ARTICLES

Sept. 5, 2018

Toward Automated Information Sharing California - Cybersecurity Integration Center’s approach to improve on the traditional information sharing models

On August 31, 2015, California Governor Jerry Brown signed Executive Order B-34-15, directing the establishment of the California Cybersecurity Integration Center (Cal-CSIC). The new center operates under the auspices of the Office of Emergency Services (OES), with the California Department of Technology, California National Guard, and the California Highway Patrol acting as the key partners in the coordination of cybersecurity related activities within the State. In his Executive Order, Governor Brown tasks the Cal-CSIC with two primary missions: facilitate information sharing across the state and coordinate statewide responses to cyber incidents. Given the increasing threat from cyberattacks to the State government and all California governments, businesses, and citizens, the Cal-CSIC’s mandate is immediate action to mitigate those risks. It takes significant planning and time to coordinate an incident response capability for statewide deployment, therefore, the immediate focus is to create and implement a statewide information sharing program.

Sept. 5, 2018

The Use of Weaponized “Honeypots” under the Customary International Law of State Responsibility

When most people think of “honeypots,” they picture a plump Winnie-the-Pooh adorably getting stuck while trying to get honey out of a jug—a honeypot. In recent years, the term “honeypot” has migrated to the lexicon of cyberspace and operations. In the rapidly evolving realities ofcomputer security, the term “honeypot” has come to mean: deception

Sept. 5, 2018

Effective Cyber Leadership: Avoiding The Tuna Fish Effect and Other Dangerous Assumptions

When I owned my advertising agency, I too got the opportunity to pursue a dream of directing. In this case, it was for an advertising commercial, and it taught me a leadership lesson I will never forget. We had been shooting for hours when my producer pulled me over and said we needed to take a half-hour break. “The crew needs it, and it’s Union rules,” he informed me. My assumption was that a break wasn’t necessary and that with the right inspiration, the crew could finish up shortly, saving us money. So, ignoring the advice of the producer, I pulled the entire crew together and gave them what I felt was a highly motivational speech about how great they were doing, how I believed they were up for the challenge, and how if we pulled our energies together, we could finish up shortly.

Sept. 5, 2018

Cybersecurity for the Nation: Workforce Development

Cyberspace “is a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.” [1] It is the newest military domain affecting the Operating Environment (OE) and the focus of concern by the President of the United States. In the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, President Trump directed the Department of Defense and other agencies across the whole of government to identify a long-term way ahead to address education and retention of cybersecurity professionals. [2] There are two potential programs Chemical, Biological, Radiological, Nuclear (CBRN) Response Enterprise (CRE) [3] and the Civil Air Patrol (CAP), which could provide a framework that supports long-term education and retention of the US government cyber workforce.

Sept. 5, 2018

Breadth vs. Depth: Best Practices Teaching Cybersecurity in a Small Public University Sharing Models

In recent history, America witnessed cyber breaches at Snapchat, where employees had personal information stolen by way of a phishing scam; Premier Healthcare, which saw unencrypted data pertaining to more than 200,000 users stolen from a laptop; Verizon Enterprise Solutions, who had the information of 1.5 million customers stolen by hackers; and LinkedIn, who saw a 2012 data breach “come back to haunt them when 117 million e-mail and password combinations stolen by hackers four years ago popped up online [1].” These are just some of the many breaches experienced recently, which also included the hacking of a Presidential candidate by actors of a foreign nation-state, potentially an act of cyber warfare.

Sept. 5, 2018

Cybersecurity Architectural Analysis for Complex Cyber-Physical Systems

In the modern military’s highly interconnected and technology-reliant operational environment, cybersecurity is rapidly growing in importance. Moreover, as a number of highly publicized attacks have occurred against complex cyberphysical systems such as automobiles and airplanes, cybersecurity is no longer limited to traditional computer systems and IT networks. While architectural analysis approaches are critical to improving cybersecurity, these approaches are often poorly understood and applied in ad hoc fashion. This work addresses these gaps by answering the questions: 1. “What is cybersecurity architectural analysis?” and 2. “How can architectural analysis be used to more effectively support cybersecurity decision making for complex cyber-physical systems?” First, a readily understandable description of key architectural concepts and definitions is provided which culminates in a working definition of “cybersecurity architectural analysis,” since none is available in the literature. Next, we survey several architectural analysis approaches to provide the reader with an understanding of the various approaches being used across government and industry. Based on our proposed definition, the previously introduced key concepts, and our survey results, we establish desirable characteristics for evaluating cybersecurity architectural analysis approaches. Lastly, each of the surveyed approaches is assessed against the characteristics and areas of future work are identified.

Sept. 5, 2018

Strategic A2/AD in Cyberspace

Through a concise and straightforward narrative, Dr. Alison Lawlor Russell outlines the major issues threatening the United States cyber system through the lens of an A2/AD perspective. Alison Russell is an Assistant Professor of Political Science and International Studies at Merrimack College. How can the people of the United States defend their land and physical assets? This traditional question applies not just to American citizens, but to people across the world and throughout history. A recurring answer is the principle of Anti-Access/Area Denial or A2/AD. The A2/AD strategy is defined as refusing “movement to a theater (anti-access), while [area denial] affects movement within a theater.” Putting these ideas into context, A2 would be the US blocking the Soviet Union’s access to Cuba with a naval quarantine; AD would be hampering the enemy’s ability to maneuver in the Mekong Delta, such as guerilla tactics against US forces in Vietnam.

Sept. 5, 2018

Reconsidering the Consequences for State-Sponsored Hostile Cyber Operations Under International Law

In 2012, then-Secretary of Defense Leon Panetta spoke about the rising dangers of a “cyber Pearl Harbor,” analogizing the potential devastation from a cyberattack to that of the surprise attack on the U.S. naval base in Hawaii in December of 1941. [1] More recently, U.S. Senator John McCain called the Russian meddling in the 2016 elections “an act of war.” [2]The reality of contemporary international relations and the proliferation of cyber operations as an adjunct to both peacetime and wartime operations of states has raised important questions about what would constitute an act of war in the cyber domain, triggering the relevant international legal rules regulating state behavior. As of yet, there is no global consensus about what an act of war carried out by cyber means would look like, versus acts that would fall below the level of an act of war, and although still unlawful, would call for different responses under the law. [3]

Aug. 1, 2018

U.S. Special Operations Forces in Cyberspace

Cyberspace is a human space, as dynamic and uncertain as human nature. No longer simply a technical abstraction or man-made domain unto itself, [1]cyberspace is a growing facet of every-day life that increasingly cuts across all aspects of Special Operations. Cyber is a dynamic space, a global commons of human practice, which embodies the actions, behaviors, and decisions of man.Cyber is also an uncertain space; and although, its future impact to our national security is yet to be determined, it is clearly a space where United States Special Operations Forces (USSOF) have an increasing role in shaping the final outcome. Ultimately,cyber is a human enterprise which empowers and entangles countless global interactions,[2] and is rapidly becoming a preeminent space where human conflicts, and thus USSOF, must play a part.

Aug. 1, 2018

Bring on the Cyber Attacks – The increased predatory power of the restrained red queen in a nationstate cyber conflict

The militarized and contested Internet with a multitude of state-sponsored cyberattacks can generate an evolutionary process when the targeted nation is strengthened by the abundance of information it receives from the attacks.When the targeted nation restrains from retaliating against the attacking adversarial state its systems are perfected, meanwhile the attacking state is denied the feedback needed to stay current and pose a long-term threat. The targeted nation has increased its potential to go from prey to predator, when the accrued knowledge far exceeds the attacker, and the game has changed. The targeted nation can then strike back far superior on the initial attacker compared to the initial attacker’s first moves. In contrast to the Red Queen hypothesis, our Restrained Red Queen model illustrates the adaptive advantage of a targeted nation that decides to selectively counterstrike its aggressor. The reticent targeted nation has benefited from restraining to counter-strike and increases its own survivability by embracing the initial attacks as information that can be converted to superiority over time.