Cloud


This paper will review cloud technology utilized to support the Intelligence Community and will specifically address the National Security Agency’s research into vulnerabilities and risks related to cloud-based systems. Current implementation plans will be discussed for a multi- agency private cloud architecture that is under development. The paper will also review security challenges for a cloud architecture and will address specific technologies, such as data tagging, digital policy management, encryption, identity and access management, and auditing, along with intrusion detection and prevention.

Using Classified Intelligence to Defend Unclassified Networks


Intelligence services, such as the National Security Agency, have access to unique information about adversarial cyber-exploitation and -attack capabilities. Nations such as the United States should be employing this unique but sensitive information in the defense of national security, government, critical infrastructure, and other networks, but doing so may expose the sources and methods behind the intelligence. Once exposed, access to that unique information may be lost. This paper describes the dilemma, presents a partial taxonomy of use cases for which solutions are needed, and offers avenues for supplying those solutions. In particular, solutions to the problem of using classified intelligence for defense of unclassified networks fall into three approaches. Properties and examples for each approach are presented, and advantages and disadvantages discussed.

To Catch a Thief in the Cloud: A Paradigm for Law Enforcement


Control over most of the world’s data including national security, criminal investigations, medical secrets, intellectual property, and a host of other important rights and responsibilities is governed by a paradigm that is conducted in the Internet ‘cloud’. Based on empirical research and an analysis of international and national legal regimes, case decisions, and forensic case analysis, this paper explores the challenges of reaching into the cloud and the proactive measures that will be necessary to improve legal certainty in the global electronic marketplace. The paper then considers the international and national frameworks necessary for control over the predators in the cloud, and the nature and type of evidentiary and jurisdictional issues that may arise in courts of law and tribunals around the globe.

On Operational-Level Cybersecurity Strategy Formation


An operational-level cybersecurity strategy formation reveals ways of figuring out an optimal sequence of the most efficient and effective actions that may lead to the success of a cyber operation. Unfortunately, it is not well explored. This paper proposes a new operational-level cybersecurity-strategy-formation framework, which is capable of linking various strategies together in a systematic and consolidated way so that the most optimal and effective solution can be quickly selected. This paper also evaluates the proposed approach and suggests areas for further study.

Cybersecurity Economics: Induced Risks, Latent Costs, and Possible Controls


Financial decisions indirectly affect and are affected by the effort towards Information Security. The ‘Economics of Cybersecurity’ should thus constitute a significant part of the Information Security Posture Assessment process and should be directly addressed in this context. As the complexity and interdependency of Information Systems augments and new technologies lead to the de-materialisation of Information Systems assets, it becomes progressively evident that the conflicting interests and incentives of the various stakeholders of an Information System affect its overall Information Security Posture, perhaps even more significantly than technical or policy limitations do. This paper examines economic considerations from an Information Systems Security/Cybersecurity viewpoint and proposes new directions that may both help reduce the problem from a collective point of view, as well as lead to the creation of methodologies to ultimately integrate economics, along with technical and non-technical issues, into an Organisation’s Information Security Posture Assessment process.

Cyber Counterintelligence: Back to the Future


It is generally accepted that conventional cyber security generally has failed.  As such, Cyber Counterintelligence (CCI) is fast gaining traction as a practicable approach to secure and advance our own interests effectively. To be successful, CCI should be an integral part of multi-disciplinary Counterintelligence (CI)–conceptually and in practice. With a view to informing sound CCI practice, this paper conceptualises CCI as a part of CI. It proceeds with going back to some time-tested CI constructs and applies these to the cyber realm. In so doing, this paper aims to offer a few building blocks toward a future of sound CCI theory and practice.

Developing a Strategic Framework for Managing Security in SCADA Systems


The Internet, originally an open distributed system, has gradually evolved into a complex network as a platform for global connectivity. Today, the Internet hosts complex electronic and engineering systems (such as Supervisory Control and Data Acquisition – SCADA – systems) deployed to manage critical infrastructures. The Internet has become a platform for transporting high volumes of critical information worldwide. Securing sensitive information and safeguarding operations of critical infrastructure management systems has become critical. SCADA systems are deployed, complex operations that play a vital role in managing critical resources. This paper elaborates on the need for a holistic approach for managing the security of complex infrastructures and recommends a strategic model for security management of SCADA systems.

Understanding the Co-Evolution of Cyber Defenses and Attacks to Achieve Enhanced Cybersecurity


This article examines the notion of cyberattack-and-defend co-evolution as a mechanism to better understand the influences that the opposing forces have on each other. The concept of co-evolution has been most commonly applied to a biological context involving living organisms and nature-based adaptations, but it can be applied to technological domains as well. Cybersecurity strategies based solely on technological features of attack-and-defend adaptations do not immediately reveal a co-evolutionary relationship and are typically seen more as cyber arms races. In order to leverage cyber co-evolution in support of cybersecurity, the human-driven behaviors of cyberattack-and-defend adaptations have to be incorporated. In other words, the mission must serve to drive human motives and goals, and in many cases, must limit the scope of an attacker’s adaptations.

I Want My Smartphone. I Want It Now. And I Want to Connect to Everything from Anywhere… Now!


Even the classified enterprise is going mobile. Trolls and Luddites cannot prevent it. But the bridge to be crossed to mobility nirvana (a secure, cheap, and user-beloved system) is still rickety with many places where one can fall into the chasm of lost data. The forces of malware, user sloth, shoddy component design, and poor system architecture are arrayed against safe passage. But one is not alone. Assisting the crossing are a number of laws requiring privacy and security measures, government programs that induce superior products, policies written for both public and private sector enterprises, standards bodies, and, most of all customers demanding security from vendors. This paper will look at the mobility mission, the threat to mobile, the secure enterprise architectures using defense in depth, the state of security in system components and how that is being improved through a number of efforts, and the impact of new technology.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.










Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
  • 757.871.3949