NATO Cooperative Cyber Defence Centre of Excellence

Abstract: During recent years, establishing proper metrics for measuring system security has received increasing attention. Security logs contain vast amounts of information which are essential for creating many security metrics. Unfortunately, security logs are known to be very large, making their analysis a difficult task. Furthermore, recent security metrics research has focused on generic concepts, and the issue of collecting security metrics with log analysis methods has not been well studied. In this paper, we will first focus on using log analysis techniques for collecting technical security metrics from security logs of common types (e.g., Network IDS alarm logs, workstation logs, and Net flow data sets). We will also describe a production framework for collecting and reporting technical security metrics which is based on novel open-source technologies for big data.

Abstract: The Republic of Estonia leads Europe in the provision of public digital services. The national communications and transactions platform allows for twenty-first century governance by allowing for transparency, e-safety (inter alia privacy), e-security, entrepreneurship and, among other things, rising levels of prosperity, and well-being for all its Citizens. However, a series of Information Infrastructure attacks against the Estonian e-society infrastructure in 2007 became one of best known incidents and experiences that fundamentally changed both Estonian and international discussions about Cyber Security and Privacy. Estonian experience shows that an open and transparent attitude provides a good foundation for trust between the Citizen and the State, and gives more control to the real owner of the data - the Citizen. Another important lesson is that the Citizen needs to be confident in the government’s ability to keep their data safe -- in terms of confidentiality, integrity and availability - establishing a strong link between privacy and information security. This paper discusses certain critical choices, context, and events connected to the birth and growth of the Estonian e-society in terms of Privacy.

Abstract: Information Warfare and Influence Operations are, in principle, intended to get your own message across or to prevent your adversary from doing so. However, it is not just about developing a coherent and convincing storyline as it also involves confusing, distracting, dividing, and demoralising the adversary. From that perspective, cyberspace seems to be ideal for conducting such operations that will have disruptive, rather than destructive outcomes.

Abstract: Tor is one of the most popular technical means of anonymising one's identity and location online. While it has been around for more than a decade, it is only in recent years that Tor has begun appearing in mainstream media and openly catching the attention of governments and private citizens alike. The conflicting interests related to the use and abuse of Tor also raise a number of legal issues that are yet to be analysed in depth in academic literature. This article focuses on a number of relevant legal issues pertaining to Tor and reflects our initial legal comments, while noting that all of the identified legal questions merit further research. After introducing the technical side of Tor and the attitudes of governments towards it, we (1) explore the human rights connotations of the anonymity provided by Tor, coming to the conclusion that this anonymity is an integral part of certain human rights, particularly the right to privacy and the right to freedom of expression. Government activities with respect to Tor should thus not be unlimited. In relation to this, we (2) provide a closer look at the problem of content liability of the Tor exit node operators. Finally, we (3) point out several legal problems in conducting criminal investigations with the need to obtain the evidence from the Tor network. We conduct this legal analysis in the context of international and European law, paying a particular attention to the case law of the European Court of Human Rights and the Court of Justice of the European Union.

Abstract: During the last decade, network monitoring and intrusion detection have become essential techniques of cyber security. Nowadays, many institutions are using advanced solutions for detecting malicious network traffic, discovering network anomalies, and preventing cyber attacks. However, most research in this area has not been conducted specifically for organizational private networks, and their special properties have not been considered. In this paper, we first present a study of traffic patterns in a corporate private network, and then propose two novel algorithms for detecting anomalous network traffic and node behavior in such networks.