European Conference on Cyber Warfare and Security最新文献

{"title":"Legal and ethical issues of pre-incident forensic analysis.","authors":"I. Sutherland, Matthew Bovee, K. Xynos, H. Read","doi":"10.34190/eccws.22.1.358","DOIUrl":"https://doi.org/10.34190/eccws.22.1.358","url":null,"abstract":"Investigators searching for digital evidence may encounter a variety of different IoT (Internet of Things) devices. Data in such devices and their environments can be both valuable, but also highly volatile. To meet best practices and to process these devices in an expeditious and forensically-sound manner, an investigator should have a predefined plan. Developing such plans requires prior knowledge developed through the exploration and experimentation of the “target” devices. The expanding variety, number, and pervasiveness of IoT devices means there is an increasing need for pre-incident analysis to ensure forensic tools and techniques acquire, preserve and document evidence appropriately. Many of these IoT devices have proprietary file- and operating-systems and may employ mechanisms to protect intellectual property by limiting or preventing access by researchers. Disassembly of the device and circumventing these mechanisms may be restricted by contract, end-user licence agreement (EULA) or legislation regarding intellectual-property rights. Legislative exclusions exist for security research, in some jurisdictions, permitting legitimate analyses. The pre-incident analyses of hardware to establish a forensic process bear some similarity to vulnerability and security research, however there are distinct differences in their end goals. This paper discusses the legal and ethical issues that may be encountered when conducting pre-incident forensics analyses focussing on IoT hardware. It highlights areas of particular concern, identifies best practice and subjects requiring future work as presented in the literature before providing a series of recommendations for forensics investigators processing these types of devices.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116715501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Semiotics of Strategic Narratives of \"Antichrist\" in Russia’s War in Ukraine","authors":"M. Hotchkiss","doi":"10.34190/eccws.22.1.1102","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1102","url":null,"abstract":"The Russian war in Ukraine which began on February 24, 2022 coincides with the ongoing schism of the Moscow Patriarchate of the Russian Orthodox Church from the Ecumenical Patriarchate of Constantinople, to which the Orthodox Church of Ukraine affiliates. In this setting, spiritual and secular leaders in Russia and Ukraine have mutually utilised narratives of the Antichrist and Satan to explain Russian attacks on Ukraine, imbuing a “spiritual” dimension to the strategic communications in the conflict. This paper applies a semiotic approach to analysing the antichrist and satanic myths at play in the context of ideological “strategic narratives”, and the conflict of meanings which emerges from these competing narratives. In Russia, these ideomyths have long been utilised as ideological tools which place the nation metaphysically in perennial militant opposition to the West. However, Ukraine which is striving to leave the Russian orbit and join the West has reciprocally framed Russia and its leader in similar concepts. In conclusion, this paper argues that there is opportunity for the creation of political messaging which can frame the conflict in spiritual and moral terms that can resonate with both Western and Russian thinkers.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130693987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Whole-of-Society Approach to Organise for Offensive Cyberspace Operations: The Case of the Smart State Sweden","authors":"Gazmend Huskaj, Stefan Axelsson","doi":"10.34190/eccws.22.1.1188","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1188","url":null,"abstract":"Threat actors conduct offensive cyberspace operations for many purposes, such as espionage, to destroy information assets, and cybercrime. These operations are possible thanks to the innovation and development of information and communications technologies (ICT). Interconnected information systems have transformed societies positively. However, specific states exploit these systems' vulnerabilities to advance their strategic national interests. Therefore, it is important to know how a state can organise itself to defend against threat actors. The purpose of this research is to present how the smart state Sweden can through a whole-of-society approach organise for Offensive Cyberspace Operations. The intent is to conduct an active and independent foreign-, security- and defence policy, but also as a base for deterrence and defence. This article is based on a mixed methods approach. It uses the case study research strategy to discover new information. Fourteen men and women participated in individual semi-structured interviews. The respondents ranged in age from 40 to 65 with more than 20 years of experience in cyberspace operations, intelligence operations, military operations, special forces operations, and knowledge and understanding about information warfare and information operations. The analytic strategies include thematic analysis and quantitative methods to interpret the data. The results show many themes, but the article is especially focused on the themes of Operations, Capability, Policy & Governance, and Legal Frameworks. Finally, a conceptual map of a whole-of-society approach to organise for offensive cyberspace operations is presented inferred from the themes, codes, and content, and mapped to each responsible agency based on the interviews and codes. The answer to the research question is that Sweden should have a whole-of-society approach to organise for Offensive Cyberspace Operations to project power in and through cyberspace with the intent to conduct an active and independent foreign, security and defence policy and for deterrence, as described in Figure 2.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127106120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Designing an Email Attack by Analysing the Victim’s Profile. An Alternative Anti-Phishing Training Method","authors":"D. Lappas, P. Karampelas","doi":"10.34190/eccws.22.1.1178","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1178","url":null,"abstract":"According to Thomson-Reuters the top cyber threat today is phishing in which people are tricked either to click a malicious link or give out personal information. It’s a fact that 96% of these phishing attacks comes from emails, which amount to more than 3.4 billion daily, as reported by Cisco. Austrian aerospace company FACC, Belgian bank Crelan, Acorn financial services and many other companies were recently fell victims of phishing emails losing millions of dollars. Even if experts provide lists of signs that users should seek in an email in order to understand if it is legitimate or scam, the attackers have elevated the quality of the email messages making them believable and very hard to discern them. In order to respond to this elevated threat, unconventional user training is required, focusing on recognizing a phishing email. Knowing how an attacker thinks and prepares the attack vector against a target, we claim that it will make users more suspicious when they receive one. In this regard, an innovative education intervention (consisted of two phases) was designed and developed. In the first phase, 98 participants were asked to visit an artificial social media profile and prepare a phishing email in order to persuade the victim to click a link. Then, the participants were presented with an innovative guided workflow to prepare a spear phishing email which was based on social media intelligence. In the second phase, they were asked to prepare one more email for the same person applying this time the guided workflow. Comparing the two different emails created, we found that the guided workflow led to the creation of more authentic emails which could potentially trick the victim easier. Based on the theory of active learning, we believe that by teaching users how attackers exploit their personal information in order to develop their attack vectors, it will increase their awareness not only for the typical phishing emails but also for more sophisticated spear phishing attacks.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"167 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127198512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A New Interpretation of Integrated Deterrence: Physical and Virtual Strategies","authors":"Jim Chen","doi":"10.34190/eccws.22.1.1314","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1314","url":null,"abstract":"The integrated deterrence strategy, backstopped by nuclear deterrent, calls for seamless collaboration in deterrence across warfighting domains, using all instruments of national power, and with allies and partners. Being a warfighting domain and being closely related to the information instrument of national power, the cyber domain should certainly be included, and cyber deterrence should play a significant role in the integrated deterrence strategy. Nevertheless, as cyber deterrence seems not to be as effective as it is expected at least currently, some scholars and practitioners doubt its mere existence, not mentioning the role that it can play in the integrated deterrence strategy. This paper argues that not having deterrence in cyberspace leaves a blank spot in the strategy since some critical functionality of deterrence in cyberspace cannot easily be replaced. By recognizing the unique strategic context of cyberspace, the paper maintains that deterrent effect can actually be achieved in unique ways in this space. To further explore the unique role that deterrence in cyberspace plays within the integrated deterrence strategy, this paper proposes a multi-level and multi-aspect architecture for integrated deterrence strategy. This novel architecture is able to cover varied levels of strategic environments both below and above the threshold of armed conflict. It is also able to correlate varied deterrent measures with varied strategic environments categorized via various aspects, such as diplomacy, information, military, economy, etc. This paper shows that the inclusion of deterrence in cyberspace can empower the strategy by making the strategy flexible enough in tackling various challenges. Eventually, the strategy can make its contribution in preventing war and maintaining peace.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"111 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116463360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detect, Deny, Degrade, Disrupt, Destroy, Deceive: which is the greatest in OCO?","authors":"Tim D. Grant","doi":"10.34190/eccws.22.1.1089","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1089","url":null,"abstract":"In the cyber kill chain literature, possible courses of action are listed as detect, deny, degrade, disrupt, destroy, and deceive (a.k.a. “the 6Ds”). These verbs denote defensive action to be taken against an intruder. By comparison, military doctrine for cyberspace operations encompasses cyberspace exploitation and attack, as well as defence. The question arises whether the 6Ds are also applicable to offensive action, i.e. exploitation and attack, or whether additional action verbs are needed. Military doctrine is evolving towards all-domain operations, in which action in cyberspace is integrated with action in the physical domains of land, sea, air, and space. This prompts the question as to whether the 6Ds are also suited to action in a physical domain. A pilot study of actual military operations that integrated cyber and physical action suggests that deception, delay, and denial of organisational and cyber entities is suited to cyber action, while seizure, capture, and destruction of physical entities is suited to physical action. Preference among action verbs may indicate when it is best to engage targets using cyber or physical resources and which action is preferred. This paper identifies which action verbs are best suited to offensive cyber operations in the context of all-domain operations. The paper reviews related theory on cyberspace and the cyber kill chain. It identifies action verbs in US Department of Defense (DoD) doctrine on information and cyberspace operations, comparing them to those in the US DoD Dictionary of Military and Associated Terms. After discussing the findings, the paper draws conclusions and recommends further work.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129732116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Demand Analysis of the Cybersecurity Knowledge Areas and Skills for the Nurses: Preliminary Findings","authors":"J. Rajamäki, Paresh Rathod, K. Kioskli","doi":"10.34190/eccws.22.1.1181","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1181","url":null,"abstract":"The purpose of this paper is to present a preliminary analysis of the cybersecurity market demand in the nursing and health sector. Currently, the market demand study is ongoing under the Digital Europe Programme CyberSecPro project, which strengthens the role of higher education institutions as a provider of practical and working life skills. The project promotes reliable digital transformation in critical sectors, such as healthcare. The rapid development of e-health emphasizes the central position of cybersecurity in healthcare organizations that are increasingly the targets of cyber-attacks. This descriptive literature review explores what a nurse needs to know about cybersecurity. Our results show that awareness of cyber risks is weak in the healthcare sector. Understanding cyber risks and recognizing the effects of one's own activities increases the cybersecurity of the entire organization, therefore cybersecurity training for nurses should be increased. Our study suggested that nurses’ most important cyber skills are their own cyber-safe way of operations, identifying cyber threats related to equipment, identifying the effects of cyber disruptions, and acting in a cyber disruption situation. Future nurse training programs should be updated to include these skills. Additionally, the teaching of nurses must be developed so that it meets these competence needs.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130898750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hybrid threats-possible consequences in societal contexts","authors":"Georgiana-Daniela Lupulescu","doi":"10.34190/eccws.22.1.1119","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1119","url":null,"abstract":"Hybrid threats have become a persistent term in the 21st century geopolitical architecture, acquiring new values ​​as innovative unconventional means come to be used by both state and non-state actors in contemporary conflicts, with a view to obtaining strategic advantages, yet with devastating consequences at individual level. While the armed conflict effects have long been studied, the war metamorphosis with hybrid threats innuendos bring new challenges in assessing societal consequences, even more so, as they are increasingly identified in apparently peaceful times. A multifaced perspective on the threat outcome reveals multiple latent consequences, such as physical, material, psychological and emotional ones. Fear, one of the dominant human emotions, is the first to be triggered when any threat is present, regardless of its occurrence probability or possible effects. Fear becomes a strong drive for individuals’ future actions, sometimes prompting an offensive or defensive reaction previously embedded in the main actor’s behavior. In this context, the present paper aims to identify, analyze and understand the Russian-Ukrainian conflict consequences on the European states’ neighboring population, looking at the reactions and decisions triggered by fear. Using observation as a research method but also the case study method, we identified a series of similarities and differences in these countries’ reaction to solving situations, migration- generated crises, Russian disinformation and propaganda and Ukraine or other European state oriented cyber-attack. The main goal for this approach is to highlight the hybrid threats emotional consequences in conflicts that are more than psychological. Moreover, this is a preliminary step in a PhD research thesis with a view to provide states with solutions for resilience policies, to ensure their citizens’ survival and well-being.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"258 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124232111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Concept of Comprehensive Security as a Tool for Cyber Deterrence","authors":"Maria Keinonen","doi":"10.34190/eccws.22.1.1254","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1254","url":null,"abstract":"Cyber deterrence is often studied from the point of view of deterrence by punishment or offensive cyber strategies. A vast amount of studies claim that deterrence in cyberspace can never be successful with cyber means alone due to technical challenges and the problem of attribution. Some scholars argue that cyber resilience is an essential part of cyber deterrence, since not every cyberattack can be countered. These reviews are usually technical and concentrate on investigating the balance of offensive and defensive cyber strategies. The technical view leaves gaps in the physical and cyber-persona layers of cyberspace. This paper examines resilience from a societal perspective and reflects on the findings of cyber deterrence theories. The Concept of Comprehensive Security (CCS) is a Finnish model for building and sustaining resilience in society. Preparation for disruptive situations is carried out with the operating principle of overall safety, where society´s vital functions are protected in collaboration between the authorities, the business world, organisations, and citizens. The growing importance of cyber security has led to emphasising the importance of cyber resilience in the Concept of Comprehensive Security. This study investigates the possibilities to utilize the CCS as a tool for cyber deterrence and aims to create a new perspective on the international academic discussion of cyber deterrence. The research method is content analysis. The investigated material consists of Finnish CCS documents, as well as academic cyber deterrence and cyber resilience literature. The characteristics of the CCS are compared to the factors found in the cyber deterrence material to answer the research question. The key observation presented in this study is that a comprehensive approach to building resilience in the society is essential for the credibility of cyber deterrence. Resilience in cyberspace should be viewed from the perspective of every layer, including logical, physical and cyber-persona layers.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126288917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Influence Diagrams in Cyber Security: Conceptualization and Potential Applications","authors":"S. Chockalingam, Clara Maathuis","doi":"10.34190/eccws.22.1.1303","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1303","url":null,"abstract":"Over the last years, cyber-attacks are increasing in organizations especially due to the use of emerging technologies and transformation in terms of how we work. Informed decision-making in cyber security is critical to prevent, detect, respond, and recover from cyber-attacks effectively and efficiently. In cyber security, Decision Support System (DSS) plays a crucial role especially in supporting security analysts, managers, and operators in making informed decisions. Artificial Intelligence (AI)-based techniques like Bayesian Networks, Decision Trees are used as an underlying approach in such DSSs. Furthermore, Influence Diagrams (IDs) possess the capability to support informed decision-making based on its existing applications in other domains like medical. However, the complete capability and potential of IDs are not utilised in cyber security especially in terms of its explainable nature for different stakeholders and existing applications in other domains. Therefore, this research tackles the following research question: “What are potential applications of Influence Diagrams (IDs) in cyber security?”. We identified applications of IDs in different domains and then translated it to design potential applications for cyber security issues. In the future, this will help both researchers and practitioners to develop and implement IDs for cyber security-related problems, which in turn will enhance decision-making especially due to its explainable nature for different stakeholders.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132592669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}