https://papers.academic-conferences.org/index.php/eccws/issue/feed European Conference on Cyber Warfare and Security 2024-07-02T13:38:21+00:00 Louise Remenyi papers@academic-conferences.org Open Journal Systems <p>The European Conference on Cyber Warfare and Security has been run on an annual basis since 2002. Conference Proceedings have been published each year and authors have been encouraged to upload their papers to university repositories. In addition the proceedings are indexed by a number of indexing bodies.</p> <p>From 2022 the publishers have decided to make all conference proceedings fully open access. Individual papers and full proceedings can be accessed via this system.</p> <p><strong>PLEASE NOTE THAT IF YOU WISH TO SUBMIT A PAPER TO THIS CONFERENCE YOU SHOULD VISIT THE CONFERENCE WEBSITE AT<a href="https://www.academic-conferences.org/conferences/eccws/"> https://www.academic-conferences.org/conferences/eccws/</a> THIS PORTAL IS FOR AUTHORS OF ACCEPTED PAPERS ONLY.</strong></p> https://papers.academic-conferences.org/index.php/eccws/article/view/2269 Addressing the Digital Resilience Challenge in the Electricity Sector in Nigeria: From Risk to Resilience 2024-03-27T14:29:25+00:00 Maduakonam Pius Achuama achuamap@uni.coventry.ac.uk <p>The electricity sector in Nigeria stands at the crossroads of an ever-evolving digital landscape and the pressing need for resilience in the face of dynamic challenges. This paper explores Nigeria's electricity sector, navigating its evolving digital landscape with a focus on resilience amid growing challenges. Shifting from risk reduction to resilience building, the study utilizes stakeholder interviews to assess cyber resilience. Unveiling technological advancements, it addresses interdependencies, vulnerabilities, and cyber threats in the connected grid. The study discusses some enabling practices to solve these issues including the role of policy and regulatory frameworks in fostering a culture of resilience and collaboration among various stakeholders. Amid the digital revolution, it advocates readiness, responsiveness, and rehabilitation for Nigeria's electricity sector. The study serves as a strategic roadmap for public and private decision-makers to tackle digital resilience challenges.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2452 Miss the piece of Europe Multilateral Cooperation 2024-06-07T04:56:44+00:00 Shu-Jui Chang susie.changsj@gmail.com Jen Fu Wang Fisher2023@saturn.yzu.edu.tw Tim Watson tim.watson@lboro.ac.uk Iain Phillips i.w.phillips@lboro.ac.uk <p>The research emphasises the importance of European multinational cooperation in addressing cyber threats. Countries cannot combat these threats in isolation; instead, they must engage in collaborative efforts that leverage shared resources, intelligence, and expertise. The study highlights the unique challenges and opportunities Asian countries face, frequently targeted by sophisticated cyber threats, particularly from state actors like China. Despite these challenges, many Asian countries have developed substantial expertise in cyber threat response and mitigation. By participating in multinational cyber exercises and sharing their knowledge, these countries can contribute significantly to the collective resilience of the global cyber defence network. This integration would not only enhance the security capabilities of the individual countries but also foster stronger international relationships, building trust and cooperation that are essential in the fight against cyber adversaries. In conclusion, this study underscores the imperative of multinational cooperation in Europe and beyond, with Asian countries playing a crucial role in enhancing global cybersecurity through their expertise and strategic positions.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2231 Towards a Framework for Analysing Complex Interdependence in Digital Espionage Markets 2024-03-17T17:00:26+00:00 Ahana Datta a.datta@cs.ucl.ac.uk <p class="p1">Cyber power indices have dominated discourse in recent years as measuring the relative power of nation-states in cyberspace to exercise their cyber capabilities for offensive and defensive purposes. These indices adapt a variety of methodologies, but their effectiveness in mobilising cyber power remains limited. Indices based on dynamic systems frameworks explain power consolidation arising from network-effects, but are too broad to implement due to complexity. In this article, we analyse cyber power through access to digital espionage capabilities, using the theory that states weaponise complex interdependence of information flows. Instead of proposing an index, we set up a case study contrasting the Chinese system, where the state mediates technology vulnerabilities, with the Five Eyes system, where vulnerability disclosures are a common occurrence. The Chinese system exhibits a “chokepoint” effect, in contrast to the Five Eyes’ “panopticon” mediation of information flows.</p> <p class="p1">Extant cyber espionage analyses range over themes such as economic vis-a-vis open and closed vulnerability markets; legal, in relation to the circulation of tools like spyware; or strategic and case-based. Given this confluence, we posit a framework of information flows between ecosystems of actors. Exploit vendors, state-backed offensive operators, nation-states, and tech platforms are networked through interdependent information flows, consolidating power in private actors. The political economy of a nation-state provides useful heuristics in articulating strategic aims behind its espionage activities, as well as its approach in controlling the flow of knowledge of vulnerabilities between the private actors of which the state may be a customer. In highlighting this tension between nation-states’ political economies defining their roles as both mediator and customer, we offer security scholars nuanced considerations in theorising cyber power. We conclude that while this tension amplifies private power, policymakers must intervene to reshape interdependent networks that influence and counter it.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2312 Efficiency Divide: Comparative Analysis of Human & Neural Network Algorithm Development 2024-04-17T13:03:35+00:00 Tomáš Ráčil tomas.racil@unob.cz Petr Gallus petr.gallus@unob.cz Tomáš Šlajs tomas.slajs@unob.cz <p>The paper delves into a comparative analysis between human and artificial intelligence (AI) capabilities in algorithm development, with a specific focus on the challenges presented in the "Advent of Code." The research thoroughly investigates the performance of Generative Pre-trained Transformers (GPTs), such as ChatGPT and Bard, in solving intricate algorithmic problems and benchmarks these results against those achieved by human participants. A sizeable portion of the study is dedicated to understanding the nuances of prompt engineering in AI and how it affects the problem-solving process, alongside exploring the choice of programming languages used by both AI and humans. The methodology of the research is extensive, involving the participation of both AI models and human subjects, who vary in their levels of programming expertise. This approach allows for a comprehensive evaluation of the correctness and efficiency of solutions, along with the time taken to resolve the given problems. The results from this study reveal intriguing insights. While AI models like GPTs demonstrate an impressive speed in problem resolution, they often fall short in accuracy when compared to human problem-solvers, particularly in tasks demanding deeper contextual understanding and creative reasoning. Furthermore, the study delves into the impact of time constraints on the effectiveness of problem-solving strategies employed by both AI and humans. It finds that under strict time constraints, AI models can quickly generate solutions, but these solutions may lack the depth and accuracy found in those devised by human participants. This aspect of the research highlights the trade-off between speed and precision in AI-driven problem solving. The research extends its implications beyond mere performance comparison. It suggests the potential for a synergistic approach where the computational efficiency and rapid problem-solving abilities of AI can be effectively combined with the nuanced understanding and creative problem-solving skills inherent in humans. This hybrid approach could redefine the future landscape of programming and algorithm development. The study not only provides a critical analysis of the capabilities of AI in the realm of algorithmic problem-solving but also paves the way for future exploration into the collaborative dynamics of human-AI interaction in programming. It highlights the evolving role of AI in programming and underscores the importance of balancing AI’s computational prowess with human creativity and adaptability in solving complex, real-world problems.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2149 The Complexity of Contemporary Indicators of Compromise 2024-02-26T10:30:26+00:00 Raymond André Hagen raymohag@stud.ntnu.no Kirsi Helkala khelkala@mil.no <p>The cybersecurity landscape has undergone substantial transformation, especially in the sphere of Advanced Persistent Threats (APT). These evolving threats, marked by increased sophistication, scale, and impact, require the critical revaluation of traditional security models and the development of more advanced defensive strategies. This study offers a comprehensive analysis of the progress in APT attack methodologies over the past 30 years, focused on the evolving nature of compromise (IoCs) and their role in shaping future predictive and defensive mechanisms. Using a rigorous methodological approach, this survey systematically reviewed 21 significant APT incidents that span three decades. This includes integrating data from various sources such as academic journals, specialised cybersecurity blogs, and media reports. Using comparative and analytical methods, this study dissects each incident to provide an intricate understanding of the APT landscape and the evolution of IoCs. Our findings indicate a notable change in thinking from isolated hacker activities to organised state-sponsored APT operations driven by complex motives such as political espionage, economic disruption, and national security interests. Advancements in APTs are characterised by sophisticated persistence mechanisms, innovative attack vectors, advanced lateral movement within networks, and more covert data exfiltration and evasion methods.<br />This study emphasises the difficulties in detecting advanced persistent threat (APT) activities due to their sophisticated and secretive nature. This stresses the importance of thoroughly investigating the evidence of such activities and highlights the need for a dynamic and initiative-cybersecurity approach. This study also highlights the crucial role of integrating IoC understanding into AI-driven predictive models and frameworks to predict potential APT. This integration is essential for the development of pre-emptive defence strategies. This study provides valuable information on the evolving dynamics of cyber threats and emphasises the urgent need for forward-thinking adaptive cybersecurity strategies. It offers a framework for understanding the complexities of modern APTs and guides the development of more effective AI-enhanced defence mechanisms against emerging cyber threats.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2392 Eight Principles for Intelligence Sharing: A Holistic and Strategic Approach 2024-05-17T07:19:20+00:00 Gazmend Huskaj g.huskaj@gcsp.ch <div><span lang="EN-GB">This paper reviews the strategic use of warning intelligence to pre-emptively address threats in complex geopolitical scenarios through rapid intelligence sharing. Specifically, the paper reviews the question How, based on research and experience, can a set of principles be applied by states to enhance situational awareness and tackle threat actors through a holistic and collaborative approach to intelligence sharing? The paper examines historical and contemporary alliances like the Five Eyes and reviews a Signals Intelligence Alliance as a case in point, highlighting the importance of collaborative approaches to enhance situational awareness and tackle threat actors. The study, grounded in the philosophical paradigm of interpretivism, adheres to the principles for transparent science when researchers use tools such as large-language-models as grammar editors or research assistants. The paper also acknowledges limitations such as the generalisability of the SIGINT model and the need for continuous adaptation of intelligence sharing practices. The results discuss policy, process, and people challenges to intelligence sharing. The paper concludes that successful intelligence sharing should follow eight general principles. Future research directions include exploring the impact of emerging technologies, human aspects of intelligence sharing, and context-based intelligence sharing alliances.</span></div> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2203 Leveraging Gamification for Cyber Threat Intelligence for Resilience in Satellite Cyber Supply Chains 2024-03-10T05:05:06+00:00 Mona Kriesten mona.kriesten@mymail.unisa.edu.au Mamello Thinyane mamello.thinyane@unisa.edu.au David Ormrod dave.ormrod@unisa.edu.au <p>Cyber Threat Intelligence (CTI) is collected threat information put in context to enhance decision-making before, during and after an attack. The application of CTI is widely limited to the reactive field of cybersecurity. The evolving cyber threat landscape requires a shift to an anticipatory and adaptable approach that addresses the complex and changing cybersecurity environment. CTI has the potential to support this shift to proactive threat handling towards a more resilient cybersecurity posture. This research is part of a project that aims to enhance the use of CTI for satellite cyber supply chain resilience through gamification. Cybersecurity games are established tools to raise security awareness and train security staff in red and blue team exercises. However, there is a lack of research on how gamification and serious games can be used to improve the application of CTI and enable training for security staff, even though existing literature points out the beneficial effects of gamification. Building on the gamification approach in cybersecurity, the research focuses on creating a gamified experience that simulates a cyber-attack derived from real-world examples and the utilisation of CTI to handle the simulated cyber-attack. The scenario addresses the need for informed decision-making throughout a cyber-attack by focusing on the utilisation of CTI in the context of satellite cyber supply chain security as the domain of application. This paper takes stock of the recent developments in CTI towards improving cyber resilience and presents gamification for cybersecurity and CTI to highlight the benefits of the approach. Further, it discusses the potential of gamification as an effective tool for CTI and describes the approach that is used to build a gamification solution inspired by real-world events. This paper contributes to the nascent research on gamification of CTI to strengthen cyber resilience in the context of increasingly frequent and sophisticated cyber threats, especially against space systems.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2358 State of research: Relevance of Computer Emergency Response Teams in Operational Technology 2024-05-02T07:39:49+00:00 Asiye Öztürk asiye.oeztuerk@hs-niederrhein.de <p style="font-weight: 400;">The increasing integration of Information Technology (IT) and Operational Technology (OT) in industrial environments has led to increased vulnerability to cyber threats. This article examines the need for a dedicated Computer Emergency Response Team (CERT) for OT to ensure the security, integrity, and resilience of critical infrastructure, particularly in the energy sector. OT is subject to specific challenges that differ from those in traditional IT networks. Cyberattacks on OT systems can not only cause financial losses, but also have a significant impact on physical security and the environment. A specific CERT for OT is necessary to address the unique characteristics of these environments. This requires expertise in industrial protocols, control systems and SCADA systems. The CERT for OT should be able to respond quickly to security incidents, perform forensic analysis and implement effective countermeasures to ensure business continuity. Research shows that implementing a specialized CERT for OT leads to improved threat detection, faster response, and more effective defense against attacks. In addition, this article emphasizes the importance of collaboration and communication between IT and OT security teams to ensure comprehensive system resilience. The following article provides a detailed literature analysis that comprehensively examines the current state of research on CERTs in the context of OT. The analysis of the relevant literature highlights the increasing threat to OT systems and emphasizes the specific requirements arising from the integration of IT and OT. By identifying research gaps and summarizing current findings, this article provides a comprehensive overview of the existing literature on this topic.</p> <p style="font-weight: 400;"><strong>&nbsp;</strong></p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2239 A Review of IoMT Security and Privacy related Frameworks 2024-03-20T16:27:19+00:00 Ramadhan Mohamed Rajab ramadhan.rajab@southwales.ac.uk Mabrouka Abuhmida mabrouka.abuhmida@southwales.ac.uk Ian Wilson ian.wilson@southwales.ac.uk Richard Peter Ward richard.ward@southwales.ac.uk <p><span data-contrast="auto">The Internet of Medical Things (IoMT) integrates smart connectivity with healthcare, improving services but imposing cybersecurity and privacy concerns. Frameworks (such as EMRI, SaYo-Pillow, HL7, FHIR, HIMSS) and regulations (such as EU MDR) are in existence but need regular reviewing for enhancement. A crucial requirement to ensure assuring the security and privacy of the IoMT ecosystem is acceptable, standardized frameworks with effective mechanisms, regulations, and policies.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559737&quot;:-20,&quot;335559739&quot;:160,&quot;335559740&quot;:257}"> </span><span data-contrast="auto">The paper reviews recent IoMT frameworks, architectures, standards, and regulations, analysing deployed and proposed systems with the aim of identifying research areas to improve the realm of IoMT security and privacy. The paper assesses security and data privacy in healthcare through case studies by comparing attributes and discussing benefits and limitations. The analysis extends to geographic scopes that adopt these frameworks. Furthermore, it explores emerging technologies (such as using blockchain) in securing IoMT within specific frameworks. </span><span data-contrast="auto">IoMT ecosystems faces significant security and privacy challenges due to inherent complexities, leading to evolving cyber threats. The vulnerabilities expose medical devices and patient data, risking patient safety and scrutinizing reputations of healthcare institutions. Despite promising technologies, the lack of tailored security measures, guidelines, and policies, coupled with adoption barriers, contributes to these concerns.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559737&quot;:-20,&quot;335559739&quot;:160,&quot;335559740&quot;:257}"> </span><span data-contrast="auto">There is a crucial need to develop specific research, standards, and policies for ensuring cybersecurity and data privacy in the IoMT. Collaboration among healthcare, government, and technology stakeholders is essential to establish effective regulations and best practices. The vulnerability of the healthcare sector, attributed to legacy devices and disjointed data systems, emphasizes the necessity for robust security risk assessment models to address challenges imposed within the rapidly evolving IoMT.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559737&quot;:-20,&quot;335559739&quot;:160,&quot;335559740&quot;:257}"> </span></p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2240 A Comprehensive Analysis of Narratives within NATO’s Doctrines 2024-03-19T07:41:27+00:00 Dominic Saari dominic.b.j.saari@jyu.fi Teemu Häkkinen teemu.hakkinen@jyu.fi Panu Moilanen panu.moilanen@jyu.fi <p>The 2022 Russian invasion of Ukraine reshaped global security norms, challenging the West with a strategy known as hybrid warfare. Rooted in Russia's military doctrine, this approach integrates both military and non-military means, labelled hybrid warfare in the West and non-linear warfare in Russia. Prioritizing psychological and cognitive influence, the New Generation Warfare emphasizes soft power. NATO responded by investing in strategic communications and exploring cognitive warfare as a potential sixth domain of war. Adversaries use intricate methods to manipulate civilian cognitive processes, relying on persuasive narratives. Like business corporations, nation-states now craft strategic narratives to shape political and military thinking, employing various narrative levels in information and cognitive warfare, including counter-narratives against hostile stories.</p> <p>This article provides a comprehensive review of the different perspectives on the role of narratives within defence and security strategies and doctrines of NATO. The qualitative methodology employed in this study focuses on understanding how narratives are perceived within the strategies of the alliance. The approach involves a comprehensive examination and comparison of narrative practices to uncover the evolution of NATO’s narrative concepts. The sources for this study encompass a range of materials, including official NATO strategy and doctrine papers.</p> <p>This article reveals that, over the period spanning from the 2003 to 2024, narratives have gained increasing significance for NATO. Initially regarded merely as a means to depict events in a preferred manner, narratives have evolved to play a pivotal role in shaping the alliance's strategy. They have transcended their initial role, now exerting influence on military operations and taking precedence at every level of NATO, from headquarters to the boots on the ground. It is highlighted in this article that NATO endeavours to align its actions with its values, aiming to establish credibility and legitimacy. NATO perceives a robust, multi-levelled, and ever-evolving narrative as an effective safeguard against hostile information and cognitive warfare.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2123 Analysing Multidimensional Strategies for Cyber Threat Detection in Security Monitoring 2024-02-20T08:45:55+00:00 Palvi Shelke vidya.palvi0211@gmail.com Timo Hamalainen timo.t.hamalainen@jyu.fi <p>The escalating risk of cyber threats requires continuous advances in security monitoring techniques. This survey paper provides a comprehensive overview of recent research into novel methods for cyber threat detection, encompassing diverse approaches such as machine learning, artificial intelligence, behavioral analysis and anomaly detection. Machine learning plays a central role in cyber threat detection, highlighting the effectiveness of deep neural networks in identifying evolving threats. Their adaptability to changing attack patterns is emphasized, underlining their importance for real-time security monitoring. In parallel, ensemble learning is explored, combining multiple models to improve overall detection accuracy and create a robust defense against a spectrum of cyber threats. The literature reviewed highlights the importance of behavioral analysis, with a novel approach that integrates user behaviour profiling with anomaly detection. This has proven effective in identifying suspicious activity within a network, particularly insider threats and stealthy attacks. Another behavioral framework using User and Entity Behavior Analytics (UEBA) is presented for enhanced anomaly detection, highlighting the importance of context-aware monitoring in improving threat detection accuracy. Collaborative defense mechanisms emerge as a major focus of the research papers reviewed, exploring the potential of sharing threat information between organisations to enhance collective security monitoring. Their findings underscore the importance of a collaborative approach to staying ahead of rapidly evolving cyber threats. Some types of cyber-attacks are also analysed in the context of a security operations centre (SOC) monitoring environment using a security information and event management (SIEM) tool - Splunk. In conclusion, this survey paper synthesizes recent advances in cyber threat detection methods in security monitoring that integrate machine learning, behavioral analysis, and collaborative defense strategies. As cyber threats continue to evolve, these novel methods provide valuable insights for researchers, practitioners, and organisations seeking to strengthen their cybersecurity defenses. This concise overview emphasises the multi-dimensional approach required to secure digital ecosystems, providing a concise yet comprehensive guide to modern cyber threat detection strategies.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2213 Unmasking the Subconscious Fallacies Within Critical Infrastructure Protection 2024-03-12T01:39:49+00:00 Marion Stephens marion.stephens@mycampus.apus.edu <p>Cybersecurity, a vital challenge in today’s ever-changing digital world, it has gained prominence with the global shift towards cyber-enabled critical infrastructures. Critical infrastructure protection efforts are fundamental for the continuation of essential services. Traditionally constituted as separate sectors, these infrastructures are increasingly interconnected, leading to potential domino effects during security breaches. For instance, failures within the power grid could have cascading effects on multiple sectors that depend on electricity for their operations, creating large-scale failures that affect functions on which society depends. The multidimensional nature of the infrastructures presents complex challenges for solutions, given their status as long-established legacy systems needing further development and enhancements to withstand the digital world. The lack of a concerted and focused infrastructure enhancement strategy has led to incremental approaches versus a comprehensive revamp to ensure a holistic cyber protection program. A lack of national focus has created inconsistencies that can lead to potentially catastrophic consequences. Understanding the decision-making processes within a complex environment is critical to the mission success. One significant risk is the cognitive roadblocks that have the potential to influence one’s judgements as this often outweighs balanced decisions. This study aims to investigate the subconscious biases that arise from a perceived resolution of the problem which can lead to de-prioritization within the decision-making processes. The study employs a convergent parallel mixed methods design to collect and analyse the data. The study then will compare the results allowing for the exploration of various aspects of the research. This approach is aligned to provide a thorough understanding of the challenges associated with protecting the infrastructures and the underlying subconscious fallacies in the digital age, thereby devising effective mitigation strategies, and fostering a more sustainable and resilient critical infrastructure that is useful for a variety of stakeholders, including policymakers, infrastructure owners and operators, cybersecurity professionals, and researchers</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2344 Deep Graph Neural Networks for Malware Detection Using Ghidra P-Code 2024-05-07T17:56:18+00:00 Rinaldo Iorizzo rpi1809@g.rit.edu Bo Yuan Bo.Yuan@rit.edu <p>This work examines the effectiveness of using Ghidra P-Code as semantics-based features in a graph neural network-based malware detection system. A preliminary model exhibits a function level precision of ∼70% and a recall around ∼60%, and a precision and recall of ~55% and ~80% respectively for the program level detection task on a dataset of ∼50,000 control flow graphs extracted from functions of malicious and benign programs. Future improvements to this ongoing project include, but are not limited to, collecting dynamic control flow graph information as opposed to static graphs to provide the model with resilience to advanced malware obfuscation and encryption schemes.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2072 LOCKing Patient Safety: A Dynamic Cybersecurity Checklist for Healthcare Workers 2024-02-02T10:02:37+00:00 Jyri Rajamäki jyri.rajamaki@laurea.fi Kimberley Wood Kimberley.Wood@student.laurea.fi Benjamin Espada Benjamin.Espad@laurea.fi <p>Ensuring the cybersecurity of patient data is particularly challenging for healthcare organizations, and healthcare professionals play a key role here. Therefore, they must have the necessary knowledge and skills to be able to identify cybersecurity risks and respond appropriately to them. As part of the CyberSecPro project, this work-in-progress paper aims to provide healthcare professionals with a simple and memorable cybersecurity checklist highlighting important factors to consider. The purpose of the checklist is to support busy healthcare workers in implementing effective cybersecurity measures to secure sensitive information and guarantee patient privacy. The interview method was used to find out the cybersecurity challenges faced by healthcare workers and gather their opinions into a checklist. The mini-mental cybersecurity checklist created in the study, emphasizes the importance of being aware of cyber threats and maintaining secure and reliable information systems. Its name “LOCK” stands for Logging Out every time you leave your computer, Checking e-mails before opening links, and Keeping safe. Keep calm and LOCK on.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2364 What Culture is ChatGPT’s AI? 2024-05-03T18:03:13+00:00 Juhani Rauhala juhani.jr.rauhala@jyu.fi Tong Xin t.xin@qmul.ac.uk <p class="western" lang="en-GB" style="line-height: 100%; margin-bottom: 0in;">Artificial intelligence (AI) is increasingly used in many fields. It is widely perceived as an intelligent system that does not just follow algorithms but can demonstrate independent judgment. AI is especially important in handling complex tasks. The responses from the most popular AI chat interface, Chat Generative Pre-Trained Transformer (ChatGPT), are used for guiding decision-making processes and can provide informative answers or recommendations for a wide variety of scenarios. Such scenarios can include job applicants screening or planning for military strategizing. However, similar to human intelligence, which is characterized by cultural biases affecting thought processes and interactions, AI's outputs may also be influenced by inherent cultural biases, whether programmed or incidental, potentially leading to inappropriate outcomes. Given that AI is often used to assist or replace human decision-making, it is particularly important to examine its potential cultural biases. This study aims to assess the cultural bias of ChatGPT by comparing the responses of ChatGPT with established cultural indices, employing the cultural parameters defined by House et al. (2004) and Hofstede (2001). The methodology involves selecting specific cultural parameters, formulating a set of questions representative of these parameters, and analyzing ChatGPT's responses. By using appropriate statistical methods, this study intends to compare ChatGPT's manifested culture with the known values of existing cultures as defined by the GLOBE and Hofstede parameters.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2404 The Role of Digitalisation in Shaping a Country's Image 2024-05-21T07:09:03+00:00 Dauda Adegoke ADEJUMO daudaadejumo2@ua.pt Martin Wynn mwynn@glos.ac.uk Vera Cristina Fontes Teixeira Vale v.c.vale@ua.pt <p>The objective of this study is to examine the complex role played by digital technologies in shaping a country's image on the global stage. In recent times, with the rapid evolution of digital communication platforms, developing nations have increasingly turned to digital technologies to project their cultural, economic, and political narratives to an international audience. This paper examines the relevant literature relating to how digital technologies contribute to the creation and dissemination of a country's image, impacting the opinions and views of global stakeholders. It so doing, the paper reviews the challenges and opportunities arising from the integration of digital tools in country branding efforts, including misinformation concerns, digital diplomacy, cybersecurity, and the democratization of narrative-building. The paper then puts forward a provisional conceptual framework for primary research in Nigeria that will examine the interplay of digitalisation and country image. The paper concludes that digitalisation has a significant influence on a country's image, affecting perceptions of technological advancement, economic development, access to information, social transformation, and global competitiveness, and suggests that the framework put forward here may act as a model for cross-country comparisons in subsequent studies.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2182 Cyber Protection Applications of Quantum Computing: A Review 2024-03-05T12:43:49+00:00 Ummar Ahmed ummar.ahmed@student.jamk.fi Tuomo Sipola tuomo.sipola@jamk.fi Jari Hautamäki jari.hautamaki@jamk.fi <p>Quantum computing is a cutting-edge field of information technology that harnesses the principles of quantum mechanics to perform computations. It has major implications for the cyber security industry. Existing cyber protection applications are working well, but there are still challenges and vulnerabilities in computer networks. Sometimes data and privacy are also compromised. These complications lead to research questions asking what kind of cyber protection applications of quantum computing are there and what potential methods or techniques can be used for cyber protection? These questions will reveal how much power quantum computing has and to what extent it can outperform the conventional computing systems. This scoping review was conducted by considering 815 papers. It showed the possibilities that can be achieved if quantum technologies are implemented in cyber environments. This scoping review discusses various domains such as algorithms and applications, bioinformatics, cloud and edge computing, the organization of complex systems, application areas focused on security and threats, and the broader quantum computing ecosystem. In each of these areas, there is significant scope for quantum computing to be implemented and to revolutionize the working environment. Numerous quantum computing applications for cyber protection and a number of techniques to protect our data and privacy were identified. The results are not limited to network security but also include data security. This paper also discusses societal aspects, e.g., the applications of quantum computing in the social sciences. This scoping review discusses how to enhance the efficiency and security of quantum computing in various cyber security domains. Additionally, it encourages the reader to think about what kind of techniques and methods can be deployed to secure the cyber world.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2346 Evaluating SIEM RADAR: A New Metric for Enhancing Regulatory and Compliance Efficiency 2024-04-29T07:06:32+00:00 Ertuğrul Akbaş eakbas@gmail.com <p>This research paper explores the modern cybersecurity landscape, particularly focusing on the risks associated with SIEM products and SOC services. It underscores the critical issue of insufficient logging practices that compromise an organization's threat detection and response capabilities, thereby increasing the risk of security breaches. The importance of real-time log retention to address evolving digital threats is highlighted, with recommended retention periods from authoritative sources such as the White House, OWASP, MITRE, and SANS. The paper also addresses scalability challenges due to the exponential growth of log data, the necessity for effective correlation within SIEM systems for timely threat detection, and the importance of compliance with various standards and regulations to enhance security. This comprehensive analysis provides valuable insights for cybersecurity professionals, organizations, and policymakers.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2493 PentHack: AI-Enabled Penetration Testing Platform for Knowledge Development 2024-06-14T15:06:49+00:00 Meera Alaryani, 202102492@zu.ac.ae Shamsa Alremeithi 202005474@zu.ac.ae Fatima Al Ali 201915426@zu.ac.ae Richard Ikuesan Richard.ikuesan@zu.ac.ae <p>The process of conducting and executing penetration testing within the pedagogical paradigm often requires complex and arduous processes. This is especially daunting for beginners who often struggle with the complexities of penetration processes: reconnaissance, enumeration, and system hacking. Research works to address this complexity leverage industry tools that have proven to work for industry-related training, however, they fail to support pedagogical learning in higher education systems. To address this limitation, this study proposed the development of an academic-focused penetration testing learning platform. The proposed approach integrates large language models (LLM) into the penetration testing lifecycle through a user-friendly GUI tool. The tool addresses the void in beginner-friendly ethical hacking tools by offering a stepwise guide, built-in commands and justifications, report generation, and an LLM prompt-engineered output displayed in a simple tabular format for easy reference. Furthermore, the tool provides an interactive menu for each phase of the penetration lifecycle thereby guiding users through common penetration testing commands. To cater to deeper learning needs, the tool leverages LLMs to furnish additional information on commands, empowering users with AI-generated insights. With the capability to compile a comprehensive report with all commands and logs acquired during its use, the proposed tool has the potential to reduce the time spent on research and decision-making. In addition, it streamlines the learning curve, allowing a more informed and structured approach to Pen-testing for beginners. By leveraging this platform, academics and learners can enhance their penetration testing knowledge without the complexities associated with learning penetration testing.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2244 The Optimal Organisational Structure for Cyber Operations Based on Exercise Lessons. 2024-03-19T17:32:54+00:00 Marko Arik marko.arik@taltech.ee Adrian Nicholas Venables adrian.venables@taltech.ee Rain Ottis rain.ottis@taltech.ee <p>The NATO Cooperative Cyber Defence Centre (CCDCOE) of Excellence hosts annual Locked Shields (LS) and Crossed Swords (CS) cyber exercises to help NATO nations develop, train, and test their cyber capabilities. These exercises have successfully experimented with cyber capabilities and human organisational structures. However, there are still opportunities to optimise cyber exercise structures. This article employs a use case study based on these exercises to compare structures used by NATO nations in cyber exercises and cyber operations. This identified an optimal structure for operational-level cyber defence and offence exercises and proposed methods for their planning, development, and execution.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2247 Applications of Post-Quantum Cryptography 2024-03-20T10:50:36+00:00 Emils Bagirovs emils.bagirovs@student.jamk.fi Grigory Provodin grigory.provodin@student.jamk.fi Tuomo Sipola tuomo.sipola@jamk.fi Jari Hautamäki jari.hautamaki@jamk.fi <p>With the constantly advancing capabilities of quantum computers, conventional cryptographic systems relying on complex math problems may encounter unforeseen vulnerabilities. Unlike regular computers, which are often deemed cost-ineffective in cryptographic attacks, quantum computers have a significant advantage in calculation speed. This distinction potentially makes currently used algorithms less secure or even completely vulnerable, compelling the exploration of post-quantum cryptography (PQC) as the most reasonable solution to quantum threats. This review aims to provide current information on applications, benefits, and challenges associated with the PQC. The review employs a systematic scoping review with the scope restricted to the years 2022 and 2023; only articles that were published in scientific journals were used in this paper. The review examined the articles on the applications of quantum computing in various spheres. However, the scope of this paper was restricted to the domain of the PQC because most of the analyzed articles featured this field. Subsequently, the paper is analyzing various PQC algorithms, including lattice-based, hash-based, code-based, multivariate polynomial, and isogeny-based cryptography. Each algorithm is being judged based on its potential applications, robustness, and challenges. All the analyzed algorithms are promising for the post-quantum era in such applications as digital signatures, communication channels, and IoT. Moreover, some of the algorithms are already implemented in the spheres of banking transactions, communication, and intellectual property. Meanwhile, despite their potential, these algorithms face serious challenges since they lack standardization, require vast amounts of storage and computation power, and might have unknown vulnerabilities that can be discovered only with years of cryptanalysis. This overview aims to give a basic understanding of the current state of post-quantum cryptography with its applications and challenges. As the world enters the quantum era, this review not only shows the need for strong security methods that can resist quantum attacks but also presents an optimistic outlook on the future of secure communications, guided by advancements in quantum technology. By bridging the gap between theoretical research and practical implementation, this paper aims to inspire further innovation and collaboration in the field.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2345 Botnets in Healthcare: Threats, Vulnerabilities, and Mitigation Strategies 2024-04-29T04:44:34+00:00 Michaela Barnett michaela@bichq.org James Womack james@bichq.org Christopher Brito cbrito5@my.wgu.edu Khadijah Miller khadijah@bichq.org Lucas Potter lpott005@odu.edu Xavier-Lewis Palmer xavierpolymer@gmail.com <p><span style="font-weight: 400;">The increasing digitization of healthcare systems has introduced new opportunities to improve efficiency and accessibility for medical professionals and patients. Examples include the simplified collection, storage, and organization of patient data using electronic health records (EHRs), the use of teleconferencing software like Zoom to allow patients to meet with their care providers remotely, and medical IoT devices like glucose monitors, pacemakers, and other remote patient monitoring devices that leverage software and the internet to provide patients and their healthcare providers with critical information. All of these use cases are examples of how technology can increase the quality of patient care. While the healthcare industry has realized many benefits from its increased investment in new technology, trends have shown that this increased utilization has also opened avenues for malicious cyber actors. One of these threats is botnets. These malicious networks of compromised computers, controlled by cybercriminals, can wreak havoc on all sectors of society, with the healthcare industry proving to be a desirable target. This research is a high-level analysis that investigates the threat botnets pose by employing an exploratory review. We identify the multifaceted nature of botnet threats in healthcare, analyzing their standard forms and the vulnerabilities inherent in healthcare infrastructures, ranging from outdated software to inadequate cybersecurity protocols to poor or total lack of security awareness training for staff.&nbsp;</span></p> <p><span style="font-weight: 400;">Moreover, the various techniques botnets use to propagate are explored to elucidate the potential points of exploitation and the damage they can cause organizations when proper controls are not implemented. These negative consequences include data breaches, service disruptions, and compromised patient confidentiality, which can endanger medical staff and patients if not addressed. This paper then discusses proven mitigation strategies such as end-user awareness, traffic monitoring, and detection response tools that organizations can employ to reduce the potential and efficacy of such threats. The threat landscape will continue to evolve; however, by staying on top of the latest trends, we can ensure the security of such critical infrastructure and save lives.</span></p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2282 Enhancing Network Security: Rogue Switch Detection and Prevention in Local Area Network 2024-04-04T18:07:28+00:00 Vijay Bhuse bhusevij@gvsu.edu Yesaswini Vellaboina vellaboy@mail.gvsu.edu Xinli Wang wangx@gvsu.edu <p style="font-weight: 400;">Our paper comprehensively examines ways to detect and handle unauthorized switches in Local Area Networks (LANs) within today's intricate and interconnected network landscape. We demonstrate the utilization of PortFast and BPDU guard configurations to reinforce LAN security against unauthorized devices and potential complications arising from the spanning tree protocol. These measures not only enhance network performance but also function as robust protective mechanisms, safeguarding the integrity of the LAN infrastructure.</p> <p style="font-weight: 400;">Furthermore, this paper delves into advanced techniques for the proactive identification and prevention of rogue switches, fostering an overall enhanced security posture within LANs. By synergistically integrating PortFast, BPDU guard, and advanced rogue switch detection methods, the paper proposes a robust methodology to strengthen LAN security and maintain uninterrupted network operations. It equips organizations with crucial resources to establish a resilient, secure, and dependable digital infrastructure, addressing the evolving demands of network security.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2524 An Analysis of a Cryptocurrency Giveaway Scam: Use Case 2024-06-21T15:07:23+00:00 Johnny Botha jbotha1@csir.co.za Louise Leenen lleenen@uwc.ac.za <p>A giveaway scam is a type of fraud leveraging social media platforms and phishing campaigns. These scams have become increasingly common and are now also prevalent in the crypto community where attackers attempt to gain crypto-enthusiasts’ trust with the promise of high-yield giveaways. Giveaway scams target individuals who lack technical familiarity with the blockchain. They take on various forms, often presenting as genuine cryptocurrency giveaways endorsed by prominent figures or organizations within the blockchain community. Scammers entice victims by promising substantial returns on a nominal investment. Victims are manipulated into sending cryptocurrency under the pretext of paying for "verification" or "processing fees." However, once the funds have been sent, the scammers disappear and leave victims empty-handed. This study employs essential blockchain tools and techniques to explore the mechanics of giveaway scams. A crucial aspect of an investigation is to meticulously trace the movement of funds within the blockchain so that illicit gains resulting from these scams can be tracked. At some point a scammer wants to “cash-out” by transferring the funds to an off-ramp, for example, an exchange. If the investigator can establish a link to such an exchange, the identity of the owner of cryptocurrency address could be revealed. However, in organised scams, criminals make use of mules and do not use their own identities. The authors of this paper select a use case and then illustrate a comprehensive approach to investigate the selected scam. This paper contributes to the understanding and mitigation of giveaway scams in the cryptocurrency realm. By leveraging the mechanics of blockchain technology, dissecting scammer tactics, and utilizing investigative techniques and tools, the paper aims to contribute to the protection of investors, the industry, and the overall integrity of the blockchain ecosystem. This research sheds light on the intricate workings of giveaway scams and proposes effective strategies to counteract them.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2365 Remotely the Same? Going Virtual with a Cybercamp in a Pandemic 2024-05-04T16:49:50+00:00 Matthew Bovee mbovee@norwich.edu Huw Read hread@norwich.edu <p>Summer camps and other week-long activities are popular ways to introduce cybersecurity to middle- or high-school aged children. Such experiences have traditionally been conducted in-person, with many having residency components and evening activities. The COVID-19 pandemic brought these traditional experiences to an abrupt halt. To support and promote continued education in the face of the global pandemic many such in-person camps – as well as higher-education courses – precipitously migrated to online remote learning. The shift presented challenges beyond simply preparing and posting content online. This case study examines the challenges, solutions, and lessons learned from morphing a successful hands-on residential NSA GenCyber digital forensics summer camp to a fully online remote learning "camp".</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2280 Exploring Shifting Patterns in Recent IoT Malware 2024-04-08T08:58:37+00:00 Javier Carrillo-Mondejar jcarrillo@unizar.es Guillermo Suarez-Tangil guillermo.suarez-tangil@imdea.org Andrei Costin ancostin@jyu.fi Ricardo J. Rodríguez rjrodriguez@unizar.es <p class="western" lang="en-GB">The rise of malware targeting interconnected infrastructures has surged in recent years, driven largely by the widespread presence of vulnerable legacy IoT devices and inadequately secured networks. Despite the strong interest attackers have in targeting this infrastructure, a significant gap remains in understanding how the landscape has recently evolved. Addressing this knowledge gap is essential to thwarting the proliferation of massive botnets, thereby safeguarding end-users and preventing disruptions in critical infrastructures. This work offers a contemporary analysis of Linux-based malware, specifically tailored to IoT malware operating in 2021-2023. Using automated techniques involving both static and dynamic analysis, we classify malware into related threats. By scrutinizing the most recent dataset of Linux-based malware and comparing it to previous studies, we unveil distinctive insights into emerging trends, offering an unparalleled understanding of the evolving landscape. Although Mirai and Gafgyt remain the most prominent families and present a large number of variants, our results show that (i) there is an increase in the sophistication of malware, (ii) malware authors are adding new exploits to their arsenal, and (iii) malware families that originally attacked Windows systems have been adapted to attack Linux-based devices.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2300 The U.S. National Cybersecurity Strategy: A Vehicle with an International Journey 2024-04-12T14:12:41+00:00 Jami Carroll jcarroll@prisidian.com <p>The <em>U.S. National Cybersecurity Strategy</em> is focused on the five pillars of defending critical infrastructure: detect, disrupt, and dismantle threat actors; improve market resilience and security; invest in future resilience; and create international partnerships with shared goals. The National Cybersecurity Strategy Implementation Plan is focused on critical infrastructure supporting energy, financial, healthcare, information technology, and manufacturing sectors. In the U.S. alone, the SolarWinds supply chain attack affected nine federal agencies and about 100 companies. Ransomware attacks such as the Colonial Pipelines, the largest U.S. oil pipeline, disrupted supplies of gasoline and fuel to the U.S. East Coast and the JBS USA as the largest meat processor ransomware attack affecting one-fifth of the nation’s meat supply. The <em>U.S. National Cybersecurity Strategy</em> as a response to the U.S.’s critical infrastructure concerns led to the creation of two core cybersecurity documents which were crafted jointly with several other allies. Cybersecurity and Infrastructure Security Agency (CISA) crafted the <em>Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software</em> with joint agreement with National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and 15 international government agencies to give international vendors a roadmap of the expected cybersecurity hygiene required from their products. (CISA, 2023a; Car &amp; De Luca, 2022) Building on the <em>Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software</em>, CISA, FBI and NSA met with cybersecurity organizations from Australia, Canada, New Zealand, and United Kingdom and jointly created <em>The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously</em> as a core issue identified in the earlier guidance. (CISA, 2023c). These led by the U.S. helped initiate an international cybersecurity norm insisting international software manufacturers demonstrate product security and transparency. They showed how a global community can rally to solve cybersecurity challenges that have existed for decades. This led to twenty of the largest international software vendors creating the Minimum Viable Secure Product (MSVP) Working Group to address the requirements levied by these documents; CISA has joined this working group to help shape procurement, contractual controls, self-assessment, and system development lifecycle (SDLC) with these vendors. (CISA, 2024d; MSVP, n.d.) This research argues that the U.S. National Security Council (NSC) should leverage the talent pool of CISA, National Institute of Standards and Technology (NIST), Department of Defense (DoD), FBI, and NSA to improve detection, information sharing, security standards, and implementation for not only the U.S.’s government and commercial sectors, but also helps our allies and partners. The DoD and Office of the Director of National Intelligence (ODNI) have made great strides in improving security by integrating improvements with Zero Trust Architecture (ZTA), Supply Chain Risk Management (SCRM), Software Supply Chain Security, Cybersecurity Safety Review Board (CSRB), Cybersecurity Incident &amp; Vulnerability Response Playbooks, and DoD National Security Systems (NSS) standards. The NSC should coordinate through CISA to develop a collaborative effort to not only benefit the U.S. critical infrastructure but also help our allies and partners.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2261 Implications of Large Language Models for OSINT: Assessing the Impact on Information Acquisition and Analyst Expertise in Prompt Engineering 2024-03-25T13:52:40+00:00 Jan Černý cerj07@vse.cz <p>This paper explores the potential use of large language models (LLMs) in Open Source Intelligence (OSINT), with a focus on integrating information acquisition and the increasing importance of prompt engineering for analysts. The research includes a comprehensive literature review, which highlights the widespread use of AI in OSINT and the related challenges, such as data validity and ethical concerns. The study emphasizes the significance of prompt engineering as a crucial skill that demands a profound comprehension of LLMs to generate validated intelligence. A model of the OSINT lifecycle that incorporates LLMs is proposed. The paper further discusses updated training in critical thinking, search techniques, and prompt engineering for intelligence professionals. The findings indicate a noteworthy shift in OSINT procedures, highlighting the importance of continuous research and education to fully utilize AI in intelligence gathering.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2436 Teaching Next-Generation Cyber Warfare 2024-05-30T02:34:18+00:00 Jim Chen drchen878@gmail.com <p>Cyberspace plays a unique and crucial role in an era of a new geopolitical competition between the major powers. Cyber warfare has the flexibility of being launched either below or above the threshold of armed conflict in supporting the achievement of strategic goals and political aims. Meanwhile, cyber maneuvers are also inalienable to maneuvers in other warfighting domains such as land, maritime, air, and space. How can cyber capabilities be harnessed and integrated into joint warfighting? How can these new capabilities be taught to the joint force in a new way? These are the questions that the joint professional military education (JPME) programs should address. In the current JPME curricula, cyber capabilities are taught either in silo or in a way that is loosely connected to conventional military maneuvers. In a sense, they are not seamlessly integrated into the JPME programs. This paper addresses the issues of the current approach as well as their consequences. It intends to explore a new way of teaching next-generation cyber warfare, in which cyber capabilities are not only built into joint warfighting but also used to support the employment of relevant instruments of national power as well as the collaboration with allies and partners. This multi-level integrated approach is enabled by disruptive technologies such as artificial intelligence (AI). In so doing can cyber capabilities, especially AI-enabled cyber capabilities, be well integrated into the joint warfighting curricula, thus enabling joint force to obtain strategic advantage in the geopolitical competition.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2455 Harnessing Broadcast Receivers for Classification of Android Malware Threats 2024-06-04T16:06:19+00:00 Nikolaos Chrysikos nikoschrysikos2000@gmail.com Panagiotis Karampelas panagiotis.karampelas@hafa.haf.gr Konstantinos Xylogiannopoulos kostasfx@yahoo.gr <p><span class="TextRun SCXW112648169 BCX0" lang="EN-GB" xml:lang="EN-GB" data-contrast="none"><span class="NormalTextRun SCXW112648169 BCX0">With the increasing number of malicious attacks, the way how to detect and classify malicious apps has drawn attention in mobile technology market. In this paper, we proposed a classification model to seek and track malware Apps broadcast receivers in such devices. To identify the family of apps, static features of each app </span><span class="NormalTextRun SCXW112648169 BCX0">was</span><span class="NormalTextRun SCXW112648169 BCX0"> extracted and a novel deterministic classifier is employed to categorize malware apps. With such, we can </span><span class="NormalTextRun SCXW112648169 BCX0">act</span><span class="NormalTextRun SCXW112648169 BCX0"> against malware of known family, since we understand its functions, and prevent it from spreading out in larger scale, affecting extensively our society. Detailed description of the classification model is provided, as well the core technologies of this novel </span><span class="NormalTextRun SCXW112648169 BCX0">malicious android applications</span><span class="NormalTextRun SCXW112648169 BCX0">’</span> <span class="NormalTextRun SCXW112648169 BCX0">model</span><span class="NormalTextRun SCXW112648169 BCX0"> are presented. From experiments performed on a set of Android-based malware apps, we observe that the proposed classification </span><span class="NormalTextRun SCXW112648169 BCX0">model </span><span class="NormalTextRun SCXW112648169 BCX0">achieves highest accuracy, true-positive rate, false-positive rate, precision, recall, f-measure in comparison to other methods implemented in published experiments. The proposed classification model is promising </span><span class="NormalTextRun SCXW112648169 BCX0">since the average accuracy reaches an average of 97.31% </span><span class="NormalTextRun SCXW112648169 BCX0">and can effectively be applied to Android malware categorization, providing early detection of the capabilities of malware and the prospect of warning users of threatens ahead</span><span class="NormalTextRun SCXW112648169 BCX0">.</span></span><span class="EOP SCXW112648169 BCX0" data-ccp-props="{&quot;335551550&quot;:6,&quot;335551620&quot;:6}">&nbsp;</span></p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2117 AI: The Future of Social Engineering! 2024-02-16T20:12:15+00:00 Henry Collier hcollier@norwich.edu <p><strong>Abstract:</strong> Artificial intelligence (AI) is at the forefront of computer science today. &nbsp;Everyone is talking about AI and how it is the way of the future. Companies are using machine learning (ML)algorithms to enhance their business offerings, which is showing promise in the realm of improved efficiency.&nbsp; The potential benefit of a fully developed AI is exceptional, but so are the threats that AI poses.&nbsp; While the developers of the various forms of AI are eager to be the first to create a fully functional, truly intelligent AI, they do not always consider the negative possibilities that AI creates. ChatGPT was recently used to hack itself and exposed a vulnerability in its open-source library. In addition to using AI to create hacks and exploits, AI is also being used to support social engineering efforts by creating more convincing social engineering attacks.&nbsp; Whether the attack is using AI to duplicate a person's voice to convince a loved one to send a gift card to get them out of jail or if it is being used to simply scrape a person’s social media to develop a more precise method of attack, the concern that AI will be used for nefarious purposes is genuinely profound.&nbsp; This paper is a case study looking into how AI is and will be used to improve social engineering. A literature review was conducted to identify how researchers are already seeing how AI is being used and to project future threats.&nbsp; AI is here to stay, and the threats it brings are existential, and it is imperative that these threats are realized, and defensive measures are developed. This case study looks at how AI is and will be used to improve the efficacy of social engineering attacks. &nbsp;&nbsp;</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2403 A Survey of Learning Technology Integration in Information Warfare Education 2024-05-20T21:29:44+00:00 Matthew Douglas matthew.douglas.10@au.af.edu Mark Reith mark.reith.3@au.af.edu <p class="western" lang="en-GB">Information and communication technologies (ICTs) are enduringly important in today’s world. From paying for morning coffee at the local cafe to receiving a text message from a loved one, ICTs are a part of everyday life. On a larger scale, entire nations are dependent on ICTs. From power grids to the storage of classified documents, nations have come to rely on ICTs. This dependence on ICTs has increased information warfare’s importance as a warfighting domain. In order to effectively conduct information warfare operations, operators must first be properly trained on how to be successful in this domain. The use of learning technologies could be useful to train information warfare forces. This paper surveys the current state of learning technology integration into information warfare education. Learning technologies have become commonplace in today’s professional world. Many topics in organizations are taught through learning technologies such as interactive computer-based trainings, educational videos, and more complex serious games. This is no different for information warfare professionals. Learning technologies can provide alternative ways to teach important information warfare concepts such as the roles, assets, and capabilities that are necessary to succeed in this domain. The use of artificial intelligence, game-based learning, gamification, and simulation-based learning to enhance the training of information warfare forces is discussed in this survey. Additionally, the effect of adding learning technology into information warfare education curriculum as well as the key elements for each type of learning technology integrated are analysed. This paper also identifies areas of future research to further develop this topic. These findings are useful to information warfare educators who are developing curriculum or looking for ways to introduce new technologies into existing curriculum. Artificial intelligence, game-based learning, gamification, and simulation-based learning are all great options to support information warfare education, and there are even more options that have yet to be researched that present further opportunities to study in this area.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2160 Automated Extraction of Structured Data from the Social Network Instagram 2024-02-28T10:17:43+00:00 Petr Frantis petr.frantis@unob.cz Michal Bures Michal.Bures3@unob.cz Aneta Coufalikova Aneta.Coufalikova@unob.cz Ivo Klaban Ivo.Klaban@unob.cz <p>The paper explores the extraction of structured information from the social network Instagram through a&nbsp;suitable application programming interface, namely the unofficial Instagram Private API. It focuses on creating a computer program that identifies which posts a user has tagged as "Likes" and then stores this information for profiling specific user profiles. The introduction of the paper highlights the general use of social media in modern society and the importance of personal data for these platforms. It specifies the aim of the study, which is to extract information from Instagram and then analyse it for user profiling. It then describes the evolution of the social network Instagram and key features such as different types of posts. This paper further focuses on the solution and implementation by using Python programming language to minimize the load on Instagram servers and reduce the risk of detection of automated processes. It describes the process of setting up new Instagram accounts, the obstacles in obtaining login credentials, and the need to simulate human behaviour to bypass the network's defence mechanisms. It then focuses on the actual retrieval of information such as the users followed, their posts and information about which posts the user has marked as favourites. It mentions that extracting data from closed profiles is difficult and elaborates on the technical challenges associated with this task. A significant part of this paper is a discussion of Instagram's defence mechanisms that respond to automated computer programs. It describes access denial, account blocking, and identity verification prompts such as CAPTCHA tests. Finally, the conclusion summarizes the results obtained, which indicate the acquisition of approximately 90,000 records for user profiling. It discusses the shortcomings of a fully automated solution due to Instagram's account creation conditions and defence mechanisms. It mentions the need for further research and highlights key gaps and challenges in this area.&nbsp;Overall, the study highlights the technical and security challenges in extracting information from Instagram and emphasises the need for further research and improvements in the technical procedures for extracting data from the platform.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2158 Cognitive Security in a Changing World: Citizen Perceptions During Finland's NATO Joining Process 2024-02-27T12:55:39+00:00 Hilkka Grahn hilkka.grahn@jyu.fi Teemu Häkkinen teemu.hakkinen@jyu.fi Toni Taipalus toni.taipalus@jyu.fi <p>Contemporary conflicts are multifaceted and no longer fit the traditional war-and-peace dichotomy due to digital dimensions and the role of the human mind. The concept of warfare has transformed significantly: it's no longer solely reliant on physical capabilities but increasingly fought within digital environments and individuals' minds. These persistent, intertwined crises and psychological information influence present challenges to cognitive security. Psychological influence shapes opinions, attitudes, emotions, behaviors, and decision-making in individuals, groups, and societies using various methods, often involving digital tools to manipulate cognitive processes. It aims to shape the human mind, going beyond altering information to influence how the human brain processes received information. To safeguard human cognition, cognitive security is crucial. It involves the capability to detect, recognize, control, and counter negative psychological information influence aimed at an individual. Cognitive security plays a critical role in enabling individuals and society to recognize, understand, and manage a wide range of threats and risks. The rapidly changing world, driven by technology, politics, and the environment, poses new challenges for citizens' cognitive security. As warfare evolves, individuals struggle to understand the complex threats, including cyber and information influence. Hence, this study aims to ascertain whether individuals' feeling of security has changed and if they are perceiving psychological information influence. The study investigates the sense of security among Finnish people using survey data collected during two significant time periods: after Finland announced its intention to join NATO (<em>N</em> = 1080) and after it officially became a NATO member (<em>N</em> = 1047). Additionally, whether an increase in hostile online influence and disruptions in the cyber environment was noticed by Finnish people during these same time frames is being investigated. The results indicate a statistically significant decrease in the feeling of security and a significant increase in the awareness of hostile influences. This implies that these phenomena warrant further investigation to gain a better understanding of citizens' cognitive security status and to explore ways to improve it.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2471 Social Media in the Aftermath of the 2016 US Presidential Election: Disruption at the Cost of Connection 2024-06-11T07:04:50+00:00 Rosanna Guadagno rosanna.guadagno@oulu.fi Alberto Olivieri alberto.olivieri@oulu.fi Amanda Kimbrough amkalbright@gmail.com <div><span lang="EN-US">This data captures people’s experiences as unknowing targets of disinformation. Participants were US citizens naive to the actions of the different entities using social media to target Americans with disinformation in the months leading up to the 2016 US presidential election. Results indicated participants reported notable changes in their interactions on social media in the form of disruptions to existing relationships. Specifically, participants reported that they argued with their connections more, observed others disagree more, and reported an increase in the loss of friends and family connections through the unfriending or unfollowing features of social media. While, some participants found these changes amusing, most reported increased psychological distress. Not one participant mentioned Russian election interference or disinformation as the cause of these interpersonal difficulties. Analysis of text responses did not include any mention of disinformation, Cambridge Analytica, or Russia as causes of these disruptions. These results suggest that social media use has implications for individuals’ social relationships and these disruptions may impact their psychological functioning. Implications of these results for the psychological impacts of social media use will be discussed.</span></div> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2125 Placing Behavior in Context: Political Interpretations of Individual Behavior in Countering Information Warfare in Finland 2024-02-19T12:53:20+00:00 Teemu Häkkinen teemu.hakkinen@jyu.fi Hilkka Grahn hilkka.grahn@jyu.fi <p>Malign information influence often targets large segments of the population, with the intent to manipulate individual behavior for the benefit of the actors disseminating this harmful information. However, in a liberal society like Finland, individual behavior is closely tied to personal freedoms and liberties, making the commentary and regulation of individual behavior for the sake of security a complex endeavor. This paper investigates how Finnish politicians and officials perceive individual behavior within the context of information warfare. We examine the emergence of particular discourses that interpret, critique, and potentially seek to influence individual behavior. Our research draws from parliamentary debates and legislative documents, as well as executive branch materials, providing insight into contemporary political thought. By exploring the evolving landscape of political discourse in Finland, our paper contributes to a better understanding of the environment in which countermeasures against information warfare are developed and the roots of national security policy. It underscores the intricate challenges of safeguarding cognitive security while respecting individual freedoms in a modern democratic society.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2267 Measuring Societal Impacts of Cybersecurity 2024-03-26T14:41:41+00:00 Jarmo Heinonen jarmo.heinonen@laurea.fi Harri Ruoslahti harri.ruoslahti@laurea.fi <p>Cybersecurity is more important than ever. All facets of society, including critical sectors such as financial, healthcare, energy, and transportation, are very reliant on cyberspace. Information and communications technology have become more and more relevant in organizations and are crucial elements in organizational learning and networked development and resilience.</p> <p>This study focuses on the analysis and findings of a cybersecurity questionnaire on the quantitative side of the survey contemplate mainly cybersecurity competences of the personnel in the participants’ companies. The data was analysed with principal component, correspondence analysis, and the Euclidean distance two-dimensional figures.</p> <p>The extraction method was Principal component analysis to extract 11 factors, with more than 25 iterations. Correspondence analysis shows that the private and public non-authority sectors prefer workers with communication and collaboration skills and an ability for situational awareness. Private subsidiaries prefer leadership skills.</p> <p>The results show that the Societal Impact Assessment Toolkit questionnaire can be used in organizations or projects to assess the societal impact of their cybersecurity products and services. The questionnaire will be developed to-ward a standardized method, which will require collecting answers from larger numbers of respondents for further evaluation and testing it with ap-propriate qualitative methods. This will add to the body of knowledge on the societal impacts of cybersecurity. The tool is a very practical contribution for companies, while the continued use and the ensuing analysed data that be-comes collected from large numbers of respondents becomes a contribution to theory.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2352 CTI Sharing Practices and MISP Adoption in Finland’s Critical Infrastructure Protection 2024-04-30T09:44:50+00:00 Katja Henttonen katja.henttonen@laurea.f Jyri Rajamäki jyri.rajamaki@laurea.fi <p>Cyber Threat Intelligence (CTI) sharing is crucial for safeguarding organisations and securing national critical infrastructure. This study delves into the CTI-sharing practices of large, safety-critical Finnish organisations, with a specific interest in the deployment and potential of the Malware Information Sharing Platform (MISP). We gathered insights through qualitative interviews with cybersecurity experts from key sectors: energy, healthcare, and transportation. Our findings reveal that a significant proportion of regional CTI data is still shared through manual methods such as email and chat. While these systems are generally viewed positively, they are also understood to be prone to delays and inaccuracies. The interest in utilising MISP is rising in Finland, yet its implementation is still in the nascent stages. Organisations are looking towards the National Cyber Security Center to lead the establishment of a national MISP instance. The benefits of adopting a national MISP framework could be further amplified by organisations joining Europewide industry-specific MISP instances or leveraging MISP to share threat intelligence with their supply chain partners. However, challenges remain, particularly in balancing threat data sharing with European data protection laws, motivating community contributions, and standardising CTI-sharing tools and practices within a country.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2371 Evaluating Cybersecurity Class Activities Based on the Cognitive Continuum Theory: An Exploratory Case Study 2024-05-06T20:09:12+00:00 Thomas Heverin thomas.heverin@baldwinschool.org Addison Lilholt alilholt@baldwinschool.org Emily Woodward ewoodward@baldwinschool.org <p>With the cybersecurity workforce estimated to have grown to 5.5 million in 2023 but still facing a significant shortage, there is an urgent need for educational strategies that can effectively enhance decision-making skills in this domain. This paper explores the application of Hammond's Cognitive Continuum Theory (CCT) in the context of K-12 cybersecurity education, aiming to address the global cybersecurity workforce shortage and skills gap by preparing the next generation of cybersecurity professionals. This study adopts a case-study methodology to investigate the use of CCT in a high school "Cybersecurity and Ethical Hacking" class, analysing 104 tasks across six class activities to determine how different cognitive modes (Analytical Cognition, Quasi-Rational Cognition, and Intuitive Cognition) are induced by various task characteristics from CCT’s Task Continuum Index (TCI). Analytical cognition consists of rational decision making while Intuitive Cognition represents intuitive decision making. Quasi-Rational Cognition represents a blend of these two decision making styles.&nbsp;</p> <p>&nbsp;</p> <p>Directed content analysis and thematic analysis reveal that most tasks in the case promoted Analytical Cognition, with a significant presence of tasks inducing Quasi-Rational Cognition and fewer tasks facilitating Intuitive Cognition. The findings also highlight the dominance of information retrieval and analysis, methodical approaches in information seeking, and synthesis and decision-making across the cognitive modes, pointing towards the critical role of information behaviour in cybersecurity tasks. This research provides insights into how CCT can potentially inform the design of educational activities in cybersecurity, suggesting that a balanced inclusion of tasks across the cognitive spectrum can better prepare students for the complexities of the cybersecurity field. The paper discusses the implications for cybersecurity education, emphasising the need for instructional strategies that encompass a range of cognitive modes to reflect real-world challenges and enhance decision-making capabilities in future professionals. Additionally, the findings make a connection between cybersecurity tasks and school library instruction which focuses heavily on information behaviours. Limitations and directions for future research, including expanding data collection and connecting CCT to other theoretical frameworks, are also discussed.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2391 A Theory of Offensive Cyberspace Operations and Its Policy and Strategy Implications 2024-05-17T07:16:18+00:00 Gazmend Huskaj g.huskaj@gcsp.ch Fredrik Blix blix@dsv.su.se Stefan Axelsson stefan.axelsson@dsv.su.se <p style="font-weight: 400;">The significance of Offensive Cyberspace Operations (OCO) in cyber warfare and national security is increasingly recognised, yet academic literature lacks a dedicated theoretical framework to fully articulate its unique aspects and strategic dimensions. Traditionally enveloped within the broader context of information warfare, OCO's distinct characteristics have often been overlooked. Addressing this gap, our paper aims to delineate the specificities of OCO and establish a structured conceptual model that enhances understanding and operational clarity. To achieve this, the study adopts an interpretive approach, drawing from existing literature on information warfare and cyberspace, alongside official U.S. government and military publications on cyberspace operations. Employing the theory-building method, we focus primarily on conceptualization. This involves creating a coherent conceptual framework through abstraction, synthesis, and diagramming, informed by seminal works in the field. Among the paper's key contributions are detailed conceptual models that shed light on OCO's integration within the broader cyber domain, the influence of U.S. policy and strategy on OCO, and the critical triad for successful operations: access, vulnerabilities, and payloads. Furthermore, we elucidate the primary and secondary components of OCO, specifically cyberspace attack and exploitation, offering new insights into their roles and implications. Thus, the framework includes conceptual maps highlighting OCO's key elements, relationships, and challenges, aiming to advance academic discourse, practical strategies, and policy in cyberspace operations. This effort marks a significant step forward in both theoretical engagement and practical application within the field.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2232 Key Actions to Enable Automation for Mobile Network Security Operations 2024-03-18T10:13:46+00:00 Jarno Kämppi AB7833@student.jamk.fi Karo Saharinen karo.saharinen@jamk.fi <p>Over time, the landscape of Cyberspace surrounding Internet Service Providers (ISPs) has undergone enduring transformations. Notably, mobile networks, integral to contemporary societal infrastructure, consistently encounter evolving cybersecurity threats and risks. ISP processes have adapted with a persistent focus on optimizing network performance and availability, yet the challenges emerge from a laborious and protracted network change management process, hindering the practical automation of network security. Addressing the rightful demand for the highest level of security from mobile network users, our research question probes: "How can we intensify the emphasis on network security and facilitate the automation of network security operations?" To delve into this, we conducted extensive interviews with ISPs globally, affirming the inherent difficulty in automating security operations. The findings categorize challenges into three domains: Security Culture, Operational Processes, and Tools. Cultivating a security culture demands a pivotal commitment to change from top management, coupled with dedicated time and resources. Essential to this is the enhancement of security competence, extending beyond specialists to encompass network engineering staff. Robust network security not only safeguards against threats but significantly influences various business processes. Initiating a secure network requires ISPs to articulate explicit security requirements during the network procurement process, exerting pressure on vendors to fortify systems with a security-by-design approach at the factory. Critical to this is the secure deployment of networks, integrating comprehensive network hardening during the build phase. However, findings indicate a prevalent oversight where network security configuration changes are often neglected or deprioritized in favor of network performance. Achieving a harmonious balance between security and performance necessitates a predefined agreement on a network security configuration baseline. This collaborative effort involves network security specialists and competent network engineers. To effectively monitor and enforce network security configuration, ISPs require automation-enabled tools with the predefined baseline, offering capabilities for monitoring and enforcing network assets. In conclusion, our research emphasizes the imperative need for a paradigm shift in organizational culture, operational processes, and tool utilization to enhance the focus on network security and enable the critical automation of network security operations within the ever-evolving landscape of Cyberspace.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2297 Iran’s digital authoritarianism as the Blueprint for National Sovereignty 2024-04-11T06:31:53+00:00 Eleni Kapsokoli ekapsokoli@unipi.gr <p>As the technological landscape undergoes continuous transformation, nations are seizing the combination of technology, governance, and sovereignty in their strategies. Following the Arab Spring, a movement primarily focused on overthrowing oppressive regimes in the Middle East, Iran took a distinctive turn by establishing a digital authoritarian model. Fueled by concerns stemming from democratic reforms worldwide - especially those facilitated by the Internet and social media, which have played a pivotal role in the collection and dissemination of information - the Iranian government perceived a potential threat to its national security and sovereignty as well as its political survival. In response to the above, Tehran implemented a range of strategies and measures in Internet governance, which represent a form of oppressive control. To regulate the Internet and control the flow of data, Iran established the National Information Network, known as the ‘Halal Internet’. This effort aims to safeguard national sovereignty through persistent control, shield political ideology, and promote a particular religious behavior within cyberspace. These developments have a noteworthy impact on individual rights, liberties, and privacy. This paper aims to explore the methods through which Iran exercises digital authoritarianism.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2310 Exploring Zero-Day Attacks on Machine Learning and Deep Learning Algorithms 2024-04-16T18:26:35+00:00 Marie Kovářová xbalm21@vse.cz <p>In the rapidly evolving field of artificial intelligence, machine learning (ML) and deep learning (DL) algorithms have emerged as powerful tools for solving complex problems in various domains, including cyber security. However, as these algorithms become increasingly prevalent, they also face new security challenges. One of the most significant of these challenges is the threat of zero-day attacks, which exploit unknown and unpredictable vulnerabilities in the algorithms or the data they process.</p> <p>This paper provides a comprehensive overview of zero-day attacks on ML/DL algorithms, exploring their types, causes, effects, and potential countermeasures. The paper begins by introducing the concept and definition of zero-day attacks, providing a clear understanding of this emerging threat. It then reviews the existing research on zero-day attacks on ML/DL algorithms, focusing on three main categories: data poisoning attacks, adversarial input attacks, and model stealing attacks. Each of these attack types poses unique challenges and requires specific countermeasures.</p> <p>The paper also discusses the potential impacts and risks of these attacks on various application domains. For instance, in facial expression recognition, an adversarial input attack could lead to misclassification of emotions, with serious implications for user experience and system integrity. In object classification, a data poisoning attack could cause the algorithm to misidentify critical objects, potentially endangering human lives in applications like autonomous driving. In satellite intersection recognition, a model stealing attack could compromise national security by revealing sensitive information.</p> <p>Finally, the paper presents some possible protection methods against zero-day attacks on ML/DL algorithms. These include anomaly detection techniques to identify unusual patterns in the data or the algorithm’s behaviour, model verification and validation methods to ensure the algorithm’s correctness and robustness, federated learning approaches to protect the privacy of the training data, and differential privacy techniques to add noise to the data or the algorithm’s outputs to prevent information leakage.</p> <p>The paper concludes by highlighting some open issues and future directions for research in this area, emphasizing the need for ongoing efforts to secure ML/DL algorithms against zero-day attacks.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2254 Asynchronous Record Alignment of Network Flows for Incident Detection and Reconstruction 2024-03-21T12:55:23+00:00 Virgilijus Krinickij virgilijus.krinickij@mif.vu.lt Linas Bukauskas linas.bukauskas@mif.vu.lt <p>In today's interconnected digital landscape, the distribution of cyber threats presents a significant challenge to cyber security. Moreover, as of 2016, the amount of data in the world exceeds one zettabyte. Because of this, evidence-based network flow analytics is a critical component of modern network management and security. Problems such as anomalies in the network flow, cyber security incidents, alert generation, data pre-processing, network monitoring, network flow complexity, and data flow patterns become difficult to detect in massive network data flows. These specific problems can be addressed using Packet capture (PCAP). PCAP analysis is a standard network forensics process and investigation for assessing network behaviour and identifying anomalies. This work presents a method for analysing network flows for probable alignment of asynchronously recorded communications in heterogeneous networks. Using a proposed method for alignment, we can identify the relevant recordings aligned over two data streams for faster and more conclusive incident analysis. We use synthetic network incident scenarios for research experiments, detailing the generation of cyber event data and impact on cloud network traffic, followed by in-depth PCAP analysis. The automated cyber-attacks are simulated within a network infrastructure generating network flows in a PCAP format. Simulated cyber-attacks range from standard port scans, service scans, and specific scenarios like SQL injection, phishing, DoS or DDoS. We define analysis objectives and criteria for the in-depth PCAP analysis and alignment. The evidence gathered showcases valuable information about network data flow and its behaviour.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2462 Threat Modeling for Cyber Warfare Against Less Cyber-Dependent Adversaries 2024-06-06T23:13:40+00:00 Shreyas Kumar shreyas.kumar@tamu.edu Gourav Nagar gourav5660@gmail.com <p>Cyber warfare poses a substantial threat in today's interconnected world, where digital attacks can transcend physical boundaries and affect targets globally. Technologically, less advanced adversaries, such as smaller nations or organizations with limited resources, face unique challenges in defending against sophisticated cyber attacks from more advanced entities. This paper explores the threat landscape for these adversaries and proposes a tailored threat modeling framework to address their specific vulnerabilities and needs. By examining the evolution of cyber warfare, including historical incidents and the increasing sophistication of cyber attacks, the study highlights the limitations of existing threat modeling approaches like the Cyber Kill Chain, MITRE ATT&amp;CK Framework, and SWOT analysis when applied to less advanced adversaries. A comprehensive literature review underscores the gaps in current research, particularly the necessity for frameworks tailored to asymmetric technological capabilities. Employing a mixed methods approach, the research combines qualitative and quantitative data from primary sources, such as interviews with cybersecurity experts, and secondary sources, including existing literature and case studies. The proposed framework focuses on asset identification and classification, vulnerability assessment, threat analysis, and risk assessment. Proactive measures, such as basic cyber hygiene practices, advanced threat detection systems, and collaboration with technologically advanced allies, are recommended alongside reactive measures like incident response planning and disaster recovery. The importance of international cooperation and information sharing is also emphasized. Case studies of cyber incidents involving less advanced adversaries, such as the attacks on Estonia, Georgia, and Ukraine, validate the framework and demonstrate its practical application. The findings indicate that the tailored threat modeling framework effectively addresses the unique challenges faced by less advanced adversaries, enhancing their ability to mitigate risks and improve their cybersecurity posture. This study provides valuable insights and offers a practical framework to bolster defenses against cyber warfare, with future research needed to explore emerging threats and technologies further.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2284 Brain-Computer Interface Integration With Extended Reality (XR): Future, Privacy And Security Outlook 2024-04-05T17:02:38+00:00 Tuomo Lahtinen tutalaht@jyu.fi Andrei Costin ancostin@jyu.fi Guillermo Suarez-Tangil guillermo.suarez-tangil@imdea.org <p style="line-height: 100%; margin-bottom: 0in;" align="justify">The Brain-Computer Interface (BCI) is a rapidly evolving technology set to revolutionize our perception of the Internet of Things (IoT). BCI facilitates direct communication between the brain and external devices, enabling the control or interaction of devices without physical intervention. BCI technology is becoming more sophisticated, allowing third-party software embedded in emerging technologies such as Virtual Reality (VR), Augmented Reality (AR), and Mixed Reality (MR) to access sensors that read brain activity. These can be grouped under the umbrella term Extended Reality (XR). While BCI technology is disrupting the way data is collected, interpreted, and utilized within IoT networks, it is important to consider the potential privacy and security threats that it poses. Previous and not-so-recent cybersecurity research only scratched the surface in terms of security and privacy aspects of the then-emerging neural and brain-connecting technologies. However, recent advances in reconstructing language, music tracks, and imagery solely based on decoding neural signals pose a significant risk of mental privacy invasion and cybersecurity abuse. In this paper, we present an analysis of the potential threats posed by the integration of BCI with VR, AR, and MR. We analyze the involvement of major technological players in shaping BCI and XR advancements, examining the potential for these technologies to create detailed user profiles and reshape the monetization of user data in the ever-more-aggressive data-driven economy. We also outline a position view on the cybersecurity aspects that are not related to privacy and profiling per se, for example, cybersecurity attacks on the brain (e.g., ``brain rewriting'' attacks) facilitated by potentially vulnerable XR-BCI devices and software. The paper concludes by emphasizing the need for further research on the privacy and security implications of XR-BCI integration and inviting deeper exploration of the topic beyond theoretical papers and toward a more applied experimental setup.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2359 Cyber Resiliency of Aircraft Systems: A Literature Review 2024-05-02T13:18:26+00:00 Antti Luoto antti.luoto@iki.fi Matti Hakkarainen matti.hakkarainen@patriagroup.com <p>Aircraft have an important role in the overall defense of almost every country. However, military aircraft are not only susceptible to traditional kinetic weapons but also to constantly developing cyber weaponry. There has been global growth in the number of cyber threats in recent years, and the field of military aviation is not outside the growing threat. The war in Ukraine and recent military aircraft procurements in Europe make the topic very timely. A highly skilled and resourced adversary is able to conduct complex long-term attacks that penetrate even well-protected systems, such as military aircraft systems. Even air-gap does not protect aircraft from cyber threats as modern aircraft have complex and networked avionics and support systems. The study aims to find the current trends of cyber security research related to aircraft systems. The included topics are, for example, cyber resiliency and cyber protection in the system life cycle. The study concentrates particularly on forming an overall view of the most vulnerable military aircraft systems. The study presents a non-systematic literature review based on public data sources, such as research reports, articles, etc. A set of nine relevant sources was chosen for detailed qualitative analysis. Because of the lack of detailed military sources, applicable study materials related to commercial passenger aircraft were included. The results suggest that the most vulnerable aircraft systems from the viewpoint of cyber security are those that are exposed to threats via communication and satellite systems. Other vulnerable systems are sensors and avionics systems that transfer, or process critical data related to the functions of the aircraft. In addition, the study found that it is difficult to protect aircraft systems from cyber threats because of their complexity, maintenance operations, and supply chains, which also increase the size of the attack vector. To tackle the issue, it is important to follow the development of regulations and policies related to cyber security in aviation and to study the methods of managing the threat in a holistic and cost-effective manner.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2293 Risk Assessment of Large Language Models Beyond Apocalyptic Visions 2024-04-09T18:31:18+00:00 Clara Maathuis clara.maathuis@ou.nl Sabarathinam Chockalingam sabarathinam.chockalingam@ife.no <p>The remarkable development of Large Language Models (LLMs) continues to revolutionize various human activities in different societal domains like education, communications, and healthcare. While facilitating the generation of coherent and contextually relevant text across a diverse plethora of topics, LLMs became a set of instruments available in different toolboxes of decision makers. In this way, LLMs moved from a hype to an actual underlying mechanism for capturing valuable insights, revealing different perspectives on topics, and providing real-time decision-making support. As LLMs continue to increase in sophistication and accessibility, both societal and academic effort from AI and cyber security is projected in this direction, and a general societal unrest is seen due to their unknown consequences. Nevertheless, an apocalyptic vision towards their risks and impact does not represent a constructive and realistic approach. Contrarily, this could be an impediment to building LLMs that are safe, responsible, trustworthy, and have a real contribution to the overall societal well-being. Hence, understanding and addressing the risks of LLMs is imperative for building them in an ethical, social, and legal manner while making sure to consider control mechanisms for avoiding, mitigating, accepting, and transferring their risks and harmful consequences. Taking into consideration that these technological developments find themselves in an incipient phase, this research calls for a multi-angled perspective and proposes a realistic theoretical risk assessment method for LLMs.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2290 Multi-Key Asymmetric Cryptography: A Model for Preserving Privacy in Work-from-Home Environments 2024-04-08T17:17:17+00:00 Tapiwa Gundu tapgun@gmail.com Konanani Maduguma maduguma26@gmail.com <p>In the contemporary landscape of work, the transformative shift towards remote work has necessitated an investigative analysis of the privacy and security challenges associated with the exchange of sensitive information. This research paper responds to this imperative by introducing a pioneering privacy-preserving model, specifically tailored for Work-from-Home (WFH) environments, leveraging the capabilities of Multi-Key Asymmetric Cryptography.&nbsp; The model's innovation lies in its strategic synthesis of the efficiency inherent in symmetric encryption with an unwavering emphasis on the preservation of privacy. This nuanced approach positions the model as a robust solution to the dynamic and evolving cybersecurity threats faced by remote workers, offering a comprehensive defence mechanism against potential breaches and unauthorised access to sensitive data. The paper conducts a comprehensive analysis, delving into the foundational principles, distinct advantages, implementation considerations, and real-world benefits of the proposed privacy-preserving model. The examination of foundational principles elucidates the theoretical underpinnings, establishing a clear conceptual understanding of the model's architecture and functionality. The exploration of advantages underscores how the model not only addresses existing concerns but also provides additional layers of protection and adaptability to future cybersecurity challenges. The implementation considerations delve into practical aspects, discussing the feasibility and potential challenges of seamlessly integrating the privacy-preserving model into existing WFH infrastructures. Extending the analysis to real-world benefits, the research paper highlights the possible tangible impact and value the proposed model brings to organisations and remote workers. This encompasses enhanced data security, improved privacy compliance, and increased confidence in the integrity of remote work systems.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2353 Arranging the Defence of the Cyber Environment as a Part of Military Affairs: Tactical, Operational and Strategic approach in retrospect of The Russian - Ukrainian War 2022 2024-04-30T16:08:10+00:00 Juha Kai Mattila juhakaimattila24@gmail.com <p>The artificial cyber environment has reached national security interest and emerged as the fourth domain of battle in the military concept of all-domain operations in most Western armed forces and coalitions in the past 30 years. Currently, militaries are struggling to keep up with cybercriminals and advanced persistent actors while trying to gain an advantage of their data and digital infrastructure. The paper focuses on military affairs' ways and means to address the need for cyber warriors operating in friendly, neutral, and hostile cyber environments integrated under Multi-Domain Operations. The paper uses design research methodology to create and test a model for cyber defence capabilities generation and utilisation. The theoretical reference to military affairs is based on Beer's Viable System Model and previous studies of military organisations' evolution as capability generators. The military and societal cyber environment evolution model is based on industrial revolutions and current tendencies. These approaches define a hypothetical model for two main functions of military affairs (force generation and utilisation) concerning cyber defence capabilities. The fast evolution of cyber threats sets unique requirements for cyber force utilisation and generation structures. This difference has culminated in a recent war between Russia and Ukraine, and data from that conflict is used to test the hypothetical model.&nbsp;The rapid evolution of the cyber environment and its weaponisation establish different requirements for military cyber capabilities compared to any other operational dimension or capability (space, air, land, or maritime). The difference is evident in sourcing resources, generating capabilities, and using them in Multi-Domain Operations. The paper provides a tested model for generating cyber defence capabilities at a strategic level and an operation model for cyber defence at a tactical and operational level. The designed model extends the technically oriented cybersecurity thinking with operational and strategic levels. Furthermore, the model introduces the value stream behind the cyber capability acquisition and supports strategic designers in national and military analysis.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2374 Risk Assessment for Malware Attacks in Small Businesses 2024-05-07T19:45:41+00:00 Tabisa Ncubukezi ncubukezit@cput.ac.za <p>The presence of severe malware attacks in business systems compromises devices, data, information, and network hygiene. The increased usage of cyberspace as a convenient tool exposed all organisations to various malware attacks. The malware attacks have become one of the most common threats in all sectors. These attacks often find their way into systems where poor or inadequate security measures are implemented, leaving the institution’s resources vulnerable and compromised. This work collected data using purposive sampling from the selected small businesses that used cyberspace for business transactions. A questionnaire distributed to the participants was mounted on Google Forms. To analyse the collected data, this work assessed the malware attacks and used the risk management processes to determine the risk impact and probability. Risk management processes were used to analyse and interpret different risks associated with malware attacks and also ranked them from low, medium, and high. The work also revealed the different forms of common malware attacks, the business assets affected, the main causes of malware attacks, risk value, risk likelihood, and the risk impact. The extent of security measures implemented on different levels contributes to the overall state of the organisational resources. The study also shared the recommendations and accounted for the conclusion.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2278 Towards a GDPR Compliance Assessment Toolkit 2024-04-04T09:59:57+00:00 Sipho Ngobeni sngobeni@csir.co.za Ntombizodwa Thwala nthwala1@csir.co.za Nokuthaba Siphambili nsiphambili@csir.co.za Phumeza Pantsi ppantsi@csir.co.za Bokang Molema bmolema@csir.co.za Jacob Lediga jlediga@csir.co.za Pertunia Senamela psenamela@csir.co.za <p>The European Union's (EU) General Data Protection Regulation (GDPR) makes it illegal to collect, process, and store personal data unless it is done in accordance with the prescribed legal and regulatory clauses enshrined in the Act. Organisations face significant challenges in navigating GDPR requirements and assessing their level of compliance. In particular, failure to comply with GDPR may potentially expose the data Controller and Processor to steep legal penalties including possibly administrative fines of up to 20&nbsp;000&nbsp;000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, which is imposed by the Supervisory Authority. This paper presents the results of a minimum viable product, the GDPR Compliance Assessment Toolkit (GCAT). The main objective of the GCAT is to assist organisations to assess their current state of compliance to GDPR. Drawing from an experimental research and development approach, GCAT is then compared with other existing GDPR compliance assessment technologies. Comparative analysis results shows that GCAT simplifies and optimize GDPR compliance assessments.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2258 Machine Learning Applications of Quantum Computing: A Review 2024-03-22T12:56:19+00:00 Thien Nguyen thien.nguyen@student.jamk.fi Tuomo Sipola tuomo.sipola@jamk.fi Jari Hautamäki jari.hautamaki@jamk.fi <p>At the intersection of quantum computing and machine learning, this review paper explores the transformative impact these technologies are having on the capabilities of data processing and analysis, far surpassing the bounds of traditional computational methods. Drawing upon an in-depth analysis of 32 seminal papers, this review delves into the interplay between quantum computing and machine learning, focusing on transcending the limitations of classical computing in advanced data processing and applications. This review emphasizes the potential of quantum-enhanced methods in enhancing cybersecurity, a critical sector that stands to benefit significantly from these advancements. The literature review, primarily leveraging Science Direct as an academic database, delves into the transformative effects of quantum technologies on machine learning, drawing insights from a diverse collection of studies and scholarly articles. While the focus is primarily on the growing significance of quantum computing in cybersecurity, the review also acknowledges the promising implications for other sectors as the field matures. Our systematic approach categorizes sources based on quantum machine learning algorithms, applications, challenges, and potential future developments, uncovering that quantum computing is increasingly being implemented in practical machine learning scenarios. The review highlights advancements in quantum-enhanced machine learning algorithms and their potential applications in sectors such as cybersecurity, emphasizing the need for industry-specific solutions while considering ethical and security concerns. By presenting an overview of the current state and projecting future directions, the paper sets a foundation for ongoing research and strategic advancement in quantum machine learning.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2296 Railway Infrastructure Cybersecurity: An Overview 2024-04-10T22:02:43+00:00 João Nunes jpbn@student.dei.uc.pt Tiago Cruz tjcruz@dei.uc.pt Paulo Simões psimoes@dei.uc.pt <p>The railway infrastructure constitutes a type of operational technology (OT)-based critical infrastructure, which is expected to work 24x7, 365 days a year, and where the life expectancy of operational equipment often exceeds 30 years. In this domain, an operational anomaly compromising the OT system can cause a train accident or interrupt traffic, with potentially significant impact in terms of business as well as for passenger safety. Due to their relevance, railways are strategic assets of national interest and, consequently, targets of interest for cybercriminals and cyberwarfare activities. For instance, service interruptions may trigger ripple effects resulting in product shortages and widespread supply chain disruptions, with severe impacts for both the economy and national security. In a bid to optimise and streamline operations. the railway industry has recently started taking a series of significant steps towards digitization, with infrastructures experiencing a significant paradigm shift which, for instance, makes it possible to have centralised interlockings and Radio Block Centre (RBC) for an entire country, with geographical redundancy, ensuring the utmost availability and punctuality by moving the control logic to the cloud. Nevertheless, these developments must always be carried on within the scope of established cybersecurity standards and frameworks. This paper presents an analysis of the state of the art on railway cybersecurity, focused on the existing solutions based on the application of the CENELEC “Technical specification 50701 - Railway Application – Cybersecurity”, which is currently the latest European specification addressing railways, being designed to help suppliers, integrators, and operators to implement a cybersecurity risk assessment plan, the necessary controls, and the management of the complete system life cycle. Special attention will be paid to the conduit between the rail signal interlocking system, that controls the line signalling, and the Automatic Train Supervision (ATS) that runs in the Operational Control Centre (OCC), as this has been identified by the European Union Agency for Cybersecurity (ENISA) as one of the most critical systems identified by the operators of essential services.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2435 Strategies for Combating Adversarial Information Operations: Theory and Practical Applications 2024-05-29T08:33:37+00:00 Alberto Olivieri albertofedericoolivieri@gmail.com Rosanna Guadagno rosanna.guadagno@oulu.fi <p>In the contemporary information landscape, the proliferation of disinformation and propaganda poses a significant challenge to societal discourse and democratic processes. This paper proposes a multi-disciplinary approach to combatting adversarial information operations, drawing upon theoretical frameworks and practical applications. Theoretical foundations are established through an examination of the Persuasive System Design (PSD) model (Oinas-Kukkonen, 2013) and its parallels with propaganda tactics. By analyzing the shared flaws and vulnerabilities, insights emerge into the manipulation techniques employed by threat actors in online information spaces.&nbsp;Building upon this theoretical framework, the paper presents a proactive strategy for countering disinformation: the development of Early Warning and Control Systems (EWACS). These systems leverage AI-assisted narrative discovery to monitor the digital information landscape continuously. By identifying emerging threats and inauthentic activity, strategic communicators gain valuable insights for crafting counter-narratives and pre-emptive communication strategies.&nbsp;Key components of the proposed approach include deterrence by denial and resilience-building measures. By shifting the cost-gain calculation of adversaries and enhancing societal resilience, the aim is to create an environment where propagandists face increased challenges in achieving their objectives.&nbsp;This paper emphasizes the importance of collaboration between diverse stakeholders, including governmental organizations, academia, NGOs, and journalists. By harnessing the collective expertise from multiple fields, more effective strategies can be developed to safeguard information integrity and restore public trust.&nbsp;In conclusion, this paper advocates for a convergence of theory and practice in addressing the complex challenges posed by adversarial information operations. By integrating theoretical insights with practical applications, the proposed approach offers a holistic framework for countering disinformation and propaganda in contemporary information environments.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2100 Educating New Military Leaders to be Robust against Influence Operations: A Case Study 2024-02-09T09:41:38+00:00 Knut Østby knostby@mil.no Kirsi Helkala khelkala@mil.no Ole Joachim Aasen ole.Joachim.aasen@accenture.com <p>Influence operations and cognitive warfare are part of the new complex threat picture that Norway and other nations face. In general, military education and leadership education have traditions in place to build robustness against war demands, but how to build robustness against influence operations is still almost non-existing. In this case study, we show how an educational module on influence operations was conducted at the Norwegian Defence University College’s Cyber Academy department and how this module contributed to strengthening robustness against cognitive warfare. The impact of the educational module was evaluated by a questionnaire and a short group interview, and the results are shown in this paper. The findings indicate a positive development in the cadets' own perceived robustness. In addition, we also discuss and suggest some personal and organizational factors that can strengthen military leaders' robustness against influence operations. The findings and the discussions can be used as inspiration when educational modules are designed both in military and civilian education.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2337 Visions of the Future: What Could Happen to User Authentication? 2024-04-25T09:34:23+00:00 Hanna Paananen hanna.k.paananen@jyu.fi Naomi Woods naomi.woods@jyu.fi <p>The most prevalent information system security feature for the user is the authentication process. Passwords have been the primary authentication method for decades due to their simplicity for both the user and the system provider. However, over recent years, the digitalization of services has increased the number of credentials each user must manage, making traditional password authentication problematic for the user. Strong candidates for easier and more secure authentication methods are emerging (e.g., FIDO alliance, Single-sign-on, biometrics). Still, a single method has yet to dominate the market due to the rapid changes in technology, costs of implementation, trust in these methods, and the vast number of users and digital services. Due to the varied reasons that affect the adoption of these methods, it is unclear what kinds of authentication methods will be the forerunners in the future. This study aims to envision the future of user authentication and security features emerging from the interaction of different factors. We present a qualitative interview study, which examines six experts from the fields of authentication, cybersecurity, and emerging technologies. A hermeneutic mode of analysis is used to form scenarios of the future based on the observations of different experts. The results reflect an understanding of how users and their interactions with security features, such as authentication, may change over the following decade and beyond and how security professionals intend to incorporate this knowledge into future security systems. The results shed light on the influence of society, developing technology, and the need for user- and future-proof security in the coming years. This study will have several implications, as it will contribute to forming a coherent picture of the different elements that shape the future and give an idea of how to prepare for what is coming. Furthermore, it will provide an understanding of how choices with technology today lead to different futures.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2521 A Practitioner’s Behavioral Approach: Reconceptualizing Whaley’s Word-of-Mouth Communication Model in an Online Context 2024-06-21T13:48:58+00:00 Tim Pappa timothy.s.pappa@niu.odni.gov <p>The late American scholar Barton Whaley wrote several classic works related to disinformation, but people are likely less familiar with his limited works on word-of-mouth communication. Whaley published two studies in the early 1960s, separately exploring word-of-mouth communication among mainland Chinese civilians and mainland Chinese Communist military personnel. Whaley found that word-of-mouth communication by “key communicators” in these communities who were the most trusted and most informed was more effective than radio for information sharing, and likely the most effective method for disinformation. This paper will primarily explore Whaley’s model, but then introduce relevant literature on group dynamics and electronic word-of-mouth communication, which has largely focused on marketing practices and consumers. This paper proposes integrating Whaley’s model into these related behavioral frameworks, reconceptualizing a model of a practitioner’s behavioral approach to word-of-mouth online influence.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2256 Educating Cybersecurity Experts: Analysis of Cybersecurity Education in Finnish Universities 2024-03-21T12:56:20+00:00 Piia Perälä piia.m.h.perala@jyu.fi Martti Lehto martti.j.lehto@jyu.fi <p>Cybersecurity is no longer just a technical discipline but a strategic concept. Nowadays, cybersecurity has become an essential part of national security strategies. The European Union and European countries have established cybersecurity strategies to strengthen European and national resilience against cyber threats and ensure that citizens and businesses can take full advantage of reliable services and digital tools. A wide range of actors in society, from both government and non-government sectors, are already involved in cybersecurity work. However, there is a constant need to increase the workforce of cybersecurity specialists to manage cybersecurity risks. Finland's cybersecurity strategy emphasizes the importance of developing cybersecurity education to address the cybersecurity risks the country faces. For the nation to achieve cyber self-sufficiency, the pool of cybersecurity specialists should include experts in every knowledge area relevant to various aspects of cybersecurity. Universities have a role in training cybersecurity specialists through their education programs. Consequently, universities should offer comprehensive education encompassing all cybersecurity knowledge areas. This paper aims to overview the state of cybersecurity education in Finland's universities by focusing on cybersecurity education content. By analysing the content of the universities' cybersecurity education, the aim was to understand how current education in Finland meets the cybersecurity knowledge areas of the European Cybersecurity Taxonomy. In spring 2023, data on cybersecurity degree programs and courses were collected through surveys from nine Finnish universities providing cybersecurity education. As a result, we gained an understanding of the capability of Finnish university-level cybersecurity education to offer specialists in different domain areas of cybersecurity.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2157 A Comprehensive Artificial Intelligence Vulnerability Taxonomy 2024-02-27T12:36:29+00:00 Arttu Pispa arttu.pispa@iki.fi Kimmo Halunen kimmo.halunen@oulu.fi <p>With the rise of artificial intelligence (AI) systems and machine learning (ML), there is a need for a comprehensive vulnerability framework that takes into account the specifics of AI systems. A review of the currently available frameworks shows that even though there have been some efforts to create AI specific frameworks, the end results have been flawed. Previous work analysed for this paper include AVID, Mitre ATLAS, Google Secure AI Framework, Attacking Artificial Intelligence, OWASP AI security and privacy guide, and ENISA Multilayer framework for good cybersecurity practices in AI. While only AVID is intended to be an AI/ML focused vulnerability framework, it has some weaknesses that are discussed further in the paper. Of the other works especially the ENISA framework has a valuable way of determining AI domains that can be affected by vulnerabilities. In our taxonomy proposal the first part of the evaluation process is determining the location in the AI system lifecycle that the vulnerability affects. The second part is determining which attributes of technical AI trustworthiness are compromised by the vulnerability. The third part is determining the possible impact of the vulnerability being exploited on a seven-step scale from the AI system functioning correctly, to it performing unintended, attacker directed actions outside the bounds it is supposed to function in. We also evaluate two known AI vulnerabilities based on our taxonomy proposal to showcase the benefits in comparison to existing frameworks.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2340 Architecture Framework for Cyber Security Management 2024-04-26T09:37:34+00:00 Jouni Pöyhönen jouni.a.poyhonen@jyu.fi Martti Lehto martti.j.lehto@jyu.fi <p>The smooth operation of contemporary society relies on the collaborative functioning of multiple essential infrastructures, with their collective effectiveness increasingly hinging on a dependable national system of systems construction. The central focus within the realm of cyberspace revolves around safeguarding this critical infrastructure (CI), which includes both physical and electronic components essential for societal operations. The recent surge in cyber-attacks targeting CI, critical information infrastructures, and the Internet, characterized by heightened frequency and increased sophistication, presents substantial threats. As perpetrators become more adept, they can digitally infiltrate and disrupt physical infrastructure, causing harm to equipment and services without the need for a physical assault. The operational uncertainty of CI in these cases is obvious. The linchpin of cyber security lies in a well-executed architecture, a fundamental requirement for effective measures. The framework of this paper emphasizes organizational guidance in cyber security management by integrating the cyber security risks assessment and the cyber resilience process into overall continuity management of organizations business processes.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2073 E-EWS-based Governance Framework for Sharing Cyber Threat Intelligence in the Energy Sector 2024-02-02T10:16:49+00:00 Jyri Rajamäki jyri.rajamaki@laurea.fi Asfaw Feyesa Asfaw.Feyesa@student.laurea.fi Anup Nepal Anup.Nepal@student.laurea.fi <p>The integration of traditional energy technologies with modern digital technologies increases the risks of cyber-attacks and data breaches. Sharing cyber threat intelligence (CTI) is important for the common defense. The DYNAMO project has chosen the ECHO Early Warning System (E-EWS) as a tool for CTI information sharing. The management of E-EWS becomes the basis for guiding the ethical and efficient operation of the DYNAMO platform and the wider energy sector. The governance framework defines roles, responsibilities, and procedures that are tailored to sharing information, enhancing collaboration, and ensuring the integrity of shared information. Effective governance promotes transparency, compliance, and trust among stakeholders, which ultimately strengthens the security posture of the DYNAMO platform and improves the energy industry's resilience against cyber threats. This paper proposes a governance framework for the DYNAMO platform, including a committee, data security policies, and NIS2 and GDPR compliance. It emphasizes user-friendly collaboration tools, access control, continuous monitoring, stakeholder training, compliance, and phased implementation. The goal is iterative improvements through continuous evaluation.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2320 Enhancing Metaward: Integrating Digital Forensic Readiness in the Metaverse 2024-04-18T15:55:18+00:00 Shelley Robertson shelley.robertson@tuks.co.za Stacey Baror stacey.baror@up.ac.za Hein Venter hein.venter@up.ac.za <p>As virtual currencies gain traction as rewards and with the evolving landscape of remote and hybrid work environments, the need for adaptive and comprehensive reward systems becomes imperative. This research builds upon the foundation laid in prior studies, focusing on the integration of Digital Forensic Readiness (DFR) into the Metaward reward model, within the Metaverse. However, as more individuals engage with and use the Metaverse, it is crucial to implement DFR to the Metaverse. The problem of this research is the absence of DFR processes integrated into the Metaverse, particularly within the context of the Metaward&nbsp;reward&nbsp;system. With the increasing importance of cybersecurity and digital forensics (DF) in organizational operations, the integration of such measures aims to enhance the security and integrity of the Metaward model. This enhancement aims to ensure a proactive and effective response to potential security incidents, while maintaining the integrity of digital evidence. This research employs a comprehensive methodology, encompassing literature review, analysis of DF measures, and the development of an extended conceptual model. By considering factors such as the security implications of virtual currencies, incident response capabilities, and proactive DF measures, the study seeks to provide insights into the feasibility and effectiveness of this augmented reward model. The proposed model acknowledges the significance of balancing motivation and engagement with the imperative need for robust DFR. It explores potential synergies between these seemingly different elements, aiming to create a reward system that not only motivates employees but also ensures the resilience and security of the organizational digital infrastructure. This study's findings hold promise for organizations navigating the complex terrain of modern work paradigms, offering a strategic approach to bolstering employee motivation, engagement, and DFR. The conclusion reflects on the implications of the proposed integration and outlines avenues for further research in the dynamic intersection of virtual currencies, reward systems, and DF.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2520 The Social Domain: Resilience of Information-Sharing Networks 2024-06-21T13:09:43+00:00 Harri Ruoslahti Harri.ruoslahti@laurea.fi Ilkka Tikanmäki Ilkka.tikanmaki@laurea.fi <p>The concept of networks in the social domain can be seen as a resilient complex social system, consisting of diverse and interdependent actors and organizations. These social networks are characterized by complicated interactions between people, technologies, and processes, making them cyber-physical or socio-technical in nature. However, these interactions and dependencies also bring vulnerabilities, encouraging member organizations to increase their resiliency. As organizations and digital structures become increasingly interconnected, there is a need for information sharing, and practices that anticipate future incidents and foster learning from them. Effective communication with stakeholders is essential to strengthening resilience, given the diverse interests and interdependencies between them. An integral system's perspective on an organisation in its environment emphasises relationships and interdependencies, enabling recognition of complexities to enhance resilience on various interrelated levels. Identifying trends and implementing preventive measures requires the sharing of information on threats and vulnerabilities. Open innovation, where outsiders contribute to co-creating innovations, can help organizations cope with unforeseen disruptive changes. Agility is essential for developing knowledge and adapting processes flexibly to changing contexts. Knowledge exchange between network stakeholders can reduce the complexity of communication and enable resilient collaboration. In this case study, the researchers offer a tool that is aimed at strengthening the resilience of collaborative networks by gaining a deeper understanding of each organisation's relevant processes and tools. They specifically focused on analysing and evaluating the effects of these processes on the safety of critical infrastructure. To enhance the sustainability of stakeholder collaborative networks, master's students in safety management conducted risk assessment workshops and compiled a list of characteristics. These attributes were then prioritised and incorporated into risk matrices. The results of the study revealed the key factors that contribute most significantly to the resilience of collaboration networks. These findings highlight the critical aspects that influence the resilience of collaborative networks. By incorporating these factors into their strategies and practices, organisations and stakeholders can enhance their ability to withstand disruptions and adapt effectively in the face of uncertainties.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2519 Business Model Canvas and Competition to Understand Exploitation of Cybersecurity Project Results 2024-06-21T13:02:36+00:00 Harri Ruoslahti Harri.ruoslahti@laurea.fi Eveliina Hytönen Eveliina.hytonen@laurea.fi Luis Angel Galindo Sanchez Luisangel.galindosanchez@telefonica.com <p>The European Commission (EC) has lately funded 22 different cybersecurity projects (European Commission, 2024), and the European Union (EU) expects a return for the investment and requires these projects to demonstrate efficient exploitation activities that emphasize their influence on the European economy. The Business Model Canvas (BMC) is a tool to actively guide discussion and processes that evolve and adapt based on their environments. Yet, the tool does not address the competition on the marketplace. For this reason, this study introduces the ‘Business Model Canvas and Competition’ (BMC&amp;C) by including the element of competence to the traditional BMC and examines its usefulness to understand the relations between an organisation and its competitive environment. The data collection method for this study was action research through actively participating in the exploitation workshops activities and reading what materials were produced. The BMC by Osterwalder and Pigneur (2011) consists of the nine building blocks. This study modified the BMC as a framework of analysis by adding tenth building block ‘Competition’ (&amp;C) that acknowledges that an organization is not alone but is part of a market where it encounters competition by active direct competitors and by indirect alternative ways to achieve similar results. This tenth building block ‘Competition’ (&amp;C) was deemed important to better understand what possible competitive advantages and challenges the analysed assets of the ECHO project may encounter. The BMC&amp;C was used in ECHO exploitation workshop that addressed the ECHO asset ECHO Early Warning System (E-EWS). The E-EWS asset BMC&amp;C example show that users found the BMC&amp;C easy to use. As the &amp;C was added as a tenth element or building block the use of the tool was familiar to anyone who had used a conventional BMC. Those who had no prior experience of the BMC tool received guidance from the more experienced users. The workshops included active and co-creative discussions that shaped the outcomes of the BMC&amp;C for each individual ECHO asset. The results of this study indicate that the BMC&amp;C can be a valuable tool to assess how an organisation that is active in a marketplace may need to take their competition into account. The contribution of this study to practice is a deeper understanding of competition and market on a very practical case level, while its contribution to theory is the accumulation of data from multiple cases.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2291 Wargaming in Information Warfare Training: A Study of Finnish Officials 2024-04-09T07:31:47+00:00 Dominic Saari dominic.b.j.saari@jyu.fi Hilkka Grahn hilkka.grahn@jyu.fi Teemu Häkkinen teemu.hakkinen@jyu.fi Miriam Hautala miriam.a.hautala@jyu.fi Oskari Vesterinen oskari.m.vesterinen@jyu.fi Panu Moilanen panu.moilanen@jyu.fi <p>In the digital age, information warfare has become a significant global concern, with malicious actors exploiting various media to manipulate public opinion, destabilising governments, and sowing discord. Automated and algorithmic tools are used to spread false and misleading information on social media platforms, and states have been unable to control the spread of it. In addressing new challenges, national governments globally reassess strategies, communications, and responses to adapt to evolving threat environments. To counter information influence activities, it is crucial to have informed, educated, and well-trained communicators. This case study focuses on the innovative use of wargaming in training government officials, providing them with abilities to respond to different tactics and methods of malign influence operations. This article is based on an information warfare exercise conducted in January 2024 involving 27 Finnish officials from various ministries and agencies critical to national security. The participants participated in an interactive simulation, where they explored and responded to challenges related to disinformation campaigns and other tactics designed to manipulate and influence information within a hybrid warfare context. The players were divided into two teams: red and blue, with the reds assuming the role of the offensive team while the blues took on the defensive role. The teams competed for control over the information space, employing various information warfare methods. After the exercise, each participant was asked to complete a post-exercise survey to evaluate the knowledge acquired and the exercise's overall usefulness, including scenario clarity and the effectiveness of role-playing. We also explored potential differences in perceptions and experiences between inexperienced and experienced players in the wargaming exercise. Key findings revealed the effectiveness of wargaming as an educational tool, particularly benefiting novices over experienced players. Role-playing proved valuable, emphasizing the importance of explicit scenarios for effective engagement. The study highlighted cross-departmental cooperation's significance, facilitating a dynamic learning environment.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2250 Backward-compatible Software Upgrades for ADS-B and AIS To Support ECDSA-Secured Protocols 2024-03-20T15:19:24+00:00 Ahsan Saleem ahsan.m.saleem@jyu.fi Hannu Turtiainen hannu.ht.turtiainen@jyu.fi Andrei Costin andrei.costin@jyu.fi Timo Hämäläinen timo.t.hamalainen@jyu.fi <p>During the past few decades, the aviation, maritime, aerospace, and search-and-rescue domains have witnessed tremendous improvement thanks to technological, digitalization and Internet of Things (IoT) advances such as Automatic Dependent Surveillance–Broadcast (ADS-B) (e.g., Aviation IoT, Airports IoT) and Automatic Identification System (AIS) (e.g., Maritime IoT). All these are high-profile examples of new digital communication protocols combined with IoT devices that make efficient use of wide-area earth and space radio communications to provide real-time, truly globally interoperable, and optimised services required by these domains. However, the protocols and technologies mentioned above, both from an architectural and implementation point of view, exhibit fundamental cybersecurity weaknesses (both at protocol and IoT device level). These weaknesses make them an easy target for potential attackers. The two fundamental flaws of these protocols are the lack of digital signatures (i.e., integrity and authenticity) and the lack of encryption (i.e., confidentiality and privacy). The risks associated with these, and other weaknesses have been over the last decade repeatedly demonstrated with ease by ethical cybersecurity researchers. In this paper, we design, propose, and discuss a single generic PKI-enabled message integrity and authenticity scheme that works seamlessly for any of the ADS-B, and AIS, with the possibility of easy extension and integration into other protocols (e.g., ACARS). Our scheme can be added as backward-compatible software upgrades (e.g., third-party library) to existing systems without requiring expensive architectural redesign, upgrades, and retrofitting. Our present work is aimed to serve as a bootstrap to securing such insecure protocols without completely replacing or redesigning the systems. It also aims to provide a discussion background of advantages and limitations of such backward-compatible securing methods.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2270 Using Wargaming to Model Cyber Defense Decision-Making: Observation-Based Research in Locked Shields 2024-03-28T13:37:45+00:00 Pietari Sarjakivi pietari@sarjakivi.fi Jouni Ihanus jouni.e.i.ihanus@student.jyu.fi Panu Moilanen panu.moilanen@jyu.fi <p style="font-weight: 400;">Defensive Cyber Operations (DCO) in complex environments, such as cyber wargames, require in-depth cybersecurity knowledge and the ability to make quick decisions. In a typical DCO, execution rarely follows a pre-planned path because of extensive adversary influence, challenging an already complex decision-making environment. Decision-making models have been extensively studied from perspectives of military operations and business management, but they are not sufficiently researched in the context of cyber. This paper responds to this need by examining the decision-making models of DCO leaders in a live-fire wargame environment.&nbsp;This study was conducted by observing leaders of cyber operations during the world's largest live-fire cyber exercise, NATO Locked Shield 2023. In this exercise, the blue teams plan and execute their defensive cyber operation in a realistic operational environment, while the red team conducts attacks against the defended environment. The large-scale, wargaming-style environment of Locked Shield is one of the best environments for modelling DCO decision-making models; in this exercise, the DCO is broad and multi-faceted, a perspective which cannot be achieved in a typical capture-the-flag competition or a single security incident.&nbsp;DCO leaders must be able to manage two distinct decision-making processes with different sets of required skills to be successful in the mission. While the primary process relates to the execution and evolution of the pre-designed plan with traditional operational leadership skills, the secondary process deals with unplanned and deliberately caused cyber-related events that require a deep understanding of cybersecurity. In this respect, the main contribution of this research is the constructed decision-making model of the DCO leader. This model is based on observations collected and presented in the context of multiple well-known decision-making frameworks. This model can be further used to train future DCO leaders and assess artificial intelligence's usability to support and automate decision-making in such operations.</p> <div id="accel-snackbar" style="left: 50%; transform: translate(-50%, 0px); top: 50px;">&nbsp;</div> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2311 Revisiting Past Cyber Security Recommendations: Lessons we Have Failed to Learn 2024-04-17T11:36:17+00:00 Matthias Schulze schulze@ifsh.de Jantje Silomon silomon@ifsh.de <p>Cyber-security is constantly evolving as new technologies introduce new vulnerabilities and threat actors constantly develop new techniques to penetrate systems. Much focus in scholarship is on the cyber-offense, while few analyse changes in the cyber-defence posture. Since its inception, defensive information security has evolved and introduced a plethora of new security controls to either prevent, detect, mitigate, or respond to new cyber-attacks. When studying cyber-incidents, a paradox becomes apparent: often, low-end security fails are responsible for most breaches, such as default system configurations and credentials or violations of the principle of least privileges. Even security sensitive organisations such as the US DoD or IT companies suffer from this paradox, as a recent NSA/CISA report indicates: large sums are spent on high-end security programs only to be compromised by low-end attacks. This paradox becomes even more pronounced when introducing a longitudinal historical perspective: many of these issues have been known for decades, as reports from the 1970s show. These include inadequate hardware and software not designed with security in mind, the issue of managing resource access controls in a multi-user environment that includes remote terminals (aka a cloud infrastructure), malicious insider threats that bypass security controls, as well as the issue of applying timely software patches. In sum: while the IT security industry is rushing to introduce new high-level security controls and technologies, the main issues seem to be age-old problems and the failure to learn lessons from the past, warranting a historical approach. In this paper, the origin of security controls is examined, shedding light on relevant best practices, recommendations and why they emerged. Starting in the 1960s, we analyse the emerging technologies of each subsequent decade, explore what changes in IT-security controls these new technologies necessitated, and how IT and later cyber-security changed over the years. Furthermore, reference is made to the aftermath of selected cyber-attacks to further highlight is analysed to explore potential shifts in security paradigms beyond those introduced by technology itself.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2450 ‘It Takes a (Global) Village’: Towards a Multi-Actor Networked Conception of Security 2024-06-03T17:39:32+00:00 Keith Scott jklscott@dmu.ac.uk <p>On December 4th 2023, Oliver Dowden, the British Deputy Prime Minister, issued his first annual resilience statement, outlining the range of threats faced by the United Kingdom, natural, economic, military, and technological. The purpose of this paper is to examine the contemporary threat landscape through the critical lens of complex interdependency (cf Keohane and Nye), and to consider the way in which approaches and theoretical models of threat and threat mitigation can and should (or should not) be applied in different domains. Multi-Domain conflict shows how the modern battlefield is a highly complex realm of interlinked environments (including the non-physical); in the same way, ‘unrestricted warfare’ (Qiao and Wang) collapses the traditional DIME concept of discrete arms of state power. How may a liberal democracy protect itself and its citizens against mis/disinformation, cyber warfare, hacktivism, NSAs and foreign powers ready and able to to wage ‘war’ in a wide range of ways, using IW both as a specific methodology and as a force multiplier for other forms of destabilization.</p> <p>&nbsp;</p> <p>Focusing largely but not overwhelmingly on the informational realm, the paper will consider models of threat mitigation applied in other domains, from the elite innovative force of the Rifle Brigade to the public health response to the COVID-19 pandemic to the behavioural science-based influence campaigns devised by the UK ‘Nudge Unit’ and beyond. It will ultimately argue that a nation which faces a range of internal and external threats to its stability must devise policy and strategy which themselves operate internally and externally. Any approach which is not based on action at all levels of society – civil, military, educational, technical, diplomatic – is doomed to failure before it starts. However, the key challenge will be how to build this in societies which have grown ever more atomised, divided, and opposed to cooperation.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2224 Innovating Cybersecurity Education Through AI-augmented Teaching 2024-03-15T14:33:11+00:00 Joon jspark@syr.edu Ryan Simmons rtsimmon@syr.edu <p>In traditional teaching frameworks, instructors face significant obstacles in offering current and synchronized learning materials and examples, especially when the course is taught by multiple instructors. This situation can affect the quality of the course's learning outcomes. These challenges become more pronounced in today’s higher education, because of the heightened complexity arising from the need to cover a range of course materials, diverse student backgrounds, varying skill levels, and different student expectations—all within the constraints of a fixed teaching and learning schedule. Furthermore, due to resource constraints, not every instructor has the availability of a teaching assistant (TA). Especially, while the demand for cybersecurity continues to rise, the dynamic nature of the cybersecurity field leads to the frequent emergence of new issues and incidents. To address these challenges, we examine the capabilities of generative AI to innovate teaching techniques and methods for cybersecurity curricula. We further explore the novel challenges introduced by generative AI, including issues related to privacy, data ownership, transparency, and other associated concerns, underscoring the need for comprehensive solutions. Our work further examines the teaching and learning capabilities of dynamically generated, up-to-date class materials in a personalized study environment augmented by AI. The adaptability of AI-augmented teaching across various disciplines will bring innovation to higher</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2335 Validation of Sensor Data Integrity in OT Environments Through Multisource Data Sensors 2024-04-25T18:31:25+00:00 Jussi Simola jussi.hm.simola@jyu.fi Arttu Takala arttu.h.takala@jyu.fi Riku Lehkonen riku.p.lehkonen@jyu.fi Tapio Frantti tapio.k.frantti@jyu.fi Reijo Savola reijo.m.savola@jyu.fi <p>This research paper focuses on detecting cyber threats from the OT environment by combining data from multiple sources. Monitoring cyber security or hybrid threats in an industrial OT environment is difficult due to different equipment, protocols, environments, personnel management and training, etc. However, the OT environment can also be observed with a multisource sensor system, which can be used to collect data. By combining IT and OT data, additional cyber threats can be found. Especially concerning the integrity of OT command-and-control data. We deal with the key concepts and differences of the industrial operating environment, which create challenges compared to the traditional IT environment. This is important because the policies defined at the European level for the NIS2 regulation are coming to touch all member countries, regardless of what the national implementation schedule is. The increased standards for OT environment cyber security implementation and development will also have an impact on the personnel management and training to support the onboarding of the standards in practice. Critical infrastructure protection is important because, without the protection of critical infrastructure, vital functions cease to function. Hostile actors cause security challenges among Western actors. In this study, we delve into whether it is possible to find threats concerning OT command-and-control process. The increased data surface collected from the IT/OT environment improves the capabilities for the system to detect malicious attacks towards the OT system. With the help of test equipment, the goal is to demonstrate that it is possible to find threats by combining data from multiple sources. With the help of test equipment, we find out IT and OT capabilities, which we load with various attacks and anomalies. We produce added value compared to traditional monitoring method test cases by comparing data obtained from different sources. The research paper shows the importance of detecting OT threats. By monitoring IT and OT environments and combining their data, we can find hidden threats. Only one test equipment configuration has been used in the study, but the results can be generalized and classified. The study also provides guidelines for how the detection of cyber threat capabilities should be developed.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2339 Improving Detection Capabilities in OT Environments Through Multisource Data Sensors 2024-04-26T07:46:40+00:00 Jussi Simola jussi.hm.simola@jyu.fi Arttu Takala arttu.h.takala@jyu.fi Riku Lehkonen riku.p.lehkonen@jyu.fi Tapio Frantti tapio.k.frantti@jyu.fi Reijo Savola reijo.m.savola@jyu.fi <p>This research focuses on implementing cyber threat detection in OT environments by combining data from IT and OT sensors and logs to enhance SOC's situational awareness. OT environment is challenging to monitor and includes various sensors. We deal with the key concepts and differences of the industrial operating environment, which create challenges compared to the traditional IT environment. This is important because the policies defined at the European level for the NIS2 regulation will affect all member countries. Hostile actors cause security challenges highlighting the importance of critical infrastructure protection. Cyber security solutions have often solely focused on IT threats, but similar investments have yet to be made in response to the challenges of the OT environment. The security solutions of OT operators rely heavily on solutions from the IT side. Here, we delve into whether it is possible to find threats in the IT/OT ecosystem by combining data from the IT and OT sides. All threats are not found by monitoring data separately from IT or OT sources but we identified hidden threats by monitoring and comparing IT and OT data. This paper shows the importance of detecting OT threats. The study proposes how the detection of cyber threat capabilities should be developed.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2272 The Importance of Cybersecurity Governance Model in Operational Technology Environments 2024-03-29T08:47:00+00:00 Jussi Simola jussi.hm.simola@jyu.fi Arttu Takala arttu.h.takala@jyu.fi Riku Lehkonen riku.p.lehkonen@jyu.fi Tapio Frantti tapio.k.frantti@jyu.fi Reijo Savola reijo.m.savola@jyu.fi <p>There is a common will to unify regulation in the Western world regarding overall security, including cybersecurity. European cyber security regulations aim to create a foundation and guidelines for international standards in various industries and the operation of critical infrastructure. Protected critical infrastructure is a common goal for Western allies. Allies of NATO and EU member states mainly support the anti-aggression policy in Europe. The unstable situation in the world forces states to find solutions that represent the thoughts of the allies.&nbsp; Defending common values is crucial when the purpose is to protect critical infrastructure and vital functions in societies. The research will demonstrate the industrial needs of IT/OT-related cybersecurity governance. The study analyzes EU-level cybersecurity requirements and how those requirements affect standardization regarding cybersecurity governance in the operational technology environment. There will be four primary governance levels: Political, Strategical, Operational and Tactical. Many criminal state-linked operators do not care about international agreements or contracts. Some rogue states have even taken to inciting violations of international agreements. We cannot trust the loose contracts between states anymore. The research will find the main challenges concerning the cybersecurity governance of the industrial organizations that use operational technology-related technology in their daily businesses. We have seen that Information and Operational Technology are based on something other than similar threats and risk basements. Operational Technology-related threats threaten the cyber-physical ecosystem where anomalies affect the physical world, so operational functions of equipment, devices, sensors, components, and production lines are interrupted. As a result, continuity management and supply chain management are compromised. The study's primary purpose is to describe the cybersecurity governance elements of the OT environment for enhancing situational awareness. Standardizing the cybersecurity level among industrial stakeholders requires EU member states to have a national cybersecurity strategy that follows main EU-level guidelines.&nbsp; Despite the EU member states' implementation level of the regulation, the EU-level cybersecurity requirements obligate companies to take steps to solve future cybersecurity challenges.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2357 The Impact of Operational Technology Requirements in Maritime Industries 2024-05-02T20:55:08+00:00 Jussi Simola jussi.hm.simola@jyu.fi Jarkko Paavola jarkko.paavola@turkuamk.fi Pia Satopää pia.satopaa@turkuamk.fi Jani Vanharanta jani.vanharanta@turkuamk.fi <p>The maritime ecosystem and industry require more efficient and coordinated cybersecurity governance. No common cybersecurity mechanism in the maritime sector may steer the whole supply chain management, for example, in the port areas and fairways. Cyberthreat prevention mechanisms in harbor areas and port terminals must be standardized more in the Western world. It has been recognized that understanding cybersecurity of operational technology in the harbor area is based on a more traditional experience of what it requires. The overall security of the maritime ecosystem requires more than random checks of passengers and vehicles and customs functions on cargo and passenger transportation, which are mainly physical security service routines. Traditional physical threats have changed to a combination of threat types. Hybrid threats may prevent everyday harbor activities so that damage can become long-lasting and harm overall business continuity management. It is crucial to prevent cyber threat factors in the maritime domain. The research provides transnational and EU-level cyber security assessments regarding cyber security regulation. The findings determine where to direct and concentrate a focus maritime domain and why it is essential to survey cyber security requirements set for member states to apply. In Finland, this research belongs to the cybersecurity governance of operational technology in the sector connected to the smart energy networks (CSG) research program. The project aims to develop a common cybersecurity governance model for operational technology.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2306 Exploring Cybersecurity Implications in Higher Education 2024-04-16T20:08:28+00:00 Nokuthaba Siphambili nsiphambili@csir.co.za <p>With the rapid technological evolution and widespread integration of digital transformation in higher education institutions (HEIs), the educational landscape has undergone a shift in teaching methodologies and how content is delivered. The digitization of higher education has ushered in numerous benefits, enhancing accessibility, collaboration, and efficiency. However, this era of digitization of higher education also brings forth a plethora of cyber challenges. The objective of this paper is to comprehensively explore the cybersecurity landscape in the digital age, providing a critical analysis of prevailing cyber threats, emerging trends, and potential impacts on HEIs. Therefore, this study conducted a systematic literature review (SLR) using the PRISMA framework to assess the current cyber threats faced by higher education institutions. The findings of the study reflect on the challenges faced by higher education institutions in this digital age and present opportunities in strategies that may be adopted to protect HEI’s systems from cyber threats.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2101 Feature Engineering for a MIL-STD-1553B LSTM Autoencoder Anomaly Detector 2024-02-09T16:38:16+00:00 Dakotah Soucy dakotah.soucy@forces.gc.ca brian lachine brian.lachine@rmc.ca <p>The MIL-STD-1553B data bus protocol is used in both civilian and military aircraft to enable communications between subsystems. These interconnected subsystems are responsible for core services such as communications, flow of instrument data and aircraft control. With aircraft modernization, threat vectors are introduced through increased inter-connectivity internal and external to the aircraft. The resulting potential for exploitation introduces a requirement for an intrusion detection capability in order to maintain the integrity, availability and reliability of data transmitted using the MIL-STD-1553B protocol, safety of the aircraft and overall, to achieve mission assurance. Research in recent years has investigated signature, statistical and machine learning based solutions to detect attacks on MIL-STD-1553B buses. Of the different techniques, those based on machine learning have shown extremely good results. The aim of this research is to improve the performance of an existing Long Short-Term Memory Auto-Encoder by refining the feature engineering phase of its pipeline. The improvement in the detector’s overall effectiveness was accomplished through feature engineering focused on feature generation and selection. Five different attack datasets were used as the starting point, consisting of four different denial of service attacks and one data integrity attack. From initial feature extraction of 155 features, two feature generation techniques were employed to create over 38,000 features as a starting point. Using five different MIL-STD-1553B datasets and three feature selection techniques, fifteen different Long Short-Term Memory Auto-Encoder models were created, trained and evaluated using common performance metrics and compared to those of the original anomaly detector.&nbsp;This research demonstrated marked performance improvement achieved by the feature engineering refinements made in comparison to those of the original model. Equally important, this research also showed a significant reduction in the number of features required to achieve this performance gain. In the context of miliary air operations, the ability to improve detection capabilities with less data is important to the technical solutions that contribute to the achievement of cyber mission assurance.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2518 Navigating the Cyber Front: Belarus' State Control and Emerging Cyber Threats 2024-06-21T12:35:39+00:00 Darius Štitilis stitilis@mruni.eu Marius Laurinaitis laurinaitis@mruni.eu Inga Malinauskaitė-van de Castel inga.malinauskaite@mruni.eu Matthew Warren matthew.warren2@rmit.edu.au <p>This paper provides a comprehensive overview of the cyber landscape in Belarus, with a focus on the Belarus government's use of cyber activities from an offensive and defensive context, the emergence of opposition cyber activities, and the broader implications for cybersecurity and legal compliance. In the course of the research, researchers try to assess Belarus as a source of cyber-threats, both domestically and to neighbouring states (especially those supporting Ukraine). The first section of the paper outlines the Belarusian government's engagement in cybercrimes against its citizens, especially under President Lukashenko's regime, highlighting extensive online surveillance, repression, and the escalation of these activities following the 2020 presidential elections. In this political context, Belarus is also examined as a country initiating and/or contributing to Information Warfare activities, which are mainly directed at western countries. The second section of the paper delves into Belarus's cybersecurity legal framework, examining various national strategies and concepts, the absence of a formal cybersecurity strategy, and the focus on 'information security' as part of national security. The third section presents case studies of cyber activities in Belarus, contrasting government-backed hacking efforts with those of opposition groups like the Belarus Cyber Partisans. It explores the Partisans' attacks on state infrastructure and information leaks as a form of protest against the government, and the pro-government hackers' disinformation / information campaigns website defacements, and data breaches, particularly targeting Ukraine. This section highlights the evolving nature of cyber conflict in Belarus, where both government and opposition forces use cyber tools for political ends, reflecting broader geopolitical tensions in the region. This part of the report compares the Belarusian pro-government hacktivist and Cyber Partisans groups, their activities and manifestations within the country (inside), as well as the cyber threats they pose to foreign countries. The article attempts to answer the question of what kind of threat Belarus as a country poses in the context of cybersecurity, hybrid-cyber threats. This country is often included in Russian hybrid-cyber threats strategies, Belarus entities also work with Russian and sometimes Chinese groups in undertaking cyber activities against other countries.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2190 An Analysis of Cyberwarfare Attribution Techniques and Challenges 2024-03-12T13:46:39+00:00 Clementine Swate clemmypontsho@gmail.com Siphesihle Sithungu siphesihles@uj.ac.za Khutso Lebea klebea@uj.ac.za <p>Identifying the source of cyber-attacks is crucial to ensuring cybersecurity. This study examines different attribution techniques, obstacles, and real-world examples in the context of cyber warfare. It explores challenges such as incorrect attributions, ethical concerns, legal barriers, and complexities in the digital environment. The discussed topic includes modern techniques such as malware analysis, network traffic study, digital forensics, and the implementation of AI/ML. These methods help improve cybersecurity and shape cyber warfare strategies. Case studies on the Standard Bank South Africa ATM fraud and the TransUnion South Africa cyber-attack illustrate the importance of attributing cyber incidents, especially with global cyber criminals. The analysis emphasizes the need for a comprehensive approach that takes into account legal, technical, ethical, and geopolitical considerations relevant to the evolution of computing and cyber warfare. It stresses the need for cybersecurity tools enhancement and global cooperation. The study pairs attribution challenges with techniques to deepen our understanding of threats. It underlines the need for ongoing cybersecurity research and adaptation, sustained innovation, and collaboration to fortify global cyber defenses.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2220 Utilizing Vector Database Management Systems in Cyber Security 2024-03-14T09:55:24+00:00 Toni Taipalus toni.taipalus@gmail.com Hilkka Grahn hilkka.grahn@jyu.fi Hannu Turtiainen hannu.ht.turtiainen@jyu.fi Andrei Costin andrei.costin@jyu.fi <p>The rising popularity of phenomena such as ubiquitous computing and IoT poses increasingly high demands for data management, and it is not uncommon that database management systems (DBMS) must be capable of reading and writing hundreds of operations per second. Vector DBMSs (VDBMS) are novel products that focus on the management of vector data and can alleviate data management pressures by storing data objects such as logs, system calls, emails, network flow data, and memory dumps in feature vectors that are computationally efficient in both storage and information retrieval. VDMBSs allow efficient nearest neighbour similarity search on complex data objects, which can be used in various cyber security applications such as anomaly, intrusion, malware detection, user behaviour analysis, and network flow analysis. This study describes VDBMSs and some of their use cases in cyber security.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2155 Unpacking the Complex Socio-Technical Systems Assemblages in Cybersecurity 2024-02-26T23:46:48+00:00 Mamello Thinyane mamello.thinyane@unisa.edu.au <p>The ensuing digital transformation means that cybersecurity solutioning increasingly occurs in the context of complex intractable socio-technical systems comprising non-technical elements, including human, social, and societal factors. These evolving cybersecurity ecosystem dynamics, at the confluence of cyber-physical-social spaces, present several challenges to techno-centric cybersecurity solutions including for risk assessment, threat modelling, and incident analysis. This paper unpacks the complexity of the cybersecurity domain and illustrates the associated socio-technical systems assemblages through a case study and situational analysis of a cybersecurity incident. It then reviews socio-technical systems analysis approaches from the safety management domain and discusses the alignment with and relevance for cybersecurity. The utility of these approaches is demonstrated by applying the functional resonance analysis method to the said cybersecurity incident. The situational analysis surfaces the diverse set of factors, including human, non-human, cultural, economic, institutional, and global, that directly played a role in the unfolding of the incident, and which need to be considered in risk assessment and incident analysis. Further, analysing the incident through the functional resonance analysis method shows the functional dependencies and cascade of performance variability between the different elements in this situation, which goes beyond simple, root-cause, linear causality, and purely technical explanations. Overall, the paper explicates the need for cybersecurity risk assessment and incident analysis that is commensurate with the complexity of underlying socio-technical cyber systems.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2285 Evaluating Zero-Shot Chatgpt Performance on Predicting CVE Data From Vulnerability Descriptions 2024-04-05T18:06:39+00:00 Andrei Costin ancostin@jyu.fi Hannu Turtiainen hannu.ht.turtiainen@jyu.fi Narges Yousefnezhad narges.yousefnezhad@binare.io Vadim Bogulean vadim.bogulean@binare.io Timo Hämäläinen timoh@jyu.fi <p>Vulnerability management is a critical industry activity driven by compliance and regulations aiming to allocate best-fitted resources to address vulnerabilities efficiently. The increasing number of vulnerabilities reported and discovered by a diverse community results in varying quality of the reports and differing perspectives. To tackle this, machine learning (ML) has shown promise in automating vulnerability assessments. While some existing ML approaches have demonstrated feasibility, there is room for improvement. Additionally, gaps remain in the literature to understand how the specific terminology used in vulnerability databases and reports influences ML interpretation. Large Language Model (LLM) systems, such as ChatGPT, are praised for their versatility and high applicability to any domain. However, how well or poorly a state-of-the-art LLM system performs on existing vulnerability datasets at a large scale and across different scoring metrics needs to be clarified or well-researched. This paper aims to close several such gaps and present a more precise and comprehensive picture of how ChatGPT performs on predicting vulnerability metrics based on NVD's CVE vulnerability database. We analyze the responses from ChatGPT on a set of 113,228 (~50% out of all NVD vulnerabilities) CVE vulnerability descriptions and measure its performance against NVD-CVE as ground truth. We measure and analyze the predictions for several vulnerabilities in metadata and calculate performance statistics.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2141 Exploring Trainees’ Behaviour in Hands-on Cybersecurity Exercises Through Data Mining 2024-02-26T14:19:55+00:00 Muaan ur Rehman muaaur@taltech.ee Hayretdin Bahsi hayretdin.bahsi@taltech.ee Linas Bukauskas linas.bukauskas@mif.vu.lt Benjamin Knox benjamin.knox@hiof.no <p>Despite the rising number of cybersecurity professionals, the demand for more experts in this field is still substantial. Cybersecurity professionals must also possess up-to-date knowledge and skills to counter cybersecurity threats’ dynamicity and rapidly evolving nature. Hands-on cybersecurity training is mandatory to practice various tools and improve one’s technical cybersecurity skills. Generally, an interactive learning environment is set, where trainees perform sophisticated tasks by accessing complete operating systems, applications, and networks. One of the main challenges that cybersecurity organizations are facing today is the generation of massive data through practice exercises.&nbsp; So, it becomes a problem to convert this data into knowledge to improve the overall quality of the learning system. The large amount of interaction data and its complexity also limit us to do automated analysis. Thus, these challenges for cybersecurity learners can be addressed through appropriate educational data analysis by having insights or testing hypotheses or models on a proper dataset. Revealing the patterns, rules, item sets and time taken by trainees while using any command line tool could help the trainer to assess the trainees and to provide feedback. Therefore, in this paper we are analyzing the frequency patterns and timing information captured from the trainees’ command line log to reveal their solving techniques, easy and struggling stages, slipups, and individual performance.&nbsp;&nbsp;Through our study, we aim to show how education and training providers can foresee learners who are less likely to succeed in a task or exhibit low performance, which can impede learning proficiency. With this knowledge, organizations and trainers can identify trainees who require additional attention or support. It may also be able to identify elements related to an organization like training aids, training methodology, etc. that need improvement. This study demonstrates the utility of data-mining techniques, specifically rule mining and sequential mining, to empower training designers to delve into datasets derived from cyber security training exercises.&nbsp;</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2283 Cybercrime and Digital Transactions Law in Nigeria: A Review 2024-04-04T19:01:48+00:00 Ngozi Chisom Uzoka nc.uzoka@unizik.edu.ng Nneka Obiamaka Umejiaku no.umejiaku@unizik.edu.ng <p>The internet is a tool that drives globalization and enhances global inclusion and integration. It has become imperative to make use of information and communication technology in this era of increased broadband access to the internet. The use of information and communication technology has increased the commission of cybercrime such as data breaches, identity theft and cyber fraud. This paper aims to identify the relevance, authenticity and nexus between digital transactions and cybercrimes in Nigeria. This paper seeks to give a summary of cybercrime and digital transaction laws in Nigeria, as well as the challenges inherent in applying them. The methodology adopted is the doctrinal method of legal research approach in literature review, analysis of cases and access to internet sources. This paper made use of primary sources of data such as such as enabling laws, acts and secondary sources of data, conventions, journal articles and the study is also analytical and comparative in nature. The paper finds that the legal and institutional framework for digital transaction laws in Nigeria is somewhat limited. Some digital forensic tools have not been recognized by our laws in Nigeria. The paper concludes that the extant legal framework for digital transaction laws in Nigeria has lapses that impair the evidence emanating from digital tools/records. This paper recommends amongst others; training of prosecution officers, legal practitioners and judicial officers in the collection and use of forensic/digital evidence in court of law, review of some of our extant laws and creation of institutional framework for digital transaction laws in Nigeria.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2268 The Psychological Effects of Continuity Threatening Cyber Incidents 2024-03-26T18:34:00+00:00 Toni Virtanen toni.virtanen@mil.fi <p>Working in the field of cybersecurity has been compared to working in a warlike environment. Understanding what types of psychological strain cyber attacks cause to the defending organisations’ workforce can aid in developing methods and processes for mitigating those stressors. This paper discusses the first-hand psychological effects of experiencing an operational continuity threatening cyber incident caused by a real threat actor. The results are based on 19 interviews from IR professionals and IT security practitioners to decision makers, CISO’s and other top executives. These individuals were working in multi-national corporations, hospitals, central government, financial sector, local government or educational institutions at the time of the incident. The interviews followed critical incident paradigm to focus on significant events during the cyber incidents, while also being semi-structured to compensate for the diversity of the incidents. Most of the interviewees raise up feelings of disbelief and despair as their first emotional response to the realization of being hit by ransomware, data theft or another severe cyber incident that could threaten operational or business continuity. Feelings of guilt and self-doubt were present, especially in those considered to be responsible for securing the network.&nbsp; However, at the same time, feelings of purpose and self-efficacy were also reported by some. Having scalable resources available in the time of need, with well-defined roles and responsibilities for the core incident response teams and protecting them from unnecessary inquiries seemed to alleviate the stressors and anxiety of the Incident Response (IR) team during the event. Good leadership and internal communication were seen as important to maintain the necessary situational awareness and focus during the active incident mitigation and resolve phase. Long-term negative effects of the cyber incident were increased cynicism, fear of the situation recurring, and thoughts of changing career. These negative outcomes were mitigated by increased trust in colleagues, processes and systems with experience of self-efficacy. This paper discusses what types of mental strain cyber incidents introduce to cybersecurity professionals and top executives. It deepens understanding on what factors need to be considered in developing and enhancing the overall resilience of organisations against cyber attacks.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2162 The Maritime Industry and the Cyber-‘Iceberg’ 2024-02-29T16:24:55+00:00 Rossouw Von Solms rossouw@mandela.ac.za Suné Von Solms svonsolms@uj.ac.za <p>The maritime industry is embracing cyber technology. The proliferation of digitalisation in the shipping industry is apparent, as any modern vessel today is a complex cyber-physical-mechanically engineered system. The digital incorporation of operational technology (OT) and information and communication technology (ICT) systems in network and control systems has resulted in complex integrated shipping vessels. As most modern vessels utilise the internet to communicate with those on shore, it is true to say that shipping today has adopted cyber technology to enhance the efficiency of its operations. It is also true that the modern shipping industry has become totally dependent on cyber technologies for its future existence.&nbsp;Along with the integration of ICT and cyber-related technologies came numerous cybersecurity threats. These risks need to be identified and mitigated. If not properly addressed, these underlying cybersecurity threats can lead onto disasters of all different kinds.&nbsp;This paper discusses the integration of (ICT) and cyber-related technologies in the maritime and shipping industry, the related cybersecurity threats encountered and why these should be mitigated. It also suggests how senior management and the crew members can contribute in assisting to safeguard shipping vessels from these ever-present cybersecurity threats.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2317 Identifying Information Technology (IT) and Cybersecurity Executives’ Competencies to Support Comprehensive Cybersecurity Programs 2024-04-17T18:12:49+00:00 Paul Wagner paulewagner@arizona.edu William Mapp mapp@arizona.edu <p>Information Technology (IT) and cybersecurity executives play a pivotal role in shaping the cybersecurity posture of an organization. Their ability to make informed decisions, allocate resources, and communicate effectively with cybersecurity professionals is paramount. Consequently, these executives must acquire the necessary competencies that encompass cybersecurity risk management, legal and regulatory compliance, and strategic planning combined with foundational business and technical competencies. An interdisciplinary approach bridging the gap between business, technical skills and strategic decision-making is crucial to navigate the ever-evolving and complex cybersecurity challenges facing organizations today. Failure to do so may result in catastrophic consequences for both individual enterprises and society. Further, the growing frequency and sophistication of cyber threats pose significant risks to organizations and individuals alike. To effectively counter these threats, it is imperative to not only develop cybersecurity talent but also to equip IT and cybersecurity executives with essential competencies in this domain. Equally important, is to identify the specific competencies and develop an approach to train or teach them. According to Burrell, Aridi, &amp; Nobles (2018) there is an extremely urgent need of leadership development for cybersecurity and information technology professionals to prepare these professionals with the foundational skills to excel in leadership, management, and directing an enterprise-level program. This paper underscores the critical need for a comprehensive understanding of both Information Technology (IT) and cybersecurity executive competencies and cybersecurity executive development. Integrating these two aspects is critical to improve an organization’s cybersecurity posture and ensure alignment between organizational objectives and cybersecurity strategies. The two must work in tandem to create a robust and resilient cybersecurity infrastructure. This paper provides an analysis of the current literature regarding IT/Cybersecurity roles and responsibilities, leadership competencies, and technical competencies of IT/Cybersecurity executives to identify the gaps in existing research. The authors propose a survey instrument to conduct a quantitative analysis to identify executives’ beliefs as to how important it is to possess each administrative competency. The survey is part of a future research plan to identify and evaluate administrative and technical competencies of IT/Cybersecurity executive leaders.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2343 Trapped Ion Quantum Computing: A Framework for Addressing Security Vulnerabilities 2024-04-28T19:18:24+00:00 Karli Wallace karli.wallace.1@au.af.edu Leleia Hsia leleia.hsia.2@au.af.edu Mark Reith mark.reith.3@au.af.edu <p>Trapped ion quantum computing has the potential to revolutionize computational paradigms. As the adoption of this technology grows, so does the need for stringent scrutiny of its involvement in cybersecurity, especially when it has implications in national defense or critical infrastructure. While trapped ion quantum computing offers transformative capabilities, it is vital to carefully examine the potential vulnerabilities associated with its use and patch them before implementing this powerful technology. In this paper, we examine the potential vulnerabilities in trapped ion quantum computing systems and propose a framework for addressing them. This framework includes risk assessment for evaluating vulnerabilities, threat modeling for identifying exploits, and prevention and mitigation for reducing their impact.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2204 Exploring Cyber Fraud within the South African Cybersecurity Legal Framework 2024-03-10T09:09:36+00:00 Murdoch Watney mwatney@uj.ac.za <p>All countries are globally struggling with the challenges cybercrime presents to the cybersecurity legal framework. Fraud is not a new crime and existed long before the internet. The internet provides a threat actor access to a lot of potential victims and the use of various threat vectors to gain access to personal information by means of social engineering. It is therefore not surprising that cyber fraud has become a serious threat which continues to escalate globally. In 2021, around $100 million was lost in Canada due to online fraud. The United Kingdom (UK) Finance indicated that cyber fraud costs consumers more than £1.2 billion in 2022. The South African (SA) Fraud Prevention Services noted a 356% surge in identity fraud between April 2022 and April 2023. The cybersecurity threat landscape is ever-evolving with the UK Finance warning that the number of cyber frauds could surge out of control as threat actors begin to incorporate the use of Artificial intelligence (AI) to make their operations far more sophisticated and not as easily detected. In 2023 the United States (US) also warned that the irresponsible use of AI could exacerbate societal harms such as fraud. Cyber fraud, also referred to as a “white collar” or commercial crime, is an umbrella term to describe the commission of different types of cyber fraud by means of the use of various threat vectors. The threat vector used to commit the different type of fraud is continuously evolving, such as the use of sophisticated phishing to quishing and deep fakes which are aimed at deceiving the recipient in sharing information. The information obtained from a data breach may be used to commit cyber fraud. Irrespective of the threat vector used to commit fraud, all types of fraud present with the same elements, namely a threat actor who unlawfully and intentionally deceives a victim to benefit and cause harm. The discussion focuses on cyber fraud in general and not a specific type of cyber fraud. The purpose of the discussion is to provide an overview of the challenges cyber fraud present to the South African cybersecurity legal landscape.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2501 A Sensemaking Framework for Defensive Cyber Operations: Filling the Void in Leadership Discourse 2024-06-17T22:40:24+00:00 Timothy Shives timothy.shives@nps.edu Frank Wleklinski frank.wleklinski@nps.edu <p>In the realm of contemporary warfare dominated by cyber threats, Defensive Cyber Operations (DCO) serve as a linchpin for mitigating risks and ensuring mission assurance. This article delves into the intricate landscape of DCO, focusing on the critical role played by Defensive Cyberspace Forces (DCFs). Despite their significance, the absence of a unified sensemaking framework poses a challenge for leaders responsible for the nuanced development and strategic employment of DCFs. The lacuna in the existing literature revolves around the lack of a comprehensive sensemaking framework tailored for operational and DCF leaders. The inadequacies of current frameworks, either overly broad or excessively specific, hinder effective dialogue and understanding. This deficiency not only obstructs the planning efforts and operational tempo of DCO but also restrains the maturation of DCFs, amplifying residual risks faced by commanders. This paper endeavours to present a purpose-built sensemaking framework crafted for leaders engaged in the dynamic realms of DCF development. Integrating well-established risk mitigation principles with the unique organizational structures and missions of DCFs, the framework fills a crucial void in the literature. Beyond being a decision-support tool, it strives to foster a shared mental model, providing a nuanced lens for leaders to contextualize and prioritize their efforts in the complex landscape of DCO. Through a meticulous critique of existing frameworks, this article introduces a tailored model designed to address identified shortcomings. Emphasizing the practical utility of the proposed framework, the discussion unfolds to elucidate how it not only facilitates the development and employment of DCF but also contributes to organizational resilience and risk mitigation. This article contributes a novel sensemaking framework to the academic discourse on DCO. While acknowledging limitations imposed by an unclassified context, the framework provides valuable insights into the strategic dimensions of DCF development and employment, DCO planning intricacies, and organizational analyses. Future avenues for research include the integration of classified information to refine the framework, ensuring its applicability across diverse DCO mission types and aligning DCF core functions with specific threats, thereby enhancing the efficacy of defensive cyber strategies.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2513 Governance for Artificial Intelligence (AI) and Interoperability: Questions of Trust 2024-06-20T11:52:12+00:00 Allison Wylde allison.wylde@gcu.ac.uk <p>Although the rapidly emerging capabilities of AI bring potential benefits that could be transformative for cyber security, significant threats have emerged that continue to grow in impact and scale. One proposed solution to addressing important risks in AI is the emergence of strategies for AI governance. Yet, as this conceptual early-stage research argues, what is crucial for individuals, businesses, public institutions, including the military, and for high-risk environments, are questions concerning trust in AI governance. Will governance of AI be trusted? As an example, during 2023, several AI governance initiatives and strategies emerged, with some nation states proposing legislation while others looked to treaties and collaboration as solutions. Indeed, at a supra-national level, the United Nations expert multinational stakeholder Policy Network on AI (PNAI) formed to examine key issues in current AI governance. These include the interoperability of governance, data governance mechanisms, AI in supporting inclusion and the transition of nations. To help our understanding of trust in AI governance, the focus for this paper is limited in scope to interoperability in AI governance. Interoperability encompasses different aspects, policy initiatives (such as frameworks, legislation, or treaties), systems and their abilities to communicate and work together. The approach taken in this early-stage research is framed as questions of trust in AI governance. The paper therefore reviews the nature of different AI governance strategies developed and implemented by a range of key nation states and supra-national actors. This is followed by an evaluation of the role of trust, focused on AI governance strategies, in the context of interoperability in AI governance. Trust-building strategies are also considered, with a focus on leveraging the separate elements involved in trust-building to assist our understanding of the implementation of trusted AI governance. The contribution of this early-stage research is to highlight issues that may not be considered by the technical community and to contribute to developing a platform and a research approach that informs policy- learning for institutions, practitioners and academics.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2156 Enhancing Training and Technology Adoption in Terrorism Financing Investigations Through Gamification 2024-02-27T11:39:37+00:00 Francesco Zola fzola@vicomtech.org Lander Segurola lsegurola@vicomtech.org Erin King erin.King@ul.ie Martin Mullins Martin.Mullins@ul.ie Raul Orduna rorduna@vicomtech.org <p>The purpose of this publication is to present the methodology followed in the European project Anti-FinTer for training Law Enforcement Agencies (LEAs) and Financial Investigation Units (FIUs) in using emergent technologies to reveal financing activities of terrorism. The study presents, compares, and discusses the results gathered from three Capture-the-Flag events which involved LEAs and FIU officers. Designing curricula and training programs for improving terrorist financing investigations is challenging due to this domain's intricate and rapidly evolving nature and the multi-disciplinary knowledge needed. Furthermore, new tools based on novel paradigms, such as Artificial Intelligence and Big Data, are involved in terrorist financing investigations. However, they are too often unnecessarily complex and hard to use. These characteristics often limit law enforcement and end-users' engagement level and expertise in these technologies. For this reason, in this work, we describe an approach using gamification techniques to enhance technology and knowledge transfer for terrorist financing investigations. In fact, designing and implementing realistic and interactive challenges makes it possible to speed up the learning process, increase officers' expertise in using new technologies and improve their readiness. At the same time, this approach allows technical partners to gather end-user needs and facilitate development/validation cycles. This methodology has been validated in three pilots: one held in Madrid in 2022, a second in The Hague in 2023 and a final one in Vienna in 2023. In these pilots, law enforcement personnel were challenged in addressing tasks related to fighting financing terrorism activities through the dark Dark Web, crypto-assets or new payment systems. Results showed an increasing engagement, motivation, and knowledge in the participants.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2481 Cyber Social Disruption due to Cyber Attacks 2024-06-12T13:41:55+00:00 Jorge Barbosa jorge.barbosa@isec.pt <p>We analyze the implications of cyber war actions directed at specific targets, such as critical infrastructures, for modern civil societies that are profoundly dependent on computer systems. These critical infrastructures, whether they are cyber-physical systems or computer systems can be paralyzed or even destroyed if the systems used to directly or remotely manage them are cyber-attacked. Cyber-attacks in the context of cyber war, can generate chaos, which combined with the domino effects caused by the impact on other computer systems, then those directly attacked but indirectly affected, can theoretically lead to major disruptions to the internal order, or even to civil war, due to the scope that such actions may reach. The disturbances caused in civil society as a whole, and in military structures and equipment can go far beyond the local effects on the targets attacked, as would happen in a conventional kinetic war action. The crisis and social disturbance caused may even put the sovereignty of the attacked state at risk. For this specific case of social disruption, which is caused by cyber war actions, we use a concept to describe the situation more adequately, which we call <em>Cyber Social Disruption</em>.</p> 2024-06-27T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2525 An Investigation into the Feasibility of using Distributed Digital Ledger technology for Digital Forensics for Industrial IoT 2024-06-21T18:02:13+00:00 Phillip Fitzpatrick phillip.fitzpatrick@tudublin.ie Christina Thorpe christina.thorpe@tudublin.ie <p>The domain of Digital Forensics for the Industrial Internet of Things (IIoT) and the proposed use of a Distributed Digital Ledger (DDL), has for the most part been theoretical in nature within the current literature. The work in this paper explores the practical feasibility of using DDL technology for Digital Forensics in the IIOT context. We detail a new methodology for testing the performance of writing to and reading from a DDL in an IIOT environment, and present findings on the overhead associated with storing and retrieving IIoT transactions in a DDL. We conclude that while it is possible to build and use a DDL for storing IIoT transactions, there are limitations to the number of sensors that can be supported by a single implementation and the time it takes to retrieve transactions may be too high to be practical for Digital Forensics.</p> 2024-06-27T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2500 The Offense-Defense Balance in Cyberspace 2024-06-17T22:35:17+00:00 Wade Huntley wlhuntle@nps.edu Timothy Shives timothy.shives@nps.edu <p>The study of cyber strategy and its implications for international security has become increasingly crucial, necessitating an examination of the unique challenges posed by the dynamic and stealthy nature of the cyber domain. This paper addresses whether offensive or defensive strategies prevail in cyberspace, especially in light of evolving technological landscapes and debates over cyber threats. By applying offense-defense theory from international relations, the research explores the nuanced relationship between offensive and defensive operations in cyberspace. Despite prevalent views favoring offense dominance, recent skepticism questions the severity of cyber threats and suggests a possible overemphasis on offensive operations. This paper systematically examines the core concepts, findings, and operational variables of offense-defense theory, providing clarity to the conceptual debates surrounding cyber conflict. Recognizing the unique characteristics of the cyber domain, it urges a careful consideration of biases that may distort judgments about offense dominance. The evolving nature of cyberspace and its potential for redesign introduces caution and underscores the need for a nuanced understanding of the offense-defense balance. The preliminary assessment concludes that the question of whether offense or defense "dominates" in cyberspace is overly simplistic. Given the intricate interactions of cyber capabilities, other coercive means available to states, and the dynamic evolution of cyber technology, this question can only be answered within specific contextual and chronological boundaries. Within such conditions, the state of the offense-defense balance is crucial to tactical and operational decision-making. At the strategic policymaking level, the more coherent question is how cyber technologies are shifting the balance of advantages between offense and defense in the overall military posture of states. In essence, this paper provides valuable insights into the ongoing discourse on cyber strategy, theoretical frameworks, and nuanced analyses to inform policy and strategic decision-making in the face of evolving cyber threats.</p> 2024-06-27T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2511 A Capability Maturity Model for Benchmarking in Wargames 2024-06-20T04:05:55+00:00 Mehwish Nasim mehwish.nasim@uwa.edu.au Adam Wilden adam.wilden@flinders.edu.au Peter Williams peter.williams2@defence.gov.au Timothy Legrand tim.legrand@adelaide.edu.au Patricia Williams trish.williams@flinders.edu.au <div><span lang="EN-GB">This research provides an analysis of maturity models, and insights from specific game studies such as unclassified non-kinetic games, supported by contributions from the wargaming community. By proposing a design framework inspired by capability maturity models used in software development, cyber security, and people management, this research introduces a new benchmark for evaluating wargames, in a reproducible and standardised fashion. This model facilitates the identification of strengths and areas for improvement, offering a structured path to higher maturity levels. It aims to enable wargame designers to assess and compare wargame components systematically, enhancing the ability to validate outcomes, predict gameplay effects, and support decision-making with greater confidence. Such advancements could significantly impact policies and improve disaster resilience, particularly within Defence strategy and capabilities, marking a significant advancement in the academic and practical enhancement of the wargaming field.</span></div> 2024-06-27T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2505 AI-Enhanced VPN Security Framework: Integrating Open-Source Threat Intelligence and Machine Learning to Secure Digital Networks 2024-06-18T15:43:22+00:00 Mohamad Hasan b00158228@mytudublin.ie Tania Malik Tania.Malik@tudublin.ie <p>In today's digital age, ensuring network privacy and integrity is of utmost importance. To address this, our work proposed an advanced VPN security framework that integrates open-source threat intelligence and machine learning (ML) to enhance cyber defences. By combining Wazuh for threat detection and analysis, and pfsense for firewall capabilities, with state-of-the-art ML algorithms, we present a robust VPN security solution to the challenges presented by the evolving landscape of cyber threats, representing a significant advancement in securing digital networks. This framework is strengthened by the integration of four ML algorithms— Gradient Boosted Trees (GBT), Random Forest (RF), K-Nearest Neighbors (KNN), and Dense Deep Learning (DDL)— chosen for their classification efficacy and their ability to process complex security data, thereby improving the efficiency and accuracy of threat detection. Results indicated significant improvements in threat detection accuracy following the integration of ML algorithms. The Random Forest (RF) algorithm, in particular, stood out for its exceptional accuracy and ability to handle various threat scenarios, showcasing its efficacy in identifying sophisticated cyber threats through network traffic pattern analysis. Further performance benchmarking confirmed the feasibility of deploying the advanced VPN security framework, demonstrating minimal impact on network latency and throughput.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2292 Harmonizing Rights and Rewards: Music NFTs as a Paradigm for Equitable Compensation in the Digital Era 2024-04-09T12:55:40+00:00 Stephanie Dzihan-Zamagna zamagna@gmx.at Alexander Pfeiffer pfeiffer@alexpfeiffer.at <p>This paper provides a critical examination of Music Non-Fungible Tokens (NFTs) within the context of the digital transformation of the music industry, focusing on the implications for equitable artist compensation. As digitalization reshapes consumption and revenue models, the advent of Music NFTs, predicated on blockchain technology, presents a nuanced paradigm for artist-fan interactions and compensation structures. Through an interdisciplinary methodology that integrates literature review and expert interviews, this study scrutinizes the operational mechanisms of Music NFTs, their potential to reconfigure the economics of music production, and the attendant legal and technical challenges. While Music NFTs proffer an innovative approach to direct artist revenue and engagement, this inquiry reveals a complex landscape fraught with legal ambiguities, technological hurdles, and market volatility. The findings underscore the dialectical relationship between the potential benefits of Music NFTs for artists and the prevailing challenges that circumscribe their efficacy.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2504 Using Chia Blockchain Technology for Department of Defense Systems 2024-06-18T15:38:00+00:00 Ethan Schofield ethan.schofield.1@au.af.edu Mark Reith mark.reith.3@au.af.edu <p>The United States faces an escalating cybersecurity challenge, with national assets increasingly vulnerable to sophisticated attacks. The ever-reducing barriers to entry in the cyber realm, coupled with advanced persistent threats, underscore the critical imperative to fortify the defense of U.S. assets. Blockchain technology, pioneered by Satoshi Nakamoto over a decade ago, emerges as a resilient cryptographic solution capable of safeguarding data and assets from threats both within and outside a network. This paper delves into the potential of the Chia blockchain as a strategic ally for the Department of Defense (DoD) in bolstering its cybersecurity measures. Beyond a theoretical exploration, the paper provides tangible use cases that illustrate the practical application of Chia within the DoD framework. Notably, the examination extends to crucial areas such as financial auditing, identification management, and supply chain oversight, showcasing the versatility and efficacy of Chia in addressing multifaceted challenges faced by the DoD.</p> <p>Disclaimer: The views expressed are those of the author and do not reflect the official policy or position of the US Air Force, Department of Defense or the US Government.</p> <p>&nbsp;</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2122 Cyber Operations in Ukraine: Emerging Patterns in Cases 2024-02-19T12:42:54+00:00 Markus Takamaa markus.k.t.takamaa@jyu.fi Martti Lehto martti.j.lehto@jyu.fi <p>The Ukrainian state has been a target of cyber-related incidents since the annexation of Crimea in 2014. Cyberattacks have targeted Ukrainian critical infrastructure, government offices, and several public and private organisations. Sometimes, these cyberattacks have caused significant impacts within the nation's borders. Some of the most well-known cyber-incidents in Ukraine include attacks on the Ukrainian electrical grid, which cut out the power supply for hundreds of thousands of people in 2015 and 2016. Attacks have also targeted presidential election systems and financial entities operating in Ukraine. The majority of attacks within Ukraine's borders have been attributed to Russian-affiliated non-state actors and organisations, and the number of attacks correlates with the escalation of the war in 2022. This implies previous cyberattacks potentially belonging to a series of hybrid operations related to the Ukrainian conflict and the general geopolitical situation since the annexation of Crimea. The paper focuses on this context by examining cyber incidents targeting Ukraine since 2014. We study the unifying factors related to Ukrainian cyber incidents, and we will discuss emerging patterns related to the attacks during the last ten years. This study will uncover the general traits of state-affiliated attacks in Ukraine, which will help uncover emerging patterns. Our particular focus will be cyber-attacks, where the target is the Ukrainian state and its critical infrastructure. We will examine methods of attacks, the attack targets, and the impacts, among other things. With the patterns emerging from our study, we can predict future cyber-attacks targeting Ukraine, providing tools for preparing for future incidents. We can use the information to improve national cyber-defences, where the attacks are likely to happen in the future. Studying the Ukrainian cases may also provide additional insights for improving cyber defences in other nation-states within the parts that apply to these nation-states and their geopolitical contexts.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2332 Cyber Game-Based Learning for DoD CEs 2024-04-23T18:34:07+00:00 Jillian Valente jillianvalente01@gmail.com Mark Reith mark.reith.3@au.af.edu <p>Cyber competition and conflict remain an enduring concern for the Department of Defense (DoD). Positive control of cyberspace is crucial across the vast diversity of military operations and supporting activities. People play an important role in cyber prevention, detection, and remediation, but they receive relatively little training outside of the annual Cyber Awareness Challenge. While this gamified training is a reasonable baseline, it primarily addresses cybersecurity from the office worker's perspective. Other career fields within the DoD may benefit from specialized training in cybersecurity, in particular the civil engineering (CE) community supporting critical infrastructure protection. This paper surveys a range of contemporary cyber serious games and assesses each for potential inclusion into CE training. Furthermore, it suggests game elements and characteristics that are likely to benefit the CE community.</p> 2024-06-21T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security https://papers.academic-conferences.org/index.php/eccws/article/view/2571 Abstracts for Additional Presentations & Posters 2024-07-02T13:38:21+00:00 <p>Abstracts for Additional Presentations &amp; Posters</p> 2024-07-02T00:00:00+00:00 Copyright (c) 2024 European Conference on Cyber Warfare and Security