European Conference on Cyber Warfare and Security最新文献

{"title":"Legal and ethical issues of pre-incident forensic analysis.","authors":"I. Sutherland, Matthew Bovee, K. Xynos, H. Read","doi":"10.34190/eccws.22.1.358","DOIUrl":"https://doi.org/10.34190/eccws.22.1.358","url":null,"abstract":"Investigators searching for digital evidence may encounter a variety of different IoT (Internet of Things) devices. Data in such devices and their environments can be both valuable, but also highly volatile. To meet best practices and to process these devices in an expeditious and forensically-sound manner, an investigator should have a predefined plan. Developing such plans requires prior knowledge developed through the exploration and experimentation of the “target” devices. The expanding variety, number, and pervasiveness of IoT devices means there is an increasing need for pre-incident analysis to ensure forensic tools and techniques acquire, preserve and document evidence appropriately. Many of these IoT devices have proprietary file- and operating-systems and may employ mechanisms to protect intellectual property by limiting or preventing access by researchers. Disassembly of the device and circumventing these mechanisms may be restricted by contract, end-user licence agreement (EULA) or legislation regarding intellectual-property rights. Legislative exclusions exist for security research, in some jurisdictions, permitting legitimate analyses. The pre-incident analyses of hardware to establish a forensic process bear some similarity to vulnerability and security research, however there are distinct differences in their end goals. This paper discusses the legal and ethical issues that may be encountered when conducting pre-incident forensics analyses focussing on IoT hardware. It highlights areas of particular concern, identifies best practice and subjects requiring future work as presented in the literature before providing a series of recommendations for forensics investigators processing these types of devices.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116715501","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Semiotics of Strategic Narratives of \"Antichrist\" in Russia’s War in Ukraine","authors":"M. Hotchkiss","doi":"10.34190/eccws.22.1.1102","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1102","url":null,"abstract":"The Russian war in Ukraine which began on February 24, 2022 coincides with the ongoing schism of the Moscow Patriarchate of the Russian Orthodox Church from the Ecumenical Patriarchate of Constantinople, to which the Orthodox Church of Ukraine affiliates. In this setting, spiritual and secular leaders in Russia and Ukraine have mutually utilised narratives of the Antichrist and Satan to explain Russian attacks on Ukraine, imbuing a “spiritual” dimension to the strategic communications in the conflict. This paper applies a semiotic approach to analysing the antichrist and satanic myths at play in the context of ideological “strategic narratives”, and the conflict of meanings which emerges from these competing narratives. In Russia, these ideomyths have long been utilised as ideological tools which place the nation metaphysically in perennial militant opposition to the West. However, Ukraine which is striving to leave the Russian orbit and join the West has reciprocally framed Russia and its leader in similar concepts. In conclusion, this paper argues that there is opportunity for the creation of political messaging which can frame the conflict in spiritual and moral terms that can resonate with both Western and Russian thinkers.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130693987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hybrid threats-possible consequences in societal contexts","authors":"Georgiana-Daniela Lupulescu","doi":"10.34190/eccws.22.1.1119","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1119","url":null,"abstract":"Hybrid threats have become a persistent term in the 21st century geopolitical architecture, acquiring new values ​​as innovative unconventional means come to be used by both state and non-state actors in contemporary conflicts, with a view to obtaining strategic advantages, yet with devastating consequences at individual level. While the armed conflict effects have long been studied, the war metamorphosis with hybrid threats innuendos bring new challenges in assessing societal consequences, even more so, as they are increasingly identified in apparently peaceful times. A multifaced perspective on the threat outcome reveals multiple latent consequences, such as physical, material, psychological and emotional ones. Fear, one of the dominant human emotions, is the first to be triggered when any threat is present, regardless of its occurrence probability or possible effects. Fear becomes a strong drive for individuals’ future actions, sometimes prompting an offensive or defensive reaction previously embedded in the main actor’s behavior. In this context, the present paper aims to identify, analyze and understand the Russian-Ukrainian conflict consequences on the European states’ neighboring population, looking at the reactions and decisions triggered by fear. Using observation as a research method but also the case study method, we identified a series of similarities and differences in these countries’ reaction to solving situations, migration- generated crises, Russian disinformation and propaganda and Ukraine or other European state oriented cyber-attack. The main goal for this approach is to highlight the hybrid threats emotional consequences in conflicts that are more than psychological. Moreover, this is a preliminary step in a PhD research thesis with a view to provide states with solutions for resilience policies, to ensure their citizens’ survival and well-being.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"258 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124232111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Concept of Comprehensive Security as a Tool for Cyber Deterrence","authors":"Maria Keinonen","doi":"10.34190/eccws.22.1.1254","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1254","url":null,"abstract":"Cyber deterrence is often studied from the point of view of deterrence by punishment or offensive cyber strategies. A vast amount of studies claim that deterrence in cyberspace can never be successful with cyber means alone due to technical challenges and the problem of attribution. Some scholars argue that cyber resilience is an essential part of cyber deterrence, since not every cyberattack can be countered. These reviews are usually technical and concentrate on investigating the balance of offensive and defensive cyber strategies. The technical view leaves gaps in the physical and cyber-persona layers of cyberspace. This paper examines resilience from a societal perspective and reflects on the findings of cyber deterrence theories. The Concept of Comprehensive Security (CCS) is a Finnish model for building and sustaining resilience in society. Preparation for disruptive situations is carried out with the operating principle of overall safety, where society´s vital functions are protected in collaboration between the authorities, the business world, organisations, and citizens. The growing importance of cyber security has led to emphasising the importance of cyber resilience in the Concept of Comprehensive Security. This study investigates the possibilities to utilize the CCS as a tool for cyber deterrence and aims to create a new perspective on the international academic discussion of cyber deterrence. The research method is content analysis. The investigated material consists of Finnish CCS documents, as well as academic cyber deterrence and cyber resilience literature. The characteristics of the CCS are compared to the factors found in the cyber deterrence material to answer the research question. The key observation presented in this study is that a comprehensive approach to building resilience in the society is essential for the credibility of cyber deterrence. Resilience in cyberspace should be viewed from the perspective of every layer, including logical, physical and cyber-persona layers.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126288917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Designing a high-fidelity testbed for 5G-based Industrial IoT","authors":"D. Cruz, T. Cruz, Vasco Pereira, P. Simões","doi":"10.34190/eccws.22.1.1204","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1204","url":null,"abstract":"With the rise of the Industrial IoT (Internet of Things) and Industry 4.0 paradigms, many control and sensor systems used for IACS (Industrial Automation and Control Systems) have become more complex, due to the increasing number of interconnected field devices, sensors and actuators often being geographically spread across large areas. Supporting these increasingly sophisticated networked scenarios calls for the involvement of telecommunications and utility providers to better support Machine-to-Machine (M2M) communications and infrastructure orchestration, for which 5G technology is considered a perfect match. Nowadays, such 5G networks empower solutions both for consumer and for industrial IoT scenarios, providing the capacity and the means to seamlessly connect a massive number of gadgets and sensors, with diverse data rate requirements, low latency, and low power consumption. Part of this flexibility is also due to the nature of the 5G Service Architecture (SA), which is based on a microservice concept, dividing its core through multiple functions, allowing it to horizontally scale in a flexible way. Furthermore, the 3GPP specifications encompass specific support for verticals by means of slicing and 5G LANs, paving the way for a paradigm shift in terms of the relationship between service, telecom, and operational infrastructure tenants. However, such benefits come at the cost of extra complexity and, consequently, an increased vulnerability surface. This calls for further research focused on improving 5G infrastructure management, service integration and security, which cannot be safely undertaken in production environments, thus motivating the development of suitable 5G testbeds. This research work, which was developed in the scope of the POWER and Smart5Grid P2020 projects, addresses the creation of a high-fidelity environment for 5G-related research, which encompasses a gNodeB and 5G core, together with emulated User Elements (terminal devices) and IoT nodes (in this specific case, Programmable Logic Controllers), constituting a 5G Industrial IoT scenario designed for development and validation of new solutions, security research, or even advanced training purposes. The entire infrastructure is supported via container orchestration technology, providing enhanced scalability and resilience characteristics.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131711218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Demand Analysis of the Cybersecurity Knowledge Areas and Skills for the Nurses: Preliminary Findings","authors":"J. Rajamäki, Paresh Rathod, K. Kioskli","doi":"10.34190/eccws.22.1.1181","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1181","url":null,"abstract":"The purpose of this paper is to present a preliminary analysis of the cybersecurity market demand in the nursing and health sector. Currently, the market demand study is ongoing under the Digital Europe Programme CyberSecPro project, which strengthens the role of higher education institutions as a provider of practical and working life skills. The project promotes reliable digital transformation in critical sectors, such as healthcare. The rapid development of e-health emphasizes the central position of cybersecurity in healthcare organizations that are increasingly the targets of cyber-attacks. This descriptive literature review explores what a nurse needs to know about cybersecurity. Our results show that awareness of cyber risks is weak in the healthcare sector. Understanding cyber risks and recognizing the effects of one's own activities increases the cybersecurity of the entire organization, therefore cybersecurity training for nurses should be increased. Our study suggested that nurses’ most important cyber skills are their own cyber-safe way of operations, identifying cyber threats related to equipment, identifying the effects of cyber disruptions, and acting in a cyber disruption situation. Future nurse training programs should be updated to include these skills. Additionally, the teaching of nurses must be developed so that it meets these competence needs.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130898750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A New Interpretation of Integrated Deterrence: Physical and Virtual Strategies","authors":"Jim Chen","doi":"10.34190/eccws.22.1.1314","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1314","url":null,"abstract":"The integrated deterrence strategy, backstopped by nuclear deterrent, calls for seamless collaboration in deterrence across warfighting domains, using all instruments of national power, and with allies and partners. Being a warfighting domain and being closely related to the information instrument of national power, the cyber domain should certainly be included, and cyber deterrence should play a significant role in the integrated deterrence strategy. Nevertheless, as cyber deterrence seems not to be as effective as it is expected at least currently, some scholars and practitioners doubt its mere existence, not mentioning the role that it can play in the integrated deterrence strategy. This paper argues that not having deterrence in cyberspace leaves a blank spot in the strategy since some critical functionality of deterrence in cyberspace cannot easily be replaced. By recognizing the unique strategic context of cyberspace, the paper maintains that deterrent effect can actually be achieved in unique ways in this space. To further explore the unique role that deterrence in cyberspace plays within the integrated deterrence strategy, this paper proposes a multi-level and multi-aspect architecture for integrated deterrence strategy. This novel architecture is able to cover varied levels of strategic environments both below and above the threshold of armed conflict. It is also able to correlate varied deterrent measures with varied strategic environments categorized via various aspects, such as diplomacy, information, military, economy, etc. This paper shows that the inclusion of deterrence in cyberspace can empower the strategy by making the strategy flexible enough in tackling various challenges. Eventually, the strategy can make its contribution in preventing war and maintaining peace.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"111 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116463360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On Benchmarking and Validation in Wargames","authors":"Adam Wilden, Mehwish Nasim, P. Williams, Tim Legrand, Benjamin Turnbull, P. Williams","doi":"10.34190/eccws.22.1.1132","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1132","url":null,"abstract":"There are multiple arguments for and against wargames. Many scientists do not recognise the science in wargames. It is suggested that there is not enough literature relating to wargaming, for there to be any large-scale research into wargames. This is primarily because scientists often refuse to publish results, thus creating a vicious cycle where research is not published because there is not enough research being published. This ultimately deters researchers from studying wargaming in any serious fashion. Owing to this limitation, published work on the results, and protocols of wargames are scarce in scholarly research. Wargaming has considerably less academic focus with a fragmented and practical focus on design and benchmarking. This is surprising given the long history of wargaming (dating back to the early 1600’s), when compared to the relatively recent history of other domains such as software engineering. To better understand the current state of research into wargaming in reference to benchmarking and validation, a scoping review (SR) was conducted. The scholarly research into wargaming reveals papers on general modelling, conflict modelling, influence modelling, evaluation of wargames, analytical tools, use of AI in wargame design, evaluation of predictive modelling in wargames, improving command and control through wargaming, and cost-benefit analysis for decision making. The initial analysis of the coverage of wargaming research, together with the limited number of papers found, indicate that there is a distinct lack of academic research into wargaming. Additionally, there is a wide variety of areas that are interested in the wargaming field, however, with no universal method of analysis or benchmarking, this limits the reproducibility of results, and the ability to judge the overall effectiveness of wargaming efforts. Wargame designers need to be able to assess wargame components to validate, compare, and predict the effects on gameplay and for decision-makers to draw conclusions with more confidence.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131646317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Spam Email Detection Using Machine Learning Techniques","authors":"Ioannis Moutafis, Antonios Andreatos, Petros Stefaneas","doi":"10.34190/eccws.22.1.1208","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1208","url":null,"abstract":"This paper focuses on the security of electronic mail, using machine learning algorithms. Spam email is unwanted messages, usually commercial, sent to a large number of recipients. In this work, an algorithm for the detection of spam messages with the aid of machine learning methods is proposed. The algorithm accepts as input text email messages grouped as benevolent (“ham”) and malevolent (spam) and produces a text file in csv format. This file then is used to train a bunch of ten Machine Learning techniques to classify incoming emails into ham or spam. The following Machine Learning techniques have been tested: Support Vector Machines, k-Nearest Neighbour, Naïve Bayes, Neural Networks, Recurrent Neural Networks, Ada Boost, Random Forest, Gradient Boosting, Logistic Regression and Decision Trees. Testing was performed using two popular datasets, as well as a publicly available csv file. Our algorithm is written in Python and produces satisfactory results in terms of accuracy, compared to state-of-the-art implementations. In addition, the proposed system generates three output files: a csv file with the spam email IP addresses (of originating email servers), a map with their geolocation, as well as a csv file with statistics about the countries of origin. These files can be used to update existing organisational filters and blacklists used in other spam filters.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135286921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detect, Deny, Degrade, Disrupt, Destroy, Deceive: which is the greatest in OCO?","authors":"Tim D. Grant","doi":"10.34190/eccws.22.1.1089","DOIUrl":"https://doi.org/10.34190/eccws.22.1.1089","url":null,"abstract":"In the cyber kill chain literature, possible courses of action are listed as detect, deny, degrade, disrupt, destroy, and deceive (a.k.a. “the 6Ds”). These verbs denote defensive action to be taken against an intruder. By comparison, military doctrine for cyberspace operations encompasses cyberspace exploitation and attack, as well as defence. The question arises whether the 6Ds are also applicable to offensive action, i.e. exploitation and attack, or whether additional action verbs are needed. Military doctrine is evolving towards all-domain operations, in which action in cyberspace is integrated with action in the physical domains of land, sea, air, and space. This prompts the question as to whether the 6Ds are also suited to action in a physical domain. A pilot study of actual military operations that integrated cyber and physical action suggests that deception, delay, and denial of organisational and cyber entities is suited to cyber action, while seizure, capture, and destruction of physical entities is suited to physical action. Preference among action verbs may indicate when it is best to engage targets using cyber or physical resources and which action is preferred. This paper identifies which action verbs are best suited to offensive cyber operations in the context of all-domain operations. The paper reviews related theory on cyberspace and the cyber kill chain. It identifies action verbs in US Department of Defense (DoD) doctrine on information and cyberspace operations, comparing them to those in the US DoD Dictionary of Military and Associated Terms. After discussing the findings, the paper draws conclusions and recommends further work.","PeriodicalId":258360,"journal":{"name":"European Conference on Cyber Warfare and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129732116","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}