2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)最新文献

{"title":"Russian Invasion of Ukraine 2022: Time to Reconsider Small Drones?","authors":"A. Kajander","doi":"10.23919/cycon58705.2023.10181494","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10181494","url":null,"abstract":"In May 2022, an Estonian-Russian man was arrested at the Estonian border with Russia for attempting to supply the Russian armed forces with crowdfunded drones. The case had two intertwined striking aspects: the law under which the individual was prosecuted and the drones themselves. While it is no revelation that drones are dual-use goods, the drones in question were three DJI Mini 2, which, owing to their small size and features, are exempt from the current European Union (EU) restrictions on the export of dual-use goods. Such small commercial drones have proven to be excellent for aerial surveillance and indirect fire correction on the battlefield. Consequently, the individual was prosecuted for ‘knowingly supporting a foreign act of aggression’ based on a newly added provision to the Estonian Penal Code.This paper discusses the growing importance of commercial small drones on the battlefield, which are not included in Annex I of the EU Dual-Use Regulation, as well as the implications of this on the EU’s dual-use goods export restrictions, and the legal framework that is available to EU member states for preventing the delivery of such drones to support a war of aggression. The paper is divided into three sections, the first dedicated to the role of small drones on the battlefield in Ukraine, the second to the EU’s dual-use export restrictions and the third to the role of domestic legal frameworks that may prohibit exports of such drones through laws criminalizing aggression.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125083195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Weaponizing Cross-Border Data Flows: An Opportunity for NATO?","authors":"Matt Malone","doi":"10.23919/cycon58705.2023.10181730","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10181730","url":null,"abstract":"On July 12, 2022, following the Russian invasion of Ukraine, the European Data Protection Board (EDPB) issued a warning to data exporters, reminding them Russia did not have an adequacy agreement governing cross-border data flows of Europeans’ personal data to Russia. As such, blanket transfers of personal data were not permissible under European data protection law; instead, compliance needed to be assessed by data exporters on a case-by-case basis, and, where it could not be ensured, transfers should be suspended. This article views the EDPB declaration as a shot across the bow and extrapolates it to a future where cross-border data flow restrictions are deployed as an instrument of cooperative security as well as deterrence and defense. Given the potential sensitivity of personal information being transferred across borders, along with the economic value inherent in data flows in the digital economy, restrictions on cross-border data flows have the potential to inflict serious harm. This article explores the broader implications of this potential practice, assessing its security opportunities and drawbacks. The article advocates for reforming North Atlantic Treaty Organization (NATO) members’ divergent approaches to the regulation of processing of cross-border data transfers; it suggests these member states can and should overcome their splintered approaches by establishing a “safe data zone” to facilitate cross-border data flows among members, where NATO retains the power to issue embargoes on cross-border data flows to specific jurisdictions while otherwise leaving decisional authority for transfers to supranational entities like the European Union (EU) or sovereign states. This approach would increase cross-border data flows between allies while permitting restrictions with adversaries where doing so achieves security objectives.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114432553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"CyCon 2023 Cover Page","authors":"","doi":"10.23919/cycon58705.2023.10182009","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10182009","url":null,"abstract":"","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114460117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber Diplomacy: NATO/EU Engaging with the Global South","authors":"E. Izycki, B. V. Niekerk, Trishana Ramluckan","doi":"10.23919/cycon58705.2023.10182095","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10182095","url":null,"abstract":"Since the end of the Cold War, there has been a movement towards a multipolar world as the geopolitical tectonic plates shift. The Russian invasion of Ukraine is likely to be treated by future historians as the turning point ushering in this new multipolar era. In this new context, (cyber) neutrality seems challenging for regions such as Latin America and Africa. These countries, which sit outside the geopolitical fault lines, naturally tend to strive for a balanced, neutral position. Both regions have strong economic ties with China, while maintaining cultural and historical connections with Europe and the US, despite the complex legacy of the colonial and Cold War eras. However, this equilibrium might lean towards the Chinese and Russian positions regarding cyber policy. It is particularly relevant to address this question given that the regions contain numerous swing states. We will present evidence that NATO and the EU are losing ground to China and Russia’s views on cyberspace, based on three subjects of study: (i) Global South voting patterns in the UN; (ii) the absence of Global South countries in the roster of like-minded countries in the collaborative attribution of advanced persistent threats and recent Russian cyber campaigns against Ukraine; (iii) the use of offensive cyber capabilities by Global South countries to exert information control and surveillance (mostly enabled by Western companies). This paper argues that NATO and the EU must face reality and engage with the Global South – particularly Africa and Latin America – to maintain a competitive advantage in cyber policy. We suggest a more straightforward values-based approach that involves NATO and the EU engaging in capacity-building and information-sharing with the Global South.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125970847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leveling the Playing Field: Equipping Ukrainian Freedom Fighters with Low-Cost Drone Detection Capabilities","authors":"Conner Bender, Jason Staggs","doi":"10.23919/CyCon58705.2023.10181421","DOIUrl":"https://doi.org/10.23919/CyCon58705.2023.10181421","url":null,"abstract":"The unprecedented conflict in Ukraine has seen heavy use of asymmetric warfare tactics and techniques, including the use of drones. In particular, Da-Jiang Innovations (DJI) drones have played a major role in the conflict, supporting tactical military operations for both opponents by providing reconnaissance and explosive ordnance across the battlefield. The same drones have also been leveraged to provide humanitarian aid across Ukraine. However, Ukraine has publicly accused DJI of helping Russia target Ukrainian civilians by allowing Russian military forces to acquire and use a proprietary DJI drone-tracking system called AeroScope. This system has allowed Russian forces to geolocate and target Ukrainian civilians piloting DJI drones, which has often led to kinetic strikes against drone operators. Modern DJI drones beacon telemetry and remote identification information that allows the AeroScope system to identify and track the drone and operator at ranges of up to 30 miles away. Cost and ease of access are the primary factors that have hindered Ukraine’s ability to counter this threat with AeroScope systems of their own to identify and locate DJI drones and operators used by Russia. This has provided an asymmetric advantage to Russia on the battlefield. Although cybersecurity researchers have demonstrated that DJI drone identification wireless datalinks are unencrypted, it remains a mystery how to collect and decode these signals over the air in real time using low-cost and widely available software-defined radios. This paper addresses the problem by reverse engineering DJI drone identification signals and message structures to detect drone IDs over OcuSync and Enhanced Wi-Fi datalinks. A functioning open-source prototype is detailed that can detect DJI OcuSync drones using two HackRF One software-defined radios. The methodology can easily be adopted by others to rapidly assemble and deploy low-cost DJI drone and operator detection and geolocation systems that are functionally similar to the AeroScope system.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"227 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113997708","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Modeling 5G Threat Scenarios for Critical Infrastructure Protection","authors":"G. Holtrup, William Blonay, Martin Strohmeier, Alain Mermoud, Jean-Pascal Chavanne, Vincent Lenders","doi":"10.23919/CyCon58705.2023.10182173","DOIUrl":"https://doi.org/10.23919/CyCon58705.2023.10182173","url":null,"abstract":"Fifth-generation cellular networks (5G) are currently being deployed by mobile operators around the globe. 5G is an enabler for many use cases and improves security and privacy over 4G and previous network generations. However, as recent security research has revealed, the 5G standard still has technical security weaknesses for attackers to exploit. In addition, the migration from 4G to 5G systems takes place by first deploying 5G solutions in a non-standalone (NSA) manner, where the first step of the 5G deployment is restricted to the new radio aspects of 5G. At the same time, the control of user equipment is still based on 4G protocols; that is, the core network is still the legacy 4G evolved packet core (EPC) network. As a result, many security vulnerabilities of 4G networks are still present in current 5G deployments. To stimulate the discussion about the security risks in current 5G networks, particularly regarding critical infrastructures, we model possible threats according to the STRIDE threat classification model. We derive a risk matrix based on the likelihood and impact of eleven threat scenarios (TS) that affect the radio access and the network core. We estimate that malware or software vulnerabilities on the 5G base station constitute the most impactful threat scenario, though not the most probable. In contrast, a scenario where compromised cryptographic keys threaten communications between network functions is both highly probable and highly impactful. To improve the 5G security posture, we discuss possible mitigations and security controls. Our analysis is generalizable and does not depend on the specifics of any particular 5G network vendor or operator.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"2 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120999324","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Business@War: The IT Companies Helping to Defend Ukraine","authors":"Bilyana Lilly, Kenneth Geers, Gregory J. Rattray, R. Koch","doi":"10.23919/cycon58705.2023.10181980","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10181980","url":null,"abstract":"During Russia’s invasion of Ukraine, foreign private-sector information technology (IT) firms have provided hardware, software, and cyber intelligence to Kyiv. This assistance has helped Ukraine to stay online during the war by providing stronger network architecture and enhanced security. This paper examines the specific companies involved, the products and services they have offered, and the risks and opportunities associated with their assistance. The authors compile a list of lessons learned and offer actionable policy recommendations so that governments and IT firms are better able to navigate this crisis and similar crises in the future.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122156183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Obligations of Non-participating States When Hackers on Their Territory Engage in Armed Conflicts","authors":"Marie Thøgersen","doi":"10.23919/CyCon58705.2023.10182021","DOIUrl":"https://doi.org/10.23919/CyCon58705.2023.10182021","url":null,"abstract":"One of the most striking aspects of cyberspace is the diffusion of power to the individual. Even a single person can, from the comfort of their own home, cause considerable harm to States on the other side of the globe. Since the Russian invasion of Ukraine, both belligerent States have successfully deployed novel techniques for the mobilization of individuals in cyberspace. The absence of geographical boundaries in cyberspace triggers important questions regarding the international legal implications for States whose territories are being used for such operations. To assess how the legal framework stands the test of reality, this article examines the possible international legal obligations of non-participating States hosting individuals conducting malicious cyber operations against Russia orchestrated by the IT Army of Ukraine. After a legal characterization of the activities of the IT Army, this article scrutinizes the legal norms conferring obligations on territorial States and accounts for the prevailing ambiguities surrounding their application. The principle of due diligence entails an obligation for States to not allow their territories to be used for cyber operations affecting the rights of, and producing serious adverse consequences for, other States. Special challenges surround the assessment in the context of an armed conflict; the status of a State as an aggressor entails important nuances to the prima facie rights of the State. Based on an analysis of how the legal framework applies to the activities of the IT Army of Ukraine, the article concludes that for non-participating States, the legality of refraining from exercising due diligence will often be contingent on contentious legal questions regarding countermeasures and self-defence.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130574911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Request for a Surveillance Tower: Evasive Tactics in Cyber Defense Exercises","authors":"Young-Jun Maeng, Mauno Pihelgas","doi":"10.23919/CyCon58705.2023.10182014","DOIUrl":"https://doi.org/10.23919/CyCon58705.2023.10182014","url":null,"abstract":"The cyber defense exercise (CDX) is an emerging live-fire exercise that enables diverse teams with different roles to train in one game. To evaluate the cyber defense capabilities of the training audience, organizers prepare various scores using different scoring methods ranging from technical to non-technical. The technical scores in Locked Shields, for example, consist of an availability check, a usability check, the success of the red team (RT) attack, and forensics.Immersed in scores due to excessive competition, a blue team (BT) may unnecessarily focus on the scoring process, aiming to perform evasive tactics (ET), which boosts scores unfairly by abusing the weaknesses of the scoring system. ET has occurred in various forms in existing CDXs, and similar cases have been found in the recent iteration of CDXs, meaning that ET is becoming BT’s selectable strategy.Such a phenomenon is undesirable since it will reduce the reliability of the evaluation and the effectiveness of the training. In this paper, we provide an overview of an availability check and examine ET that appeared in both the availability check and RT’s evidence-obtaining process, followed by several mitigations to them. We also discuss evidence and usability issues of ET in CDX and conclude by emphasizing the importance of supporting the green team (GT) in researching and implementing a robust scoring system.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133757729","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sharpening the Spear: China’s Information Warfare Lessons from Ukraine","authors":"Nate Beach-Westmoreland","doi":"10.23919/cycon58705.2023.10181559","DOIUrl":"https://doi.org/10.23919/cycon58705.2023.10181559","url":null,"abstract":"This paper examines the lessons about information warfare (IW) that the People’s Republic of China (PRC) is likely to be drawing from the war in Ukraine. To do so, it first analyzes how the People’s Liberation Army (PLA) has developed its conception of states contesting the information environment (IE), formed by studying wars and protest movements since the Gulf War. The paper describes the PLA’s evolving assessment of the growing importance, scope, and features of this contest. Because PRC strategic analysts typically frame the war in Ukraine as a proxy conflict between the United States (U.S.) and Russia, the paper then briefly compares all three states’ doctrinal beliefs about IW. Second, the paper analyzes PRC theorists’ assessments of the information conflict dimension of the Russia–Ukraine war. Principally, these insights concern narrative setting around conflicts, the initial war’s long-term impact on the IE, and the role of cyberattacks in IW. Finally, the paper offers recommendations to a strategic-level NATO audience concerning IE engagement with the PRC from defensive and offensive perspectives. This paper’s main sources are journal and newspaper articles by leading PLA-affiliated IW theorists written for an internal national security audience.","PeriodicalId":391972,"journal":{"name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","volume":"154 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122289213","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}