2016 International Conference on Cyber Conflict (CyCon U.S.)最新文献

{"title":"Cyber defence information sharing in a federated network","authors":"H. Kantola, M. Jaitner","doi":"10.1109/CYCONUS.2016.7836620","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836620","url":null,"abstract":"Military networks rely today on federated systems with coalition or cooperation partners. Examples of this kind of military networks are the NATO lead ‘Federated Mission Networking’ (FMN) project and the US lead ‘Mission Partner Enterprise’ (MPE). The framework of FMN and MPE are very similar and the development of both frameworks goes hand-inhand. The development and understanding of cyber defense mechanism need to include the importance of the extra challenge that is brought by federating networks. In the attempt to counter the threat, federated networks should form groups of interest, where not only technical information is shared within the group for increased ability to counter intrusions, but also analyzed tactical and operational information and to certain extent intrusion method information. Not all militaries or nations are willing to share information on ‘how’ they protect their own networks, but as this paper shows, there is a need to share information on current events as well as events that have transpired. The aim of this paper is to present aspects what different participants in a federated or mission network should share and elaborate why this information needs to be shared. The key finding is a set of information categories that should be shared in a federated network. The paper will firstly present a generic overview of Responsive Cyber Defense, also known as Defensive Cyber Operations- Responsive actions in US terminology, and introduce previous findings regarding benefits of incident information sharing. The second part of the paper will examine different generic Responsive Cyber Defense situations in order to exemplify the new need for information sharing in a federated context. The paper concludes with recommendations and suggestions on issues to take into consideration when establishing a federated network, where Responsive Cyber Defense capabilities are incorporated.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133679893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Implications of cyber in anti-access and area-denial counters","authors":"M. Assante","doi":"10.1109/CYCONUS.2016.7836611","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836611","url":null,"abstract":"The purpose of this paper is to discuss the implications and application of anti-access and area-denial (A2/AD) strategies to cyber warfare and the approaches needed to defend against such strategies. Traditional A2/AD strategies are used to deny or restrict a military opponent’s access to strategic battle areas. By employing similar methodology to cyber warfare, adversaries can seize control of cyber-dependent platforms, which are then used to negatively affect physical assets and resources. Actively defending against Cyber A2/AD campaigns is especially critical since cyber attacks often occur without the typical warnings and escalation of traditional warfare. Protecting the U.S. against Cyber A2/AD requires a unified cyber defense effort that shares information and resources among intelligence and military teams and civilian infrastructure owners and operators. This paper explores possible approaches and challenges to integrating U.S. cyber defenses, including a deliberation on balancing military assistance against civil liberties and governance concerns. The ability to defend against Cyber A2/AD is dependent on comprehensive preparation. This paper provides a detailed list of actions that the U.S. needs to take in order to successfully prepare itself for a strategic cyber war. The discussion on cyber preparation also includes a summary of geographical areas where Cyber A2/AD activity is anticipated, and lists potential impacts and existing concerns in these areas. A key component to countering Cyber A2/AD is to actively look for threats and react immediately to disrupt the attacks. This can only happen if the cyber defenders are as skilled and as practiced as the attacker. Thus cyber defense training must include exercises, scenarios, and tests that will provide ‘real world’ experiences for trainees. The final section of this paper provides a model scenario that illustrates the stages of a Cyber A2/AD attack and can be used to facilitate further discussion on countering cyber threats.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"164 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134163180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber norms for civilian nuclear power plants","authors":"Christopher M. Spirito","doi":"10.1109/CYCONUS.2016.7836627","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836627","url":null,"abstract":"The international community agrees that the safe operation of civilian nuclear infrastructure is in every population’s best interest. One challenge each government must address is defining and agreeing to a set of acceptable norms of behavior in cyberspace as they relate to these facilities. The introduction of digital systems and networking technologies into these environments has led to the possibility that control and supporting computer systems are now accessible and exploitable, especially where interconnections to global information and communications technology (ICT) networks exist. The need for norms of behavior in cyberspace includes what is expected of system architects and cyber defenders as well as adversaries who should abide by rules of engagement even while conducting acts that violate national and international laws. The goal of this paper is to offer three behavioral cyber norms to improve the overall security of the ICT and Operational Technology (OT) networks and systems that underlie the operations of nuclear facilities. These norms of behavior will be specifically defined with the goals of reducing the threats associated to the theft of nuclear materials, accidental release of radiation and sabotage of nuclear processes. These norms would also include instances where an unwitting attacker or intelligence collection entity inadvertently makes their way into a nuclear facility network or system and can recognize they are in a protected zone and an approach to ensuring that these zones are not exploitable by bad actors to place their sensitive cyber effect delivery systems.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113931460","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Vulnerabilities and their surrounding ethical questions: a code of ethics for the private sector","authors":"Alfonso De Gregorio","doi":"10.1109/CYCONUS.2016.7836615","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836615","url":null,"abstract":"Zero-day vulnerabilities — weaknesses in software that are unknown to the parties who can mitigate their specific negative effects — are gaining a prominent role in the modern-day intelligence, national-security, and law-enforcement operations. At the same time, the lack of transparency and accountability in their trade and adoption, their possible overexploitation or abuse, the latent conflict of interests by entities handling them, and their potential double effect may pose societal risks or lead to the breach of human rights. If left unaddressed, these usage-related challenges call into question the legitimacy of zero-day vulnerabilities as enablers of national security and law enforcement operations and erode the benefits that their proportionate use have for the judiciary, defence, and intelligence purposes. This work explores what the private sector involved in the trade of zero-day vulnerabilities can do to ensure the respect human rights and the benign and societally beneficial use of those capabilities. After reviewing what can go wrong in the acquisition of zero-day vulnerabilities, the article contributes the first code of ethics focused on the trade of vulnerability information, where the author sets forth six principles and eight corresponding ethical standards aimed respectively at guiding and regulating the conduct of this business.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115052120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Crossing the rubicon: identifying and responding to an armed cyber-attack","authors":"Nerea M. Cal","doi":"10.1109/CYCONUS.2016.7836612","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836612","url":null,"abstract":"Over the past decade, the securitization of cyber technologies has dramatically altered the landscape of war. Beyond the technical challenges of countering nefarious cyber activities in a globalized and interconnected world, this new domain generates equally complex questions with respect to the conduct of war, the implementation of international law, and how to adjudicate actions perpetrated by non-state actors. Though the US maintains that existing international law applies to warfare in cyberspace, implementing the traditional rules of armed conflict in this domain presents challenges due in part to the blurring of boundaries that complicate the question of sovereignty as well as attribution. Neither current international law nor United States defense policy has resolved the question of what classifies as an armed attack in cyber-space nor how to adjudicate attacks perpetrated by non-state actors. This paper will address the question of what constitutes an “armed attack” in cyberspace, and how - once it has attributed responsibility – the United States should respond to this type of warfare. Written with the presumption that the United States should lead efforts to shape international law in this field, this paper will briefly outline the set of international laws governing war, the challenges in applying them to cyber-warfare, and provide recommendations for how to apply the law of armed conflict in cyberspace. Specifically, it will advocate for an effectsbased definition of an armed attack that provides a legal avenue for the United States to respond to cyber-attacks perpetrated by non-state actors.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"162 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122298234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber attacks: the fog of identity","authors":"V. Greiman","doi":"10.1109/CYCONUS.2016.7836617","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836617","url":null,"abstract":"Whether a criminal, warrior, terrorist, or spy, the rise of cyber attacks has created a whole new dimension to cyberspace. Despite the advancement of cyber security systems and multilateral security initiatives, the global electronic marketplace remains vulnerable to grave cyber intrusions. Unlike the war-fighting domains of sea, air, land and space, cyberspace still remains largely undefined. Cyberspace is not a stagnant domain, but rather a fast moving, malleable, omnipresent domain subject to open borders and unilateral attacks. According to national laws and strategies, the definition of a cyber-attack varies widely, creating inconsistencies in interpretation and response. Through empirical research and analysis, this paper attempts to define the various aggressors in cyberspace based on the identity of the attacker and the type, purpose and impact of the attack, and then analyze the applicable policies, laws, and regulations under national and international cyber security frameworks. The purpose of the research is to understand the barriers to the development of international norms of behavior in cyberspace and the challenges faced by the North Atlantic Treaty Organization (NATO) in defining thresholds for a domain with various levels of entry. This paper examines Article 4 and Article 5 of the NATO treaty and Article 51 of the United Nations Charter to identify the problems and challenges of applying the traditional legal regime under this new domain and then offers some recommendations to address these challenges.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132719947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluating single board computer clusters for cyber operations","authors":"Suzanne J. Matthews, R. Blaine, Aaron F. Brantly","doi":"10.1109/CYCONUS.2016.7836622","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836622","url":null,"abstract":"The emergence of single board computers (SBCs) has enabled individuals cheap and portable access to multicore architectures. In this paper, we discuss the use of SBC clusters to assist in cyberspace operations. The small form-factor of SBCs make them highly portable, allowing soldiers to easily transport individual units and clusters. While each individual SBC is not very powerful, a cluster of SBCs can greatly increase the computational power available for cyberspace applications down range for relatively low cost. We discuss common SBC architectures and present a case study in which two clusters of SBCs are used to crack canonically “weak” passwords encoded with bcrypt. Our results show that an 8-node Parallella SBC cluster can crack password files up to 5.95 times faster than a high end laptop, at roughly half the cost. We also present several novel applications for offensive and defensive cyberspace operations using SBCs and SBC clusters. We believe that our work can be used to develop novel parallel military applications incorporating SBCs, and is useful for educating soldiers and endusers about the potentials (and dangers) of parallel processing.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"242 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121154969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Disruptive innovations to help protect against future threats","authors":"Ernest Y. Wong, Nicholas M. Sambaluk","doi":"10.1109/CYCONUS.2016.7836629","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836629","url":null,"abstract":"Innovation is back in vogue within the U.S. military. In the face of defense spending cuts and reductions in military manpower after prolonged campaigns in Iraq and Afghanistan, the U.S. is turning once again to developing key technologies to offset its quantitative inferiority in conventional forces. The U.S. has pursued this offset strategy twice before—the first time was in the 1950s with nuclear deterrence countering the numerically superior armament and fighting forces of the Warsaw Pact, and the second time was in the 1970s with DARPA-led efforts to gain technological superiority from enhanced intelligence, surveillance, and reconnaissance, precision-guided weapons, stealth technology, and space-based communications and navigation. The current Third Offset Strategy targets many promising innovations including robotics and autonomous systems, miniaturization, big data, and advanced manufacturing. The U.S. military has even created a number of new organizations such as the Army Cyber Institute to explore high-tech innovation and the Defense Innovation Unit Experimental to expedite the transfer of cuttingedge technology to warfighters. Nonetheless, some critics believe the U.S. military is such an unwieldy bureaucracy that it lacks the nimbleness to transform into a force that can win tomorrow’s wars—particularly in cyberspace. These critics also note that most of the innovation the U.S. currently seeks come from groundbreaking research—the type of innovation that is expensive to develop. This paper proposes that by adding disruptive innovations—the type of innovation that tends to be cheaper and less technologically complex—into its R&D portfolio mix, the U.S. military will not only strengthen its offset strategy, it will also better protect itself from future threats by reducing the likelihood of strategic surprise. In this paper, we review Christensen and Bower’s disruptive technologies framework, illuminate successful disruptive innovations in military history, and provide insights into how the U.S. can foster disruptive innovation.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127135691","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Suggestions to measure cyber power and proposed metrics for cyber warfare operations (cyberdeterrence/cyber power)","authors":"E. Armistead","doi":"10.1109/CYCONUS.2016.7836610","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836610","url":null,"abstract":"How does one measure cyber power? Though there are many established methods for measuring power, none of these can be satisfactorily applied to the cyber domain, and these shortcomings were recognized two decades ago. \"Traditional measures of military force, gross national product, population, energy, land, and minerals have continued to dominate discussions of the balance of power. These power resources still matter, and American leadership continues to depend on them as well as on the information edge... Information power is also hard to categorize because it cuts across all other military, economic, social, and political power resources, in some cases diminishing their strength, in others multiplying it \". (Nye and Owens, 1996, p.22). The author is also trying to determine the metrics of cyber operations, ie how does one measure success? The ability to measure and validate success is always a crucial metric in the performance of a task, and in this case the conduct of an Information Warfare (IW) campaigns is no different. This research analyses two approaches for the development of metrics in a Cyber environment: • A top-down approach with a strong feedback mechanism, one that allows actors to learn lessons from their actions and to apply changes to the system as deemed appropriate. • A more decentralised methodology, which embraced any and all IW standards. This bottom-up view utilises a more liberal process for collecting metrics that attempts to bring together disparate activities into a collective force. This paper will analyse the efforts of various IW initiatives by both sides, and attempt to determine the key factors of success.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126560500","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Re-thinking threat intelligence","authors":"C. Sample, Jennifer Cowley, T. Watson, C. Maple","doi":"10.1109/CYCONUS.2016.7836626","DOIUrl":"https://doi.org/10.1109/CYCONUS.2016.7836626","url":null,"abstract":"Attribution relies largely on technology; however, experts who rely on technology may inadvertently inject their own biases when evaluating findings. Attackers are now deceiving the analysts, by misleading them through the use of deceptive data and exploiting defender and analyst biases. One set of biases that can be objectively measured is cultural bias. Cultural biases are so firmly engrained that they act as a type of automatic processing system. Culture influences thoughts, choices and behaviors in the physical world, so culture can be expected to have the same influences in the cyber world. To date, culture has been shown to play a role in specific cyber behaviors; this study was performed to determine if culture plays a role in cyber decisions. Zone-H data from the year 2011 was examined for a list of known attackers by most used attack vectors. The popularity of attack vectors was examined within the context of Hofstede’s national cultures framework looking for evidence of cultural preferences associated with attack vector choices. The findings indicated cultural preferences in three of six cultural dimensions. These findings add to the growing body of work that have shown cultural preferences in cyber behaviors, and lend support to the further examination of cyber choices.","PeriodicalId":358914,"journal":{"name":"2016 International Conference on Cyber Conflict (CyCon U.S.)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134058535","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}