NATO Cooperative Cyber Defence Centre of Excellence

About: NATO Cooperative Cyber Defence Centre of Excellence is a facility organization based out in Tallinn, Estonia. It is known for research contribution in the topics: Cyberwarfare & Network security. The organization has 20 authors who have published 20 publications receiving 139 citations.

The nature of international law cyber norms

Abstract: The special expanded issue of the NATO Cooperative Cyber Defence Centre of Excellence's Tallinn Papers examines the nature, formation and evolution of international legal norms governing cyber activities The inquiry’s foundational premise is that the rules of international law governing cyber activities are identical to those applicable to other types of conduct Any differences in their explication and application are the product of the unique nature of cyber activities, not a variation in the legal strictures that shape their content and usage It conducts the examination by genre of legal norm: treaty, customary law and general principles

Proxy wars in cyber space: the evolving international law of attribution

Abstract: The article examines the use of non-State actors by States to conduct cyber operations against other States. In doing so, it examines attribution of a non-State actor’s cyber operations to a State pursuant to the law of State responsibility, attribution of a non-State actor’s cyber armed attack to a State for the purposes of a self-defense analysis, and attribution of cyber military operations to a State in the context of determining whether an international armed conflict has been initiated. These three very different legal inquiries are often confused with each other. The article seeks to deconstruct the issue of attribution into its various normative components.

Reference Architecture of an Autonomous Agent for Cyber Defense of Complex Military Systems

Abstract: Military strategies will shortly make intensive use of autonomous systems while the Internet of Battle Things (IoBT) will grow military systems’ complexity to new heights. The cyber defense of the battlespace will then become arduous for humans, if not impossible, due to disconnections, the difficulty of supervising masses of interconnected devices, and the scarcity of cyber defense competences on the battleground. An autonomous intelligent cyber defense of the battlefield becomes necessary in such a context. In response to such needs, this chapter presents and illustrates the rationale, concept and future research directions of (Multiple) Autonomous Intelligent Cyber defense Agents, (M)AICA, and NATO’s initial AICA Reference Architecture, AICARA.

Bbuzz: A bit-aware fuzzing framework for network protocol systematic reverse engineering and analysis

Abstract: Fuzzing is a critical part of secure software development life-cycle, for finding vulnerabilities, developing exploits, and reverse engineering. This relies on appropriate approaches, tools and frameworks. File and protocol fuzzing is well covered, multiple approaches and implementations exist. Unfortunately, assessed tools do not posses the required capabilities for working with protocols, where constructing bit groups are not byte aligned. In this paper, a systematic approach is proposed and tool prototype developed for the cyber red teaming purposes. In a case study, the developed Bbuzz tool is used to reverse engineer a proprietary NATO Link-1 network protocol allowing to inject rogue airplane tracks into air operations command and control system.

Frankenstack: Toward real-time Red Team feedback

Abstract: Cyber Defense Exercises have received much attention in recent years, and are increasingly becoming the cornerstone for ensuring readiness in this new domain. Crossed Swords is an exercise directed at training Red Team members for responsive cyber defense. However, prior iterations have revealed the need for automated and transparent real-time feedback systems to help participants improve their techniques and understand technical challenges. Feedback was too slow and players did not understand the visibility of their actions. We developed a novel and modular open-source framework to address this problem, dubbed Frankenstack. We used this framework during Crossed Swords 2017 execution and evaluated its effectiveness by interviewing participants and conducting an online survey. Due to the novelty of Red Team-centric exercises, very little academic research exists on providing real-time feedback during such exercises. Thus, this paper serves as a first foray into a novel research field.