The role of cyber offensive operations has been under increasing attention in the recent Russo-Ukrainian conflict. The interaction between Russia and Ukraine provides many important insights to the future of hybrid conflict, incorporating cyber offensive operations. There are contextual factors related to the Russo-Ukrainian conflict which require assessment before enduring lessons can be developed. The technical nature of cybersecurity and the constant evolution of both technology and geopolitical affairs mean that each conflict is likely to require an assessment against specific criteria before a stable theory of cyber offensive operations can be captured in the context of hybrid and kinetic warfare. The seven factors presented within this paper are intended to assist future researchers to build a theory of cyber offensive operations, when more data comes to light in future hybrid conflicts.
You cannot protect what you do not know you have. The first rule of cybersecurity is knowing what you have to better protect it. This paper presents an innovative remote inventory pilot for U.S. Army Reserve (USAR) sites’ Facility-Related Control Systems that leverages low-cost hardware, video conferencing, and augmented reality to carry out an asset inventory as defined by USAR. Organisations should consider leveraging augmented reality when planning remote asset inventories.
Maritime shipping has become a trillion-dollar industry that now impacts the economy of virtually every country around the world. It is therefore no surprise that countries and companies have spent billions of dollars to modernize shipping vessels and ports with various technologies. However, the implementation of these technologies has also caught the attention of cybercriminals. For example, a cyberattack on one shipping company resulted in nearly $300 million in financial losses. Hence, this paper describes cybersecurity vulnerabilities present in the international shipping business. The contribution of this paper is the identification and dissection of cyber vulnerabilities specific to the shipping industry, along with how and why these potential vulnerabilities exist.
A second space race has taken off and it is driving the rapid deployment of modernised satellites and other space systems that each introduce new security risks to an aged and already vulnerable ecosystem. The engineering, science, and technology aspects of space security are currently understudied and disjointed, leading to fragmented research and inconsistent terminology. This paper details the results of a global survey of space security experts to define Space Systems Security and the scope of its interdisciplinary knowledge domain. It also provides a review of current space security literature and examines the contemporary space systems context from a security perspective.
The key to a nation’s success is the development of workable strategies, security strategies, and especially a cybersecurity strategy. A problem identified, which this paper addresses, is that there is no visible National Cybersecurity Strategy for South Africa. In contributing to the resolution of this problem, an analysis of the implications of not having a National Cybersecurity Strategy in South Africa is presented in this paper. A combination of the process-based research framework, content analysis, and a subset of the National Institute of Standards and Technology (NIST) framework that we label ‘Prevent, Detect, Respond, and Recover’ (PDR2) are used to perform the analysis.
Cyberspace has been designated by organizations such as NATO as the fifth domain for battlespace, and many nations are already having and/or building their capabilities in the cyber defence environment in order to protect and defend their assets against any onslaught by their adversaries. It is a common belief that many African countries are not well positioned or prepared to respond effectively to cyberattacks against their citizens, critical infrastructure, and government. In many instances, the gap can be traced to the shortage of skills, lack of cybersecurity readiness and preparedness, and lack of investment in cybersecurity programmes, including policies within the military’s strategic, tactical, and operational environments.
A Cybersecurity Operation Centre (SOC) is a centralized hub within an organisation that houses people, processes, and technologies aimed at continuous monitoring of the organization’s assets in order to prevent, detect, analyse, and respond to cybersecurity incidents against that organisation. SOCs are critical to the collection, analysis, and response to cybersecurity events and incidents faced by an organisation. This article discusses the architecture of an SOC that enables quick and timely responses to events and incidents. Firstly, the article describes an architecture of the SOC, the SOC’s processes, personnel, and technologies. Secondly, the article discusses what type of information and logs should be collected, analysed, and interpreted. Lastly the article discusses how to handle an incident through the six stages of incident response.
Up until 1981 I was a professional recording engineer and producer. By pure happenstance, in 1983 I was introduced to encryption while consulting to Western Digital. That work led me to a quite unconventional career shift that put me, an audio engineer, in the middle of international intriques surrounding the early days of information warfare. This is my story.
Twenty years ago, the Journal of Information Warfare published a paper examining the problem of cybercrime and the nature of those responsible for it. Taking its cue from the title of the original paper, this sequel begins by reflecting upon the situation of two decades ago, before jumping forward to examine the landscape of today.
PNNL developed an Adaptive Cyber Integration Framework (ACIF) in a pilot program to facilitate the timely sharing of cyber threat information along with the advancement of situational awareness tools to enhance protection against and respond to critical infrastructure cybersecurity threats. ACIF comprises components implemented iteratively to achieve research and mission goals. The ACIF components include data-generation technologies, analytic-tools development and maturation, data enrichment and fusion, trust building with stakeholders, investigative research, analytic rigor, production, and dissemination. Each component, its importance to the ACIF, and how each can be adopted and applied across other information-sharing sectors and domains are discussed as a case study in this paper.
The holy grail in cyber analytics is to find new ways to understand the information we already have access to. One way to do that is to characterize the data into reasonable sizes and then leverage any known information to generate new insights. Biologists have been using a similar process for decades. This paper introduces the MLSTONES tool set that was developed by leveraging biology and bioinformatics, high-performance computing, and statistical algorithms applied to cyber data and specifically to malware. Furthermore, the paper discusses the tool suite, its applications, and how it compares to or can work with other related tools.
Software-Defined Networking for Operational Technologies, referred to as OT-SDN, is a leading technology to secure critical infrastructure and command and control systems. As the name implies, OT-SDN networks are programmable, which allows system owners to utilise the characteristics of their physical processes to inform the security of their network. There are best practices for deploying OT-SDN into an environment, whether it is all at once or over time (hybrid) that the network is converted to SDN technologies. Through the development of data-mining tools and standardised process control, OT SDN can be deployed reliably. These tools will minimise or eliminate any communication failures during the transition and will provide network owners with complete documentation of their network environment. The resulting documentation could enable or facilitate network owners to pass any audits or policy checks (such as Authority to Operate) before being allowed to utilise the OT-SDN infrastructure.
The U.S. Army Office of Energy Initiatives (OEI) facilitates the procurement of independently owned and operated energy generating assets to support energy resilience capabilities at U.S. Army installations. When developing contracts for these assets, OEI implements a set of cybersecurity requirements it has developed based on energy sector consensus guidance. For many energy projects, these OEI Cybersecurity Requirements are the primary set of cybersecurity requirements the U.S. Army applies. For others, the U.S. Department of Defense Risk Management Framework and Cybersecurity Maturity Model Certification provide additional cybersecurity requirements and guidance.
This research will determine how it is possible to implement the national cyber threat prevention system into the EU level Early Warning System. Decision makers have recognized that lack of cooperation between EU member countries affects public safety at the international level. Separate operational functions and procedures between national cyber situation centres create challenges.
Cyberwarfare, an emerging topic within computer science, has the potential to disrupt power grids, cripple economies, and cause political unrest. This paper first discusses investigations into the different groups behind cyberwarfare activities, from nation states to individual hackers. This is followed by an overview of cyberwarfare attacks covering methods, targets, and impact. Next, the economic, socio-political, and infrastructure impacts from cyberwarfare are considered. The paper concludes with a discussion of ways to mitigate the damage from these types of attacks, the importance of learning from the attack methods, and suggestions to prevent future attacks.
The transportation sector is evolving with the introduction of the Internet of Things (IoT) and Industrial Internet of Things (IIoT). IIoT devices are used in the monitoring and control of industrial and related processes and have many useful applications in the transportation sector. This article provides a comparison between IoT and IIoT, and an overview of the threats, vulnerabilities, risks, and incidents related to their use in the transport infrastructure. A guideline for security standards, frameworks, and controls to govern and secure IoT and IIoT specific to transport infrastructure is proposed, with a focus on the rail and maritime sectors.
New technologies are creating a massive concern for the shipping industry as cyberat-tacks on board ships and in ports continue to rise. More than 90% of world trade is carried by the shipping industry; and, as of 2018, there are more than 53,000 merchant ships sailing the cyber seas. At the same time, these systems are very vulnerable to cyberattacks. Through empirical research, this paper explores the global maritime cybersecurity legal landscape and advances recommendations for policy and legal frameworks essential to ensure safety and security on the cyber sea.
Cybercrime is increasing at a rate few individuals would have predicted. IBM estimated in 2016 that, in 2019, the cost of cybercrime would reach $2 trillion, a threefold increase from the 2015 estimate of $500 billion. The growth of the Internet and the rapid development of technology provide enormous economic and social benefits but at the same time provide platforms for cyber-criminals to exploit. Organised crime is using more sophisticated techniques, which require highly skilled and specialised law enforcement responses.
Although International Humanitarian Law (IHL) is considered applicable to all forms of warfare including future warfare, it does not regulate cyberwarfare in its current form. The South African government has introduced the National Cybersecurity Policy Framework and the Cybercrimes Bill in addition to existing Information Communications Technology legislation. However, the areas of jus in bello (just war) and jus ad bellum (the right to go to war) have not been sufficiently addressed regarding cyberwarfare. This paper seeks to explore the interaction between cyberattacks and IHL and its applicability to the South African cyber environment with an overview of South Africa’s cybersecurity posture and framework within a global context.
For most people, cybersecurity is a difficult notion to grasp. Traditionally, cybersecurity has been considered a technical challenge, and still many specialists understand it as information security, with the notions of confidentiality, integrity, and availability as its foundation. Although many have searched for different and broader perspectives, the complexity and ambiguity of the notion still thwarts a common understanding. While the author was developing and executing a MSc cybersecurity program for professionals with a wide variety of backgrounds and widely differing views on cybersecurity, the lack of a common understanding of cybersecurity was clearly evident. Based on these observations, the author began seeking and defining a new, transdisciplinary conceptualization of cybersecurity that can be widely agreed upon. It resulted in the publication of three scientific papers. This paper is an amalgam of the contents of the three supplemented with some extensions. It turned out that the previously introduced description of two key notions, cyberspace and cybersecurity, is still an adequate starting point. Described here is a set of additional mental models elaborating on these key notions and providing more detail on their meanings.
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.