NATO Cooperative Cyber Defence Centre of Excellence

About: NATO Cooperative Cyber Defence Centre of Excellence is a facility organization based out in Tallinn, Estonia. It is known for research contribution in the topics: Cyberwarfare & Network security. The organization has 20 authors who have published 20 publications receiving 139 citations.

Personal control of privacy and data: Estonian experience

Abstract: The Republic of Estonia leads Europe in the provision of public digital services. The national communications and transactions platform allows for twenty-first century governance by allowing for transparency, e-safety (inter alia privacy), e-security, entrepreneurship and, among other things, rising levels of prosperity, and well-being for all its Citizens. However, a series of Information Infrastructure attacks against the Estonian e-society infrastructure in 2007 became one of best known incidents and experiences that fundamentally changed both Estonian and international discussions about Cyber Security and Privacy. Estonian experience shows that an open and transparent attitude provides a good foundation for trust between the Citizen and the State, and gives more control to the real owner of the data - the Citizen. Another important lesson is that the Citizen needs to be confident in the government’s ability to keep their data safe -- in terms of confidentiality, integrity and availability - establishing a strong link between privacy and information security. This paper discusses certain critical choices, context, and events connected to the birth and growth of the Estonian e-society in terms of Privacy.

Using Security Logs for Collecting and Reporting Technical Security Metrics

Abstract: During recent years, establishing proper metrics for measuring system security has received increasing attention. Security logs contain vast amounts of information which are essential for creating many security metrics. Unfortunately, security logs are known to be very large, making their analysis a difficult task. Furthermore, recent security metrics research has focused on generic concepts, and the issue of collecting security metrics with log analysis methods has not been well studied. In this paper, we will first focus on using log analysis techniques for collecting technical security metrics from security logs of common types (e.g., Network IDS alarm logs, workstation logs, and Net flow data sets). We will also describe a production framework for collecting and reporting technical security metrics which is based on novel open-source technologies for big data.

Influence Cyber Operations: The use of cyberattacks in support of Influence Operations

Abstract: Information Warfare and Influence Operations are, in principle, intended to get your own message across or to prevent your adversary from doing so. However, it is not just about developing a coherent and convincing storyline as it also involves confusing, distracting, dividing, and demoralising the adversary. From that perspective, cyberspace seems to be ideal for conducting such operations that will have disruptive, rather than destructive outcomes.

Detecting anomalous network traffic in organizational private networks

Abstract: During the last decade, network monitoring and intrusion detection have become essential techniques of cyber security. Nowadays, many institutions are using advanced solutions for detecting malicious network traffic, discovering network anomalies, and preventing cyber attacks. However, most research in this area has not been conducted specifically for organizational private networks, and their special properties have not been considered. In this paper, we first present a study of traffic patterns in a corporate private network, and then propose two novel algorithms for detecting anomalous network traffic and node behavior in such networks.