NATO Cooperative Cyber Defence Centre of Excellence

About: NATO Cooperative Cyber Defence Centre of Excellence is a facility organization based out in Tallinn, Estonia. It is known for research contribution in the topics: Cyberwarfare & Network security. The organization has 20 authors who have published 20 publications receiving 139 citations.

Cyber War in Perspective: Lessons from the Conflict in Ukraine

Abstract: This chapter looks at a prominent case study, the Russo-Ukrainian crisis— from the protests at Euromaidan to the occupation of Crimea and the war in Eastern Ukraine—with the aim to understand the effects and the strategic role of offensive cyber operations. An analysis of the cyber incidents in Ukraine supports the argument that the underlying nature of interstate armed conflict has not yet revolutionarily changed due to the use of offensive cyber operations. The chapter reveals that, whilst playing an important role, offensive cyber operations have not provided a decisive advantage for states.

Counterfeiting and Defending the Digital Forensic Process

Abstract: During the last years, criminals have become awareof how digital evidences that lead them to courts and jail arecollected and analyzed. Hence, they have started to develop antiforensictechniques to evade, hamper, or nullify their evidences. Nowadays, these techniques are broadly used by criminals, causing the forensic analysis to be in a state of decay. To defeatagainst these techniques, forensic analyst need to first identifythem, and then to mitigate somehow their effects. In this paper, wereview the anti-forensic techniques and propose a new taxonomythat relates them to the initial phase of a forensic process mainlyaffected by each technique. Furthermore, we introduce mitigationtechniques for these anti-forensic techniques, considering thechance to overcome the anti-forensic techniques and the difficultyto apply them.

Frankenstack: Real-time Cyberattack Detection and Feedback System for Technical Cyber Exercises

Abstract: This paper describes a situation awareness framework, Frankenstack, that is the result of a multi-faceted endeavor to enhance the expertise of cybersecurity specialists by providing them with real-time feedback during cybersecurity exercises and verifying the performance and applicability of monitoring tools during those exercises. Frankenstack has been recently redeveloped to improve data collection and processing functions as well as cyberattack detection capability. This extensive R&D effort has combined various system and network security monitoring tools into a single cyberattack detection and exercise feedback framework.Although Frankenstack was specifically developed for the NATO CCD COE’s Crossed Swords exercise, the architecture provides a clear point of reference for others who are building such monitoring frameworks. Thus, the paper contains many technical descriptions to reduce the gap between theoretical research and practitioners seeking advice on how to implement such complex systems.

NATO’s new cyber domain challenge

Abstract: Cyber has been on NATO’s agenda since 2002, with clear mandates and taskings from Summits and Ministerials on how to develop its capacity in the area. Yet, despite an increasingly cyber-dependent world and visible progress on the Alliance’s civilian side, NATO has had no visible track record on how this change in the way the world does business has had an impact on its key military structure and enabler for collective defence - the NATO Command Structure (NCS). At their July 2016 Summit in Warsaw the NATO Heads of State and Government declared cyber to become an operational domain for the Alliance. The paper argues that in order to cope with the new situation and to deliver on the commitment NATO needs to consider establishing a Cyber Command within the NCS. This is a matter of urgency especially as within the new domain the Alliance will need to face an increasingly challenging cyber threat landscape. In addition, it will also need to live up to its current Strategic Concept by addressing all the three core areas – collective defence, crisis management and cooperative security – in cyber. Last but not least, it would play an increasing role for the Alliance in terms of its deterrence posture.

Android Dumpsys Analysis to Indicate Driver Distraction

Abstract: Police officers investigating car accidents have to consider the driver’s interaction with a mobile device as a possible cause. The most common activities such as calling or texting can be identified directly via the user interface or from the traffic metadata acquired from the Internet Service Provider (ISP). However, ‘offline activities’, such as a simple home button touch to wake up the screen, are invisible to the ISP and leave no trace at the user interface. A possible way to detect this type of activity could be analysis of system level data. However, security countermeasures may limit the scope of the acquired artefacts.