2017 9th International Conference on Cyber Conflict (CyCon)最新文献

{"title":"The role of international human rights law in the protection of online privacy in the age of surveillance","authors":"Elizabeth Watt","doi":"10.23919/CYCON.2017.8240330","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240330","url":null,"abstract":"Whilst the political dust on mass surveillance is slowly settling down, what has become apparent is the uncertainty regarding the interpretation and application of the right to privacy norms under Article 17 of the International Covenant on Civil and Political Rights 1966 in the context of cyberspace. Despite the world-wide condemnation of these practices by, inter alia, the United Nations and international human rights organisations, little consensus has been reached on how to bring them in line with international human rights law. This paper proposes that the most pragmatic solution is updating Article 17 by replacing General Comment No.16. There are many issues that require attention. The paper focuses on two fundamental aspects of this process, namely the development of more detailed understanding of what is meant by the right to privacy in the 21st century, and the challenge posed by foreign cyber surveillance to the principle of extraterritorial application of human rights treaties. To that end, the paper identifies that the ‘effective control’ test, developed by international human rights courts and bodies adopted to determine jurisdiction, is unsuitable in the context of state-sponsored cyber surveillance. The paper considers a number of suggestions made by legal scholars, which hinge on the control of communications, rather than the physical control over areas or individuals. Such a ‘virtual control’ approach seems in line with the jurisprudence of the European Court of Human Rights, according to which extraterritorial obligations may arise when states exercise authority and control over an individual's human rights, despite not having physical control over that individual. The paper argues that the ‘virtual control’ test, understood as a remote control over the individual's right to privacy of communications, may help to close the normative gap that state intelligence agencies keenly exploit at the moment.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"383 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123349263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Defending the grid: Backfitting non-expandable control systems","authors":"Robert Koch, T. Kuhn","doi":"10.23919/CYCON.2017.8240335","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240335","url":null,"abstract":"Network security has been a lively research area for more than 35 years and numerous products are available nowadays. In contrast to business networks, which were interconnected from the beginning by design, Industrial Control Systems (ICSs) have always been self-contained networks. Because their key features are real-time capability and their operational constraint to function as specified under maximum load (Carlson 1998), security has played only a subordinate role. Nowadays these systems are increasingly connected to the Internet; for example, wind power is more frequently used and generators are installed in remote and scattered regions that are difficult to access, so remote administration based on mobile communications is required, often using the Internet. While numerous papers on securing ICSs have been published, interest rose after the incidents in Iran's enrichment plant in Natanz where the SCADA system controlling the centrifuges was attacked by the Stuxnet worm. Even with these intensified efforts, the current security situation is insufficient as numerous security systems perform inadequately in real-world environments. Elderly ICSs are also still in use which cannot be retrofitted easily or at all, and modern systems are often still not developed with ‘security by design’ in mind. In contrast to general purpose systems, a relatively limited number of processes are executed within ICSs. This enables the use of detection mechanisms based on voltage levels and current drain to build lightweight detection systems without huge databases by measuring the current drain during normal system operation. Our concept combines the advantages of different detection principles and enhances them to build an Intrusion Detection System usable within ICSs. It is implemented based on low-priced components and can be integrated even in older, originally non-expandable systems.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121036725","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Crowdsourcing security for wireless air traffic communications","authors":"Martin Strohmeier, Matthew Smith, Matthias Schäfer, Vincent Lenders, I. Martinovic","doi":"10.23919/CYCON.2017.8240336","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240336","url":null,"abstract":"Protecting the security of the cyber-physical systems that make up the world's critical infrastructures has been a recent hotly debated topic. Legacy wireless communication infrastructure is often an impediment to quickly improving these crucial systems, as cryptographic solutions prove impossible to deploy. In this article, we propose the establishment of a separate verification layer for sensitive wireless data powered by crowdsourced sensors connected to the Internet and apply it to the aviation domain. We first validate the need for independent data verification in air traffic control networks, where all wireless communication is conducted in the clear and thus subject to manipulation. To counter this threat, we develop a comprehensive model for the verification of wireless communication based on massively distributed data collection and outline how it can be used to immediately improve the security of unprotected air traffic control networks. By combining several different methods based on the content and the physical characteristics of aircraft signals, our system is able to detect typical injection, modification and jamming attacks. We further develop a trust model to defend against potential insider threats based on compromised sensors. We illustrate our approach using the crowdsourced sensor network OpenSky, which captures large parts of civil air traffic communication around the globe. We analyse the security of our approach and show that it can quickly, cheaply, and effectively defend against even sophisticated attacks.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124905151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mission assurance: Shifting the focus of cyber defence","authors":"Brad Bigelow","doi":"10.23919/CYCON.2017.8240327","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240327","url":null,"abstract":"With the decision by the North Atlantic Council to recognize cyberspace as an operational domain, the NATO Command Structure is now taking on the task of implementing the doctrine, organization and capabilities to incorporate operations in cyberspace into the overall framework of joint operations. This paper outlines some of the challenges implicit in the Council's decision, which was both long-expected due to growing awareness of cyber security challenges within the Alliance and bold in its willingness to recognize what is still an immature and evolving discipline. It addresses two key challenges facing those involved in implementing cyberspace as a domain: understanding the complex composition of cyberspace and accurately identifying the consequences of the asymmetric nature of cyberspace threats. The paper then addresses two key aspects for cyberspace as a domain: mission assurance and collective defense. In the context of implementing cyberspace as an operational domain in traditional military operations and missions, cyberspace operators need to focus on mission assurance, which recognizes the reality of a contested cyberspace, and not simply on cyber security concerns. Although the military role in collective cyber defense is still a somewhat politically-charged issue, the author argues that the best way to enable effective mission assurance in cyberspace is to recognize the need for a clear role for the NATO Command Structure to act as an enabler for the open exchange of cyber defense information with military, civil and commercial organizations.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121495807","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Control and capabilities test: Toward a new lex specialis governing state responsibility for third party cyber incidents","authors":"P. Stockburger","doi":"10.23919/CYCON.2017.8240334","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240334","url":null,"abstract":"It is well accepted under international law that a State is generally responsible for the internationally wrongful acts of its de jure and de facto State organs. It is equally well accepted that a State is generally responsible for the internationally wrongful acts of non-State actors who are neither de jure nor de facto State organs if the State sufficiently directs and controls each element of the internationally wrongful act committed by the non-State actor. This general rule, known as the “effective control” test, is recognized as the lex generalis governing imputed State responsibility for the unlawful actions of non-State actors. As the lex generalis, this principle does not vary with the nature of the wrongful act in question unless there is a clearly expressed lex specialis. Based on a review of State practice since 2014, there is, in fact, a lex specialis forming that would allow for imputed State responsibility for the internationally wrongful cyber operations of non-State actors even in the absence of evidence demonstrating “effective control.” Specifically, a review of State practice since 2014 reveals that States have attributed the unlawful cyber operations of non-State actors to States, publicly, even in the absence of evidence demonstrating clear State direction and control. States have instead applied what this paper calls the “control and capabilities” test, examining a multitude of factors to determine State responsibility, including: (1) the relationship between the non-State actor and the State, if any; (2) any apparent influence the State exercises over the non-State actor; (3) the methods used by the non-State actor; (4) the motivations of the two parties, if known; (5) whether the two parties use similar code; (6) technical capabilities; and (7) geographic location. This new attribution model, if risen to the level of customary international law as the lex specialis, would represent a dramatic shift in the law of State responsibility and would supplant the lex generalis “effective control” test in the context of imputed State responsibility for the unlawful cyber operations of non-State actors.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114991997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Scalable architecture for online prioritisation of cyber threats","authors":"Fabio Pierazzi, Giovanni Apruzzese, M. Colajanni, Alessandro Guido, Mirco Marchetti","doi":"10.23919/CYCON.2017.8240337","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240337","url":null,"abstract":"Detecting advanced attacks is increasingly complex and no single solution can work. Defenders can leverage logs and alarms produced by network and security devices, but big data analytics solutions are necessary to transform huge volumes of raw data into useful information. Existing anomaly detection frameworks either work offline or aim to mark a host as compromised, with high risk of false alarms. We propose a novel online approach that monitors the behaviour of each internal host, detects suspicious activities possibly related to advanced attacks, and correlates these anomaly indicators to produce a list of the most likely compromised hosts. Due to the huge number of devices and traffic logs, we make scalability one of our top priorities. Therefore, most computations are independent of the number of hosts and can be naively parallelised. A large set of experiments demonstrates that our proposal can pave the way to novel forms of detection of advanced malware.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114074584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The misuse of protected indicators in cyberspace: Defending a core aspect of international humanitarian law","authors":"Jeffrey Biller","doi":"10.23919/CYCON.2017.8240331","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240331","url":null,"abstract":"International humanitarian law (IRL) imposes a complex array of laws regarding the use of markings, signals, symbols and other indicators. Protections related to indicators are also directly implicated in the laws of perfidy and ruses. Although these laws are generally well accepted in principle, practitioners struggle to apply these rules in the newer, manmade domain of cyberspace. Despite recent steps forward in the application of IHL to cyber, questions surrounding enemy, neutral, and protected indicators remain largely unresolved. This paper seeks to answer these thorniest of issues related to military cyber operations during international armed conflicts. The article is divided into two sections. The first addresses protected and specially recognized indicators, particularly those of the UN and the Geneva Conventions. The IHL rules regarding these symbols are defined and applied in the context of cyber operations. This section also discusses perfidy and proximate causation in the cyber context. The second turns to the improper use of national indicators in cyberspace, particularly the definition of military emblems, which draws on a separate body of law than protected or specially recognized emblems. Although the misuse of indicators may also implicate international criminal law, this article focuses exclusively on IHL applicability.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121294947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Core illumination: Traffic analysis in cyberspace","authors":"Kenneth Geers","doi":"10.23919/CYCON.2017.8240328","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240328","url":null,"abstract":"The information security discipline devotes immense resources to developing and protecting a core set of protocols that encode and encrypt Internet communications. However, since the dawn of human conflict, simple traffic analysis (TA) has been used to circumvent innumerable security schemes. TA leverages metadata and hard-to-conceal network flow data related to the source, destination, size, frequency, and direction of information, from which eavesdroppers can often deduce a comprehensive intelligence analysis. TA is effective in both the hard and soft sciences, and provides an edge in economic, political, intelligence and military affairs. Today, modern information technology, including the ubiquity of computers, and the interconnected nature of cyberspace, has made TA a global and universally accessible discipline. Further, due to privacy issues, it is also a global concern. Digital metadata, affordable computer storage, and automated information processing now record and analyse nearly all human activities, and the scrutiny is growing more acute by the day. Corporate, law enforcement, and intelligence agencies have access to strategic datasets from which they can drill down to the tactical level at any moment. This paper discusses the nature of TA, how it has evolved in the Internet era, and demonstrates the power of high-level analysis based on a large cybersecurity dataset.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132034177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Organisational integration of offensive cyber capabilities: A primer on the benefits and risks","authors":"M. Smeets","doi":"10.23919/CYCON.2017.8240326","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240326","url":null,"abstract":"Organisational Integration has become a key agenda point for policy-makers as governments continue to change and create new organisations to address the cyber threat. Passing references on this topic, however, far outnumber systematic treatments. The aim of this paper is to investigate the potential effects of organisational integration of offensive cyber capabilities (OIOCC). I argue that OIOCC may lead to three key benefits: enhanced interaction efficiency, greater knowledge transfer and improved resource allocation. There are, however, several negative effects of integration, which have so far received little attention. OIOCC may lead to an intensification of the cyber security dilemma, increase costs overall, and impel ‘cyber mission creep’. Though the benefits seem to outweigh the risks, I note that ignoring the potential negative effects may be dangerous, as activity is more likely to go beyond the foreign-policy goals of governments and intrusions are more likely to trigger a disproportionate response by the defender.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116019045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From the vanishing point back to the core: The impact of the development of the cyber law of war on general international law","authors":"K. Mačák","doi":"10.23919/CYCON.2017.8240333","DOIUrl":"https://doi.org/10.23919/CYCON.2017.8240333","url":null,"abstract":"The law of war was famously described by Sir Hersch Lauterpacht as being ‘at the vanishing point of international law’. However, in a historical twist, international legal scrutiny of cyber operations emerged and developed precisely through the optics of the law of war. This paper analyses the influence that the development of the cyber law of war has had and might yet have on the ‘core’ of international law, in other words, on general international law. It analyses three key dimensions of the relationship between the law of war and general international law: systemic, conceptual, and teleological. It argues that, firstly, a systemic-level shift has taken place in the discourse, resulting in the academic debate and state focus moving from law-of-war questions to questions of general international law including sovereignty, non-intervention, and state responsibility. A better understanding of this trend should allay the fears of fragmentation of international law and inform the debate about the relationship between the law of war and ‘core’ international law. Secondly, this development has created fertile grounds for certain concepts to migrate from the law of war, where they had emerged, developed or consolidated, into general international law. A case in point is the functionality test, which originated as a compromise solution to determine whether a cyber operation amounts to an ‘attack’ under the law of war, but which may offer additional utility in other areas of international law including the law of state sovereignty and the law of arms control and disarmament. Thirdly, however, it is imperative that the unique teleological underpinning of the law of war is taken into consideration before introducing its rules and principles to different law. Secondly, this trend has allowed for specific concepts to migrate from the law of war where they had originated, evolved or consolidated and to influence other areas of international law. An illustrative example is the functionality test, which offers significant utility for the law of state sovereignty as well as the law of arms control and disarmament. Thirdly, however, it is imperative that the unique teleological underpinning of the law of war is taken into account before introducing its rules and principles to different normative contexts. Paradoxically, a blanket transplantation of these norms might in practice jeopardise the underlying humanitarian considerations.","PeriodicalId":423770,"journal":{"name":"2017 9th International Conference on Cyber Conflict (CyCon)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131336359","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}