March 23, 2020 — The 2018 DoD Defense Strategy seeks to deter and defeat adversaries through a policy of forward engagement.[1] The Strategy and the related USCYBERCOM Vision mark a significant change in how the US intends to contest the emerging complexity of cyberspace in an environment where the rules will be more restrictive for the US and its allies than those of adversaries. Recognizing an ingrained military culture of geographically driven maneuver warfare, it will be important that USCYBERCOM considers the temporal as well as the spatial elements required to defend forward. A combination of timely, better and more coherent-decision making across a pan-government and industry ecosystem must exploit rather than attempt to control chaos; the effective adoption and application of decisive innovative capabilities will be a related essential element of this strategy. Through a UK lens, this paper considers the temporal implications of a strategy of Defending Forward.
MORE
|
March 23, 2020 — The United States has provided extended deterrence, backed by U.S. nuclear weapons, to South Korea since the end of the Korean War in 1953, and despite repeated low-level provocations by North Korea, the U.S.-ROK alliance has successfully deterred strategic attack on South Korea. The allies now face a growing asymmetric threat from North Korea in the cyber domain, and the alliance has yet to incorporate the cyber domain into the allied strategic deterrence posture. This paper examines cyber deterrence thinking and analyzes how to formulate a cyber deterrence posture as part of the overall strategic deterrence posture of the U.S.-ROK alliance. As with kinetic attacks, the alliance should focus on deterring cyber-attacks that produce cross-domain strategic effects and divide responsibilities to leverage each other’s capabilities and interests. Even for cyber-attacks that do not reach the threshold of producing strategic effects, U.S. Defense Department cyber concepts like “defending forward” and “persistent engagement” can be operationalized to reduce the threat to South Korea posed by the range of North Korea’s malicious cyber activity. MORE
|
March 23, 2020 — The decision-making behind cyber operations is complex. Dynamics around issues such as cyber arsenal management, target assessment, and the timing of dropping a destructive payload are still ill-understood. Yet, limited published research has thus far explored formal theoretic constructs for better understanding decision-making in cyber operations. Multiple models help to understand and explain the courses of action through which state cyber missions are executed, including conduct or restraint of cyber effects operations against target systems and networks. This paper evaluates four models - surprise model, duelist model, mating-choice model, and the BlackScholes model. Each model offers specific advantages and suffers characteristic drawbacks. While these models differ in application and complexity, each may provide insights into how the unique nature of cyber operations impacts the decision dynamics of cyber conflict. MORE
|
March 23, 2020 — The 5G wireless standard is currently in development and is slowly being rolled out to a few cities in the United States. There has been a concern for the security and overall architecture of the 5G standard from industry professionals and government officials. This paper will summarize the research done in the 5G security space and will provide an overview of the technologies used in 5G, the security built into 5G, and the vulnerabilities of 5G. The specific vulnerabilities researched are classified into the three pinnacle components of information security: confidentiality, integrity, and availability. The use of Internet of Things devices, medical collection devices, and massive device-to-device communications will also be discussed. MORE
|
March 23, 2020 — The academic research community faces a significant hurdle when it comes to the study of nation-state cyber operations dynamics. For national security and commercial reasons, little to no cyber operations data is disclosed to the public. Without access to operational data, academic contributions will remain
inhibited and the academy will be underutilized in the study of this important strategic domain. We claim that researchers can begin to overcome this information gap by designing experiments that take place within simulation environments. Such approaches are beneficial in that they allow researchers to generate data not easily collected or observed in real-world settings and increase the capacity of researchers to isolate causal effects.
In this paper, we describe a simulation environment specifically designed to study cyber operations dynamics below the threshold of armed attack—the competitive space where nearly all nation-state cyber operations activity takes place today. We discuss the simulation environment and then, to illustrate how it can be leveraged to generate tests of research hypotheses, detail our pilot experiment which examines the escalatory dynamics of defend forward activities.
MORE
|
March 23, 2020 — Cyber weapons can be divided into intrusive and unintrusive capabilities. Intrusive attacks, which require first gaining privileged access, have earned notoriety in the popular media. However, unintrusive attacks, which can be “noisy” but do not require privileged access, offer a potential cyber adversary many benefits. Using attack methods such as denial of service and telephony denial of service, and energy depletion attacks such as denial of sleep, an adversary can achieve demonstrable effects against a range of targets. These effects can be achieved while reducing the costly burden of pre-attack intelligence-gathering and pre-positioning of exploits that could signal intent or constitute a hostile act. The growth of the Internet of Things in national civilian and defense sectors has resulted in an expanded cyber-attack surface and increased the vulnerability of critical systems to certain unintrusive attacks. In this paper, we define, characterize, and present examples of unintrusive precision cyber weapons used in real-world operations. Given the high likelihood of encountering adversary employment of electronic warfare-like unintrusive capabilities, analyses of cyber conflict and friendly cyber security measures designed to defend against them should be predicated on scenarios that include their employment. Therefore, taking lessons from electronic protection doctrine, we advocate for preparation against the use of unintrusive precision cyber weapons through improved acquisition, training, and integration. MORE
|
March 23, 2020 — Security Debt (SD) manifests itself every day: In the media, we can witness stories about debt defaults: significant data leaks, disruptions of service, and businesses of global companies affected by security incidents. Critical infrastructure customers need more practical tools to ensure that the SD is properly identified in order to make informed risk decisions. Existing tools like security audits and cross-referencing system configuration with available vulnerability information do reveal a lot of data regarding the present state of the system. Many tools that can bring up the hidden security issues like ones included in Secure Development Lifecycles (SDLC) are tuned for the product creation. Some of them can be taken into good use by the customer, but for that, the system should be already procured and in place. In practice, the customer would benefit from a comprehensive and realistic view of the security stance of the system when it is being procured to minimize the nasty surprises the underlying security issues are prone to bring. MORE
|
March 23, 2020 — Wargames have been an integral part of planning operations since the 19th Century. They are designed to teach and educate players on specific learning objectives using real-life problem sets to advance knowledge and understanding of those problems. With the increased focus on cyberspace operations in the past decade, wargaming is the key to teach cyber-based operations and prepare for the future. CyberWar: 2025 is an innovative and newly designed interactive wargame that brings together cyber practitioners, policy writers, and decision-makers to gain experience and understanding through iterative gameplay within a virtual environment. MORE
|
December 9, 2019 — The high number of Distributed Denial of Service (DDoS) attacks executed against a lot of nations has demanded innovative solutions to guarantee reliability and availability of internet services in cyberspace. In this sense, different methods
have been used to analyze network traffic for denial of service attacks, such as
statistical analysis, data mining, machine learning, and others. However, few of them explore hidden recurrence patterns in nonlinear network traffic and none of them explore it together with Adaptive Clustering. This work proposes a new method, called DDoSbyRQA, which uses the Recurrence Quantification Analysis (RQA) based on the extraction of network traffic dynamic features and combination with an Adaptive Clustering algorithm (A-Kmeans) to detect DDoS attacks. The experiments, which were performed using the Center for Applied Internet Data Analysis (CAIDA) and University of California, Los Angeles (UCLA), databases, have demonstrated the ability of the method in real-time. MORE
|
December 9, 2019 — Lethal conflict may be approximated using power law statistics which, on a log-log plot of exceedance probability (EP) versus severity, is characterized by constant slope -q. Values of q1 and allows for the use of Bayesian hypothesis tests based on q to serve as a decision criterion about when to react to threats, leading to a set of parameters that determine whether conflict will escalate and to the conclusion that redundant networks, deterrence, and attack detection stabilize competition against cyber conflict. Examples of the importance of the Bayesian parameters in creating and adapting networks to stabilize competition are provided. MORE
|