Fall 2024

A Note from the Guest Editors

Welcome to this special issue of Journal of Information Warfare, which highlights the collaborative efforts of The Coastal Virginia Center for Cyber Innovation (COVA CCI), part of an initiative that unites institutions of higher education in the Coastal Virginia region, in an innovative, interdisciplinary, and multi-institutional partnership to address today’s challenges of cybersecurity education, research and workforce development. Through COVA CCI and broader Commonwealth Cyber Initiative (CCI), scholars from diverse fields come together to share insights and drive research forward in cybersecurity and information warfare. This issue presents a curated selection of papers that exemplify this commitment to interdisciplinary scholarship.

Abstract:

This paper analyzes the cyber threat landscape posed by advanced persistent threats (APTs) attributed to China, Iran, North Korea, and Russia. It focuses on active groups and their cyber activities targeting the United States. Utilizing cyber threat intelligence data from authoritative sources such as Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI), Mandiant, and MITRE, this study identifies twelve key APT groups attributed to the four adversarial nations and creates a quick profile for each nation and group. It explores the common techniques and sub-techniques employed by each nation and then across all four nations. Examination of these nations, groups, and techniques then informs a list of six actionable mitigations that will enhance cybersecurity defenses targeting these adversarial groups in an efficient manner: User Training, Restrict Web-Based Content, Privileged Account Management, Network Intrusion Prevention, Execution Prevention, and Antivirus/Antimalware.

Abstract:

This study delves into the escalating cybersecurity concerns in the maritime sector as technology becomes more integrated with daily operations. Focused on the Hampton Roads region, it employs Grounded Theory to decipher the intricate dynamics of cybersecurity. Through interviews with key stakeholders and participant observation, it aims to grasp the challenges, risks, and remedies pertinent to maritime cybersecurity. Additionally, it scrutinizes existing frameworks and regulations to gauge their efficacy. Initial findings reveal resistance from organizations in complying with cybersecurity standards, hinting at pervasive vulnerabilities. The research promises to enrich scholarly dialogue and practical strategies for maritime entities, cybersecurity practitioners, and policymakers. By shedding light on the unique cybersecurity landscape of the Hampton Roads area, the study seeks to foster tailored approaches for bolstering cybersecurity resilience in maritime operations. This endeavor is crucial amid the digitalization wave, underscoring the imperative of safeguarding maritime activities for their safety, security, and sustainability.

Abstract:

One form of libertarian political ideology—cyberlibertarianism—aligns with libertarian principles applied to cyberspace and emphasizes minimal government intervention for individuals’ engagement in online spaces. Examples from media politics scholars provide insights into how cyberlibertarian beliefs intersect with social issues, like free speech advocacy and online behavior regulation. The current work aims to define cyberliberationist extremism thoroughly and to contrast how its ideological messages might differ from traditional far-left and far-right political extremist messaging. In a case study analysis, the authors pose three questions, investigate notable activities by the hacking group Anonymous, and argue that these actions fall under cyberlibertarian extremism. The work ends with an informed discussion regarding the societal consequences of cyberlibertarian extremism.

Abstract:

This paper proposes a novel, beneficial application of deepfake technology in the realm of moving target obfuscation information security defence mechanisms. This defensive obfuscation technique aims to utilize generative artificial intelligence systems to synthesize honeypot datasets that mimic certain characteristics of sensitive and highly sought-after datasets by threat actors. By synthesizing and intentionally making available realistic but fake datasets within information systems, this novel technique has the potential to (1) mislead threat actors from acquiring their target data during their data breach attempts, and (2) render any corpus of breached datasets useless.

Abstract:

Social media is currently understood as a potential path to extremist beliefs, which sometimes lead to violent action. Current enabling technologies of Internet infrastructure, personalized advertisement targeting, and AI generated text and images allow for the previously expensive process of instigating extremism to be done via online services for exponentially less time and resources than previously possible. The historical context that ‘approves’ murder is explored with foci on modern engagements. This includes modern calls to violence. The specificity of the call to violence is explored. A hypothethical case study is presented as an example for a potential call to violence.

Abstract:

Artificial Intelligence (AI) has become a key driver of productivity gains across various industrial sectors, including naval shipbuilding and repair. By integrating AI into supply chain operations, these industries can achieve greater efficiency, cost savings, and resilience. AI’s ability to optimize processes and enhance decision making offers significant advantages. However, with the growing use of AI, the risks of cybersecurity incidents also increase. As the use of AI-based systems becomes more prevalent, the potential for cybersecurity vulnerabilities and incidents also grows. These incidents could have severe repercussions, potentially compromising the integrity of supply chains, disrupting manufacturing operations, and exposing sensitive data. This paper explores the role of AI in supply chain management within the naval shipbuilding and repair industry, focusing on both the benefits and the emerging cybersecurity risk management and other challenges associated with AI adoption. It provides insights into balancing innovation with the need for strong cyber defenses in this vital sector.

Abstract:

The rising reliance on digital technologies to share information across different actors in the supply chain and the evolving integration of systems across organizations to achieve end-to-end visibility has increased the supply chain’s exposure to cyber threats. This paper focuses on developing a framework for cyber protection of inter-organizational information sharing in the supply chain, focusing on governance mechanisms adopted by the leading actors. The governance models and the information-sharing type shape the cyber protection required in terms of cybersecurity investments, training, and organizational structures. This paper extends the concepts of the Port Community System (PCS) towards a more comprehensive complex supply chain structure.