Cybersecurity

Assessing Cyber Security Threats and Risks in the Public Sector of Greece

Abstract:

Organisations having to cope with new threats and risks are increasing their focus and looking at novel ways to improve their cyber security assurance. As critical national infrastructures are becoming more vulnerable to cyberattacks, their protection becomes a significant issue for EU member states. The National Cyber Security Authority of Greece (NCSA) takes all necessary steps towards a secure Greek cyberspace.

Published In

Volume 19, Issue 1

Adversarial Artificial Intelligence: State of the Malpractice

Abstract:

ArtificialIntelligence (AI), widely deployed in society, is rapidly becoming the next major battleground. Our society depends on the power of AI to solve problems in multiple domains—including commercial, infrastructural, and military systems. But AI is also vulnerable to a variety of attacks, some of which are common across many types and deployments of AI.

Published In

Volume 18, Issue 4

Written By

Glenn A. Fink

Cyber Threat Screening Using a Queuing-Based Game-Theoretic Approach

Abstract:

Dynamic and uncertain security environments, such as cyber systems, often involve strategic interactions among multiple decision-making agents. In this paper, the authors consider a cybersecurity setting in which a system administrator (defender) has to screen malicious service requests from an attacker seeking to exhaust available cyber resources and inconvenience users with legitimate requests. This paper proposes a novel cyber-threat inspection model, based on Stackelberg games, that unifiesaspects of Threat Security Games with the Erlang-B queuing framework to provide equilibrium strategies for both the attacker and defender.

Published In

Volume 18, Issue 4

Enabling Situational Awareness in Operational Technology Environments through Software Defined Networkin

Abstract:

Network situational awareness has long been associated with the task of aggregating system logs to determine activity and events ongoing in the network. However, this current method of obtaining situational awareness does not clearly address the mission of a facility or organisation, the key customers at stake, and the real-time statuses of the critical infrastructures. 

Published In

Volume 18, Issue 4

Software-Defined Networking Traffic Engineering Process for Operational Technology Networks

Abstract: 

Network designs are often functional with little consideration for security. Growth and maintenance of critical infrastructure, mission-focused networks can be ad hoc and can preclude large-scale technology replacements, reconfigurations,or even patching. These restrictions are contributing factors to increased vulnerabilities. 

Published In

Volume 18, Issue 4

Africa’s Contribution to Academic Research in Cybersecurity: Review of Scientific Publication Contributions and Trends from 1998 to 2018

Abstract: 

Contributions of scientific knowledge in cybersecurity are made by researchers glob- ally, where the focus and scope differ based on the development and challenges in cybersecurity faced by each country. This study examines the publication contributions and trends of African re- searchers in the field of cybersecurity for a period of 20 years (1998 to 2018). 

Published In

Volume 18, Issue 2

Written By

Suné von Solms

No Silver Lining: Information Leakage in Cloud Infrastructures

Abstract:

As more businesses and individuals migrate their workloads to cloud infrastructures, many are unaware of a potential issue inherent in these systems: information leakage, the potential inadvertent release of data through a Virtual Machine (VM) to another VM, which then transfers the information to a third party.

Published In

Volume 18, Issue 1

Written By

William R Mahoney

Implications of Privacy & Security Research for the Upcoming Battlefield of Things

Abstract:

This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements. 

Published In

Volume 17, Issue 4

Cyber-Securing Super Bowl 50: What Can a Live-Fire Football Match Teach Students about Becoming Better Cybersecurity Professionals?

Abstract:

The rise and regularity of cybersecurity incidents have increased the demand for trained workforce professionals. Institutions of higher education have responded by including practical hands-on exercises such as capstones, labs, and simulated attack-and-defend ‘Capture-the-Flag’ scenarios. Many degree programs also encourage students to gain experience via internships. 

Published In

Volume 17, Issue 4

Understanding Operator Fatigue, Frustration, and Cognitive Workload in Tactical Cybersecurity Operations

Abstract:

While the human factors of mission critical systemd weapons systems have been extensively studied, there has been little work on cyber operations. As with any system, the perfect storm of complex tasks in a high-risk environment takes an incredible toll on human operators, leading to errors, decreased performance, and burnout. An extensive studtacticaly of  cyber operations at the National Security Agency found that operator fatigue,  frustration,  and  cognitive  workload  significantly  increase  over  the  course  of  an operation. A discussion of these findings helps us understand the impact that the high-stress, high-risk environment of tactical cyber operations has on its ops such as air traffic control anerators.

Published In

Volume 16, Issue 2

Friend or Faux: Deception for Cyber Defense

Abstract:

Defensive deception provides promise in rebalancing the asymmetry of cybersecurity. It makes an attacker’s job harder because it does more than just block access; it impacts the decision making causing him or her to waste time and effort as well as expose his or her presence in the network. Pilot studies conducted by NSA research demonstrated the plausibility and necessity for metrics of success including difficulty attacking the system, behavioral changes caused, cognitive and emotional reactions aroused, and attacker strategy changes due to deception. Designing reliable and valid measures of effectiveness is a worthy (though often overlooked) goal for industry and government alike.

Published In

Volume 16, Issue 2

DDoS Attack Simulation to Validate the Effectiveness of Common and Emerging Threats

Abstract:

Distributed Denial of Service (DDoS) attacks are a persistent cyber threat and a growing concern in computer security. This paper seeks to analyse DDoS attacks and the technologies that have been developed in an attempt to combat their effectiveness. This paper includes results from a DDoS simulation using commercial hardware appliances to both demonstrate and measure the effectiveness of DDoS attacks on a targeted victim. The simulation validates the relevance of these hardware appliances in identifying and reducing network vulnerabilities. This paper also provides insight on the current impact of DDoS attacks globally and the threat that these attacks pose in the future.

Published In

Volume 16, Issue 1

Written By

Ross J Gordon

Enhancing Cybersecurity by Defeating the Attack Lifecycle: Using Mobile Device Resource Usage Patterns to Detect Unauthentic Mobile Applications

Abstract:

Attacks are usually orchestrated based upon the motivation of the attackers, who are becoming increasingly savvy, better resourced, and more committed. This article examines cyber threats and vulnerabilities through the eyes of the perpetrator. To begin, the authors discuss some counter approaches that have produced limited benefits at best, and then introduce a novel approach that details the use of mobile device resource usage to discern unauthentic mobile applications from authentic applications.

Published In

Volume 15, Issue 3

Development of a Cyber-Threat Intelligence-Sharing Model from Big Data Sources

Abstract:

As data in cyberspace continues to grow because of the ubiquity of Information Communication Technologies (ICT), it is becoming challenging to obtain context-aware, actionable information from Big Data to timely detect and respond to cyberattacks that are increasing in severity, complexity, and frequency. In fact, cybercriminals are developing and sharing advanced techniques for their cyber espionage, reconnaissance missions, and ultimately devastating attacks. In order to reduce cybersecurity risks and strengthen cyber resilience, strategic cybersecurity information-sharing is a necessity. This article discusses one way of handling large volumes of unstructured data that have been generated by multiple sources across different sectors into a cyber-threat intelligence-sharing model.

Published In

Volume 15, Issue 3

U.S. Energy Sector Cybersecurity: Hands-off Approach or Effective Partnership?

Abstract:

Recent reporting has identified significant threats to the U.S. energy’s critical infrastructure from nation states and other groups through cyberspace. Efforts to improve the security and resilience of U.S. energy infrastructure relies upon voluntary partnerships between the U.S. Government and public and private energy infrastructure owners.

Published In

Volume 15, Issue 1

A Semantic Approach to Modelling of Cybersecurity Domain

Abstract: 

This paper addresses the issue of mastering the complex body of knowledge that is relevant for cybersecurity. The wide spectrum of threats and wide variety of resources are considered, and a semantic approach is proposed, as it seems not to be referred to very often in this context. The authors here examine how semantic technology may address the nature of this body of knowledge. Ultimately, the article seeks to enable sharing of security-related knowledge across separate sources of data concerning various entities, such as vulnerabilities and attack types, and also across communities of IT professionals, hackers, defence researchers, and others.

Published In

Volume 15, Issue 1

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

(

2

3

4

8

9

A
AI
APT

a

B

C
C2
C2S
CDX
CIA
CIP
CPS

D
DNS
DoD
DoS

E

e

F

G

H

I
IA
ICS

i

J

K

L

M

N

O

P

Q

R

S
SOA

T

t

U

V

W

X
XRY

Y

Z

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com