Vulnerabilities

Offensive Cyberspace Operations and Zero-days: Anticipatory Ethics and Policy Implications for Vulnerability Disclosure

Abstract:

This article addresses the question under which circumstances zero-day vulnerabilities should be disclosed or used for offensive cyberspace operations. Vulnerabilities exist in hardware and software and can be seen as a consequence of programming errors or design flaws. The most highly sought are so-called zero-day-vulnerabilities. These vulnerabilities exist but are unknown and, when exploited, enable one way of entry into a system that is otherwise not thought possible. Therefore, from an anticipatory ethics perspective, it is important to understand in what cases zero-days should be disclosed or not.

Development of a Cyber-Threat Intelligence-Sharing Model from Big Data Sources

Abstract:

As data in cyberspace continues to grow because of the ubiquity of Information Communication Technologies (ICT), it is becoming challenging to obtain context-aware, actionable information from Big Data to timely detect and respond to cyberattacks that are increasing in severity, complexity, and frequency. In fact, cybercriminals are developing and sharing advanced techniques for their cyber espionage, reconnaissance missions, and ultimately devastating attacks. In order to reduce cybersecurity risks and strengthen cyber resilience, strategic cybersecurity information-sharing is a necessity. This article discusses one way of handling large volumes of unstructured data that have been generated by multiple sources across different sectors into a cyber-threat intelligence-sharing model.

A New Avenue of Attack: Event-driven System Vulnerabilities

ABSTRACT

Hacker Warfare is the type of Information Warfare that involves the inflicting of damage to the digital infrastructure of the enemy by exploiting security vulnerabilities. In this paper we discuss for the first time the exploitation of event-driven systems in order to inflict this type of damage. As an attacker may use command line parameters and network data to exploit security vulnerabilities in local and network applications respectively, he can use events against event-driven applications.

Minimizing Network Risk with Application to Critical Infrastructure Protection

ABSTRACT

The risk posed by natural disasters and terrorist attacks on critical infrastructure sectors such as the power grid, water supply, and telecommunication systems can be modeled by network risk. However, there is currently no definition of risk for a network. A new definition of network risk is proposed and applied to optimal allocation of a fixed budget such that network risk is minimized for two cost models: Linear and non-linear. It is shown that in both cases, risk minimization is achieved by ranking nodes and links according to their damage value and degree sequence. Furthermore, the critical nodes and links are identified as those with the highest allocation of funds.

Cyber Maturity as Measured by Scientific-Based Risk Metrics

ABSTRACT

One of the major challenges of information warfare is how to effectively combat existing and future cyber threats and vulnerabilities. In this paper, a quantifiable and rigorous approach for entities (governments, organizations, etc.) is proposed to better assess their ‘cyber maturity’ level. The authors also propose to examine the reliability and security of networks in terms of scientific-based risk metrics. The risk metrics are built upon (1) a ‘modified’ CVSS Base Score using the Analytic Hierarchy Process (AHP), and (2) the foundation of repeatable quantitative characteristics (‘for example’ vulnerabilities). A case study is examined which highlights the resulting benefits and challenges.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com