Showing papers on "Cyberwarfare published in 2019"

Game theory for adaptive defensive cyber deception

Abstract: As infamous hacker Kevin Mitnick describes in his book The Art of Deception, "the human factor is truly security's weakest link" [18]. Deception has been widely successful when used by hackers for social engineering and by military strategists in kinetic warfare [26]. Deception affects the human's beliefs, decisions, and behaviors. Similarly, as cyber defenders, deception is a powerful tool that should be employed to protect our systems against humans who wish to penetrate, attack, and harm them.

The All-Purpose Sword: North Korea's Cyber Operations and Strategies

Abstract: According to a 2013 briefing from the South Korean National Assembly by the South Korean National Intelligence Service, North Korean leader Kim Jong-un stated, “Cyberwarfare is an all-purpose sword that guarantees the North Korean People's Armed Forces ruthless striking capability, along with nuclear weapons and missiles.” Kim has secretly executed all-purpose cyberattacks to achieve his agenda, regardless of North Korea's diplomatic and economic situation. The “all-purpose sword” has been adapted to the different purposes it has pursued against North Korea's adversaries, such as creating ransomware for financial gain, a cyberweapon to destroy computer systems, and an invisible espionage tool to accumulate sensitive information. This paper is divided into three parts. The first section discusses the will of North Korea to use cyber warfare for different purposes by explaining how its administrative agencies take charge of different fields but carry out cyber operations to achieve their goals. The second section describes and analyzes the interconnectivity in North Korea's suspected cyber operations: specifically, Campaign Kimsuky, Operation KHNP, Operation DarkSeoul, Operation Blockbuster, the Bangladesh Central Bank Heist, and Wannacry. The operations will be categorized by operational goals, showing North Korea's success at achieving its various purposes by these means. In the last section, we suggest a future cyber strategy direction for North Korea based on our analysis of its tactics, techniques and procedures; and how North Korea cooperates with other countries, including countermeasures for countries around the world.

Artificial Intelligence and International Security: The Long View

Abstract: How will emerging autonomous and intelligent systems affect the international landscape of power and coercion two decades from now? Will the world see a new set of artificial intelligence (AI) hegemons just as it saw a handful of nuclear powers for most of the twentieth century? Will autonomous weapon systems make conflict more likely or will states find ways to control proliferation and build deterrence, as they have done (fitfully) with nuclear weapons? And importantly, will multilateral forums find ways to engage the technology holders, states as well as industry, in norm setting and other forms of controlling the competition? The answers to these questions lie not only in the scope and spread of military applications of AI technologies but also in how pervasive their civilian applications will be. Just as civil nuclear energy and peaceful uses of outer space have cut into and often shaped discussions on nuclear weapons and missiles, the burgeoning uses of AI in consumer products and services, health, education, and public infrastructure will shape views on norm setting and arms control. New mechanisms for trust and confidence-building measures might be needed not only between China and the United States—the top competitors in comprehensive national strength today—but also among a larger group of AI players, including Canada, France, Germany, India, Israel, Japan, Russia, South Korea, and the United Kingdom.

A Better State of War: Surmounting the Ethical Cliff in Cyber Warfare

Abstract: : This study analyzes the emergent field of cyber warfare through the lens of commonly-accepted tenets of ethical warfare. By comparing the foundational understanding of concepts that determine the justice of wars (jus ad bellum) and justice in war (jus en bello) with the capabilities cyber warfare offers, this work highlights both causes for concern and opportunities for betterment. The first chapter introduces important contextual information and definitions that frame the arguments to follow. Chapter 2 presents a theoretical overview of ethical warfare from which to build. This overview presents five core tenets: good faith, proportionality, non-combatant immunity, last resort, and sovereignty. Chapter 3 builds on this framework by analyzing how cyber warfare affects each of the core concepts introduced above. The fourth chapter presents a case study that tests the theoretical assertions presented elsewhere in the work. Finally, the conclusion offers a platform for further exploration and surmises opinions regarding ethics and cyber warfare. Cyber warfare offers both nagging difficulties that complicate existing ethical warfare standards and exciting opportunities to improve how warfare is carried out. Decision-makers charged with the authority to carry out acts of cyber warfare must understand the technical limitations of the offensive and defensive components of cyber warfare. Even more importantly, these decision-makers must appreciate how their actions in this burgeoning domain help shape emergent norms and standards that will promulgate through the domain. Cyber warfare has the potential to facilitate effects that were previously only achievable through lethal means. This is an exciting development in terms of ethical warfare. While B.H. Liddell Hart famously proposed the reason for war is to create a better state of peace, cyber warfare offers the potential to create a better state of war.

Systemic Cyber Risk and Aggregate Impacts.

Abstract: With some of the largest cyber attacks occurring in recent years-from 2010 to 2019-we are only beginning to understand the full extent of cyber risk. As businesses grapple with the risks of cyber-incidents and their imperfect ability to prevent them, attention has shifted toward risk management and insurance. While there have been efforts to understand the costs of cyber attacks, the systemic risk-a result of risks spreading across interdependent systems-associated with cyber attacks remains a critical and problem in need of further study. We contribute a theoretical framework that describes systemic cyber risk as the result of cascading, common cause, or independent failures following a cyber incident. We construct a quantitative model of cascading failures to estimate the potential economic damage associated with a given cyber incident. We present an interdisciplinary approach for extending standard sector-level input-output analyses to the cyber domain, which has not been done. We estimate the aggregate losses associated with firm-level incidents, a contribution to risk analysis and computational economic modeling. We use this model to estimate the impact of potential cyber incidents and compare model results to a case with known damages. Finally, we use the model of systemic cyber failure to consider the implications on the growing cyber insurance market and the need for broader cyber policy. While we discuss the topic of systemic cyber risk, our contribution of using I/O analysis to estimate the aggregate losses from firm-level incidents is applicable across a variety of risk analysis applications from environment to health.

Cybersecurity : Protecting Critical Infrastructures From Cyber Attack And Cyber Warfare

Abstract: Preface Acknowledgments Editor Contributors Historical Reference Points in the Computer Industry and Emerging Challenges in Cybersecurity Thomas A. Johnson Critical Infrastructures, Key Assets: A Target-Rich Environment Thomas A. Johnson Protection and Engineering Design Issues in Critical Infrastructures Fred Cohen Cyber Intelligence, Cyber Conflicts, and Cyber Warfare Thomas A. Johnson Cybersecurity: A Primer of U.S. and International Legal Aspects Julie Lowrie Economic Cost of Cybersecurity Thomas A. Johnson Cybersecurity Threat Landscape and Future Trends Thomas A. Johnson Index

The Future of the Russian Military: Russia’s Ground Combat Capabilities and Implications for U.S.-Russia Competition

Abstract: Since 2008 Russia's military forces have improved, enabling Russian military operations in Crimea, eastern Ukraine, and Syria. Researchers analyze the societal, political, economic, and demographic factors that undergird Russian military power. Based on these factors, they analyze how Russian ground combat capabilities will evolve. The challenge for the U.S. military will be to compete in different regions without provoking escalation.

Cybercrime and Risks for Cyber Physical Systems

Abstract: Cyber Physical Systems (CPS) is the integration of computation and physical systems that make a complete system such as the network, software, embedded systems, and physical components. Major industries such as industrial plants, transport, national grid, and communication systems depend heavily on CPS for financial and economic growth. However, these components may have inherent threats and vulnerabilities on them that may run the risk of being attacked, manipulated or exploited by cyber attackers and commit cybercrimes. Cybercriminals in their quest to bring down these systems may cause disruption of services either for fame, data theft, revenge, political motive, economic war, cyber terrorism, and cyberwar. Therefore, identifying the risks has become imperative in mitigating the cybercrimes. This paper seeks to identify cybercrimes and risks that are associated with a smart grid business application system to determine the motives and intents of the cybercriminal. The paper identified four goals to mitigate the risks: as business value, organizational requirements, threat agent and impact vectors. We used the Analytical Hierarchy Process (AHP) to determine the importance of the goals that contribute to identifying cybercrime and risks in CPS. For the results, a case study is used to identify the threat and vulnerable spots and the prioritized goals are then used to assess the risks using a semi-quantitative approach to determine the net threat level. The results indicate that using the AHP approach to identify cybercrime and risk on CPS provides specific risk mitigation goals.

An analysis of North Korean cyber warfare capabilities and impact on USFK and USINDOPACOM

Abstract: Cyberspace is among the four global commons of the human race including, high seas, outer-space and Antarctica. The weaponization of the cyber domain is relatively a new phenomenon in war a...

The Damoclean sword of offensive cyber: Policy uncertainty and collective insecurity

Abstract: Cyberspace is a new domain of operation, with its own characteristics. Cyber weapons differ qualitatively from kinetic ones: They generate effects by non-kinetic means through information, technolo...

Public Policy and The Insurability of Cyber Risk

Abstract: In June 2017, the food and beverage conglomerate Mondelez International became a victim of the NotPetya ransomware attack. Around 1,700 of its servers and 24,000 of the company’s laptops were suddenly and permanently unusable. Commercial supply and distribution disruptions, theft of credentials from many users, and unfulfilled customer orders soon followed, leading to losses that totaled more than $100 million. Unfortunately, Zurich, which had sold the company a property insurance policy that included a variety of coverages, informed Mondelez in 2018 that cyber coverage would be denied under the policy based on the “war exclusion clause.” This case, now pending, will be a watershed moment for the cyber insurance industry, highlighting the great ambiguity around the insurability of certain types of cyber risk and the scope of coverage that insurers will provide in the case of a cyber incident. The literature on the insurability of cyber risk has focused all of its attention on questions of economic efficiency and viability. Scholarship has, for example, examined the actuarial challenges in cyber risk modeling and the likelihood for adverse selection resulting from information asymmetries and lack of historical claims data. Scholars have so far avoided a different set of considerations rooted not in economics but rather in public policy analysis of societal values. This paper lays the framework for such an analysis. Relying on traditional insurance and torts jurisprudence the paper makes the public policy case for limited legal interventions in the indemnification of three controversial categories of cyber harm: (1) acts of cyber terrorism or state-sponsored cyber operations; (2) extortion payments for ransomware attacks; and (3) administrative fines for violations of statutory data protection regulations. In so doing, the paper highlights systemic challenges to cyber insurance underwriting while explaining insurers’ role in increasing societal cyber posture by reducing the likelihood of moral hazard and suboptimal cyber-norms enforcement.

Fighting Shadows in the Dark: Understanding and Countering Coercion in Cyberspace

Abstract: The authors of this report examine cases from Russia, China, Iran, and North Korea to understand whether and how states use cyber operations to coerce other states or actors, and highlight the challenges of identifying cyber coercion. They also propose ways to develop a deeper understanding of cyber coercion and how to counter it.

Improving C2 and Situational Awareness for Operations in and Through the Information Environment

Abstract: It is difficult to achieve command and control and situational awareness of the information environment (IE) because it is not a physical place. Although every military activity has informational aspects, the IE is often not effectively integrated into operational planning, doctrine, or processes. Addressing gaps and shortfalls will require a stronger understanding of the IE, associated concepts and capabilities, and roles and responsibilities.

Design of Cyber Warfare Testbed

Abstract: Innovations doing fine in a predictable, controlled environment may be much less effective, dependable or manageable in a production environment, more so in cyber systems, where every day there is new technology in malware detection, zero-day vulnerabilities are coming up. Considering NCSP-2013, authors propose a realistic cyber warfare testbed using XenServer hypervisor, commodity servers and open-source tools. Testbed supports cyber-attack and defence scenarios, malware containment, exercise logs and analysis to develop tactics and strategies. Further, authors provide ways and means to train cyber warriors, honing their skills as well as maturing attack and defence technologies on this testbed.

Cyber Warfare: Terms, Issues, Laws and Controversies

Abstract: Recent years have shown us the importance of cybersecurity. Especially, when the matter is national security, it is even more essential and crucial. Increasing cyber attacks, especially between countries in governmental level, created a new term cyber warfare. Creating some rules and regulations for this kind of war is necessary therefore international justice systems are working on it continuously. In this paper, we mentioned fundamental terms of cybersecurity, cyber capabilities of some countries, some important cyber attacks in near past, and finally, globally applied cyber warfare law for this attacks.

Silent Battles: Towards Unmasking Hidden Cyber Attack

Abstract: When looking at the media, it can easily be seen that new cyber attacks are reported on a regular basis. The corresponding effects of these attacks can be manifold, ranging from downtime of popular services affected by a rather trivial Denial-of-Service attack, to physical destruction based on sophisticated cyber weapons. This can also range from single affected systems up to an entire nation (e.g., when the cyber incident has major influence on a democratic election). Some of these attacks have gained broader public attention only by chance. This raises the fundamental question: do some cyber activities remain hidden, even though they have a significant impact on our everyday lives, and how can such unknown cyber involvements be unmasked? The authors investigate this question in depth in this paper. The first part of the paper analyzes the characteristics of silent battles and hidden cyber attacks - what needs to be considered on the way towards a better detection of hidden cyber attacks? After that, an evaluation of the current cyber security landscape is provided, summarizing what developments we can see and what we can expect. Based on this, the complexity of detecting hidden cyber attacks is discussed and we ask the question: why does detection fail and how can it be improved? To investigate this question, the capabilities of the attackers are examined and are reflected in a 3-Layer Vulnerability Model. It is shown that a traditional Cyber Kill Chain is not sufficient to detect complex cyber attacks. Therefore, to improve the detection of hidden cyber attacks, a new detection model based on combining the 3-Layer Vulnerability Model and the Cyber Kill Chain is proposed.

The USNA's Interdisciplinary Approach to Cybersecurity Education

Abstract: Faced with unprecedented cybersecurity challenges, the U.S. Naval Academy (USNA) has recognized the need to increase its supply of newly minted officers who have a solid educational foundation in cybersecurity and cyber operations.

Prioritizing investment in military cyber capability using risk analysis

Abstract: Defense capability planning traditionally uses scenario-based war-gaming to support force design decision making and to prioritize investment. Some aspects of cyber warfare are problematic for war-gaming, such as poor characterization of cyber effects and difficulty estimating the true capability of own and opposing forces. In addition, strategic-level assessments typically draw on the expert judgment of senior officers, whose tactical experience likely precedes cyber warfare, and this will limit their intuition in the emerging cyber domain. Risk analysis, and specifically the strategic risk framework, is an alternative approach to prioritizing investment in cyber capabilities, which is well-suited to analysis of cross-domain and whole-of-government functions. This paper illustrates the application of risk analysis to cyber risk for the novel purpose of developing insights for whole-of-force capability analysis.

On Cyber-Enabled Information Warfare and Information Operations

Abstract: The United States has no peer competitors in conventional military power But its adversaries are increasingly turning to asymmetric methods for engaging in conflict Much has been written about cyber warfare as a domain that offers many adversaries ways to counter the US conventional military advantages, but for the most part, US capabilities for prosecuting cyber warfare are as potent as those of any other nation This paper advances the idea of cyber-enabled information warfare and influence operations (IWIO) as a form of conflict or confrontation to which the United States (and liberal democracies more generally) are particularly vulnerable and are not particularly potent compared to the adversaries who specialize in this form of conflict IWIO is the deliberate use of information against an adversary to confuse, mislead, and perhaps to influence the choices and decisions that the adversary makes IWIO is a hostile activity, or at least an activity that is conducted between two parties whose interests are not well-aligned, but it does not constitute warfare in the sense that international law or domestic institutions construe it Cyber-enabled IWIO exploits modern communications technologies to obtain benefits afforded by high connectivity, low latency, high degrees of anonymity, insensitivity to distance and national borders, democratized access to publishing capabilities, and inexpensive production and consumption of information content Some approaches to counter IWIO show some promise of having some modest but valuable defensive effect But on the whole, there are no good solutions for large-scale countering of IWIO in free and democratic societies Development of new tactics and responses is therefore needed

Cyber War and Nuclear Peace

Abstract: The United States must take the lead in reconfiguring nuclear deterrence to withstand cyber war.

Attracting, Recruiting, and Retaining Successful Cyberspace Operations Officers: Cyber Workforce Interview Findings

Abstract: Cyberspace capabilities are critical to national security. However, with a shortage of cyber personnel nationwide and high salaries commanded by some, the Air Force is concerned it may face recruiting and retention challenges within its cyberspace operations officer workforce. To understand potential drivers of attraction to and retention in the career field, researchers conducted interviews with the Air Force's cyberspace operations officer workforce. Recommendations are discussed.

Precision cyber weapon systems: An important component of a responsible national security strategy?

Abstract: Given the advances made in conventional weapon capabilities, precision should by now be the accepted and expected norm in cyberspace as well. In this article I argue that developing precision cyber...

News analysis for the detection of cyber security issues in digital healthcare: A text mining approach to uncover actors, attack methods and technologies for cyber defense

Abstract: Objectives: This research reviews the possibilities of text mining in the area of cybercrime in digital healthcare showing how advanced information retrieval and natural language processing can be used to get insights. The aim is to mine news data to find out what is reported about digital healthcare, what security-related critical events happened, and what actors, attack methods, and technologies play a role there. Methods: Different projects already apply text mining successfully in the cyber domain. However, none of these are specifically tailored to threats in the digital healthcare sector or uses an as big data foundation for analysis. To achieve that goal, different text mining methodologies like fact extraction, semantic fields as well as statistical methods like frequency, correlation and trend calculations were used. The news data for the analysis was provided by the DocCenter from the National Defense Academy (DocCenter/NDA) of the Austrian Armed Forces. About 300,000 news articles were processed and analyzed. Additionally, the open source GDELT dataset was investigated. Results & Conclusion: The data points out that cyber threats are present in digital health technologies and cyberattacks are more and more threatening to organizations, governments, and every person them self. Not only hacker groups, firms, and governments are involved in these attacks, also terroristic organizations use cyberwarfare. That, together with the amount of technology in digital healthcare like pacemakers, IoT, wearables but also the importance of healthcare as critical infrastructure and the dependence on electronic health records makes our society vulnerable.

Cyber Technology and the Arms Race

Abstract: Cyber technology represents digital military capability with the purpose of causing damage to the military strength of a potential enemy. War using conventional weapons may be preceded by a strike using cyber technology. This paper introduces such technology into the theory of conflicts. The cost of war relative to the payoff from victory turns out to be crucial for the results on armament decisions. In the war game, two types of Nash equilibria may arise. One is subject to warfare while the other is not (‘equilibrium of terror’), depending on the perceived cost of war. In a symmetric war game, cyber capabilities are neutral with respect to the investments in conventional weapons, but they make wars more likely. Asymmetric access to cyber technology limits the international arms race with conventional weapons. A low success probability in the cyber programme encourages exercising the cyberattack option as the enemy may not have access to cyber capability. Uncertainty of the success of a cyber programme makes countries cautious when allocating resources not only to these programmes but also in conventional armament.

Mathematical Model of Cyber Intrusion in Smart Grid

Abstract: The impact of cyber attack on the smart grid is a major concern of futuristic grid. Major part of smart grid consists of communication networks interacting with Remote Terminal Units (RTU) through online services. Due to online services using internet or Ethernet the network is prone to cyber attack and cyber war. To detect and mitigate the cyber attack on smart grid, there is a strong urge to understand their different aspects. In this paper, we proposed a mathematical model to understand the cyber attack scenario on smart grid. The proposed model can be easily used to verify the intensity of cyber attack on the given smart grid system.

Strategies for Resolving the Cyber Attribution Challenge

Abstract: : Malicious cyber actors exploit gaps in technology and international cybersecurity cooperation to launch multistage, multijurisdictional attacks. Rather than consider technical attribution the challenge, a more accurate argument would be that solutions to preventing the attacks of most concern, multistage multi-jurisdictional ones, will require not only technical methods, but legal/policy solutions as well. Deep understanding of the social, cultural, economic, and political dynamics of the nation-states where cyber threat actors operate is currently lacking. This project aims to develop a qualitative framework to guide US policy responses to states that are either origin or transit countries of cyber attacks. The current focus of attribution efforts within the national security context concentrates on law enforcement paradigms aiming to gather evidence to prosecute an individual attacker. This is usually dependent on technical means of attribution.2 In malicious cyber actions, spoofing or obfuscation of an identity most often occurs. It is not easy to know who conducts malicious cyber activity. But private sector reports have proven that it is possible to determine the geographic reference of threat actors to varying degrees. Based on these assumptions, nation-states, rather than individuals, should be held culpable for the malicious actions and other cyber threats that originate in or transit information systems within their borders or that are owned by their registered corporate entities. This work builds on other appealing arguments for state responsibility in cyberspace. Engaging the global community to develop a global culture of cybersecurity is a requirement for beginning the mitigation of the risks of countries being used for transiting or originating of malicious cyber acts. The United States will need to build a framework based on the articulated norms of responsible state behavior in cyberspace to legitimize this global engagement.

From Cyber War to Cyber Peace

Abstract: The encompassing trend of digitalisation and widespread dependencies on IT systems triggers adjustments also in the military forces. Besides necessary enhancements of IT security and defensive measures for cyberspace, a growing number of states are establishing offensive military capabilities for this domain. Looking at historical developments and transformations due to advancements in military technologies, the chapter discusses the political progress made and tools developed since. Both of these have contributed to handling challenges and confining threats to international security. With this background, the text assesses a possible application of these efforts to developments concerning cyberspace, as well as obstacles that need to be tackled for it to be successful. The chapter points out political advancements already in progress, the role of social initiatives, such as the cyber peace campaign of the Forum of Computer Scientists for Peace and Societal Responsibility (FifF), as well as potential consequences of the rising probability of cyber war as opposed to the prospects of cyber peace.