Cyber Security

Cybersecurity and Global Governance


To understand better the challenges of developing a unified system of global cyber governance, a comparative analysis of national cybersecurity strategy and frameworks in 10 countries and the European Union from diverse regions in both the developed and developing world was conducted. Based on empirical research and an analysis of national and international cybersecurity strategies and policies, this paper explores the challenges and benefits of establishing a global legal and policy framework for cyber activity that advances the goals of national intelligence and technological innovation, while enhancing confidence and improving legal certainty in the global electronic marketplace.

A Human-Centric Approach to Cybersecurity: Securing the Human in the Era of Cyberphobia


Cybersecurity relates to the threats posed to a nation’s critical infrastructure, but should not be limited to the traditional concept of national security. The militarization of the cybersecurity discourse has produced a security dilemma, which is not sufficiently addressing the needs of people. This article highlights this shortcoming and views cybersecurity through a human-centric perspective. The challenge ahead is to establish a governance regime for cyberspace that successfully addresses human rights norms.

A Case Study in the Security of Network-enabled Devices


It is becoming increasingly common for appliances and other electronic devices to be network-enabled for usability and automation purposes. There have been fears that malicious users can control such devices remotely. Since the installation base of such network-enabled household devices is still relatively small, we examine the types of vulnerabilities that another such appliance has, the network-enabled printer, which is commonly found in the education and business sector. In this paper we analyze the source of the vulnerabilities and present detailed threat scenarios. In addition, we examine four organizations in Australia and Europe. Based on the results of the case study, we draw conclusions on the effects of an information warfare attack using network-enabled devices as the medium.

If You Go Down to the Internet Today – Deceptive Honeypots


This is preliminary research into the effectiveness of deceptive defensive measures in particular honeypots that use deceit as a primary defensive and offensive mechanism. Initial research has been conducted using the Deception Tool Kit and its ability to fool commonly available network scanning tools such as Nessus and Nmap The preliminary research indicates that these deceptive tools have a place in modern network defense architecture.

Accessing Security Incident Information on the Internet


Computer security Incident Response teams have emerged due to the increase of computer crime. These can be national, international or organization based. Maintaining a CSIRT poses a number of problems. In this paper the authors describe two of the technical problems that CSIRT’s have, the storage and the acquisition of incident data. The paper describes a system based on the CORBA model that can be used for the efficient management of the incident recording database. The proposal also provides for alternative ways of accessing the database by companies and security analysts.

Dominating the Attacker: Use of Intelligence and Counterintelligence in Cyberwarfare


In the event of cyberwarfare the defender must harden the attacker’s target by secure design,
a defined security perimeter, and a suite of tools. Indeed, the defender must be ever alert and ready to react to attack. Over many years, defenders in traditional warfare have learned to predict the style, magnitude and possible outcomes of a physical attack, and how to deceive and confuse an attacker with the objective of changing the outcome. Perhaps the cyberwarfare defender can take a similar approach, by employing intelligence and counterintelligence techniques that are superior to those of the attacker.

Design of a High Performance Implementation of the Rijndael Cipher Using Three-Level Architecture


For a long period of time, the Data Encryption Standard (DES) was considered as a standard for the symmetric key encryption. It has a key length of 64 bits. Due to the vast growing of processing speed, this small key length can easily be broken. According to the National Institute of Standards and Technology (NIST), the Advanced Encryption Standard (AES) will replace DES, as it is based on a key length of 128-bits or more. In the present paper, a design of a high performance implementation of the AES cipher will be proposed. An experimental performance evaluation of the proposed design will be provided. The experimental study will be applied for different block size lengths of the message to be encrypted. The performance of the proposed design will be evaluated considering a set of criteria such as the average execution encryption time per round, average encryption speed, speedup, and efficiency.

Cybersecurity’s Can of Worms


Security frameworks are reassessed and recreated in response to political paradigm shifts or revolutions, as was the case at the abrupt end of the Cold War. The two decades since however, have seen the advent of a different type of revolution, namely that of information and communication technologies, leading to a world interconnected and globalised as never before. The daily reliance on cyberspace and its criminal usage by some raises questions of security for individuals, states and international systems alike. Given this level of dependence and interdependence it is surprising to note how little these aspects feature in current security frameworks. The aim of this paper is to address cybersecurity in relation to Hansen and Nissenbaum’s view of the Copenhagen School and as a result to propose an initial alternative model.

Survivability in Cyberspace Using Diverse Replicas: A Game-Theoretic Approach


Survivability represents the quantified ability of a system, subsystem, equipment, process or procedure to function continually during and after a disturbance. Almost invariably, replication of a subsystem or procedure is necessary to meet a system’s survivability requirements. Diversity will prevent the same fault or attack from damaging all the replicas so that they can continue the mission. This research shows that the more dangerous vulnerabilities (that is, those that affect more replicas) in a system are sometimes less likely to be exploited. This work uses the mathematical framework of game theory to show the significance of replica diversity for mission survival in cyberspace.

Antivirus False-Positive Alerts, Evading Malware Detection, and Cybersecurity Issues


The continuous development of evolving malware types creates a need to study and understand how antivirus products detect and alert users. This paper investigates today’s antivirus solutions and how their false-positive alerts affect software development and the distribution process. The authors discuss and demonstrate how antivirus detection deals with bespoke applications and how this can be reversed and manipulated to evade detection, allowing the process to be used by malicious software developers. The paper also demonstrates how an undetected malicious piece of software can be developed without using advanced hiding techniques, which will also be capable of overcoming reputation-based detection systems.

Strategic Communication for Cyber-security Leadership


The purpose of this paper is to form a preliminary hypothesis about how to identify characteristics that a leader needs to focus on when aiming at cyber-security leadership. The paper studies the key concepts and terms of cyber security and presents the physical world and the cyber world framework. The paper refers to a system model of a society and uses that model to analyze the results of two limited media surveys about cyber-related newspaper articles.  The media surveys indicate a strong need to organize the cyber world.

Critical Infrastructure Protection Policy: The Israeli Experience


This article presents the Critical Infrastructure Protection (CIP) policy in Israel and analyses its evolution. Israel established a centralist national critical infrastructure protection system in late 2002, which was implemented rather harmoniously. However, the evolving cyber-environment has led to renewed discussions. After years of discontent, a comprehensive review of national cyber-posture was conducted in 2011. Significant policy changes, fostering coordinated cooperation between public, security, academic, and private sectors, are now in progress. This examination of the Israeli CIP approach may assist policy-making in other countries.

PrEP: A Framework for Malware & Cyber Weapons


The contemporary debate over cybersecurity rests on a set of linguistic artifacts that date from the Cold War. Attempting to glean a starting point for debate over use of terms such as ‘cyber attack’ or ‘cyber war’ is difficult, largely because there is little agreement on what constitutes a weapon in cyberspace. This paper proposes a new framework to classify malware and cyber weapons based on the different pieces of malicious code that constitute them, then evaluates competing definitions of cyber weapons, and concludes with implications for this approach.

Radio Frequency Fingerprinting through Preamble Manipulation


This paper demonstrates a novel and complementary approach to exploiting physical-layer differences among wireless devices. This research records packets with standard-length IEEE 802.11b preambles using a software defined radio, manipulates the recorded preambles by shortening their length, then replays the altered packets toward the transceivers under test. Five transceiver types from three manufacturers are distinguishable by analysing differences in packet reception with respect to preamble length with greater than 99% accuracy using a small number of test packets.  The results demonstrate that preamble manipulation is effective for multi-factor device authentication, network intrusion detection, and remote transceiver type fingerprinting.

Cyber-Mugging: Summary and Analysis of a Simulated ICS/SCADA Attack


In a representative Industrial Control System (ICS)/Supervisory Control And Data Acquisition (SCADA) laboratory environment, a simulated cyber attack suggests that an attacker with a low to moderate level of technical proficiency may utilize common, publicly-available tools and techniques to obtain complete control of the ICS environment. The cyber-physical relationship between information systems and industrial machinery has created environments where limited resources may be leveraged to trigger significant physical effects. The feasibility that such an incident has the potential to cause significant disruptive effects directly challenges the current paradigm that state-level resources are required to inflict catastrophic results.

Securing the Cloud


This paper will review cloud technology utilized to support the Intelligence Community and will specifically address the National Security Agency’s research into vulnerabilities and risks related to cloud-based systems. Current implementation plans will be discussed for a multi- agency private cloud architecture that is under development. The paper will also review security challenges for a cloud architecture and will address specific technologies, such as data tagging, digital policy management, encryption, identity and access management, and auditing, along with intrusion detection and prevention.

Using Classified Intelligence to Defend Unclassified Networks


Intelligence services, such as the National Security Agency, have access to unique information about adversarial cyber-exploitation and -attack capabilities. Nations such as the United States should be employing this unique but sensitive information in the defense of national security, government, critical infrastructure, and other networks, but doing so may expose the sources and methods behind the intelligence. Once exposed, access to that unique information may be lost. This paper describes the dilemma, presents a partial taxonomy of use cases for which solutions are needed, and offers avenues for supplying those solutions. In particular, solutions to the problem of using classified intelligence for defense of unclassified networks fall into three approaches. Properties and examples for each approach are presented, and advantages and disadvantages discussed.

To Catch a Thief in the Cloud: A Paradigm for Law Enforcement


Control over most of the world’s data including national security, criminal investigations, medical secrets, intellectual property, and a host of other important rights and responsibilities is governed by a paradigm that is conducted in the Internet ‘cloud’. Based on empirical research and an analysis of international and national legal regimes, case decisions, and forensic case analysis, this paper explores the challenges of reaching into the cloud and the proactive measures that will be necessary to improve legal certainty in the global electronic marketplace. The paper then considers the international and national frameworks necessary for control over the predators in the cloud, and the nature and type of evidentiary and jurisdictional issues that may arise in courts of law and tribunals around the globe.

On Operational-Level Cybersecurity Strategy Formation


An operational-level cybersecurity strategy formation reveals ways of figuring out an optimal sequence of the most efficient and effective actions that may lead to the success of a cyber operation. Unfortunately, it is not well explored. This paper proposes a new operational-level cybersecurity-strategy-formation framework, which is capable of linking various strategies together in a systematic and consolidated way so that the most optimal and effective solution can be quickly selected. This paper also evaluates the proposed approach and suggests areas for further study.

Cybersecurity Economics: Induced Risks, Latent Costs, and Possible Controls


Financial decisions indirectly affect and are affected by the effort towards Information Security. The ‘Economics of Cybersecurity’ should thus constitute a significant part of the Information Security Posture Assessment process and should be directly addressed in this context. As the complexity and interdependency of Information Systems augments and new technologies lead to the de-materialisation of Information Systems assets, it becomes progressively evident that the conflicting interests and incentives of the various stakeholders of an Information System affect its overall Information Security Posture, perhaps even more significantly than technical or policy limitations do. This paper examines economic considerations from an Information Systems Security/Cybersecurity viewpoint and proposes new directions that may both help reduce the problem from a collective point of view, as well as lead to the creation of methodologies to ultimately integrate economics, along with technical and non-technical issues, into an Organisation’s Information Security Posture Assessment process.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.












Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
  • 757.871.3949