Summer 2024

The recent European Conference on Cyber Warfare and Security (ECCWS), held at the University of Jyväskylä, Finland, in late June 2024 was an outstanding success with a large and successful group of delegates from around the world. Next year, the 2025 ECCWS event will be held at the German Research Center for Artificial Intelligence - DFKI in Kaiserslautern, Germany on 26-27 June 2025, Kaiserslautern, Germany.

We are also looking forward to the next International Conference on Cyber Warfare and Security (ICCWS) to be held at the College of William & Mary (Williamsburg, VA, U.S.) in March of 2025. That series of events has a bench of universities in the US and overseas, who have already tentatively scheduled out locations in North Carolina, United Arab Emirates, California, and then back to Saudi Arabia.

Abstract:

This study examines cybersecurity awareness and practices in Zambian SMEs (small and medium-sized enterprises) that are vulnerable to increasing cyberattacks with significant financial impacts. Through semi-structured interviews, cross-sectional analysis, and reviews of the CISA and ENISA guidelines and Zambian Data Protection Act, insufficient training, defective policy, and reliance on basic tools have been identified as reasons for cyber insecurity. The researchers’ tailored guidelines whetted the interest of Zambian authorities. This research introduces a Cyber Awareness Framework for Zambian SMEs—emphasizing the human element in cybersecurity. Future research should encompass more SME sectors, should address outdated demographic data, and should focus on less digitized businesses.

Abstract:

The United States’ national security strategy is an influence strategy—the effectiveness of which cannot be measured. The strategy’s effectiveness is unmeasurable because influence operations still have not solved the assessment problem. The Department of Defense influence doctrine relies on unreliable practices from advertising and has never taken up a program of research to apply the very advanced psychological science of influence to the national security domain. Robust methods of operational design, variable control, and measurement are absent from national security influence, and there is no organization or mechanism to coordinate and deconflict operations across the whole of government.

Abstract:

This article investigates over 130,000 Telegram messages, 15,000 Telegram forwards, and 750 news articles from Russian-affiliated media to assess the information supply chain between Russian media and Telegram channels covering the war in Ukraine. Using machine-learning techniques, this research provides a framework for conducting argument and network analysis for disambiguating narratives, channels, and users, and mapping dissemination pathways of influence operations. The findings indicate that a central feature of Russian war reporting is actually the prevalence of neutral, non-argumentative language. Moreover, dissemination patterns between media sites and Telegram channels reveal a well-cited information laundering network with a distinct supply chain of covert, semi-covert, and overt channel types active at seed, copy, and amplification levels of operation.

Abstract:

The digitization of the electric energy grid enlarges its attack surface and makes the infrastructure increasingly vulnerable to digital warfare. Therefore, national legislation is central to defending critical energy infrastructure against terrorist and nation-state attacks in cyberspace. Still, previous studies have found shortcomings in cybersecurity legislation. To support smaller countries in their policymaking, this study describes a normative ideal in the form of a consolidated security policy framework. The framework consists of 25 policies that are based on cybersecurity and privacy rules of five countries with strong cyber defence capabilities; the framework addresses five cyberattack scenarios with a very high consequence potential. This study shows that the consolidated policies provide a holistic cyber defence framework, covering strategic, tactical, and operational levels, including obligations on both authority and industry levels.

Abstract:

Amidst the digital revolution, cyber-enabled critical infrastructures are the foundation of societal operations. However, this interconnectivity introduces risks such as cascading failures where disruptions in the power grid affect multiple systems. Global collaboration becomes inescapable in forming holistic approaches that evolve alongside continuous technological advancements to enhance infrastructure resilience. Before these approaches can truly succeed, it is imperative to understand the decision-making processes within these environments and effectively mitigate biases that may alter priorities. This study investigates subconscious biases stemming from perceived solutions, intending to anticipate their potential impact on decision-making prioritization and enhance overall cybersecurity in critical infrastructure resilience.

Abstract:

Digital and technological sovereignty are essential building blocks of the European Union’s (EU) European ambition for a position in the new world order. However, the current dependencies and vulnerabilities along the entire value chain are a massive challenge in the realization of geopolitical claims to power. EUrope must manage the balancing act between a policy guided by values and one guided by interests in order not to lose its own credibility. Will the EU be able to cope with these challenges and project its regulatory power to create another Brussels effect?

Abstract:

This paper investigates the prospective application of large language models (LLMs) in Open-Source Intelligence (OSINT), with particular emphasis on integrating information acquisition processes and the growing significance of prompt engineering for analysts. The research includes a thorough literature review, a proposed information model incorporating LLMs, and underscores the functional utilization of artificial intelligence in OSINT and the associated challenges, primarily the educational needs of security forces. In this context, the study outlines prompt engineering approaches for various OSINT tasks as a crucial skill, necessitating a deep understanding of LLMs to produce validated intelligence. Relevant general prompts are demonstrated. Additionally, the paper discusses the need for updated training in critical thinking, search techniques, and prompt engineering for intelligence professionals. The findings indicate a significant evolution in OSINT methodologies, highlighting the need for ongoing research and education to fully harness AI’s potential in intelligence gathering.

Abstract:

National security influence professionals have always struggled with influence measures of effectiveness and operational assessments. This paper includes fictional examples that illustrate how experimental methods from psychological science can address this problem. Three fictional use cases are examined. A scientific approach to national security influence is essential to accumulating knowledge in this domain. Without it, the information operations community will continue to struggle to identify what works and why.