No Silver Lining: Information Leakage in Cloud Infrastructures


As more businesses and individuals migrate their workloads to cloud infrastructures, many are unaware of a potential issue inherent in these systems: information leakage, the potential inadvertent release of data through a Virtual Machine (VM) to another VM, which then transfers the information to a third party.

Implications of Privacy & Security Research for the Upcoming Battlefield of Things


This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements. 

Cyber-Securing Super Bowl 50: What Can a Live-Fire Football Match Teach Students about Becoming Better Cybersecurity Professionals?


The rise and regularity of cybersecurity incidents have increased the demand for trained workforce professionals. Institutions of higher education have responded by including practical hands-on exercises such as capstones, labs, and simulated attack-and-defend ‘Capture-the-Flag’ scenarios. Many degree programs also encourage students to gain experience via internships. 

Understanding Operator Fatigue, Frustration, and Cognitive Workload in Tactical Cybersecurity Operations


While the human factors of mission critical systemd weapons systems have been extensively studied, there has been little work on cyber operations. As with any system, the perfect storm of complex tasks in a high-risk environment takes an incredible toll on human operators, leading to errors, decreased performance, and burnout. An extensive studtacticaly of  cyber operations at the National Security Agency found that operator fatigue,  frustration,  and  cognitive  workload  significantly  increase  over  the  course  of  an operation. A discussion of these findings helps us understand the impact that the high-stress, high-risk environment of tactical cyber operations has on its ops such as air traffic control anerators.

Friend or Faux: Deception for Cyber Defense


Defensive deception provides promise in rebalancing the asymmetry of cybersecurity. It makes an attacker’s job harder because it does more than just block access; it impacts the decision making causing him or her to waste time and effort as well as expose his or her presence in the network. Pilot studies conducted by NSA research demonstrated the plausibility and necessity for metrics of success including difficulty attacking the system, behavioral changes caused, cognitive and emotional reactions aroused, and attacker strategy changes due to deception. Designing reliable and valid measures of effectiveness is a worthy (though often overlooked) goal for industry and government alike.

DDoS Attack Simulation to Validate the Effectiveness of Common and Emerging Threats


Distributed Denial of Service (DDoS) attacks are a persistent cyber threat and a growing concern in computer security. This paper seeks to analyse DDoS attacks and the technologies that have been developed in an attempt to combat their effectiveness. This paper includes results from a DDoS simulation using commercial hardware appliances to both demonstrate and measure the effectiveness of DDoS attacks on a targeted victim. The simulation validates the relevance of these hardware appliances in identifying and reducing network vulnerabilities. This paper also provides insight on the current impact of DDoS attacks globally and the threat that these attacks pose in the future.

Enhancing Cybersecurity by Defeating the Attack Lifecycle: Using Mobile Device Resource Usage Patterns to Detect Unauthentic Mobile Applications


Attacks are usually orchestrated based upon the motivation of the attackers, who are becoming increasingly savvy, better resourced, and more committed. This article examines cyber threats and vulnerabilities through the eyes of the perpetrator. To begin, the authors discuss some counter approaches that have produced limited benefits at best, and then introduce a novel approach that details the use of mobile device resource usage to discern unauthentic mobile applications from authentic applications.

Development of a Cyber-Threat Intelligence-Sharing Model from Big Data Sources


As data in cyberspace continues to grow because of the ubiquity of Information Communication Technologies (ICT), it is becoming challenging to obtain context-aware, actionable information from Big Data to timely detect and respond to cyberattacks that are increasing in severity, complexity, and frequency. In fact, cybercriminals are developing and sharing advanced techniques for their cyber espionage, reconnaissance missions, and ultimately devastating attacks. In order to reduce cybersecurity risks and strengthen cyber resilience, strategic cybersecurity information-sharing is a necessity. This article discusses one way of handling large volumes of unstructured data that have been generated by multiple sources across different sectors into a cyber-threat intelligence-sharing model.

U.S. Energy Sector Cybersecurity: Hands-off Approach or Effective Partnership?


Recent reporting has identified significant threats to the U.S. energy’s critical infrastructure from nation states and other groups through cyberspace. Efforts to improve the security and resilience of U.S. energy infrastructure relies upon voluntary partnerships between the U.S. Government and public and private energy infrastructure owners.

A Semantic Approach to Modelling of Cybersecurity Domain


This paper addresses the issue of mastering the complex body of knowledge that is relevant for cybersecurity. The wide spectrum of threats and wide variety of resources are considered, and a semantic approach is proposed, as it seems not to be referred to very often in this context. The authors here examine how semantic technology may address the nature of this body of knowledge. Ultimately, the article seeks to enable sharing of security-related knowledge across separate sources of data concerning various entities, such as vulnerabilities and attack types, and also across communities of IT professionals, hackers, defence researchers, and others.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.










Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
  • 757.871.3949