To see the other types of publications on this topic, follow the link: Cyber defensive.
Journal articles on the topic 'Cyber defensive'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Cyber defensive.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Huntley, Wade, and Timothy Shives. "The Offense-Defense Balance in Cyberspace." European Conference on Cyber Warfare and Security 23, no. 1 (June 27, 2024): 836–43. http://dx.doi.org/10.34190/eccws.23.1.2500.
Full textAbstract:
The study of cyber strategy and its implications for international security has become increasingly crucial, necessitating an examination of the unique challenges posed by the dynamic and stealthy nature of the cyber domain. This paper addresses whether offensive or defensive strategies prevail in cyberspace, especially in light of evolving technological landscapes and debates over cyber threats. By applying offense-defense theory from international relations, the research explores the nuanced relationship between offensive and defensive operations in cyberspace. Despite prevalent views favoring offense dominance, recent skepticism questions the severity of cyber threats and suggests a possible overemphasis on offensive operations. This paper systematically examines the core concepts, findings, and operational variables of offense-defense theory, providing clarity to the conceptual debates surrounding cyber conflict. Recognizing the unique characteristics of the cyber domain, it urges a careful consideration of biases that may distort judgments about offense dominance. The evolving nature of cyberspace and its potential for redesign introduces caution and underscores the need for a nuanced understanding of the offense-defense balance. The preliminary assessment concludes that the question of whether offense or defense "dominates" in cyberspace is overly simplistic. Given the intricate interactions of cyber capabilities, other coercive means available to states, and the dynamic evolution of cyber technology, this question can only be answered within specific contextual and chronological boundaries. Within such conditions, the state of the offense-defense balance is crucial to tactical and operational decision-making. At the strategic policymaking level, the more coherent question is how cyber technologies are shifting the balance of advantages between offense and defense in the overall military posture of states. In essence, this paper provides valuable insights into the ongoing discourse on cyber strategy, theoretical frameworks, and nuanced analyses to inform policy and strategic decision-making in the face of evolving cyber threats.
2
Galinec, Darko. "Cyber Security and Cyber Defense: Challenges and Building of Cyber Resilience Conceptual Model." International Journal of Applied Sciences & Development 1 (March 1, 2023): 83–88. http://dx.doi.org/10.37394/232029.2022.1.10.
Full textAbstract:
Cyber security encompasses a broad range of practices, tools and concepts related closely to those of information and operational technology security. Cyber security is distinctive in its inclusion of the offensive use of information technology to attack adversaries. Use of the term cyber security as a key challenge and a synonym for information security or IT security misleads customers and security practitioners and obscures critical differences between these disciplines. Recommendation for security leaders is that they should use the term cyber security to designate only security practices related to the defensive actions involving or relying upon information technology and/or operational technology environments and systems. Cyber defense is a computer network defense mechanism which includes response to actions and critical infrastructure protection and information assurance for organizations, government entities and other possible networks [3]. In this paper, we investigate how cyber security and cyber defense may lead to cyber resilience with the novel model of cyber resilience designed and presented. Furthermore, within the same model authors investigate actions for cyber security and cyber defense in conditions of increasing challenge of cyber-attacks and the limited capabilities to respond to this threat describing the process of creation, performance and future of EU Cyber Rapid Response Teams (abbr. CRRT) and Mutual Assistance in Cyber Security, introducing novel approach to cyber security and cyber defense at the EU level.
3
Segell, Glen. "Consistency of Civil-Military Relations in the Israel Defense Forces: The Defensive Mode in Cyber." Journal of Advanced Military Studies 12, no. 1 (April 30, 2021): 86–111. http://dx.doi.org/10.21140/mcuj.20211201004.
Full textAbstract:
The Israel Defense Forces (IDF) has four battle threats, where cyber is equitable to conventional (state), subconventional (nonstate), and nonconventional. An escalation in one could lead to an overall escalation in all. In the political areas and, by extension, in civil-military relations (CMR), the IDF has a defensive mode as routine, while an offensive mode is manifest rarely in emergencies and war. The IDF is engaged in a total war in a defensive mode yet a limited war in the offensive mode as Israel’s adversaries do not share the same policies with regular cyber and terror attacks against civilian, government, and military targets. There is consistency in all four threats. Fencing, active defense, and preventive and preemptive strikes dominate.
4
Duvenage, Petrus, Wilhelm Bernhardt, and Sebastian Von Solms. "Cyber power in the African context: an exploratory analysis and proposition." European Conference on Cyber Warfare and Security 22, no. 1 (June 19, 2023): 177–86. http://dx.doi.org/10.34190/eccws.22.1.1046.
Full textAbstract:
While the centrality of cyber power in the safeguarding and advancing nation states’ national interests and objectives is now widely accepted, the academic discourse (on cyber power) is still incipient. In literature reviewed, cyber power is predominantly viewed as comprising of two dimensions, namely offensive and defensive. The exploratory analysis we conducted found that Africa’s unique, contextual factors necessitate an expanded conceptualisation of cyber power. This alternative conceptualisation does not dispute the existing notion that cyber power has offensive and defensive dimensions. The fact that cyber is by its very nature borderless and that African countries function in an interconnected global arena of competition and conflict, are also not contested. What is required is the addition of a third dimension to cyber power, namely developmental power. This paper advances a tentative proposition on a cyber-power triad (with offensive, defensive and developmental dimensions). This proposition, we argue, is more apposite to African countries’ national objectives —strategically and in the allocation of resources. At least on a notional level, the cyber-power triad can guide the leveraging of the asymmetric advantages that cyber space offers African nation states and in a manner that pursues all three (cyber power) dimensions in a complementary manner. Such synergetic wielding of cyber power is one of the keys indispensable to African countries addressing their substantial challenges and unlocking their vast potential.
5
Pattison, James. "From defence to offence: The ethics of private cybersecurity." European Journal of International Security 5, no. 2 (May 19, 2020): 233–54. http://dx.doi.org/10.1017/eis.2020.6.
Full textAbstract:
AbstractThe cyber realm is increasingly vital to national security, but much of cybersecurity is provided privately. Private firms provide a range of roles, from purely defensive operations to more controversial ones, such as active-cyber defense (ACD) and ‘hacking back’. As with the outsourcing of traditional military and security services to private military and security companies (PMSCs), the reliance on private firms raises the ethical question of to what extent the private sector should be involved in providing security services. In this article, I consider this question. I argue that a moderately restrictive approach should be adopted, which holds that private firms can justifiably launch some cybersecurity services – defensive measures – but are not permitted to perform others – offensive measures.
6
Alothman, Basil, Aldanah Alhajraf, Reem Alajmi, Rawan Al Farraj, Nourah Alshareef, and Murad Khan. "Developing a Cyber Incident Exercises Model to Educate Security Teams." Electronics 11, no. 10 (May 14, 2022): 1575. http://dx.doi.org/10.3390/electronics11101575.
Full textAbstract:
Since cyber attacks are increasing and evolving rapidly, the need to enhance cyber-security defense is crucial. A cyber incident exercise model is a learning technique to provide knowledge about cyber security to enhance a security team’s incident response. In this research work, we proposed a cyber incident model to handle real-time security attacks in various scenarios. The proposed model consisted of three teams: (1) the black team, (2) the red team, and (3) the blue team. The black team was a group of instructors responsible for setting up the environment. They had to educate the red and blue teams about cyber security and train them on facing cyber attacks. Once the training period was completed, the members were divided into two teams to conduct a cyber-security competition in a cyber game scenario. Each of the two teams performed a different task. The red team was the offensive team that was responsible for launching cyber-security attacks. The blue team was the defensive team that was responsible for countering attacks and minimizing the damage caused by attackers; they had to conduct both cyber-security configuration and incident handling. During the scenario, the black team was responsible for guiding and monitoring both the red and the blue teams, ensuring the rules were applied throughout the competition. At the end of the competition, the members of each team changed with each other to make sure every team member was using the knowledge they gained from the training period and every participant was evaluated impartially. Finally, we showed the security team’s offensive and defensive skills via the red team and the blue team, respectively.
7
Awan, Jawad Hussain, Shahzad Memon, Sheeraz Memon, Kamran Taj Pathan, and Niaz Hussain Arijo. "Cyber Threats/Attacks and a Defensive Model to Mitigate Cyber Activities." Mehran University Research Journal of Engineering and Technology 37, no. 2 (April 1, 2018): 359–66. http://dx.doi.org/10.22581/muet1982.1802.12.
Full text
8
Slayton, Rebecca. "What Is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment." International Security 41, no. 3 (January 2017): 72–109. http://dx.doi.org/10.1162/isec_a_00267.
Full textAbstract:
Most scholars and policymakers claim that cyberspace favors the offense; a minority of scholars disagree. Sweeping claims about the offense-defense balance in cyberspace are misguided because the balance can be assessed only with respect to specific organizational skills and technologies. The balance is defined in dyadic terms, that is, the value less the costs of offensive operations and the value less the costs of defensive operations. The costs of cyber operations are shaped primarily by the organizational skills needed to create and manage complex information technology efficiently. The current success of offense results primarily from poor defensive management and the relatively simpler goals of offense; it can be very costly to exert precise physical effects using cyberweapons. An empirical analysis shows that the Stuxnet cyberattacks on Iran's nuclear facilities very likely cost the offense much more than the defense. The perceived benefits of both the Stuxnet offense and defense, moreover, were likely two orders of magnitude greater than the perceived costs, making it unlikely that decisionmakers focused on costs.
9
Armstrong, Miriam E., Keith S. Jones, and Akbar Siami Namin. "Framework for Developing a Brief Interview to Understand Cyber Defense Work: An Experience Report." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 61, no. 1 (September 2017): 1318–22. http://dx.doi.org/10.1177/1541931213601812.
Full textAbstract:
Cyber defense is increasingly important for the wellbeing of our economy and our national defense. Universities can help meet our growing cybersecurity needs by training the next generation of cyber defenders, and it is crucial that the curricula for such programs are designed to prepare students for the type of work that is performed in the field. Unfortunately, collecting data about cyber work is hindered in situations where cybersecurity professionals are uncomfortable with traditional human factors work analysis methods. Four potential constraints are 1) no naturalistic observations, 2) anonymity and safety, 3) short data collection time, and 4) no deep process questions. We developed a brief interview technique that allowed us to measure the importance of knowledge, skills, and abilities related to offensive and defensive cyber work. Based on our experience using this technique, it fits within the four potential constraints to cyber research and produces information that is directly applicable to the development of cybersecurity curricula. Our technique could potentially be used for other research purposes and personnel selection and by researchers interested in other high-security populations.
10
Mali, Prashant. "Defining Cyber Weapon in Context of Technology and Law." International Journal of Cyber Warfare and Terrorism 8, no. 1 (January 2018): 43–55. http://dx.doi.org/10.4018/ijcwt.2018010104.
Full textAbstract:
This article describes how the interconnected world of today, or the cyber space so often called, is easily accessible through a wide array of devices and has an impact and reach beyond geo-political boundaries Owing to high levels of connectivity and the nature of E-governance activities today, the cyber space is rapidly becoming a potential global battlefield for cyber warfare among various state and non-state entities. An effective cyber weapon in this space is like an indicator of cyber power, its nature being offensive or defensive. Parameters of effectiveness and reliability range from the type of developer of the weapon, whether state or non-state to its longevity in time and technology and others like possibility of an economic implementation along with the scope of its usage. This article is aimed at analyzing existing definitions, opinions and notions about cyber weapons and defining the term cyber weapon from a techno-legal perspective, which could be universally acceptable and have characteristics of enforceability across all domains: civil, criminal & defense applications.
11
Huskaj, Gazmend. "Offensive Cyberspace Operations for Cyber Security." International Conference on Cyber Warfare and Security 18, no. 1 (February 28, 2023): 476–79. http://dx.doi.org/10.34190/iccws.18.1.1054.
Full textAbstract:
This work-in-progress research product covers Offensive Cyberspace Operations for Cyber Security or “Offensive Defense” for Cyber Security. Offensive cyberspace operations are shrouded in secrecy. From an intelligence perspective, this makes sense because of their development since Operation Desert Storm in 1991. The phenomenon, dubbed “Information Warfare,” and to the professionals’ surprise, they could remotely turn off an Iraqi power substation. However, the implication of remotely turning off the power substation was not only to cut off the power source to an Iraqi military headquarters, but it also meant cutting off the power to a nearby hospital, risking the lives of injured Iraqi soldiers protected by the Geneva Conventions. Since the 2000s and onwards, and with the US military recognizing cyberspace as a war-fighting domain, establishing United States Cyber Command (USCYBERCOM) may be a milestone. Thus, researchers have put much thought into cyberspace operations (offensive, defensive), such as doctrine, organizations, training, materials, leadership and education, personnel, facilities, and policy. One phenomenon, dubbed “defending forward,” was coined in the 2018 US Department of Defense Cyber Strategy. The idea is simple: take the fight to the adversary. Other terms include “hunt-forward operations” and “offensive defense.” Therefore, what is “Offensive Defense” for cyber security, and why now?
12
Kim, Charles. "Cyber-Defensive Architecture for Networked Industrial Control Systems." International Journal of Engineering and Applied Computer Science 02, no. 01 (January 25, 2017): 01–09. http://dx.doi.org/10.24032/ijeacs/0201/01.
Full text
13
Usman, S. D., S. B. Junaidu, A. A. Obiniyi, and M. B. Bagiwa. "A survey on global cyber-warfare and Nigerian’s cyber defensive strategy: A way forward." Scientia Africana 20, no. 3 (January 26, 2022): 241–56. http://dx.doi.org/10.4314/sa.v20i3.20.
Full textAbstract:
With two years having passed since the infamous cyber conflict between Estonia and Russia, on 08 May 2009 international society still lacks a coherent set of principles, rules, and norms governing state security and military operations in cyberspace. For parties committed to promoting the cause of peace and stability in a multipolar world, this is a troubling notion since history shows that the likelihood of a new arms race is high when disruptive technologies dramatically alter the means and methods of war. As more nations aspire to project national power in cyberspace, a new digital arms race appears to be imminent if not already upon us. Thus, there is a central question confronting international society and Nigeria in cyberspace: What steps can be taken both today and into the future to forestall a major arms race and interstate competition in cyberspace? In order to begin addressing this complex question from the perspective of the Euro-Atlantic Community, this paper discusses both the challenges and opportunities of regulating 21st century cyber warfare. The paper is divided into sections, which examine the evolution of the laws of armed conflict (LOAC) since the late 19th century, how the LOAC apply to cyber warfare as viewed primarily from a US perspective (since US scholars have dominated the international regime discourse thus far), and the historical facts on cyber warfare. The Nigerian roles in cyber defense strategy and what is needed to be done to meet up with a global regime for cyber warfare in respect of cyber defense are also highlighted. Global cyber strategies, threats/attacks, and types of cyber weapons d
14
Zajko, Mike. "Security against Surveillance: IT Security as Resistance to Pervasive Surveillance." Surveillance & Society 16, no. 1 (April 1, 2018): 39–52. http://dx.doi.org/10.24908/ss.v16i1.5316.
Full textAbstract:
This paper examines Five Eyes surveillance programs as a threat to IT (Information Technology) security and IT security as resistance to these programs. I argue that the most significant of Snowden's disclosures have been the Five Eyes agencies’ systematic compromise of the technologies, networks, and standards in use within their own countries and abroad. Attacks on domestic infrastructure contradict the defensive posture of these agencies but are consistent with the project of cyber security as defined by the Five Eyes. The cyber security project of the Five Eyes nations is expansive in scope and has proceeded along dangerous lines. By assigning signals intelligence agencies the dual role of exploiting IT systems as well as securing them, a contradiction has been baked into our evolving notion of cyber security. A comprehensive response should include political and legal reforms, disentangling the Five Eyes' offensive and defensive roles, and narrowing the scope of the cyber security project. However, the most effective forms of resistance for individuals and institutions so far have been through an increased emphasis on IT security practices.
15
Johnson, Craig J., Kimberly J. Ferguson-Walter, Robert S. Gutzwiller, Dakota D. Scott, and Nancy J. Cooke. "Investigating Cyber Attacker Team Cognition." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 66, no. 1 (September 2022): 105–9. http://dx.doi.org/10.1177/1071181322661132.
Full textAbstract:
Cyber attackers commonly operate in teams, which may process information collectively and thus, may be best understood when the team is treated as the unit of analysis. Future research in Oppositional Human Factors (OHF) should consider the impact of team-influencing and team-level biases and the impact that defensive interventions have on team cognition in general. Existing measurement approaches using team interactions may be well suited for studying red teams, and how OHF interventions impact cyber attackers.
16
Legg, Phil, Alan Mills, and Ian Johnson. "Teaching Offensive and Defensive Cyber Security in Schools using a Raspberry Pi Cyber Range." Journal of The Colloquium for Information Systems Security Education 10, no. 1 (March 8, 2023): 9. http://dx.doi.org/10.53735/cisse.v10i1.172.
Full textAbstract:
Computer Science as a subject is now appearing in more school curricula for GCSE and A level, with a growing demand for cyber security to be embedded within this teaching. Yet, teachers face challenges with limited time and resource for preparing practical materials to effectively convey the subject matter. We hosted a series of workshops designed to understand the challenges that teachers face in delivering cyber security education. We then worked with teachers to co-create practical learning resources that could be further developed as tailored lesson plans, as required for their students. In this paper, we report on the challenges highlighted by teachers, and we present a portable and isolated infrastructure for teaching the basics of offensive and defensive cyber security, as a co-created activity based on the teacher workshops. Whilst we present an example case study for red and blue team student engagement, we also reflect on the wide scope of topics and tools that students would be exposed to through this activity, and how this platform could then be generalised for further cyber security teaching.
17
Byrne, D. J., David Morgan, Kymie Tan, Bryan Johnson, and Chris Dorros. "Cyber Defense of Space-based Assets: Verifying and Validating Defensive Designs and Implementations." Procedia Computer Science 28 (2014): 522–30. http://dx.doi.org/10.1016/j.procs.2014.03.064.
Full text
18
Kullman, Kaur, Matt Ryan, and Lee Trossbach. "VR/MR Supporting the Future of Defensive Cyber Operations." IFAC-PapersOnLine 52, no. 19 (2019): 181–86. http://dx.doi.org/10.1016/j.ifacol.2019.12.093.
Full text
19
Raska, Michael. "North Korea’s Evolving Cyber Strategies: Continuity and Change." SIRIUS – Zeitschrift für Strategische Analysen 4, no. 2 (May 26, 2020): 1–13. http://dx.doi.org/10.1515/sirius-2020-3030.
Full textAbstract:
AbstractPyongyang sees the Korean Peninsula as entrenched in a geopolitical deadlock among great powers, with the United States continuing to employ what the North Korean regime sees as a “hostile policy” detrimental to its survival, its ability to shape relevant events, and the country’s political and economic development. While the core security concerns of South Korea and the United States are North Korea’s growing nuclear weapons and ballistic missile capabilities, the alliance must increasingly also prioritize the continuous development of North Korea’s cyber capabilities, both offensive and defensive. North Korea aims to gain strategic advantage by pursuing cost-effective, asymmetric military capabilities, including cyber strategies, to gather intelligence, coerce its rivals, financially extort others, and otherwise exert influence in ways that are resistant to traditional deterrence and defense countermeasures. Seoul and Washington need a full-spectrum military readiness posture against the full range of potential North Korean provocations, while European democracies need to strengthen their cyber readiness posture to effectively track and counter North Korea’s evolving global cyber operations.
20
Carroll, Jami. "Agile Methods For Improved Cyber Operations Planning." European Conference on Cyber Warfare and Security 22, no. 1 (June 19, 2023): 108–15. http://dx.doi.org/10.34190/eccws.22.1.1138.
Full textAbstract:
Cyber Ranges provide an interactive simulated environment of hardware and software for simulation. This closed environment provides a safe and legal environment where cyber warfighters can refine their skills. They enable mock cyber mission rehearsal of operation playbooks. Simulated cyber capabilities in the cyber range parallel the intelligence, surveillance, and reconnaissance (ISR), Order of Battle (OOB), and battle damage assessment (BDA) in a closed, safe environment for experimentation. Scrum has been used in collegial cyber competitions with success because it has allowed Capture-the-Flag cyber games to create quicker simulations. Defense Innovation Units (DIUs) are using agile Scrum processes to numerous warfighting areas in order to make them more agile. This research argues that the agile software development processes could be used to optimize the planning and execution of offensive, defensive, and operation and maintenance (O&M) of cyber warfare simulations within cyber ranges. O&M can be done quicker, new exploitable modules can be includer more rapidly, and the capability can be reconstituted to the appropriate skill level for the next set of trainees quicker. The White team as maintainers of the networks, systems, applications and cyber tools select the CVE exploits and spend an enormous amount of time installing and configuring these capabilities for the next set of trainees. Quite often, there are different skill levels which require multiple builds and the ability to refresh the cyber range with varying levels of cyber trainee complexity. This requirement to restore the cyber range quickly with a variety of builds, varying levels of difficulty, and ensure the experiential learning is maximized with the best availability lends to agile methods such as Scrum could lend to improvements with cyber operations. This research will illustrate how a cyber range could leverage agile Scrum processes to provide an improved cyber range environment quicker and with more capabilities.
21
Wu, Wenhao, and Bing Bu. "Security Analysis for CBTC Systems under Attack–Defense Confrontation." Electronics 8, no. 9 (September 5, 2019): 991. http://dx.doi.org/10.3390/electronics8090991.
Full textAbstract:
Communication-based train controls (CBTC) systems play a major role in urban rail transportation. As CBTC systems are no longer isolated from the outside world but use other networks to increase efficiency and improve productivity, they are exposed to huge cyber threats. This paper proposes a generalized stochastic Petri net (GSPN) model to capture dynamic interaction between the attacker and the defender to evaluate the security of CBTC systems. Depending on the characteristics of the system and attack–defense methods, we divided our model into two phases: penetration and disruption. In each phase, we provided effective means of attack and corresponding defensive measures, and the system state was determined correspondingly. Additionally, a semiphysical simulation platform and game model were proposed to assist the GSPN model parameterization. With the steady-state probability of the system output from the model, we propose several indicators for assessing system security. Finally, we compared the security of the system with single defensive measures and multiple defensive measures. Our evaluations indicated the significance of the defensive measures and the seriousness of the system security situation.
22
Poornima, B. "Cyber Preparedness of the Indian Armed Forces." Journal of Asian Security and International Affairs 10, no. 3 (November 28, 2023): 301–24. http://dx.doi.org/10.1177/23477970231207250.
Full textAbstract:
The Indian armed forces today face a significant threat of cyberattacks, particularly from hostile neighbouring states like China and Pakistan. Cyberattacks could potentially damage or cripple critical weapons platforms, major communications and ISR (intelligence, surveillance, and reconnaissance) systems, and vital infrastructure, undermining the military’s preparedness and war-fighting capabilities. How prepared is the Indian military to neutralise cyberattacks from adversaries such as China and Pakistan? This is the central question that this article attempts to address. The article contends that the delayed development of technical, policy, and organisational measures in the cyber domain indicates vulnerabilities in the Indian military’s current state of cyber preparedness, leaving room for enemy cyberattacks. It emphasises the need for immediate actions to address the critical gaps in India’s cybersecurity strategy. In particular, the Indian military must focus on drastically strengthening its defensive cyber capabilities to neutralise potential enemy cyberattacks on weapons platforms, communication and ISR systems, and critical infrastructure. The article concludes that without enhanced defensive cyber capabilities, India’s military modernisation may fall short of responding adequately to technology-driven warfare threats from the hostile states in the neighbourhood.
23
FEDIENKO, O. "The current trends of regulatory support of institutional formation of cybertroops (cyber force): the experience of certain NATO countries." INFORMATION AND LAW, no. 1(48) (March 6, 2024): 150–61. http://dx.doi.org/10.37750/2616-6798.2024.1(48).300800.
Full textAbstract:
The general trends of the institutional development of cybertroops (cyber forces) in certain NATO countries (Great Britain, the USA) are determined. Regulatory documents, devoted to the formation of cybertroops in these NATO member countries have been analyzed. The competence, powers and functional tasks of practical activities of cyber units are considered. The content and significance of the cognitive effect doctrine and the consequences of its use are outlined. The peculiarities of the use of cyber troops in the framework of conducting defensive and offensive cyber operations are summarized. The achievements and examples of successful activities of the cyber forces of Great Britain and the United States are detailed. On the basis of the generalization of positive foreign experience in the creation of cyber forces, the prospects of legislative support for the institutional formation of cyber forces in Ukraine are outlined.
24
Merlino, Jorge C., Mohammed Asiri, and Neetesh Saxena. "DDoS Cyber-Incident Detection in Smart Grids." Sustainability 14, no. 5 (February 25, 2022): 2730. http://dx.doi.org/10.3390/su14052730.
Full textAbstract:
The smart grid (SG) offers potential benefits for utilities, electric generators, and customers alike. However, the prevalence of cyber-attacks targeting the SG emphasizes its dark side. In particular, distributed denial-of-service (DDoS) attacks can affect the communication of different devices, interrupting the SG’s operation. This could have profound implications for the power system, including area blackouts. The problem is that few operational technology tools provide reflective DDoS protection. Furthermore, such tools often fail to classify the types of attacks that have occurred. Defensive capabilities are necessary to identify the footprints of attacks in a timely manner, as they occur, and to make these systems sustainable for delivery of the services as expected. To meet this need for defensive capabilities, we developed a situational awareness tool to detect system compromise by monitoring the indicators of compromise (IOCs) of amplification DDoS attacks. We achieved this aim by finding IOCs and exploring attack footprints to understand the nature of such attacks and their cyber behavior. Finally, an evaluation of our approach against a real dataset of DDoS attack instances indicated that our tool can distinguish and detect different types of amplification DDoS attacks.
25
Sharikov, Pavel. "Military cybersecurity issues in the context of Russia’s special military operation in Ukraine." Analytical papers of the Institute of Europe RAS, no. 2 (2022): 5–12. http://dx.doi.org/10.15211/analytics21320220512.
Full textAbstract:
The unfolding conflict between Russia, Ukraine and NATO includes offensive and defensive cyberoperations. The author investigates doctrinal and organizational aspects of the use of military cyber capabilities in the conflict.
26
Kantola, Harry. "Categorizing Cyber Activity Through an Information-psychological and Information-technological Perspective, Case Ukraine." International Conference on Cyber Warfare and Security 18, no. 1 (February 28, 2023): 480–88. http://dx.doi.org/10.34190/iccws.18.1.975.
Full textAbstract:
Russian approach to warfighting includes an informational facet. Western hemisphere usually treats cyber activity as a tool similar to traditional warfighting tools such as rifles, artillery and tanks, whereas the Russian approach has an informational and narrative stance to the whole conflict. Placing information in the focus, switches the cyber activity to serve either an informational-psychological or an informational-technical approach. Examining the activity from this non-conventional trait and correlating it to other activities during the execution, the study highlights the coordination of kinetic and non-kinetic actions in an altered manner. In this article I am examining cyber activity through the terms of information-psychological and information-technological approach to form an understanding of Russian or Russian supported activities in cyber space before and during the Ukraine crisis. This will recognize types of cyber activity connected to actions in the physical environment. Actions identified are categorized and placed in a matrix created on psychological and/or technical clout. From this matrix groups of activities are scrutinized in correlation to other activities to expose possible narratives or underlying themes. The study relies on a variant of Grounded theory and is selected to elude from examine technical methods and actions. The observed timeframe is for the first study from 2021, well before the current hot phase, until summer 2022. This article is the first part of a two-stage study, where the first part examines cyber activity through the terms of information-psychological and information-technological approach. The second study places the previous findings in correlation to actions, reactions and mitigation activities to find out how defensive measures were relevant or if the outcome were result of something else than deliberate defensive (cyber-)activities. Throughout the larger study, the underlying hypothesis is that there is a larger coordination of cyber activities than acknowledged related to the ongoing crisis.
27
Wu, Zhijun, Ruochen Dong, and Peng Wang. "Research on Game Theory of Air Traffic Management Cyber Physical System Security." Aerospace 9, no. 8 (July 23, 2022): 397. http://dx.doi.org/10.3390/aerospace9080397.
Full textAbstract:
For the air traffic management cyber physical system, if an attacker successfully obtains authority or data through a cyber attack, combined with physical attacks, it will cause serious consequences. Game theory can be applied to the strategic interaction between two parties, especially if the two parties have different goals. The offensive and defensive game process of the air traffic management cyber physical system is a non-cooperative and incomplete information dynamic game. The attacker can choose to camouflage the type of attack launched. The attack detection device configured in the system has a certain probability that the attack type can be successfully detected. According to the type of attack detected, the defender updates the posterior belief of the attack type and selects the corresponding protective strategies. According to the game process of offense and defense, a dynamic Bayesian game model of the air traffic management cyber physical system is established, the possible perfect Bayesian Nash equilibrium and its existence conditions are solved, and a complete mathematical model is constructed. The analysis shows that the dynamic Bayesian game model of the air traffic management cyber physical system can help the system defender to quickly obtain an equilibrium strategy and reduce the loss of the system as much as possible.
28
SMUTEK, Bartosz. "NORTH KOREA’S CYBER CAPABILITIES." Cybersecurity & Cybercrime 1, no. 2 (March 2, 2023): 204–20. http://dx.doi.org/10.5604/01.3001.0053.8030.
Full textAbstract:
The purpose of the article is to show the most important attacks from North Korea and theiroffensive and defensive capabilities. The structure of cyber organizations and their operations arepresented. Nowadays North Korea is seen head on as a military threat, the work aims to presenttheir potential cyber capabilities and the attacks they have made. The beginning of the workdescribes issues related to the organization of the structures, their structure, role and purpose. Thenext section presents the most interesting attacks related to spying and information extraction,cyber-terrorism operations and financial extraction, which are most often used to strengthenmilitary capabilities. This was followed by a closer look at the Lazarus group's activities, theirtactics, tasks and the attacks they have committed. The subject of Poland, which has also been thetarget of attacks, was also touched upon. Finally, the topic of the future strategy of cyber forceswas discussed.
29
Thenjiwe Sithole, Jaco Du Toit, and Sebastian Von Solms. "A Cyber Counterintelligence Competence Framework: Developing the Job Roles." European Conference on Cyber Warfare and Security 22, no. 1 (June 19, 2023): 450–57. http://dx.doi.org/10.34190/eccws.22.1.1093.
Full textAbstract:
In recent years, there have been intensifying cyber risks and volumes of cyber incidents prompting a significant shift in the cyber threat landscape. Both nation-state and non-state actors are increasingly resolute and innovative in their techniques and operations globally. These intensifying cyber risks and incidents suggest that cyber capability is inversely proportional to cyber risks, threats and attacks. Therefore, this confirms an emergent and critical need to adopt and invest in intelligence strategies, predominantly cyber counterintelligence (CCI), which is a multi-disciplinary and proactive measure to mitigate risks and counter cyber threats and cyber-attacks. Concurrent with the adoption of CCI is an appreciation that requisite job roles must be defined and developed. Notwithstanding the traction that CCI is gaining, we found no work on a clear categorisation for the CCI job roles in the academic or industry literature surveyed. Furthermore, from a cybersecurity perspective, it is unclear which job roles constitute the CCI field.
This paper stems from and expands on the authors’ prior research on developing a CCI Competence Framework. The proposed CCI Competence Framework consists of four critical elements deemed essential for CCI workforce development. In order of progression, the Framework’s elements are: CCI Dimensions (passive-defensive, active-defensive, passive-offensive, active-offensive), CCI Functional Areas (detection, deterrence, deception, neutralisation), CCI Job Roles (associated with each respective Functional Area), and Tasks and Competences (allocated to each job role). Pivoting on prior research on CCI Dimensions and CCI Functional Areas, this paper advances a proposition on associated Job Roles in a manner that is both intelligible and categorised.
To this end, the paper advances a five-step process that evaluates and examines Counterintelligence and Cybersecurity Job Roles and functions to derive a combination of new or existing Job Roles required for the CCI workforce/professionals. Although there are several cybersecurity frameworks for workforce development, establishing the CCI Job Roles is specifically based on the expression of the Job Roles defined in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.
30
Merz, Terry, and Romarie Morales Rosado. "Using Deep Reinforcement Learning for Assessing the Consequences of Cyber Mitigation Techniques on Industrial Control Systems." International Conference on Cyber Warfare and Security 18, no. 1 (February 28, 2023): 577–80. http://dx.doi.org/10.34190/iccws.18.1.1063.
Full textAbstract:
This paper discusses an in-progress study involving the use of deep reinforcement learning (DRL) to mitigate the effects of an advanced cyber-attack against industrial control systems (ICS). The research is a qualitative, exploratory study which emerged as a gap during the execution of two rapid prototyping studies. During these studies, cyber defensive procedures, known as “Mitigation, were characterized as actions taken to minimize the impact of ongoing advanced cyber-attacks against an ICS while enabling primary operations to continue. To execute Mitigation procedures, affected ICS components required rapid isolation and quarantining from “healthy” system segments. However today, with most attacks leveraging automation, mitigation also requires rapid decision-making capabilities operating at the speed of automation yet with human-like refinement. The authors settled on the choice of DRL as a viable solution to this problem due to the algorithm’s designs which involves “intelligent” decisions based upon continuous learning achieved through a rewards system. The primary theory of this study posits that processes informed by data sources relative to the execution path of an advanced cyber-attack as well as the consequences of deploying a particular Mitigation procedure evolve the system into an ever-improving defensive capability. This study seeks to produce a defensive DLR based software agent trained by a DRL based offensive software agent that generates policy refinements based upon extrapolations from a corrupted network state as reported by an IDS and baseline data. Results include an estimation rule that would quantify impacts of various mitigation actions while protecting the operational critical path and isolating an in-progress attack. This study is in a conceptual phase and development has not started.
This research questions for this study are:
RQ1: Can this software agent categorize correctly an in-progress cyber-attack and extrapolate the potential ICS assets affected?
RQ2: Can this software agent categorize novel cyber-attacks and extrapolate a probable attack vector while enumerating affected assets?
RQ3: Can this software agent characterize how operations are affected by quarantine actions?
RQ4: Can this software agent generate a set of ranked recommended courses of action by effectiveness, and least negative effects on the operational critical path?
31
S, Mrs Yamuna. "Cloud Computing Based Cyber Defensive with Redundancy and Intruder Detection." International Journal for Research in Applied Science and Engineering Technology 7, no. 3 (March 31, 2019): 1810–15. http://dx.doi.org/10.22214/ijraset.2019.3336.
Full text
32
Wagner, Neal, Cem Ş. Şahin, Michael Winterrose, James Riordan, Diana Hanson, Jaime Peña, and William W. Streilein. "Quantifying the mission impact of network-level cyber defensive mitigations." Journal of Defense Modeling and Simulation: Applications, Methodology, Technology 14, no. 3 (August 17, 2016): 201–16. http://dx.doi.org/10.1177/1548512916662924.
Full text
33
Karuna, Prakruthi, Hemant Purohit, Rajesh Ganesan, and Sushil Jajodia. "Generating Hard to Comprehend Fake Documents for Defensive Cyber Deception." IEEE Intelligent Systems 33, no. 5 (September 1, 2018): 16–25. http://dx.doi.org/10.1109/mis.2018.2877277.
Full text
34
Liu, Ning, Qing-Wei Chai, Shangkun Liu, Fanying Meng, and Wei-Min Zheng. "Mixed Strategy Analysis in Attack-Defense Game Model Based on 5G Heterogeneous Network of CPS Using ncPSO." Security and Communication Networks 2022 (November 7, 2022): 1–15. http://dx.doi.org/10.1155/2022/1181398.
Full textAbstract:
The development of the 5th Generation Mobile Communication Technology not only brings convenience to people but also brings many network security problems. Based on the static game theory of complete information, a game model of attack and defense with limited resources in heterogeneous networks of Cyber Physical Systems is established. This model analyzes the basic rules of the offensive and defensive strategies of both parties when the offensive and defensive resources are limited in the 5th Generation Mobile Communication Technology network environment. The model can also describe the interaction between attackers and defenders. A novel compact particle swarm optimization algorithm is proposed to solve the difficult problem of solving the Nash equilibrium of this game model. The simulation experiment proves that novel compact particle swarm optimization algorithm has good optimization ability and shows that the algorithm can effectively solve the Nash equilibrium of the model. The simulation experiment provides a strategic reference for the attack-defense game with limited resources.
35
Grant, Tim. "Detect, Deny, Degrade, Disrupt, Destroy, Deceive: which is the greatest in OCO?" European Conference on Cyber Warfare and Security 22, no. 1 (June 19, 2023): 214–22. http://dx.doi.org/10.34190/eccws.22.1.1089.
Full textAbstract:
In the cyber kill chain literature, possible courses of action are listed as detect, deny, degrade, disrupt, destroy, and deceive (a.k.a. “the 6Ds”). These verbs denote defensive action to be taken against an intruder. By comparison, military doctrine for cyberspace operations encompasses cyberspace exploitation and attack, as well as defence. The question arises whether the 6Ds are also applicable to offensive action, i.e. exploitation and attack, or whether additional action verbs are needed. Military doctrine is evolving towards all-domain operations, in which action in cyberspace is integrated with action in the physical domains of land, sea, air, and space. This prompts the question as to whether the 6Ds are also suited to action in a physical domain. A pilot study of actual military operations that integrated cyber and physical action suggests that deception, delay, and denial of organisational and cyber entities is suited to cyber action, while seizure, capture, and destruction of physical entities is suited to physical action. Preference among action verbs may indicate when it is best to engage targets using cyber or physical resources and which action is preferred. This paper identifies which action verbs are best suited to offensive cyber operations in the context of all-domain operations. The paper reviews related theory on cyberspace and the cyber kill chain. It identifies action verbs in US Department of Defense (DoD) doctrine on information and cyberspace operations, comparing them to those in the US DoD Dictionary of Military and Associated Terms. After discussing the findings, the paper draws conclusions and recommends further work.
36
Mangel, Marc, and Jimmie McEver. "Modeling Coupled Nonlinear Multilayered Dynamics: Cyber Attack and Disruption of an Electric Grid." Complexity 2021 (September 6, 2021): 1–19. http://dx.doi.org/10.1155/2021/5584123.
Full textAbstract:
We study the consequences of cyberattack, defense, and recovery in systems for which a physical system is enabled by a cyber system by extending previous applications of models from the population biology of disease to the cyber system and coupling the state of the cyber system to the physical system, using the synchronous model for the electric grid. In analogy to disease models in which individuals are susceptible, infected, or recovered, in the cyber system, components can be uncompromised and vulnerable to attack, uncompromised and temporarily invulnerable to attack, compromised, or reset and thus not able to contribute to the performance of the physical system. We model cyber defensive countermeasures in analogy to the adaptive immune system. We link the physical and cyber systems through a metric of performance of the physical system that depends upon the state of the cyber system using (i) a generic nonlinear relationship between the state of the cyber system and the performance of the physical system and (ii) the synchronous motor model of an electric grid consisting of a utility with many customers whose smart meters can become compromised, in which a steady state in the difference in rotor angles is the metric of performance. We use the coupled models, both of which have emergent properties, to investigate two situations. First, when an attacker that relies on stealth compromise is hidden until it is either detected during routine maintenance or an attack is initiated. The probability that compromise remains undetected declines with time and the level of compromise increases with time. Because of these dynamics, an optimal time of attack emerges, and we explore how it varies with parameters of the cyber system. Second, we illustrate one of the Electric Power Research Institute scenarios for the reverse engineering of Advanced Metering Infrastructure (AMI) by coupling the synchronous motor equations for the generator and utility to the model of compromise. We derive a canonical condition for grid failure that relates the level of compromise at the time of detection of compromise and the dissipation parameter in the synchronous motor model. We conclude by discussing the innovative aspects of our methods, which include (i) a fraction of decoy components in the cyber system, which are not connected to the rest of the cyber system or the physical system and thus do not spread compromise but increase the probability of detection of compromise, (ii) allowing components of the cyber system to return to the un-compromised state either temporarily invulnerable or immediately vulnerable, (iii) adaptive Defensive Counter Measures that respond in a nonlinear fashion to attack and compromise (in analogy to killer T cells of the immune system), (iv) a generic metric of performance of the physical system that depends upon the state of the cyber system, and (v) coupling a model of the electric grid to the model of compromise of the cyber system that leads to a condition for failure of the grid in terms of parameters of both compromise and the synchronous motor model, directions for future investigations, and connections to recent studies on broadly the same topics. We include a pseudocode as an Appendix and indicate how to obtain R script for the models from the first author.
37
Ganguli, Chirag, Shishir Kumar Shandilya, Maryna Nehrey, and Myroslav Havryliuk. "Adaptive Artificial Bee Colony Algorithm for Nature-Inspired Cyber Defense." Systems 11, no. 1 (January 5, 2023): 27. http://dx.doi.org/10.3390/systems11010027.
Full textAbstract:
With the significant growth of the cyber environment over recent years, defensive mechanisms against adversaries have become an important step in maintaining online safety. The adaptive defense mechanism is an evolving approach that, when combined with nature-inspired algorithms, allows users to effectively run a series of artificial intelligence-driven tests on their customized networks to detect normal and under attack behavior of the nodes or machines attached to the network. This includes a detailed analysis of the difference in the throughput, end-to-end delay, and packet delivery ratio of the nodes before and after an attack. In this paper, we compare the behavior and fitness of the nodes when nodes under a simulated attack are altered, aiding several nature-inspired cyber security-based adaptive defense mechanism approaches and achieving clear experimental results. The simulation results show the effectiveness of the fitness of the nodes and their differences through a specially crafted metric value defined using the network performance statistics and the actual throughput difference of the attacked node before and after the attack.
38
El Amin, Habib, Abed Ellatif Samhat, Maroun Chamoun, Lina Oueidat, and Antoine Feghali. "An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure." Journal of Cybersecurity and Privacy 4, no. 2 (June 9, 2024): 357–81. http://dx.doi.org/10.3390/jcp4020018.
Full textAbstract:
Emerging cyber threats’ sophistication, impact, and complexity rapidly evolve, confronting organizations with demanding challenges. This severe escalation requires a deeper understanding of adversary dynamics to develop enhanced defensive strategies and capabilities. Cyber threat actors’ advanced techniques necessitate a proactive approach to managing organizations’ risks and safeguarding cyberspace. Cyber risk management is one of the most efficient measures to anticipate cyber threats. However, it often relies on organizations’ contexts and overlooks adversaries, their motives, capabilities, and tactics. A new cyber risk management framework incorporating emergent information about the dynamic threat landscape is needed to overcome these limitations and bridge the knowledge gap between adversaries and security practitioners. Such information is the product of a cyber threat intelligence process that proactively delivers knowledge about cyber threats to inform decision-making and strengthen defenses. In this paper, we overview risk management and threat intelligence frameworks. Then, we highlight the necessity of integrating cyber threat intelligence and assessment in cyber risk management. After that, we propose a novel risk management framework with integrated threat intelligence on top of EBIOS Risk Manager. Finally, we apply the proposed framework in the scope of a national telecommunications organization.
39
Yamuna Bee, Mrs J., E. Naveena, Reshma Elizabeth Thomas, Arathi Chandran, Siva Subramania Raja M, and A. Akhilesh. "Intrusion Detection on Apache Spark Platform in Big data and Machine Learning Techniques." Journal of University of Shanghai for Science and Technology 23, no. 06 (June 22, 2021): 1257–66. http://dx.doi.org/10.51201/jusst/21/06427.
Full textAbstract:
With the rising cyber-physical power systems and emerging danger of cyber-attacks, the traditional power services are faced with higher risks of being compromised, as vulnerabilities in cyber communications can be broken to cause material damage. Therefore, adjustment needs to be made in the present control scheme plan methods to moderate the impact of possible attacks on service quality. This paper, focuses on the service of synchronized source-load contribution in main frequency regulation, a weakness study is performed with model the attack intrusion process, and the risk review of the service is made by further model the attack impacts on the service’s bodily things. On that basis, the customary synchronized reserve allotment optimization model is adapted and the allocation scheme is correct according to the cyber-attack impact. The proposed alteration methods are validating through a case study, showing efficiency in defensive alongside the cyber-attack impacts.
40
Czosseck, Christian, and Karlis Podins. "A Vulnerability-Based Model of Cyber Weapons and its Implications for Cyber Conflict." International Journal of Cyber Warfare and Terrorism 2, no. 1 (January 2012): 14–26. http://dx.doi.org/10.4018/ijcwt.2012010102.
Full textAbstract:
Throughout history, mankind has developed and employed novel weapons and countermeasures. Both offensive and defensive weapon systems are limited by the laws of nature. Consequently, military concepts and doctrines were designed by implicitly taking into account those limitations. The digital age has introduced a new class of weaponry that poses an initial challenge to the common understanding of conflict and warfare due to their different characteristics: cyber weapons. This article explores the crucial differences between the conventional weapon and cyber weapon domains, starting a debate as to what extent classical concepts and doctrines are applicable to cyberspace and cyber conflict. The authors propose a definition of cyber weapons being an instrument consisting primarily of data and knowledge, presenting them in the form of prepared and executed computer codes on or a sequence of user interactions with a vulnerable system. The authors describe a vulnerability-based model for cyber weapons and for cyber defence. This model is then applied to describe the relationship between cyber-capable actors (e.g. States). The proposed model clarifies important implications for cyber coalition-building and disarmament. Furthermore, it presents a general solution for the problem of the destruction of cyber weapons, i.e., in the context of cyber arms control.
41
Ilić, Maja. "Cyber security during covid-19 pandemic." Savremene studije bezbednosti, no. 2 (2023): 153–71. http://dx.doi.org/10.5937/ssb2302153i.
Full textAbstract:
The covid-19 pandemic has had a profound impact on the world, including exacerbating cybersecurity threats. This paper explores the various types of cyberattacks that emerged during the pandemic, the organizations that were targeted, and the methods employed by attackers. A particular focus is placed on attacks directed at healthcare organizations, which were particularly vulnerable due to the increased demand for their services. The paper also discusses defensive strategies and preventive measures that can be taken to mitigate cyberattacks, as well as the importance of organizational resilience in the face of crises. Finally, the paper examines the World Bank's response to the pandemic in terms of its ability to adapt to the new business environment and maintain resilience.
42
Sarjakivi, Pietari, Jouni Ihanus, and Panu Moilanen. "Using Wargaming to Model Cyber Defense Decision-Making: Observation-Based Research in Locked Shields." European Conference on Cyber Warfare and Security 23, no. 1 (June 21, 2024): 457–64. http://dx.doi.org/10.34190/eccws.23.1.2270.
Full textAbstract:
Defensive Cyber Operations (DCO) in complex environments, such as cyber wargames, require in-depth cybersecurity knowledge and the ability to make quick decisions. In a typical DCO, execution rarely follows a pre-planned path because of extensive adversary influence, challenging an already complex decision-making environment. Decision-making models have been extensively studied from perspectives of military operations and business management, but they are not sufficiently researched in the context of cyber. This paper responds to this need by examining the decision-making models of DCO leaders in a live-fire wargame environment. This study was conducted by observing leaders of cyber operations during the world's largest live-fire cyber exercise, NATO Locked Shield 2023. In this exercise, the blue teams plan and execute their defensive cyber operation in a realistic operational environment, while the red team conducts attacks against the defended environment. The large-scale, wargaming-style environment of Locked Shield is one of the best environments for modelling DCO decision-making models; in this exercise, the DCO is broad and multi-faceted, a perspective which cannot be achieved in a typical capture-the-flag competition or a single security incident. DCO leaders must be able to manage two distinct decision-making processes with different sets of required skills to be successful in the mission. While the primary process relates to the execution and evolution of the pre-designed plan with traditional operational leadership skills, the secondary process deals with unplanned and deliberately caused cyber-related events that require a deep understanding of cybersecurity. In this respect, the main contribution of this research is the constructed decision-making model of the DCO leader. This model is based on observations collected and presented in the context of multiple well-known decision-making frameworks. This model can be further used to train future DCO leaders and assess artificial intelligence's usability to support and automate decision-making in such operations.
43
Zhao, Letao. "Navigating the Cyber Kill Chain: A modern approach to pentesting." Applied and Computational Engineering 38, no. 1 (January 22, 2024): 170–75. http://dx.doi.org/10.54254/2755-2721/38/20230549.
Full textAbstract:
The Cyber Kill Chain is a strategic model that outlines the stages of a cyberattack, from initial reconnaissance to achieving the final objective. This framework is often mirrored in penetration testing (pentest), a legal and authorized simulated attack on a computer system performed to evaluate its security. By understanding the steps in the Cyber Kill Chain, penetration testers can mimic the strategies of malicious attackers, exploring vulnerabilities at each stage of the chain. This approach allows organizations to evaluate their defensive measures across the full spectrum of an attack, identifying weaknesses and enhancing their security protocols accordingly. In essence, the Cyber Kill Chain provides a roadmap for pen-testers to systematically evaluate an organization's cyber defences. The research method of this article involves a systematic analysis of the Cyber Kill Chain model, examining how penetration testers can employ this strategic framework to emulate the tactics of malicious attackers and identify methodology at each stage of the chain.
44
Szyłkowska, Monika. "Attributes of cyber conflict in the context of armed conflict – an outline of the problem." Przegląd Nauk o Obronności, no. 11 (April 14, 2022): 134–54. http://dx.doi.org/10.37055/pno/148424.
Full textAbstract:
ObjectivesThis article explains the concepts of cyber conflict attributes in relation to the classical attributes of armed conflicts. Problems related to the study of the causes of armed conflicts and wars, forms of their conduct, ending and ways of their resolution. This paper outlines selected definitions of conflict and war that have formed the basis of analysis for the attributes of cyber conflict - in particular the attributes of: nature, forms, sources, complexity, and the difficulty of uniquely identifying the "aggressor" if the attack is not "overt".Methodsstatistical analysis, document analysisResultsThe characteristics of a cyber conflict are, in particular: no certain identification of the aggressor, no possibility of an official declaration of war or official defense and retaliation.ConclusionsThe key determinant of defense – should be digital and electromagnetic offensive measures. Security threats and more frequent attacks in broadly defined cyberspace have unquestionably become the challenge of today’s world – consisting of alliances, which the sum of security being the security levels of individual members and their defense capabilities. However only the level of commitment and cooperation can contribute to the achievement of a common goal, defined by the Alliance – including, above all, the elaboration of common, acceptable by all members – „modern” solutions. However, the common defense and deterrence potential equipped with real, though digital, both offensive and defensive resources would allow practical implementation of the challenge for art. 5th North Atlantic Pact in such a strategic way for all areas, which is cyberspace.
45
Maennel, Kaie, Agnė Brilingaitė, Linas Bukauskas, Aušrius Juozapavičius, Benjamin James Knox, Ricardo Gregorio Lugo, Olaf Maennel, Ginta Majore, and Stefan Sütterlin. "A Multidimensional Cyber Defense Exercise: Emphasis on Emotional, Social, and Cognitive Aspects." SAGE Open 13, no. 1 (January 2023): 215824402311563. http://dx.doi.org/10.1177/21582440231156367.
Full textAbstract:
Hands-on and practical learning has been key to cybersecurity education and training success. Cyber Defense Exercises (CDX) are a common approach to training, testing, and verifying technical and soft skills. However, full-scale CDX implementation is also an expensive training event. In order to advance such exercises to the next level, CDX organizers should further focus on educational, psychological, and cross-domain relationships. The paper discusses and proposes a multidimensional approach for CDX that balances cognitive, emotional, and social aspects critical for successful interdisciplinary learning. We share our experience incorporating knowledge from well-known psychology theories to CDX. We derive and describe seven elementary ingredients if a CDX is to meet the interdisciplinary and critical thinking needs of defensive cyberspace operations.
46
McCune, Jayson, and Dwight A. Haworth. "Securing America Against Cyber War." International Journal of Cyber Warfare and Terrorism 2, no. 1 (January 2012): 39–49. http://dx.doi.org/10.4018/ijcwt.2012010104.
Full textAbstract:
This paper expands on one aspect of Clarke and Knake’s (2010) recommendation for defending the United States’ Internet infrastructure from external attack. First it summarizes the threat that has been demonstrated in the recent past. Included are a number of data compromises that have been traced to servers in China. Also identified are potential physical attacks against facilities that employ supervisory control networks, with the Stuxnet virus being a recent example. Lastly, the fact that malware has been planted on computers in the electric power grid for later use makes an ability to block the command messages or the remote login sequence an absolute necessity. The paper identifies the 12 entry points into the United States’ Internet and, following Clarke and Knake’s (2010, p. 196) suggestion, specifies a firewall platform for those entry points. The total one-time cost for this defensive effort is estimated and found to be feasible. Finally, limitations of this approach are considered.
47
GENÇOĞLU, Muharrem Tuncay. "Mathematical Modeling of Cyber Attack and Defense." Bilgisayar Bilimleri ve Teknolojileri Dergisi 3, no. 1 (August 1, 2022): 10–16. http://dx.doi.org/10.54047/bibted.997908.
Full textAbstract:
In this paper, a new game formulation is proposed that combines simulation and game-theoretical approaches to the application of security games in cyberspace. The model presented here builds upon a security economic approach that models the adversary and defender motives and goals in the context of empirically derived countermeasure efficacy metrics. The approach is based on a two-player strategic game to determine optimal strategy selection for both adversary and defender. Besides, not only the solution to the game but also a mathematical and graphical representation of “what if” scenarios in the context of the game.
In this study, it has been shown that game-theoretic calculations can serve as a useful tool for identifying effective strategies in cyberwar games. For scenarios that need to penetrate multiple layers in a defense-in-depth security configuration, the calculation of the attacker's and defensive costs and the probability of infiltration requires the presence of cost-benefit matrices and probability matrices. Inspection of the matrices allows players to deduce preferred strategies based on game-theoretical equilibrium solutions. The matrices also help in analyzing the anticipated effects of potential human-based choices of wargame strategies and counter-strategies. Also, a mathematical game-theoretical form has been defined. This paper shows how game-theoretical calculations can indeed provide a useful tool for effective decision-making during cyber wars.
48
Jain, Jay Kumar, and Akhilesh A. Waoo. "An Artificial Neural Network Technique for Prediction of Cyber-Attack using Intrusion Detection System." Journal of Artificial Intelligence, Machine Learning and Neural Network, no. 32 (February 24, 2023): 33–42. http://dx.doi.org/10.55529/jaimlnn.32.33.42.
Full textAbstract:
An intrusion detection system, often known as IDS, is a piece of equipment or a piece of software that monitors a network or collection of devices in order to search for indications of possible intrusion. The frequency of cyber assaults has grown in recent years, and with it, the damage they do to society. The study of cyber security and the avoidance of cyber assaults, such as the use of intrusion detection as a defensive mechanism, is therefore needed. The internet services are widely used. Services based on computers, the internet, and other forms of technology are all considered part of the cyber world. The cyber world has advanced greatly thanks to new protocols and technologies. Cyber security is a major issue for every service that operates online. Network and host-based intrusion detection systems (NIDS/HIDS) are the backbones of any cyber security infrastructure. The NSL-KDD dataset is often used in algorithm research and verification and is widely employed in both the study and development of intrusion detection systems. In this study, we provide a neural network approach to intrusion detection system threat prediction. In this paper, the Python Spyder software is used for the simulation.
49
Chu, Xiaodong, Yu Yi, Maosen Tang, Haoyi Huang, and Lei Zhang. "Defensive resource allocation for cyber-physical systems in global energy interconnection." IOP Conference Series: Earth and Environmental Science 227 (March 2, 2019): 042002. http://dx.doi.org/10.1088/1755-1315/227/4/042002.
Full text
50
Trent, LTC Stoney, Robert Hoffman, Tony Leota, CPT Robert Frost, and MAJ Danielle Gonzalez. "Cyberspace Operations and the People Who Perform Them." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 60, no. 1 (September 2016): 216–17. http://dx.doi.org/10.1177/1541931213601048.
Full textAbstract:
In 2009, the Department of Defense established U.S. Cyber Command to centralize and advocate for joint cyberspace operations. By 2018, the Cyber Mission Force (CMF) will consist of 6100 personnel in 133 teams that have offensive or defensive responsibilities. Although cybersecurity has been maturing for the better part of thirty years, there are important differences between cybersecurity and cyberspace operations. Cybersecurity, for instance, is focused on maintaining the confidentiality, integrity and availability of Information Technology (IT) networks. Cyberspace operations, on the other hand, are threat oriented and require enterprise-scale coordination. Many cyberspace tools are built by and for networking experts that have full privileges, access and responsibility for their networks. Such conditions rarely exist for cyberspace operations and intelligence teams. This panel will introduce the variety of roles, responsibilities and cognitive challenges in the CMF. Panelists will reserve significant time for Q&A to inform the design of future systems.