July 31, 2018

Social Media—From Social Exchange to Battlefield

SOCIAL MEDIA—BEGINNINGS When discussing the origins of social media, researchers usually start in the 1980s and the Bulletin Board Systems (BBS). They were a kind of online meeting room that allowed users to download games and other files, and leave messages to co-users. The social aspect of this exchange was pretty clear, but the interaction was rather limited and slow due to technological reasons. What is more important, the social interaction had a rather random character—people did not know who was sitting at the other end of the telephone line.

July 31, 2018

Providing Cyber Situational Awareness on Defense Platform Networks

Modern defense platforms are at increasing risk of cyber-attack from sophisticated adversaries. These platforms do not currently provide the situational awareness necessary to identify when they are under cyberattack, nor to detect that a constituent subsystem may be in a compromised state. Long-term improvements can be made to the security posture of these platforms by iterative application of cyber risk assessments and subsystem hardening, but this is a time-consuming and costly task. Monitoring platform communication networks for malicious activity is an attractive solution for achieving improved cyber security on defense platforms in the near term. The MIL-STD-1553 bus is central to the operation of a broad range of defense platforms, making 1553 security solutions generally applicable. This article presents our research into the susceptibility of modern defense platforms to cyber-attack. We discuss risk factors contributing to cyber access, and command and control channels. We then describe a range of platform cyberattack classes, while considering the observables and indicators present on the 1553 bus. Finally, we examine factors and considerations relating to implementation of a “Cyber Warning Receiver” solution approach for detection of such attacks.

July 31, 2018

Protecting the digitized society—the challenge of balancing surveillance and privacy

Through technological development and the continuously expanding Internet, the challenges of physical distance, borders and time has diminished, enabling new and more efficient business models and concepts. With this technological development, however, follows an increase in global cybercrime, mass surveillance, internet censoring, and espionage. Terror attacks and cybercrime incidents are now forcing policy makers to balance surveillance and privacy through a paradox: While privacy regulations protect individuals’ freedom of speech and safety from persecution, it may also restrain effective crime and terror investigation. In November 2015, the Norwegian Governmental Committee on Digital Vulnerability delivered an Official Norwegian Report (NOU) to the Minister of Justice and Public Security in which the problematic issue of balancing surveillance and privacy was emphasized. The intricate challenge is that in-between surveillance and the privacy lays the personal data—the new gold from a commercial perspective, a resource in the fight against terrorism from a security perspective, and a future threat of human rights from an individual perspective.

July 31, 2018

Preparing for Cyber Incidents with Physical Effects

Cyber weapons have been used to steal billions of dollars of intellectual property, influence elections, manipulate news and damage critical infrastructure. Yet, we think of cyberattacks as only a technology problem, which are handled by smart computer network technicians capable of discovering a breach and developing patches to mitigate the problem. Certainly, technical solutions are a big part of cyber preparedness. But what if cyberattacks combine denial of services in cyberspace with targeted attacks on critical infrastructure, causing massive damage and loss of life in the physical world?

July 31, 2018

Operationalizing Cybersecurity — Framing Efforts to Secure U.S. Information Systems

Society has become utterly dependent on information systems (IS) to power everyday life. While this seismic shift has taken place, the security of those IS and their consequential information assets has not taken a front seat alongside innovation, resulting in breaches of trust and loss of corporate goodwill. Organizations are struggling to find an effective approach that encompasses not just technical aspects of cybersecurity, but also improves people and processes. This article will define, discuss, and operationalize the technical, semantic, and effectiveness aspects of cybersecurity and their application into the organizational construct.

July 31, 2018

Multifactor Authentication – A New Chain of Custody Option for Military Logistics

“An Army Marches On Its Stomach,” is a quote attributed to both Napoleon and Frederick the Great. [1] Both men certainly would attest to the veracity of the sentiment—without secure supply lines, no army can survive for very long. This reliance has grown beyond mere food and now encompasses a broad range of materiel from pencils to remotely piloted drones. By their very nature, military supply chains are a high-value target for thieves, saboteurs, and counterfeiters. Fraudulent materials, particularly those switched out for high-grade defense aerospace technologies, represent a serious risk to military operations. When materials that can’t meet military standards fail in combat situations, it is the warfighter or the innocent bystander who pays the price.

July 31, 2018

Maneuverable Applications: Advancing Distributed Computing

Extending the military principle of maneuver into the war-fighting domain of cyberspace, academic and military researchers have produced many theoretical and strategic works, though few have focused on researching the applications and systems that apply this principle. We present a survey of our research in developing new architectures for the enhancement of parallel and distributed applications. Specifically, we discuss our work in applying the military concept of maneuver in the cyberspace domain by creating a set of applications and systems called “maneuverable applications.” Our research investigates resource provisioning, application optimization, and cybersecurity enhancement through the modification, relocation, addition or removal of computing resources.

July 31, 2018

Making the Point— West Point’s Defenses and Digital Age Implications, 1778-1781

Despite obvious distinctions, parallels exist between 18th century era fortification and the purposes, processes, and implications of pursuing security in an artificial cyber realm of the 21st century. The Revolutionary War era fortification of the Hudson River bottleneck focused upon the West Point area between 1778 and 1781. Differing professional perspectives and factors such as available resources led to disagreement about the defensive concept, and Thaddeus Kosciuszko’s construction of layered defenses strengthened the US position in the region during the latter phases of the war. British failure in a belated overland raid, demonstrating an inability to “brute” the new defenses, led to British interest in leveraging an insider threat (Benedict Arnold), but then as now, insider threats could not automatically guarantee success.

July 31, 2018

Is There a Cybersecurity Dilemma?

A security dilemma is said to exist when one country cannot make itself more secure without making another less secure. [2] Circa 1913, for instance, if a major European country sought security by drafting more men, its neighbors would feel impelled to do likewise to recover their former levels of security. During the Cold War, when deterrence was the only feasible response to threat posed by the other side’s nuclear weapons, any attempt to build more weapons or bring them to a higher state of readiness (for retaliatory purposes only, it would be claimed) would alarm the other side who would feel impelled to do likewise.

July 31, 2018

Interpreting China’s Pursuit of Cyber Sovereignty and its Views on Cyber Deterrence

On December 31, 2015, Chinese officials announced a substantial reorganization of the armed forces. [1] The reforms cut across the entire People’s Liberation Army (PLA),[2] and constitute the most dramatic reorganization of China’s armed forces since the 1950s. [3] President Xi Jinping described the reforms as essential for modernizing the military. [4] and the reorganization affirmed the PLA’s fidelity to the Chinese Communist Party (CCP). [5] The reform also established a new service branch called the Strategic Support Force (SSF) on par with the Army, Navy, Air Force, and Rocket Force. Among its many missions, the SSF secures electromagnetic space and cyberspace. [6] China’s military pundits lauded the SSF as necessary for twenty-first century warfare. [7] For years, the PLA has fielded cyber capabilities at various levels of command, and the SSF elevates control of cyber operations to the highest echelons. [8] Ultimately, the PLA employs cyber forces to ensure cyber sovereignty (wangluo zhuquan) and safeguard the Chinese Dream across all domains.