European Conference on Cyber Warfare and Security

Cognitive Hacking and Social Engineering in Healthcare: Exploiting Human Behaviour

Raheemat Adefabi — 2025-06-25

Hacking medical facilities proves to be a profitable venture. An entire individual record, containing name, insurance number, address, and social services identifier, can fetch hundreds of dollars on the dark web. Researchers have demonstrated how data breaches affect health information technology investment and its impact on the broader economy. Due to the vast number of individuals accessing personal data and inadequate security measures, healthcare facilities are vulnerable targets for cyberattacks. However, that healthcare facilities are vulnerable targets for cyber-attacks is not completely accurate. When it comes to cyber security, this sector has significantly advanced compared to others. However, despite significant funds being allocated to antivirus software, enhanced network security, and improved cyber security measures, breaches continue to occur. Human error is only partially responsible for this. Cognitive hacking uses false information, psychological influence, and misinformation to shape opinions and decisions, which can result in harmful health effects and distrust in verification. Social engineering uses strategies like phishing, pretexting, and impersonation to manipulate people and obtain unauthorised entry to systems, medical records, or critical infrastructure. Cognitive hacking and social engineering take advantage of healthcare professionals' characteristics like trust, empathy, and obedience to authority in addition to demanding work conditions to circumvent standard cybersecurity protections. This study explores the tactics and outcomes of these people-focused attacks in healthcare, emphasising the mental influences that leave the industry vulnerable. It also investigates actual steps to take, such as educating employees, using multi-factor authentication, preparing for incidents, and implementing controlled access rules, which are crucial for strengthening healthcare facilities against these intricate risks. Healthcare organisations can enhance protection of patient data, uphold operational stability, and foster trusted patient-provider relationships by recognising and dealing with the human factor. It will also analyse how different implementation techniques influence incident reduction rates, behavioural changes, and security awareness. By adopting this approach, this body of work will provide practical solutions that enhance the resilience of healthcare infrastructure while safeguarding patients’ personal information.

Assessing the Security Vulnerabilities and Countermeasures of Connected and Smart Devices

Dimah Almani — 2025-06-25

Traditional devices are evolving into more automated, and smart entities forming Internet of Things (IoT) technology a huge complex network composed of millions of smart connected machines. The rapid proliferation of such a technology has a significant impact on various applications and domains daily, including domestic (smart home) devices, transportation, cities, energy, healthcare, manufacturing, and many others. However, in parallel with providing convenience to users, this technology comes with many concerns, risks, and vulnerabilities that threaten both the security and privacy of the users. Poor authentication practices include weak password policies and no multi-factor authentication, which can make devices vulnerable to unauthorized control, thereby giving the attacker access to sensitive user data or hijacking the device itself. Inadequate encryption techniques further worsen the problem by leaving communications unsecured and sensitive data open to interception and theft. Insecure network interfaces are common because of the lack of proper security measures in their design and thus give an attacker the entry point into otherwise secured devices. Moreover, due to the lack of consistent deployment of security by different manufacturers, some devices remain more open to attacks than others. While some of these vulnerabilities have been identified in the existing literature, there is still a need for a more holistic view that considers the spectrum of security issues in IoT devices and their application domains. In this paper, we assess the vulnerabilities, and the security challenges inherent in IoT networks including weak authentication practices, inadequate encryption, and insecure network interfaces, and lack of standardization. Through different case scenarios in transportation and health systems, we compare the effects and implications of inadequate systems towards security. For example, inadequate authentication in healthcare could compromise patient safety, while in transportation, it may lead to disruptions and safety hazards. The paper concludes by recommending some strategies that improve IoT security, encompassing policy development and standardization efforts along with areas of future research for mitigating associated risks effectively.

Enhancing Operational Planning and Situational Awareness for Cyberspace Operations (CO), Based on the Crossed Swords Exercises

Marko Arik — 2025-06-25

Cyberspace Operations (CO) planners face unique challenges in modern warfare, requiring a comprehensive understanding of cyberspace layers and a systematic planning framework. Exercises such as Locked Shields and Crossed Swords (XS) enhance cybersecurity skills, teamwork, and decision-making under pressure. Visual planning tools can improve operational planning and situational awareness in COs by providing a holistic picture of the operating environment. This facilitates better decision-making and coordination and fosters a cooperative defence mindset among allies. Using lessons from XS, this study uses a design science methodology to create a Cyber Planner application. The research team was able to observe current procedures, evaluate the efficacy of current tools, and get input from CO planners participating in the exercise. XS offered a valuable framework for identifying operational issues in cyber operations planning. Through iterative design modifications based on user experiences and needs, the exercise provided a real-world testing ground to assess the Cyber planners’ initial version. The study intends to improve situational awareness and operational planning skills in cyberspace using the lessons acquired from the exercise. The user requirements for the Cyber Planning tool were identified through a literature review and interviews, resulting in 30 user requirements included in an online survey. The online survey, which was directed at CO planners, validated most of the identified user requirements, ensuring the tool meets the demands and expectations of its intended users. Integrating risk management into a CO planning tool can improve situational awareness, response times, and defence strategies, enabling real-time monitoring, analysis, and decision-making. Advanced data visualisation and Cyber planning tools are needed for improved decision-making.

A Maturity Model for Password Security Education

Tapiwa Gundu — 2025-06-25

This paper introduces the Password Security Education Maturity Model (PSEMM), a comprehensive framework designed to guide organizations in systematically improving their password security practices through a structured progression of educational and operational stages. The model delineates five levels of maturity, Naivety, Foundational Awareness, Active Engagement, Embedded Security Habits, and Adaptive Security Mindset each representing a step forward in the development of robust password security protocols and a culture of security awareness. The development of the PSEMM is grounded in a systematic literature review (SLR) that identified 989 articles that were then screened for inclusion eligibility, which eventually resulted in 12 articles being used to identify key themes and gaps in existing cybersecurity education models. Through this rigorous analysis, the study pinpointed the need for a specialized maturity model that not only addresses the technical aspects of password management but also emphasizes the critical role of continuous education and employee engagement. The PSEMM fills this gap by offering a clear, adaptable pathway for organizations of varying sizes and sectors to enhance their cybersecurity posture. The model’s applicability is demonstrated through its alignment with modern security practices, such as multi-factor authentication and password management tools, ensuring its relevance in today’s rapidly evolving digital terrain. This paper contributes to the field of cybersecurity education by providing a validated, practical tool for systematically advancing password security across organizational contexts. The PSEMM stands as a vital resource for organizations seeking to mitigate the risks associated with poor password practices, ultimately fostering a more resilient cybersecurity environment.

Configuration of African Cyber Power: Three Conceptual Precepts

Wilhelm Bernhardt — 2025-06-25

This paper flows from an interdisciplinary research project at the University of Johannesburg (UJ) on the design of an African-specific framework for configuring and assessing cyber power. The project advocates a nuanced and contextual approach to analysing, evaluating, understanding and enhancing cyber power in the African context, addressing the continent's unique challenges and leveraging cyber capacities for a triad of developmental, defensive, and offensive purposes. It is specifically contended that the imperative of a developmental component of cyber power distinguishes African states from the cyber power configurations of developed nations. At this very early stage of the project, the emphasis is on conceptualising theoretical constructs that can direct the design of the African cyber power triad. This paper forms part of the said theoretical quest and addresses the following problem statement: what are some primary precepts for designing an African cyber power triad? We identify and tentatively describe three precepts, namely: 1) the intentional relation between power and policy in the configuration of cyber power; 2) the centrality of national interests and security in cyber power; and 3) the imperative of optimising cyber power through the levering of asymmetric and interlocking advantages. The paper is categorically qualified as exploratory in nature and does not purport to comprehensively describe the three precepts. Instead we only advance some contours towards the academic discourse. The veracity and detailing of the proposed precepts are thus part of the ongoing research agenda.

Detecting Rogue Switch and Device Behaviour Using Network Anomalies in LAN

Vijay Bhuse — 2025-06-25

Local Area Networks (LANs) are crucial for modern organizations, facilitating essential communication and data
exchange in wired environments. However, wired LANs are susceptible to internal threats, exacerbated by "Bring Your Own
Device" (BYOD) policies that increase vulnerability to rogue switches. These unauthorized switches, connected with just an
Ethernet cable, can be installed by compromised employees or malicious insiders, undermining network security by
intercepting and manipulating data traffic. These rogue switches, often plug-and-play devices, are particularly dangerous
because they are difficult to detect and can be used to spy on network traffic or launch cyberattacks, further increasing
organizational risks. This study presents a hybrid detection and mitigation framework that combines Dynamic ARP Inspection
(DAI) with DHCP Snooping, Root Guard, and Port Security with Sticky MAC, alongside AI-driven anomaly detection. By
integrating rule-based security mechanisms with supervised machine learning models, the system detects subtle deviations
in network traffic and automates threat mitigation. This approach enhances detection accuracy, reduces false positives, and
seamlessly integrates into existing security baselines. Experimental validation was conducted using GNS3-based lab
simulations with a consistent network topology to evaluate detection effectiveness and dataset generation. Various Layer 2
attacks, including ARP spoofing, MAC flooding, and STP root bridge manipulation, were introduced to assess detection
accuracy. The AI-enhanced system, trained with supervised learning using Logistic Regression, achieved 100% accuracy and
an F1-score of 100% across all three attack scenarios, demonstrating its reliability in mitigating Layer 2 threats. The findings
emphasise the effectiveness of combining AI-driven anomaly detection with traditional network security mechanisms to
enhance LAN security. Unlike conventional reactive approaches, this framework enables proactive, real-time detection and
mitigation, adapting to evolving threats and eliminating reliance on manual monitoring. The ability to detect subtle variations
in network traffic behaviour ensures greater adaptability against sophisticated attacks. By continuously learning and refining
detection models, the system provides scalable, intelligent, and future-ready network protection against increasingly
advanced Layer 2 threats.

Hybrid Modelling for Anomaly Detection in Industrial Control Systems

Vincent Boerjan — 2025-06-25

This research addresses the challenge of anomaly detection in Industrial Control Systems (ICS), recognizing the increasing importance of cyber security in these environments due to recent incidents and evolving technical and regulatory frameworks and mechanisms introduced. It does that by proposing a comprehensive hybrid modelling approach to anomaly detection that bridges the gap between theoretical research and practical applications in real-world industrial settings. Specifically, this methodology focuses on generating a custom dataset for anomaly detection, avoiding the limitations associated with artificial datasets. It does that by merging expert-based formal modelling with Machine Learning (ML) modelling in a Model-Driven Engineering approach aiming at assuring the security and reliability of critical control systems from the transportation and logistics domains. This research contributes to these fields by offering a logical, traceable, and adaptable framework for anomaly detection in ICS, addressing the current challenges identified in literature and regulatory requirements.

Analysis of a Cryptocurrency Investment Scam: Pig Butchering

Johannes George Botha — 2025-06-25

This paper analyses and investigates a cryptocurrency investment scam involving the suspicious and fraudulent cryptocurrency trading platform, Elite-Bit, through a detailed case study of a victim's experience. With the rapid rise of cryptocurrency, deceptive platforms like Elite-Bit exploit unsuspecting investors by presenting a façade of legitimacy. This case study chronicles the victim's journey, beginning with a seemingly romantic connection through a dating platform, to an introduction to an investment opportunity, and subsequently a financial loss. After investing a substantial amount, the victim faced unexpected barriers when attempting to withdraw funds, including exorbitant transaction fees and other fabricated costs. The analysis reveals how Elite-Bit employs manipulative tactics such as social engineering and false urgency to maintain control over investors, ultimately leading to significant financial loss. These manipulative tactics are referred to as pig butchering. The paper utilises qualitative data from interviews and correspondence with the victim, along with an examination of platform behaviours to highlight common patterns in cryptocurrency scams. An on-chain and off-chain analysis was conducted using the limited input data provided by the victim. To contextualise the collected information, a link analysis was done, utilising the tool Maltego. The link analysis visually maps the entities associated with the suspect within a network of nodes and connections. By situating the Elite-Bit case within the broader context of cryptocurrency regulation and consumer protection, this paper underscores the urgent need for enhanced regulatory frameworks and public awareness initiatives. This study aims to contribute to the ongoing discourse on financial fraud in the cryptocurrency sector, providing insights that may assist in the prevention of future scams and the promotion of more secure investment and trading practices.

Strengthening AI Critical Infrastructure Security with the MIT AI Risk Repository and MITRE ATLAS Frameworks

Jami Carroll — 2025-06-25

Artificial Intelligence (AI) plays a pivotal role in critical infrastructure sectors such as energy, finance, healthcare, defense, and transportation. These sectors benefit from AI’s advanced capabilities, including predictive analytics, automation, and enhanced decision-making. However, AI integration also introduces significant security risks, such as adversarial attacks, data poisoning, and vulnerabilities within supply chains, potentially leading to system compromise and operational failures. Addressing these challenges requires a structured and proactive risk assessment approach. This study proposes a comprehensive AI security framework leveraging the MIT AI Risk Repository, which consolidates 43 frameworks, 2 taxonomies, and 777 identified risks, and MITRE ATLAS, which documents over 1500 attack vectors against AI systems. A systematic review of AI security research from 2020-2024 was conducted to assess common attack vectors, including deepfake technology, AI system poisoning, and supply chain threats. By mapping AI vulnerabilities to adversarial tactics, this research provides a structured methodology for identifying and mitigating risks. The findings contribute to establishing robust cybersecurity practices, enhancing AI resilience, and guiding policy development for critical infrastructure protection. This study highlights the importance of adopting AI-specific security frameworks to mitigate emerging threats and safeguard AI-driven systems across industries.

AI in Social Engineering-the Next Generation of Offensive Cyber Operations

Henry Collier — 2025-06-25

Few can argue that Social Engineering is the most effective way to gain access to a system. From an offensive cyber perspective, Social Engineering reduces the need to identify a new vulnerability within a system to gain access by praying on psychological factors like emotion and fear. Social engineering has an effective rate of ranges between 80% and 90%. When AI is added to the picture, the likelihood of a successful social engineering scheme increases because AI can add a layer of realism and personalization that gets past a person’s barriers. When AI-influenced social engineering attacks are added to an offensive cyber operation, the attack surface grows increasingly more significant. The larger the attack surface, the higher the likelihood of a successful cyber operation. These targets can attack governmental agencies, the military, critical infrastructure, the healthcare system, and more. Understanding how AI in Social Engineering is impacting Offensive Cyber Operations is important. This case study looks at how AI is impacting Social Engineering and how AI influenced Social Engineering is being used by Nation State Threat Actors in Offensive Cyber Operations. The U.S. Department of Defence

Compliance with ICT Governance in Corporate South Africa

Rabelani Dagada — 2025-06-25

An extensive search through various scholarly databases has revealed that prior to this study, there was no
conceptual model to guide corporate South Africa in the implementation of cybersecurity within the broader framework of
the law. The proposed conceptual model combines legal requirements and cybersecurity operational needs in a single model.
The study adopted a hypothetical company to demonstrate how the proposed model can be implemented in a corporate
environment. Qualitative research was conducted, using in-depth interviews and document analysis as data collection
techniques. Forty-five local organisations were purposively included in the study. Analysis of the data showed that
organisations are not abreast of cybersecurity policies. Most cybersecurity practitioners are not familiar with the legal and
policy aspects that they must adhere to when implementing cybersecurity, therefore most organisations do comply with the
law in South Africa. The study proposed a conceptual model that can be implemented in real companies, irrespective of their
governance and management structures, to improve the provision of the cybersecurity.

Integrating Reconfigurable Intelligent Surfaces into Next-Generation Mobile Networks: Comparative Simulations based on Simu5G

Wenqing Dai — 2025-06-25

Due to the need for high-performance communication systems capable of supporting a wide range of applications -including industrial automation, smart healthcare, and autonomous driving-, Next-Generation Mobile Networks (NGMNs) are continuing to evolve. Furthermore, to cope with variable traffic situations in urban vehicular environments, autonomous cars require communication, high reliability, doubtless integrity and low latency. Besides, in smart city environments, an AI-powered attack can i) exploit vulnerabilities in connected autonomous vehicles by generating spoofed signals to misdirect navigation and orchestrating jamming attacks to disrupt Vehicle-to-Everything (V2X) communications; In the same way, ii) telemedicine applications and wearable medical devices in the healthcare industry require reliable and secure communication in dynamic, interference-prone indoor and outdoor environments. However, in order to facilitate synchronized Machine-to-Machine (M2M) operations under strict latency and reliability limitations, industrial automation relies on resilient and robust wireless communication. In this context, Reconfigurable Intelligent Surfaces (RISs) have emerged as one of the potential Sixth Generation (6G)-enabling technologies capable of addressing these challenges. By dynamically reconfiguring the wireless propagation environment through programmable surfaces, RISs can improve the system performance in terms of signal reliability, coverage, and energy efficiency. To examine this, this work focuses on comparative simulations evaluating the network-layer performance of RIS-enhanced and non-RIS networks using the network simulation environment Simu5G. Thereby, key RIS features, such as channel optimization and interference suppression, are modelled to assess their impact on critical metrics like Signal-to-Interference-plus-Noise-Ratio (SINR), resilience, and secrecy efficiency against adversarial threats. Furthermore, this work highlights how RISs can mitigate security risks such as eavesdropping, spoofing, and jamming, which are becoming increasingly prevalent in AI-driven attack scenarios. For instance, RISs effectively counters AI-generated spoofed signals in autonomous vehicle networks and suppresses jamming in V2X communication. Comparative results demonstrate the superiority of RIS-enabled network architectures in both performance and security. In addition, the work provides academic and industrial researchers with a robust toolkit for examining the dual function of RIS in improving wireless network performance and security by expanding the Simu5G platform with RIS-capable modules. This contribution is an important step towards enabling real-world deployment of RIS in future networks.

Security Comparison of Powerline Communication and Wi-Fi Technologies for Internet of Things

Jacob Dimmitt — 2025-06-25

With the rise of system automation, more devices require intelligence and communication capabilities with a network, which is commonly provided via Internet of Things (IoT) devices. Providing communication stack security for these networks becomes increasingly challenging as the expectations of the systems increase. This paper reviews the current status of physical security network technology and explores innovations made in the past five years to identify and solve cyber vulnerabilities in a variety of contexts and then relates them back to IoT applications. These networked devices are often produced as simply and cheaply as technically feasible, which results in them lacking computational capacity, robust networking hardware and inherent security measures. The review focuses on two main technologies, WiFi and Powerline communications (PLC), to compare research on guided and un-guided media. These technologies can both be considered shared, as it is typical for multiple users to be expected to utilize a shared channel. This means both mediums are vulnerable to wireless jamming, but the effectiveness of this varies greatly based on factors such as the environment, cable shielding and transceiver distance. Similarly, the propagation of signals from the two technologies jeopardizes the potential privacy of communications by leaving them vulnerable to various means of eavesdropping. This can be addressed by using methods such as encryption, which is usually implemented at higher layers of the communication stack to provide confidentiality but can also be applied at the physical layer. Encryption also has the challenge of ensuring key exchange occurs securely which requires unique solutions when the limits of IoT devices are considered. Eavesdropping can also be defeated by controlling the signal-to-noise ratio that is presented to unintended receivers. Additionally, methods of device fingerprinting are being developed to create more robust authentication regimes between devices. Several research opportunities have been proposed where new concepts in one medium are applied to the other.

Compelled Testimony? A U.S. Legal and Ethical Review of Compelled Biometric Data and Encryption

Dominique Dove — 2025-06-25

Biological data has increasingly become interconnected and digitized, leading to the emergence of the field of biocybersecurity to address cyber threats within bioinformatic systems. Encryption provides significant social benefits by safeguarding sensitive information, but it also presents challenges to public safety. The increase of cell phone use and the rise of internet-connected devices have resulted in a greater volume of digital data for law enforcement agencies to investigate. These trends have created a demand for advanced encryption methods, including access controls relying on facial recognition or other kinds of biometric data. While policy debates regarding backdoor access to aid law enforcement in combating crime continue, courts increasingly confront important Fifth Amendment questions in criminal investigations relying on digital evidence. In these cases, courts must frequently assess whether compelling the disclosure or use of biometric identifiers infringes upon protections against compelled testimonial evidence. The balancing of national security and privacy concerns are crucial in determining whether we are willing to sacrifice privacy and civil liberties for safety. This paper examines the intersection of encryption, law enforcement access, and the legal and ethical considerations raised by compelled disclosure or use of biometric data from a U.S. perspective.

South Africa as a Continental Cyber power – What do Some Scorecards Say?

Petrus Duvenage — 2025-06-25

South Africa’s role as a continental leader, and its ability to address domestic challenges, both now and to an increasing degree in the future, will depend on its ability to optimise cyberpower. While there are several frameworks and indices designed to assess cyberpower, or aspects thereof, none of these are specifically designed to factor in the developmental imperative of African countries and the Global South. This paper forms part of a research project at the University of Johannesburg aimed at the design of an Africa-specific model for configuring and evaluating cyberpower. The African Cyberpower Triad is a three-dimensional model that elevates the developmental imperative to be on an equitable footing with offensive and defensive cyberpower. At this early stage of our research, cyberpower-related assessment indices and frameworks are being evaluated for possible use in the design of the African Cyberpower Triad. This paper derives from this appraisal and has as its central research questions: ‘What are some of the cyberpower-related instruments that can be utilised as ‘scorecards’ to measure and/or assess aspects of South African cyberpower’, and ‘what do they say about South Africa’s status as a cyberpower in the African context’? The paper identifies and applies scorecards relevant to all three dimensions of cyberpower. The scorecards indicate that, within the continental context, South Africa is a major cyberpower with significant but, in various respects, unrealised potential. Harnessing this potential will require strong political will and the decisive implementation of a well-rounded national cyber strategy that synthesises the offensive, defensive and developmental dimensions. Regarding offensive cyberpower, scorecards suggest that South Africa is a major player on the continent, but not the leading force at present. In terms of defensive cyberpower, South Africa scores well above the international average, yet it does not rank as a continental role model. However, South Africa ranks highly as a leading developmental cyberpower—though also in this instance its capacity remains far from fully realised. This paper presents a preliminary and exploratory evaluation, to be followed by a comprehensive assessment of South Africa’s status as a continental cyberpower, based on the model currently under development.

The European Union and the Protection Of Critical Space Infrastructure from Cyber-Threats: A Strategic Approach?

Alexandru Georgescu — 2025-06-25

The functioning of terrestrial critical infrastructures, such as electricity, transportation, and finance depends on critical space infrastructures (CSI). CSI underlie the provision of vital goods and services, economic activities, national and global security. Consequently, securing CSI from cyber-attacks is important to avoid disruptions in the provision of critical goods and services and ensure high levels of security in our societies. Existing cases of cyber-attacks against ground and space components of CSI have proven the consequences of such attacks for domestic and international security, economic, systemic, environmental and social safety and stability. With strategic gains increasingly motivating state and state-sponsored attacks against CSI, the European Union (EU) expanded its resilience and response toolbox to address cyber-threats against CSI. Space has become a highly strategic domain with the EU Strategic Compass, since 2022. Furthermore, in 2023, the High Representative and the Commission put forward an EU Space Strategy for Security and Defence, presenting the EU’s vision for space security. This programmatic document marks a shift in the EU’s configuration of space, from a domain for scientific and civilian enterprises, to one central to security and defence. This paper examines the quick evolution of the EU’s approach to protecting CSI between 2020 and 2024 against the background of the development of the EU’s approach to CI protection more broadly and the development of its space governance aspirations and capabilities. It examines the EU institutional and legislative frameworks for CSI resilience to assesses how relevant and strategic these are considering new technological developments, in the current global security context.

Intrusion Detection in Smart Buildings Using Energy Anomalies: A Long Short-Term Memory Model Approach

Ayse Glass — 2025-06-25

The increasing prevalence of smart buildings within urban environments necessitates advanced security measures to detect and mitigate potential threats. This study leverages the data by a private company ASHRAE, the ASHRAE - Great Energy Predictor III dataset (GEPIII). The research question is: How can anomalous energy consumption be used as a proxy for identifying intrusions in smart buildings? By establishing baseline energy consumption patterns for building operations, we investigate how deviations from these patterns may signal the presence of unauthorised individuals. The anomaly detection in this study focuses on deviations in energy consumption patterns, considering not only magnitude and frequency but also duration, timing, rate of change, consistency across similar conditions, correlation with external factors like weather, aggregate daily or monthly usage, geospatial distribution within the building, and statistical outliers. In this study, we employ a Long Short-Term Memory (LSTM) neural network for our anomaly detection task, capitalising on their ability to capture dependencies in sequential data. After training our LSTM model, we conducted extensive validation to assess its performance. The dataset provides meter readings from over 1300 commercial buildings, of which we used a subset of 100 randomly selected buildings for this study due to computational resource limitations. Using IoT with interconnected sensing devices in smart buildings to collect data, combined with AI is an emerging research area in building security. Results highlight the potential of this approach to provide tools for enhancing the security of smart buildings, with implications for broader urban safety systems. Broader implications are that threats can be detected pre-emptively by using the developed model, or buildings can be designed and then a simulation can be run against the developed AI model, influencing future building codes or policy changes for the governance of urban environments.

Evaluating Deception Theories for Applicability to Cyber Operations

Tim Grant — 2025-06-25

Deception is essential to and inherent in cyber operations of all kinds. In defensive cyber operations, deception is the third line of defence after authentication and access control. Deception can be supported by intrusion detection systems monitoring for suspicious activity. Honeypots are the most obvious technique for misleading intruders, but delaying execution of commands, giving false excuses, and lying about the results may be more effective in some circumstances. Proactive defences also depend on deception. In offensive cyber operations, the attacker may manipulate someone to gain information. He/she may masquerade as an authorised user to access the target system or escalate privileges, install a rootkit to conceal his/her actions, bypass access control by installing a back door, or exfiltrate collected data within normal traffic. There is a wealth of theories of deception, overwhelmingly based on the physical world. Some theories are generic, others are specific to military operations, but few are specific to cyber deception. Some focus on the entities involved, while others focus on the deception process, which itself may be organisational or psychological. Several authors warn that analogies drawn from the physical environment may be counterintuitive in cyberspace. As Miller, Brickey and Conti (2012) memorably express it: “weapons can be reproduced instantly, ‘bullets’ travel at near the speed of light, destroyed targets can be brought back from the dead, and a seventeen year old can command an army”. This warning also applies to deception theory. The purpose of this paper is to evaluate key theories of deception for applicability to cyber operations in a multi-domain environment. There are five chapters. After the Introduction, Chapter 2 summarises relevant theory and doctrine. Chapter 3 summarises seven key theories of deception. Chapter 4 evaluates them, and outlines an ideal theory. Finally, Chapter 5 draws conclusions and recommends further work.

Strengthening Cybersecurity Resilience in Agriculture Through Educational Interventions: A Case Study of the Ponca Tribe of Nebraska

George Grispos — 2025-06-25

The increasing digitization of agricultural operations has introduced new cybersecurity challenges for the farming community. This paper introduces an educational intervention called Cybersecurity Improvement Initiative for Agriculture (CIIA), which aims to strengthen cybersecurity awareness and resilience among farmers and food producers. Using a case study that focuses on farmers from the Ponca Tribe of Nebraska, the research evaluates pre- and post- intervention survey data to assess participants’ cybersecurity knowledge and awareness before and after exposure to the CIIA. The findings reveal a substantial baseline deficiency in cybersecurity education among participants, however, post-intervention assessments demonstrate improvements in the comprehension of cybersecurity concepts, such as password hygiene, multi-factor authentication, and the necessity of routine data backups. These initial findings highlight the need for a continued and sustained, community-specific cybersecurity education effort to help mitigate emerging cyber threats in the agricultural sector.

Sentiment Analysis for Defence Ecosystem and Armed Forces

Apurv Gupta — 2025-06-25

Today's battlefields extend far beyond physical terrain into the digital realm, where military operations are won or lost through the power of perception. This research dives deep into how Sentiment Analysis (SA) has become a game-changing intelligence asset for modern defence operations. When Russia invaded Ukraine in February 2022, an extraordinary sentiment shift among Ukrainians was observed in the public opinion. Analysis of public discourse on social media revealed a substantial transformation throughout the war with initial support for negotiations gradually giving way to increased resolve for continued resistance. This fundamentally altered the geopolitical understanding of Russia Ukraine war and brought about a significant pivot in military planning and diplomatic approaches. On 28 February 2025, three years later, an interaction between the President of United States, Donald Trump and Ukrainian President, Volodymyr Zelensky spiralled into a heated confrontation and a very public spat. One of the many fall outs of this incident was the significant spike in President Zelensky’s approval ratings (69%) in Ukraine. This dramatic reversal, having deeply altered modern political outlook and military planning, has compelled strategists to rethink the brass tacks. The strategic impact of SA on conduct of military operations was further cemented during the Israel-Hamas conflict, where Israeli forces analysed over 400,000 Reddit conversations to identify emotional flashpoints and counter misinformation before it gained traction. The relevance of SA can be established by the statements of an anonymous Israeli intelligence officer: "The temperature of online conversations now matters as much as satellite imagery in modern warfare." As the operational landscape becomes increasingly asymmetrical the application of sentiment analysis in contemporary geopolitical theatres emerges as a substantial force multiplier, allowing defence strategies to shorten the OODA (Observe, Orient, Decide, Act) loop significantly. From Afghanistan to the South China Sea, military commanders increasingly rely on sentiment data to navigate complex operational environments. Integrating SA in the overall military decision making process will enable the armed forces to conduct proactive information dominance, neutralise adversarial narrative warfare and enhance strategic situational awareness. By dynamically recalibrating mission critical communication strategies, SA will transform from a passive intelligence tool to an active psychological operations (PsyOps) force multiplier. These capabilities allow military commanders to model potential adversarial decision trees, simulate cognitive reaction scenarios and develop multidimensional contingency frameworks that proactively neutralise emerging operational risks before they materialise in kinetic domains. This research unveils the strategic significance of SA as a paradigm shifting intelligence capability that redefines the modern battlespaces, demonstrating how armed forces that incorporate this will gain decisive advantages in both, battlefield operations and the equally crucial battle for public support. Defence Ecosystems and Armed Forces that master this emerging intelligence frontier can and will secure decisive advantages both across kinetic and informational domains.

Transformer-Based File Fragment Type Classification for File Carving in Digital Forensics

Andrey Guzhov — 2025-06-25

The recovery and reconstruction of fragmented data is a critical challenge in digital forensics, particularly when dealing with incomplete, corrupted, or partially deleted files in large-scale cybercrime investigations. Accurate classification of file fragment types is essential for reconstructing critical evidence, especially in environments characterized by high levels of data fragmentation, such as cyberattacks, data breaches, and the operation of illicit (“darknet”) data centers. Traditional file carving methods often struggle to efficiently handle these fragmented files, limiting their reliability in complex investigations involving large volumes of data. This paper introduces a novel approach to classifying file fragment types using a Transformer-based model, designed to significantly enhance the speed and accuracy of forensic investigations. Unlike traditional methods, which rely on handcrafted rules or shallow machine learning techniques, our model leverages the powerful Swin Transformer V2 architecture, a state-of-the-art deep learning model tailored for sequence-to-sequence tasks. The model was trained to recognize complex, hierarchical patterns within raw byte sequences, enabling it to classify file fragments with high precision and reliability. We demonstrate that our model outperforms traditional methods on 512-byte file blocks, achieving superior classification accuracy on the File Fragment Type dataset (FFT-75), and also shows strong competitive performance with larger 4 KiB file blocks. Our approach represents a significant advancement in digital forensics, automating the classification of fragmented data and improving the reliability and efficiency of evidence recovery. Future work will focus on optimizing the model for different file block sizes and evaluating its application to real-world fragmented data scenarios. By automating the identification of file fragment formats, our approach not only improves classification accuracy but also reduces the time required for investigators to recover critical evidence from fragmented data sources. This work provides a promising tool for digital forensics practitioners, advancing recovery capabilities in the face of evolving cyber threats.

Signalling Cyber Deterrence Through D3FEND

Kimmo Halunen — 2025-06-25

States employ cyber deterrence strategies to safeguard their sovereignty in cyberspace. Cyber deterrence encompasses various means to prevent serious cyberattacks. This multifaceted approach incorporates various instruments of state power, including diplomatic, informational, military, economic and legal mechanisms. While all these instruments contribute to a state's overarching deterrence strategy in cyberspace, cyber-specific means offer the most rapid deployment options for countering cyberattacks. The challenge lies in credibly signalling cyber capabilities while preserving their secrecy and effectiveness. This challenge can be countered by carefully curating disclosed information, thereby maintaining the state´s strategic advantages and operational integrity. This research examines the technical implementation of deterrence signalling through a concrete example. By analysing the MITRE D3FEND framework, we aim to demonstrate practical application of cyber deterrence signalling and bridge theoretical concepts with operational cybersecurity practices. The MITRE D3FEND framework is a tool designed to describe cybersecurity countermeasure components and capabilities, and relationships between these elements. The research question posed is whether this framework can be used to signal cyber deterrence. This study evaluates the D3FEND framework's categories to determine which features can be signalled without compromising their effectiveness. Through qualitative content analysis, we develop evaluation criteria based on academic cyber deterrence literature. Each category of the D3FEND framework is methodically assessed against the evaluation criteria, to identify the signalling potential of the framework. The main findings of the study show that, of the seven categories of the D3FEND framework, the “Harden” category contains the most elements that can be used in cyber deterrence signalling, while the “Model” and “Deceive” categories have the fewest. The evaluation helps discern not only the elements to be signalled, but also those aspects of the defence, the exposure of which must be avoided. This research contributes to the academic discourse on cyber deterrence by elucidating the technical aspects of deterrence signalling, thereby offering a novel approach to bridging theoretical frameworks with practical cybersecurity implementations.

Wireless Body Area Networks in Healthcare: Evolution, Challenges, and Pathways to Innovation

Jan Herbst — 2025-06-25

Wireless Body Area Networks (WBANs) are emerging as a transformative technology in healthcare, enabling continuous real-time monitoring, and management of patient health. This work explores the development of WBANs, emphasizing advances in communication standards such as Bluetooth, ZigBee, and Ultra-Wideband, alongside key challenges in their implementation. These challenges are categorized into five areas: i) security and privacy, ii) hardware, iii) communication and network protocols, iv) physiological aspects and v) interoperability. Additionally, the integration of WBANs into smart hospital environments as human-centric Internet-of-Things (IoT) systems is discussed, highlighting their potential to enhance patient care while addressing critical cybersecurity risks.

Envisioning New Ways to Use Economic Sanctions and Weaponisation in the Future

Elina Hiltunen — 2025-06-25

According to Clausewitz, war is a continuation of politics by different means (Clausewitz, 1832). The most common method of waging war is to utilise military force; however, other tools are being increasingly employed to persuade the opponent. War is progressively fought using means beyond military action, also targeting societies rather than solely the armies on the battlefield (Gerasimov, 2013; Galeotti, 2022). Economic sanctions and weaponisation are instruments employed to target societies during warfare. This study examines the evolution of economic sanctions and weaponisation and their potential future use. It also explores the mechanisms by which sanctions are designed to function and the conditions under which they prove effective. As sanctions progress over time, a key question remains: What type of economic sanctions might we anticipate, and how could weaponisation be employed in the future? To answer this question, a science fiction tool by Hiltunen and Huhtinen, (2022) is used to create scenarios of how the enemy could use economic sanctions and weaponization in technologically dependent societies of the future. The study aims to assess whether such a tool can generate new insights into the future effects of economic sanctions and weaponisation in a technology-dependent society. This article describes two scenarios that show how different sanctions and weaponisation can affect specific technologies. It highlights that by assessing society's critical functions and the technologies required to support these functions, vulnerabilities can be pinpointed—vulnerabilities that an adversary may exploit. From there, effective strategies can be devised to lessen the impact of economic sanctions and weaponisation. This paper holds importance as it proposes that innovative science fiction tools can be instrumental in reflecting on the future of economic sanctions and weaponising. Often perceived solely as entertainment, science fiction possesses the ability to explore diverse strategies regarding future warfare. Furthermore, the paper develops various sci-fi scenarios to analyse the weaknesses of a society reliant on technology.

E-Health Systems for Remote and Disaster-Resilient Digital Environments

Aarne Hummelholm — 2025-06-25

We talk a lot about our digital services, artificial intelligence, virtual reality, and the metaverse, along with the platforms they run on. We focus on how we can further improve services in the systems operating on these platforms to support smart societies in the future and deliver value to a wide range of stakeholders across all sectors. The situation with this new type of service is not necessarily good enough in some regions of the world. People live in remote areas far from population centres on different continents, northern regions, wilderness areas, deserts, mountains, islands, etc. How can we guarantee suitable societies and well-being services for all people even in these conditions, far from core centres and large villages, regardless of time and place? We must strive to take advantage of the opportunities provided by innovative ideas and technologies and use renewable energy in all areas, especially in areas where electricity systems do not always work, and telecommunication connections are not always available. Artificial intelligence is already integrated into many areas of smart society services. Virtual reality (VR) functionalities are also coming to be used in many service portfolios. Nowadays, we are talking a lot about the metaverse. To fully utilize new technologies and their services, we need robust solutions for the interfaces between smart devices and network systems, ensuring seamless and secure access anytime, anywhere. These solutions must be designed to prevent cyber attackers from exploiting vulnerabilities in the new systems and the smart devices connected to them. This article outlines principles for future smart society services, possibly using PeAN smart devices designed for areas that might be far from major cities and villages.

Strategic Impacts of the Cyber Offense/Defense Balance

Wade Huntley — 2025-06-25

This paper examines how the distribution of offensive and defensive cyber operations (OCO & DCO) contributes to the achievement of strategic goals. Drawing on established theories of the relationship of offensive and defensive weaponry in terrestrial conflict domains, the examination develops a methodological framework to assess the relative contributions of OCO and DCO to offensive and defensive cyber strategies and overall multi-domain outcomes. The paper identifies both challenges and opportunities in associating offensive and defensive cyber capabilities with appropriate offensive and defensive strategies. Some challenges are intrinsic to the dynamic effects of specific weapons technologies on conflict outcomes, while other challenges flow from the conditions of the cyber domain. The paper identifies principal complicating factors in associating OCO and DCO selections with strategic outcomes, including the dual-use and indistinguishable nature of some of the most sophisticated cyber weapons; the opacity of operations incumbent to the cyber domain; complexities and data acquisition impediments in calculating precise relative costs associated with developing and utilizing offensive and defensive cyber capabilities; information paucity exacerbation of motivated analytical biases; and the sometimes inverted relationship of OCO and DCO to offensive and defensive strategies, respectively. These findings support the importance of developing a precise and empirical evaluation methodology associating objectives achievement in the distribution and balance of OCO and DCO missions to the underlying operational and strategic objectives of those missions.

Crisis Communication Guidelines to Support Cyber Resilience

Eveliina Hytönen — 2025-06-25

Cyber-attacks have become a prominent issue in the digital society. Attacks can result in losses for individuals and organisations. Cyber-attacks such as data breaches can create a very real threat to all stakeholders with a strong perception of vulnerability because potential loss of sensitive data. Such crises place unique demands for crisis management and communication. Communication is crucial for promoting awareness and sharing information and instructions to stakeholders. Consequently, effective communication can help build dynamic organisational cyber resilience. The research question of this paper is: How can crisis communication help manage cyber incidents? To respond to the research question, this paper draws on earlier research on cyber security-related communication. In addition, two semi-structured group interviews were conducted to collect views from expert participants in the field of cyber security management and communication. The data were analysed thematically. The findings from the interviews support earlier research on cyber security communication. To help manage cyber incidents, cyber crisis communication should be timely and open, express empathy to stakeholders, show accountability and commitment to securing the data and to resolving the incident. Clear instructions and information about protective actions are also required from effective communication. By synthesising findings from earlier research literature and the interview data, this paper proposes preliminary communication guidelines that can assist in identifying effective strategies and requirements for cyber security communication within organisations. The guidelines can help prepare for and respond to cyber crises and consequently support organisational cyber resilience.

Understanding Cybersecurity Threats to Implantable Medical Devices: A Review

Austin James — 2025-06-25

Implantable Medical Devices (IMDs) are wholly or partially introduced to the body permanently or temporarily to serve a medical purpose. These devices, including pacemakers, cardiac defibrillators, deep brain stimulators, and various drug delivery systems, offer significant medical benefits but pose unique security and privacy risks. The modern history of biomedical implantable devices dates to the 1950s. Since then, the demands for them have pushed the frontiers of medicine and engineering. With millions of these devices now equipped with advanced computing and networking capabilities, they are continually exposed to the same security threats the broader cyberspace faces. Current security approaches often rely on "security by obscurity," which is ineffective. Moreover, managing access for multiple stakeholders, such as doctors, patients, and manufacturers, while adhering to the principle of least privilege poses a significant challenge. These threats include data breaches, where sensitive patient information, such as medical history and treatment plans, could be compromised, and device hijacking, which could allow malicious actors to gain control of the device and potentially harm the patient. Furthermore, managing access for multiple stakeholders, including healthcare providers, patients, and manufacturers, while adhering to the principle of least privilege presents a significant challenge. This literature review examines the evolution of security research in IMDs from 2015 to 2025. The review also explores the potential of leveraging advancements in adjacent technology fields, such as cryptography, artificial intelligence, and blockchain, to enhance the security and privacy of IMDs. Key findings underscore the increasing significance of collaborative efforts among researchers, industry stakeholders, and regulatory bodies. Moreover, the review demonstrates a shift towards more holistic security approaches that consider the entire lifecycle of an IMD, from design and development to deployment and maintenance. This review aims to provide valuable insights for developing more secure and trustworthy IMDs, ultimately improving patient safety and confidence in these life-saving technologies.

A Study on the Concept of Cyber Cognitive Warfare and Case Study Methodology From a Psychological Perspective

Kibeom Kim — 2025-06-25

Cyber cognitive warfare, which manipulates the opponent's cognition to change behavior in inter-state warfare, is
emerging as an important element with the advancement of science and technology. Human behavior is based on psychology,
and psychology provides scientific grounds for cyber cognitive warfare, but existing cyber cognitive warfare studies have only
determined the cause of behavior as cognitive manipulation, and there is no research interpreting it from a psychological
perspective. Therefore, this paper presents a methodology that can explain the characteristics of cyber cognitive warfare
from a psychological perspective and the mechanism by which behavior is changed through cognitive manipulation using
Skinner's operant conditioning theory, a behavioral psychology. Skinner's operant conditioning theory is a theory that
intentionally changes and reinforces behavior, and as it is a theory that has been proven to change behavior through various
experimental results, we applied it to cases of inter-state cyber cognitive warfare such as the Russia-Ukraine War and
interpreted the mechanism by which behavior is changed. In addition, in the process of interpreting the behavior change
mechanism, we presented a control variable management plan based on the research results that behavioral results can vary
depending on the influence of control variables such as the intervention of a third country. In conclusion, this study is
expected to serve as a foundation for scientifically identifying the causes of behavioral changes through a case study
methodology of cyber cognitive warfare from a psychological perspective, as cyber cognitive warfare is inherently invisible,
gradually permeates the target, and by the time the impact is recognized, it is often too late to respond.

Supporting Cyber Intelligence Analysts with Enterprise Security Modeling

Sung Hoon Kim — 2025-06-25

To maximize the value of human defensive cybersecurity intelligence analysts, effective situational awareness and triage capabilities are critical success factors. We describe an approach to support analysts with developing and maintaining service-oriented models that describe the security-relevant aspects of an enterprise. We refer to these models as enterprise security models. Inspired by enterprise architecture approaches, our enterprise security models are described from three perspectives: a business perspective, an application perspective, and an implementation perspective. The business perspective provides the business context in which activities take place. The application perspective refines business processes and activities into services. The implementation perspective provides the technical implementation details. The enterprise security model can be combined, through automation, with cyber threat intelligence to prioritize threats facing the enterprise. Cyber threat intelligence is commonly viewed at three different levels: strategic, operational, and tactical intelligence. These levels of threat intelligence correspond to the three perspectives in our proposed enterprise security modeling approach. It is our assertion that the ability to organize the enterprise architecture with a security focus viewed from the business, application, and implementation perspectives allows an organization to process different levels of threat intelligence in their proper context and to respond appropriately. Human security analysts can focus on threats that are likely to manifest, in the way in which they have been observed to manifest. This paper presents work on the creation and maintenance of enterprise security models. By using a proof-of-concept scenario, we suggest that a service-based modeling approach is effective to describe cybersecurity-relevant data concerning enterprise information systems architecture. Given the complexity of current enterprise architectures and the rapidly changing threat landscape, it is necessary to develop a well-developed situational awareness that spans the full enterprise. Our proposed modeling approach can provide the proper context for automation efforts to support human analysts in developing and maintaining such awareness.

CyberX 2.0: From Hacks to Head Games - Evolving Cyber Defence with Strategic Twists and Tactical Consequences

Scott Knight — 2025-06-25

CyberX is a unique, large-scale cyber operations exercise that incorporates a cyber-kinetic battlespace, designed to provide participants with a realistic, multifaceted problem space. The original environment offered limited support for Information Environment operations beyond scenarios for Defensive Cyber Operations, Offensive Cyber Operations, and Computer Network Exploitation. These scenarios did not initially include aspects of information operations or cognitive influence, such as diplomacy, propaganda, fake news, social media manipulation, and political subversion—key elements associated with hybrid warfare. This paper presents the ongoing evolution of CyberX, which introduces new dimensions of Information Operations to enhance the exercise scenarios and broaden learning opportunities for participants. The goal is to incorporate open-source intelligence and cognitive influence elements into Information Environment operations. New features include a geopolitical context for the mission scenario and a cognitive dimension to the Information Environment, ensuring that decisions made at the tactical cyberspace level carry real consequences. An integrated social media environment now supports Information Operations scenarios, populated by simulated personas and social media interactions. Exercise control referees use this platform to set up the scenario and manage gameplay. The platform leverages AI to semi-automatically generate message content, blending AI-generated rumors with ground-truth information. This simulated information space provides commanders with a more nuanced understanding of adversary disposition and movements. However, with this enhanced insight comes a greater strategic responsibility, requiring commanders to operate within the cognitive geopolitical space. This evolution makes the CyberX mission scenarios more tangible and realistic. The goal is to ensure that decisions made at the tactical cyberspace layer have real consequences. Choices aimed at locally optimizing risk in response to a cyber threat at the expense of overall mission success are discouraged. The learning outcomes now emphasize the integrated nature of cyber operations with other operational domains and their interdependence for mission success.

Development Needs of Finnish Incident Management and Leadership in the Future Operating Environment

Pekka Koistinen — 2025-06-25

This study examines the development needs of Finland’s incident management and leadership systems in a changing security environment under normal legislative conditions. The future will require preparedness for increasingly complex and unpredictable incidents. This transformation requires a reassessment of the leadership system and the search for new solutions. The Finnish incident management and leadership management system is based on the principle of comprehensive security, in which public authorities and the private sector jointly safeguard vital functions. Legislation and the rule of law are key considerations in evaluating the management system. International organizations, such as NATO and NORDEFCO, significantly influence Finland’s incident management system. From the perspective of comprehensive security, NATO is not merely a military alliance. The complexity of the security environment demands flexibility, cooperation, and resilience from the management system. The theoretical framework of the study is based on complexity leadership theory and systems theory. The empirical data consists of 18 expert interviews, analyzed using inductive content analysis. Based on the analysis, three main themes were found: preparedness of the management system for future challenges, legislative requirements for management system development, and the need for improvements in incident management from the perspective of leadership responsibility. The findings indicate that leadership responsibilities and legislation require clarification, and international cooperation structures should be more effectively integrated into the national system. Additionally, the roles of municipalities and the private sector need further specification. In the future, society must decide which interests should be secured and where the focus of preparedness should lie in the development and management of the management system.

A Survey of Power and Electromagnetic-Based Side-Channel Attack Countermeasures

Robert Kramer — 2025-06-25

Cryptography is a cornerstone of modern computing security, but it remains vulnerable to Side-Channel Attacks (SCAs), which exploit hardware implementations to compromise encryption. SCAs pose significant cybersecurity risks by extracting sensitive information, such as encryption keys, through passive observation of side-channel leakage or active manipulation of system operations. This paper reviews non-invasive power and EM-based SCAs, evaluates the effectiveness and limitations of existing countermeasures, and identifies gaps that warrant further research. The analysis aims to guide the development of robust defenses and inform future efforts to secure cryptographic systems against evolving threats.

Measures, Metrics, and a Scale for Appraisal of Cyber Threat Intelligence-Informed Decision-Making

Mona Kriesten — 2025-06-25

Cyber threat intelligence (CTI) is information from past, present, and evolving threats which, if correlated and put in context, aims to enhance cybersecurity decision-making at strategic, operational, and tactical levels. Despite the multiple benefits of CTI, such as identifying and profiling threat actors, tuning systems and cybersecurity controls, and providing context to incidents, the field faces challenges that must be overcome for effective implementation of CTI. The bulk of existing research tackling these challenges focuses on the technical aspects of collecting, analysing, using, and sharing CTI. However, one of the main benefits of CTI lies in its intelligence affordances to inform decision-making for key actors in cybersecurity. Unfortunately, there is generally a dearth of research on human factors associated with disseminating and utilising CTI. Further, while some research has been undertaken investigating the quality of CTI, there has not been much research investigating the quality of CTI-informed decision-making. This research is targeted to address this gap within the context of a larger project investigating the effectiveness of gamification in enhancing CTI use for defence against cyberattacks. To measure the benefits of CTI throughout the decision-making process, this research has developed a gamification platform and some of the relevant metrics and measures. Firstly, this paper presents these proposed measures and the derived metrics that can be used to quantify the benefits of using CTI at the individual decision level to measure the overall effectiveness of CTI. Secondly, the paper presents a scale that is developed to provide a yardstick for future CTI performance testing – specifically for CTI gamification solutions and generally for CTI-informed cybersecurity decision-making. The research addresses the need to quantify the impact of CTI on decision-making processes in cybersecurity through the measures, metrics, and a scale to inform the actual assessments.

Quantum Apocalypse: Fortifying Critical Infrastructure in the Age of Cyber Warfare

Shreyas Kumar — 2025-06-25

Quantum attacks on cryptographic systems remain hypothetical but are grounded in strong theoretical foundations. The emergence of quantum computing presents a significant challenge to national security, particularly in protecting critical infrastructures such as energy grids, financial systems, and healthcare networks. Quantum algorithms like Shor’s may soon be capable of breaking widely used cryptographic standards (RSA, ECC, AES), rendering current encryption obsolete and exposing essential services to disruption and data breaches. These vulnerabilities could threaten economic stability and public safety on a national scale. This paper analyzes the risks posed by quantum computing to classical cryptographic frameworks and evaluates quantum-resistant alternatives such as lattice-based, hash-based, and code-based cryptography. It assesses their theoretical soundness and suitability for securing national critical infrastructure. The analysis also explores the dangers of delayed implementation, where postponed adoption of post-quantum cryptography (PQC) could expose systems to future quantum-enabled cyberattacks. Additionally, the paper discusses the challenges of integrating PQC into existing systems, including regulatory compliance, interoperability, and operational readiness. Without coordinated strategies and accelerated transition plans, nations risk severe consequences, including financial disruption, healthcare service breakdowns, and energy supply chain failures. Finally, the study highlights the need for international cooperation, policy alignment, and robust testing to ensure the effective deployment of quantum-resistant solutions. Prompt action is essential to preserve the confidentiality, integrity, and availability of vital national systems in the face of the advancing quantum threat landscape.

Cyber Threats to Nuclear Safety: Game Theory Strategies for Enhanced Deterrence

Shreyas Kumar — 2025-06-25

The convergence of digital technology and cybersecurity introduces unprecedented risks to national security, particularly as cyber attacks increasingly target nuclear command, control, and communication systems (NC3). These threats escalate the stakes beyond traditional warfare, challenging established deterrence frameworks and creating a complex interplay between cyber and nuclear domains. This paper leverages advanced economic game theory, employing a non-cooperative model and dynamic analysis to dissect the strategic decision-making processes of rational actors in this volatile environment. By focusing on critical aspects like signaling, escalation management, and attribution uncertainty, we illuminate the intricate dynamics that arise when cyber intrusions threaten nuclear stability. Through the concept of a "cyber-nuclear deterrence equilibrium," we redefine the strategic balance states must achieve, factoring in the asymmetric nature of cyber capabilities and the profound uncertainty in attributing cyber attacks. Our dynamic game-theoretic approach explores potential scenarios where cyber disruptions could weaken nuclear deterrence, compromise command and control structures, or lead to unintended escalations. By incorporating real-world variables—such as detection capabilities, the credibility of retaliation, and the asymmetry of cyber power between adversaries—we build a comprehensive framework to address the new calculus of deterrence shaped by cyber threats. The findings underscore the urgent need for integrated cyber and nuclear security policies, as traditional deterrence strategies are insufficient in the face of this dual-threat landscape. We propose tailored, game-theoretic strategies to enhance signaling clarity, increase system resilience, and reduce the risks of miscalculation during cyber incidents affecting nuclear infrastructure. Ultimately, this research offers policymakers a strategic toolkit grounded in game theory, designed to craft adaptive, forward-thinking deterrence measures that align with the evolving realities of cyber-nuclear interdependence. Our analysis attempts not only to contribute to the academic discourse on deterrence theory but also to provide actionable guidance for strengthening global security in an era where the boundaries between cyber and nuclear threats are increasingly blurred.

NATO Self-Defense – Is Article 5 the Right Framework for Responding to Sub-Kinetic Cyber Aggression?

Shreyas Kumar — 2025-06-25

Cyber aggression presents a significant challenge to traditional frameworks of collective defense, particularly under Article 5 of the NATO Washington Treaty, which obligates member states to respond collectively to an "armed attack." While NATO has acknowledged that cyber incidents may trigger Article 5, ambiguity persists over what constitutes a cyber "armed attack," especially in the absence of kinetic effects. This uncertainty complicates NATO’s ability to address increasingly prevalent sub-kinetic cyber threats, such as economic disruption, data manipulation, and interference in democratic processes. Unlike conventional military threats, cyber operations often fall below the traditional threshold of armed conflict while still exerting strategic effects that can destabilize states and alliances. This paper critically examines whether Article 5, in its current form, is adequate for responding to modern cyber threats. Through an analysis of legal thresholds, strategic challenges, and real-world scenarios, it highlights how sub-kinetic cyber aggression blurs the line between peace and conflict, testing NATO’s existing frameworks. A key challenge is the lack of a universally accepted definition of what constitutes a cyber "armed attack," leading to inconsistencies in how NATO member states interpret and respond to cyber threats. Additionally, the difficulty of attribution in cyberspace further complicates collective defense efforts, as adversaries often employ proxies, obfuscation techniques, and false flag operations to mask their identities. Key findings underscore that without clearer definitions and adaptive strategies, NATO risks undermining its collective defense principle. To enhance its cyber defense capabilities, NATO must establish precise thresholds and cumulative criteria for cyber aggression, ensuring that sub-kinetic threats do not go unaddressed. Strengthening deterrence mechanisms, improving intelligence-sharing, and fostering consensus among member states will be critical in maintaining NATO’s credibility and cohesion. Furthermore, NATO should develop a flexible response framework that considers the cumulative impact of cyber operations rather than relying solely on isolated incidents. By modernizing its collective defense strategy to meet the realities of cyberspace, NATO can better deter and respond to cyber threats, ensuring that Article 5 remains an effective instrument of alliance security in the digital age. This study provides actionable insights into how NATO can navigate the evolving cyber threat landscape while reinforcing its commitment to collective defense.

Securing the Skies: Innovating Cybersecurity Governance for India's Emerging Small Airports

Shreyas Kumar — 2025-06-25

Cybersecurity policy and governance are becoming increasingly critical as small airports in India undergo rapid
expansion in operational capacity and digital integration under government-led initiatives like the Regional
Connectivity Scheme RCS-UDAN. This paper investigates the cybersecurity readiness and governance challenges
small airports face, specifically within the transformative context of Uttar Pradesh's civil aviation sector. Uttar
Pradesh, India's most populous state, has witnessed significant infrastructure innovation and policy-driven growth
in aviation, exemplified by the ambitious Civil Aviation Promotion Policy of Uttar Pradesh 2017, which aimed at
enhancing regional connectivity and economic inclusivity. However, this rapid advancement and digitalization,
involving extensive integration with national and international air travel networks, has simultaneously introduced
substantial cybersecurity vulnerabilities. Utilizing a Public Sector Innovation (PSI) framework, this research
evaluates innovative policy approaches and governance mechanisms for managing and mitigating these
cybersecurity risks. The study highlights vulnerabilities from increased complexity, limited administrative and
technical capacities, and resource constraints typical of smaller airport operations. It argues for the urgent need to
develop tailored cybersecurity frameworks that effectively address local contexts while ensuring alignment with
broader national and international cybersecurity standards. Key recommendations include establishing clearly
defined governance structures for cybersecurity oversight, enhancing multi-stakeholder coordination across
different administrative levels, promoting extensive cybersecurity awareness and training programs, and
instituting robust and responsive incident management and recovery mechanisms. These policy innovations and
governance reforms are crucial not only for safeguarding critical aviation infrastructure but also for supporting
sustainable economic growth, resilience, and inclusive development within India's rapidly evolving civil aviation
landscape. This paper provides valuable insights for policymakers, regulators, airport operators, and technology
providers, offering a strategic roadmap toward comprehensive cybersecurity preparedness for India's small
airports.

Enhancement of Phishing Email Detection with Bayesian Networks. A Cyber Security Training Module.

Dimitrios Lappas — 2025-06-25

In today’s digital world, we rely on various applications to protect ourselves from malicious software on the internet. Many of these tools also aim to shield us from phishing emails, which are increasingly prevalent. But how reliable are these phishing protection tools? Do we uncritically trust their indication that an email is safe, or are their assessments merely probabilistic estimates? These questions became the focal point of an innovative educational process in cybersecurity training. In this training activity, participants initially assumed the role of phishing email creators, crafting emails targeting a hypothetical individual using social engineering techniques introduced during the course. Next, an anti-phishing software tool, developed specifically for this training, evaluated their emails and provided a percentage indicating the likelihood that the email would be identified as phishing. The software's functionality was built upon a Bayesian network designed specifically for the course, using data derived from emails created by participants in the previous academic year. Trainees were then introduced to Bayes' rule and learned how the Bayesian framework operates as a method of phishing detection. By the end of the training intervention, participants were proficient in applying Bayes' rule and constructing small Bayesian networks to assess the potential risk of emails, thereby enhancing their understanding of cybersecurity principles and tools. Our module makes a significant contribution to the cybersecurity education community by presenting an innovative approach to teaching protection against phishing emails.

Instant Friend-or-Foe Identification for Stealth Devices in Coalition-Drone Swarms

Christina Lassfolk — 2025-06-25

The war in Ukraine demonstrates the versatility of drones in modern warfare. However, only the initial steps of this technological disruption are visible. The evolution will bring a shift from individually operated drones to swarms of drones. These swarms will operate semi- or fully autonomously, diminishing the role of human operators. Instead of real time operations, humans will set mission objectives and supervise operations. The complexity increases further as drones from diverse origins, with different capabilities, and with different levels of trust, collaborate in joint missions. This poses a challenging research question of how to identify, quickly and securely, other devices in a coalition mission featuring numerous autonomously operating units. This article introduces a novel mechanism for securely identifying autonomously operating drones on the battlefield without prior communication. Pre-deployment configuration enables autonomous decision-making in missions, eliminating the need to consult third parties during the identification process. This research focuses on a scenario where an ongoing mission that has suffered from equipment depletion necessitates replacement with new equipment. The present paper demonstrates how a valuable device can securely identify its neighbors before revealing its existence. A practical example of the benefits is the ability to conceal the precise location of the valuable device by utilizing low-cost, expendable civilian drones as message repeaters. The primary contribution of this paper is a solution that allows a device to operate in a stealthy mode and to distinguish friends and foes instantly and securely without prior encounters. The proposed concept of secure identification facilitates trust management in coalition drone swarms operating on the battlefield. Transparent use of data encryption is possible, but it is beyond the scope of this paper. Beyond flying drones, this solution is applicable to any autonomous or semi-autonomous system across various domains, as well as to human-carried devices that benefit from stealthy operation.

Cyber Threat Intelligence and IoCs and IoAs Search on the Dark Web

Martti Lehto — 2025-06-25

Through cyber threat intelligence (CTI), information is collected and analyzed from the surface web, deep web, and dark web. Threat intelligence refers to the knowledge, context, and insight gained by analyzing a wide range of physical, geopolitical, and cyber threats. CTI specifically involves the collection, processing, and analysis of data, leading to an understanding of the motivations, targets, and attack methods of threat actors. CTI helps facilitate faster, better-informed, and data-driven security decisions. It enables a shift from reactive defense to proactive engagement against threat actors. In the context of cybersecurity, various indicators are used. The indicators that are most used are Indicators of Compromise (IoC) and Indicator of Attack (IoA). The collected observational data is used to understand the attacker's motivation for the attack and to predict their future actions. This provides the necessary perspective for decision-making to organize defense from reactive to proactive action. This study analyzes the role of the dark web as a source of IoC and IoA, as cyber threat actors primarily operate and communicate on dark web platforms. The dark web is a part of the deep web that is intentionally hidden and inaccessible through regular web browsers. Using the dark web allows for nearly complete anonymity online by encrypting data packets and routing them through several network nodes.

Cyber Defence Trainer for Marine Integrated Platform Management Systems

Brian Lachine — 2025-06-25

Modern civilian and military marine vessels employ integrated platform management systems to monitor and control various different operational ship systems such has engine control, navigation and potentially weapon systems. These platform management systems consist of information and operational technology (IT/OT) environments that integrate commercial operating systems, TCP/IP based protocols and supervisory control and data acquisition (SCADA) systems in order to monitor and control marine cyber physical systems. This integration of technologies introduces threat vectors as well as unique operational, safety and potentially environmental impacts for marine vessels. Ships’ crews do not always have security monitoring capabilities and trained security staff who understand the various onboard systems to the extent they could detect a cyber attack. Furthermore, there is a lack of training environments that could be used to educate marine cyber operators. The aim of this research is to build an environment based on effective cyber training techniques to enable the education of marine cyber operators in defensive cyber operations. The environment in this context is a defensive cyber security trainer that enables students to analyse network traffic in order to detect attacks against any ship systems, including cyber physical systems. Effective training techniques refers to the pedagogical recommendations for successful cyber education and effective gamified design. Educating marine cyber operators how to detect attacks on marine IT/OT environments within an integrated platform management system will enable better protection from cyber attack against marine vessels. To accomplish this aim, defensive cyber trainer was developed that consisted of three key components. The first was a Capture the Flag (CTF) framework. The second was a server that included the emulation and simulation of key ship integrated platform management system components within a virtualized environment. Third, were open source and customized plugins used to analyse traffic in our virtualized ship and the inclusion of three different kill chains based on real attacker tactics, techniques and procedures (TTPs). This defensive cyber trainer was validated against research methodologies for effective gamified environment design.

Risks and Control Measures for Assuring the Safety of Trustworthy Autonomous Weapon Systems

Clara Maathuis — 2025-06-25

Autonomous Weapons Systems (AWS) represent a significant advancement in the military domain, offering potential benefits in precision, speed, and reduced human casualties, while simultaneously raising critical concerns regarding safety, ethics, and international security implications and consequences. While previous studies have extensively explored the technical, legal, and ethical aspects of AWS, there is a notable gap in addressing safety through the lens of building AWS as trustworthy systems. This article aims to bridge this gap by presenting a systematic analysis of the safety challenges associated with AWS and proposing robust control measures to address these concerns from a trustworthiness perspective. On this behalf, this research critically examines the inherent socio-technical risks of AWS, including potential system malfunctions, unintended engagements, ethical decision-making failures, and vulnerability to cyber attacks, evaluating these risks in the context of their potential impacts on combatants, civilians, and global stability. In response to these identified risks, a range of control measures designed to assure and enhance AWS safety, including advanced fail-safe mechanisms, multi-layered human oversight protocols, adaptive ethical decision-making Artificial Intelligence-based algorithms, and robust cybersecurity frameworks is proposed. Moreover, this research emphasizes the important role of meaningful human control as a fundamental safety mechanism, exploring methods to maintain effective human oversight without compromising the operational advantages of autonomy. The findings reveal the importance of a proactive, risk-based approach to AWS safety, highlighting the need for international collaboration in establishing standardized safety benchmarks and certification processes. This research contributes with valuable insights to the ongoing discourses on responsible innovation in military technology, offering evidence-based recommendations for policymakers, engineers, and ethicists working to ensure the safe and ethical development of AWS as trustworthy systems.

Agent-Based Model for Proportionality Assessment in Military Operations

Clara Maathuis — 2025-06-25

The proportionality assessment is a fundamental principle and a critical consideration in military operations. It involves weighing the anticipated military advantage of a military action against the potential for collateral damage, ensuring that the harm inflicted on civilians and civilian objects is not excessive in relation to the intended military gains. This process is inherently complex, requiring decision-makers to navigate uncertain and dynamic operational environments while integrating diverse variables, such as the operational context, available intelligence, and the evolving nature of conflict. To explore and better understand this decision-making process, this research introduces a novel Agent-Based Model (ABM) designed specifically to model and simulate proportionality assessment in military operations. The model proposed captures the interactions between decision-makers, environmental variables, and operational factors, providing a dynamic platform for analysing complex proportionality scenarios. By modelling these interactions and the underlying behaviour of this assessment process, this Artificial Intelligence (AI) model enables the simulation of diverse operational contexts, offering valuable insights into the decision-making process. Through this approach, this research contributes to the ongoing development of responsible and trustworthy AI models that enhance the understanding and evaluation of proportionality in military operations, supporting the creation of more informed and ethical operational strategies.

Multi-Agent System for Courses of Action Comparison in Military Operations

Clara Maathuis — 2025-06-25

In military operations, decision-making often involves evaluating multiple Courses of Action (COA) under conditions of uncertainty and complexity, requiring robust tools to support planners in this critical process. On this behalf, this research introduces a Multi-Agent System (MAS) that integrates the Fuzzy Analytic Hierarchy Process (fuzzy-AHP) method for CoA comparison, providing a dynamic and distributed approach to decision-making. The system models the decision environment through interacting autonomous agents, each representing decision-makers, operational variables, and contextual factors. By incorporating Fuzzy-AHP, the system combines the structured framework of Analytic Hierarchy Process (AHP) with the uncertainty handling capabilities of fuzzy logic, enabling agents to collaboratively evaluate hierarchical decision criteria. These criteria include key technological and operational factors, assessed using fuzzy representations of expert judgments and uncertain parameters. This approach facilitates an intelligent, nuanced, and adaptive comparisons of CoA, ensuring flexibility and consistency in multi-criteria scenarios. Experimental results demonstrate that the proposed MAS model not only enhances the accuracy and interpretability of COA evaluations, but also adapts effectively to changing operational conditions, providing actionable and trustworthy insights. This work contributes to advancing Artificial Intelligence (AI)-based military decision-support tools for military operations, addressing the complexities of CoA evaluation in dynamic and uncertain environments.

Deconstructing Dice and Destiny: Reverse Engineering for Deterministic Insights into a Probabilistic Game

William Mahoney — 2025-06-25

All commercially produced works fall under the protection of copyright law, as governed by applicable intellectual property statutes. By default, copyright ownership is attributed to the original author of the work. For instance, if an individual creates and distributes a graphic design, they retain exclusive rights not only to the physical reproductions (e.g., prints or posters) as well as the original creative content. This standard equally applies within software development. A prominent example of a software copyright license is the GNU General Public License (GPL), a widely adopted free software license administered by the Free Software Foundation (FSF). If you modify a GPL-licensed program and distribute it, you must also make the modified source code available under the same GPL terms. This paper describes a reverse engineering effort to determine if a certain commercially released copy of a game contains GPL licensed software, in violation of the aims of the GPL. While the commercial software used in the project was sold roughly twenty years ago, the investigation techniques are applicable today and apply not just to the GPL but to intellectual property protection in general.

Enhancing Healthcare Data Security Using Blockchain

Sheunesu Makura — 2025-06-25

Healthcare data management has undergone significant transformation with the widespread adoption of Electronic Health Records (EHR). However, this evolution also presents critical challenges related to data security, privacy, and interoperability. Traditional EHR systems often fall short in implementing robust safeguards against unauthorized access, data tampering, and breaches, putting sensitive patient information at risk. Addressing these concerns is vital to ensure trust in healthcare systems and compliance with stringent regulatory frameworks. This paper investigates the potential of blockchain technology as a solution to enhance the security and reliability of EHR systems. Blockchain's inherent characteristics, including its immutable and decentralized architecture, align closely with the requirements for improving data integrity, privacy, and accessibility. Key features of blockchain, such as distributed ledgers, cryptographic security, and consensus mechanisms, offer a compelling framework to address vulnerabilities in conventional EHR systems. By conducting a comprehensive literature review, this study identifies recurring issues in existing EHR platforms, such as susceptibility to breaches, unauthorized data manipulation, and the lack of seamless interoperability among stakeholders. To evaluate blockchain's viability, the research developed a prototype solution by integrating blockchain technology with an open-source EHR platform, OpenEMR. Smart contracts were employed to automate data access permissions and enforce data integrity. The prototype underwent rigorous testing in simulated healthcare environments to assess its performance in ensuring data confidentiality, integrity, and availability. The results demonstrate that the proposed blockchain-based system effectively mitigates many of the security and privacy concerns prevalent in traditional EHR systems. Additionally, it enhances transparency and facilitates secure data sharing among authorized stakeholders without compromising patient confidentiality.

Towards a Comprehensive Cybersecurity Information Sharing Framework

Unarine Manari — 2025-06-25

In today's digital age, cybersecurity has become a critical concern for nations around the world. With South Africa facing a significant cybersecurity challenge, ranking as the most targeted country on the African continent. The number and sophistication of cyber-attacks such as ransomware attacks, data breaches, phishing and pharming attacks have been steadily rising in recent years with the public sector and financial institutions being highly prone to these attacks. As cyber threats grow in sophistication and frequency, the need for robust defences and proactive measures is of high importance. Information sharing helps organizations and governments to analyse and understand existing cyber-attack trends and use the intelligence gathered to prevent future cyber-attacks, this helps to improve their overall security posture. It is evident from several scholars that organizations that share cybersecurity information have a high probability of reducing cyber-attacks within their environments. Most scholars agrees that, generally, information sharing, and collaboration may greatly reduce cybersecurity risk while ensuring resilience. But confusion and controversy remain around the following particulars such as: Who should share information? What should be shared? When should it be shared? What is the quality and utility of what is shared? How should it be shared? Why is it being shared? What can be done with the information? This paper therefore seeks to analyse the existing Cybersecurity information sharing frameworks, highlight the gaps and propose a comprehensive framework. Firstly, the paper formulates metrics that are used to evaluate the various identified frameworks, then compare and contract them. We then formulate a comprehensive information sharing framework building from the identified gaps. The proposed framework will then be adopted and used by various stakeholders, such as cybersecurity organizations, government bodies, and security experts who intend to share cybersecurity information.

An Architecture for Voice-based Authentication and Authorization with Deepfake Detection

Fabian Martins Da Silva — 2025-06-25

Voice biometrics offer a convenient and secure authentication method, but the rise of sophisticated deepfake technology presents a significant challenge. This work presents an architecture for voice-based authentication and authorization that integrates deepfake detection to mitigate this risk. This paper explores the design of this cloud-native architecture, leveraging Amazon Web Services (AWS) services for orchestration and scalability. The system combines cutting-edge AI models for robust voice-printing and real-time deepfake analysis. We discuss multi-factor authentication (MFA) strategies that provide layered defense against unauthorized access. Two specific use cases are explored: identity verification and secure approval of banking transactions. This paper addresses key considerations for real-world deployment, including system resiliency, cost-effectiveness, and the efficiency of the AI models under varying conditions. We evaluate the architecture's suitability as a two-factor authentication (2FA) solution, focusing on the accuracy of deepfake detection and the rates of false negatives and false positives.

Cyber Defence is More Than Just Cybersecurity

Juha Kai Mattila — 2025-06-25

Power projection through the cyber environment has become customary in competition, confrontation, and conflict between states. Cyber exploitation is supporting Iranian information warfare against its neighbours and the US. Russia is attacking Ukraine's cyber environment as part of its information and physical operations. The US and China wield cyber means as part of their strategic competition. Information security and cybersecurity, as part of it, focus on technical and procedural areas of cyber defence but miss the tactical, operational, and strategic levels required for national defence. Cybersecurity experts may recognise the technical and strategic layers of Cyber Defence. On the other hand, military officers approach warfare with three layers: tactical, operational, and strategic. These two world views seldom meet to generate and operate Cyber Defence. Therefore, this paper designs a model for Cyber Defence, bringing together information security and military experts from the strategic down to the technical level for capability generation and cyber force projection. The research approaches the topic from a relativist viewpoint, understanding the boundaries of Western cultural thinking and recognising the interplay between subject and object and between the nodes of the sociotechnical system. The research uses the standard research process of design sciences. The cyber defence model is built based on information and cybersecurity practices at a technical level, and on top of those, military tactical, operational, and strategic practices are applied. Selected use cases test the integrated model at each level. The paper tests the feasibility of the Cyber Defence Model with three scenarios, and the results show that the model addresses the essential tenets in tactical, operational, and strategic cases. The model recognises the different nature of the cyber environment compared to traditional domains, illustrates a collaboration model between layers of warfare, and emphasises the different nature of functions at each layer. The model and findings of the research may support establishing collaboration between stakeholders in creating national defence and military strategies, building cyber defence doctrines, and training cyber defence for planners and executors of operations and missions.

A Web Scraping Approach Towards Cryptocurrency Investigations

Bongani Mawhayi — 2025-06-25

The investigation of cryptocurrency crimes is still in its infancy with no standardised process or methodology to follow. This paper describes research that forms part of a broader project led by the second author (Botha, et al., 2025). The broader project’s aim is to develop a methodology to follow when conducting cryptocurrency crime investigations. One of the steps in the proposed methodology is web scraping. The authors of this paper present a detailed exploration of web scraping techniques within the broader context of the proposed investigation methodology. In this paper, the focus is on developing a well-structured methodology for scraping social media platforms and online forums to gather data related to fraudulent activities; the goal is to find posts that include references to the wallet address of interest. This exploration uses an iterative approach; for every new cryptocurrency wallet address discovered or revealed through on-chain analysis, a parallel path is followed by scraping the Internet. If a mention of the cryptocurrency address should be discovered it is considered to be a key finding, creating a pivot point in the investigation. From a pivot point, further open-source intelligence (OSINT) techniques will be applied, though this aspect falls beyond the scope of this paper. If no relevant information or link is found, the scraping path will not be pursued, and the investigation proceeds with on-chain analysis to identify additional wallet addresses. Additionally, challenges encountered in web scraping, such as handling platform restrictions, ensuring data accuracy, and managing large volumes of data, are addressed. The goal of the proposed methodology is to enhance data extraction and analysis efficiency contributing to the proposed methodology for investigating cryptocurrency scams.

Hyper-Connected: Information Security Education for Today's Children

Elekanyani Mukondeleli — 2025-06-25

The digital landscape has become an integral part of modern childhood. While technology offers a wealth of educational and social opportunities, it also presents a growing number of information security threats that children are often ill-prepared to handle. This research explores the critical need for information security education specifically tailored to the online habits and vulnerabilities of today’s hyperconnected children. The literature review was conducted to assess the vulnerabilities faced by children. Therefore, this study proposed an information security framework to equip children with the knowledge and skills necessary to navigate the online world safely and responsibly. The framework comprises five components: education, awareness and training, technology and tools, community support network, policies and regulations, and behavioural strategy. The information security framework can be applied as a tool in protecting children from falling victim to online threats.

Security and Privacy Challenges in VLC-Based V2X Communications: An Overview and Evaluation

Yorman Munoz — 2025-06-25

The upcoming Sixth Generation (6G) of wireless systems is considering, among others, technologies such as Wireless Optical Communication (WOC) and Visible Light Communication (VLC) to achieve more advanced and secure transmission systems. Thereby, VLC is offering advantages like high data rates and operating in the unlicensed visible light spectrum while enhancing security and privacy by directional light beams and reducing eavesdropping threats. However, its limitations include dependence on Line-of-Sight (LoS) and susceptibility to obstacles and environmental disturbances. In addition, Vehicle-to-Everything (V2X) communication, a key technology for autonomous driving, has evolved to provide faster and more reliable connectivity among cars and infrastructures. Therefore, this work investigates the integration of VLC into V2X, focusing on security and privacy challenges, as well as weather conditions, ambient light interference, and vehicle movement. Moreover, efforts to address these issues have explored combining VLC with Radio Frequency (RF) technologies and enhancing the Physical Layer Security (PLS) through advanced coding and modulation techniques. In this work, an experimental setup using OpenVLC examines key performance aspects, such as latency and angular optimization, identifying system limitations under varied conditions. Experimental results show that VLC maintains reliable communication with packet loss below 20% within a central angular range. However, at extreme angles, loss increases significantly, reaching nearly 100%, limiting performance under certain conditions. Despite slow receiver movement (~0.03-0.05 m/s), a motion had a negligible impact on overall performance, reinforcing VLC’s potential for secure short-range V2X applications. This research aims to lay a foundation for future advancements by addressing the interaction and interplay between VLC and V2X in privacy and security contexts.

Getting Devices Ready for Zero Trust Architecture by Complying with Richard Bejtlich’s MICCMAC Framework

Isaac Ojeh — 2025-06-25

In today’s rapidly evolving cybersecurity landscape, the adoption of Zero Trust Architecture (ZTA) has become a crucial strategy for organizations seeking to enhance their security posture and cyber resilience. ZTA operates on the principle of "never trust, always verify", ensuring that every device, user, and network request is continuously authenticated and monitored (Bejtlich, 2013). However, implementing ZTA effectively requires a solid foundation of security principles that govern device configurations, network architecture, and risk mitigation strategies. One such foundational framework is Richard Bejtlich’s Defensible Network Architecture 2.0, encapsulated in the MICCMAC (“mick-mack”) model. This paper explores how organizations can prepare their devices for ZTA by integrating the MICCMAC framework, ensuring comprehensive cybersecurity defense, and minimizing attack surfaces (Bejtlich, 2004).

Cyberbiosecurity in Healthcare: Securing Medical Devices from Digital and Biological Threats

Valentine Okpalanozie — 2025-06-25

Technological innovations constantly transform, and these transformations extend over all sectors of life, irrespective of the original innovation's purpose. Due to the need for constant improvements in patient care, new technology is commonly applied to healthcare environments. As the transformation keeps emerging, it, in turn, creates more attack vectors because of the interconnectivity in these devices. These interconnectivity features are why they are called smart devices. The smart device explains why they can connect to networks, process data, and interact intelligently with their environment and users. As these devices create attack vectors due to their interconnectivity, so do we have to pay attention to these attack vectors. Effects of biological data falling into the wrong hands should be of concern in the health sector due to its potential effect on the health of a patient and on the reputation of the health organization. Efforts have been made to safeguard data in the health sector, like the HIPPA framework, designed to protect sensitive patient health information. But there is a need to go beyond focusing on just personal data to broader aspects of the health sector, like cyber threats in medical devices. While cyberbiosecurity literature exists in industries like maritime, food and agriculture, no consideration has been given to the health sector. With the innovations in medical devices, there is a need for a nexus between cybersecurity and biosecurity, to maximize their abilities to tackle the loopholes created by this technological development. Cyberbiosecurity bridges this gap by shifting the focus on how to secure the different aspects of these devices like the software, firmware, and hardware. This research explores the emerging field of cyberbiosecurity by outlining the key digital and biological threats in medical devices and implications, challenges in securing medical devices and propose a framework for solid cyberbiosecurity practices to mitigate the risk in medical devices

Beyond the CVSS: Rethinking the Contextualisation of CVEs in a Connected World

Myriam Ouraou — 2025-06-25

In the context of globalized information technology, managing the growing number of Common Vulnerability Exposures (CVE) has become one of the most complex challenges for security teams. CVEs affect everyone: whether you are Microsoft Corporation, a national government, or an ordinary global citizen, no one is immune. The burden on cybersecurity entities is now heavier than ever. The more diverse assets a system holds, the broader its monitoring scope must be. Therefore, to avoid overwhelming operational and security teams, it is crucial to adapt the contextualization of CVEs to address emerging risks proactively and effectively. This involves not only analysing the technical characteristics of vulnerabilities but also considering contextual factors, and the dynamics of the global threat landscape. Relying solely on the CVSS Score is no longer sufficient; the rise of new indicators offers a fresh perspective on how security teams contextualize vulnerabilities. For effective vulnerability management within an environment, it is essential to first assess its level of maturity: from the most basic process, which allows for simple identification of vulnerabilities and asset patching, to the most advanced level, which incorporates the integration of business and IT impacts, the clear identification of priority threat vectors, and a continuous remediation process. However, since the beginning of 2024, the vulnerability management process for entities has been significantly disrupted by the absence of analysis from the NVD (National Vulnerability Database) of the NIST (National Institute of Standards and Technology). As the NVD is the primary source for publishing CVEs, this lack of information has hindered processes, leaving organisations with only partial analysis based on vendor assessments, which are often insufficient and differ from those of the NVD. In this paper, we intend to examine the various levels of maturity that a vulnerability management process must go through during its existence, the definition of the different indicators that characterize CVEs and we will reflect on the dependence of the NVD in the processes.

Unlikely Bedfellows? Visualizing Integration of Whaley’s Expanded Deception Framework and Soviet Reflexive Control Models to Collect Unique Attacker Behaviors

Tim Pappa — 2025-06-25

This industry cyber deception practitioners’ short working paper visualizes the integration of an expanded Bell-Whaley deception framework and Soviet reflexive control modelling to design cyber deception approaches that can collect unique attacker behaviours. While we recognize the application of a deception framework and a cognitive model is unorthodox for collecting cyber threat information, integrating these approaches prompts alternative designs that both disrupt and influence attackers, which can yield rich behaviours as cyber threat information. We will feature unpublished Whaley notes on deception in this expanded Bell-Whaley framework. This practitioners’ short working paper will also introduce the application in cyber threat contexts of reflexive control methods for influencing decision-making and categories of “reflexive interactions”. We will visualize this integrated approach by modelling initial access by a cybercriminal along a network perimeter, who then starts to pivot within a small non-profit organization’s network, demonstrating how a small organization with limited resources can use reflexive control and deception to mimic and dazzle network packet flow to misdirect the attacker to a high-interaction honeypot. This visualized cyber deception design reflects what the attacker observes and likely processes. We will theorize in this visualization how an attacker might respond to this reflexive control and what cyber threat information it could collect.

Building a Culture of Cybersecurity Awareness in Libraries: A Systematic Review of Best Practices and Frameworks

Edmont Pasipamire — 2025-06-25

As libraries digitize their operations and collections, they confront escalating cybersecurity threats that jeopardize user privacy, intellectual property, and service integrity. This systematic review examines best practices and frameworks aimed at building a culture of cybersecurity awareness among library stakeholders. Adhering to PRISMA guidelines, the researcher analyzed 37 studies from Scopus, Web of Science, and LISA published between 2000 and 2024. The analysis revealed five crucial themes: customized training programs, merging cybersecurity with digital literacy, aligning organizational culture, engaging all stakeholders inclusively, and implementing continuous evaluation. The findings show that effective cybersecurity awareness in libraries hinges on a comprehensive approach that balances technical solutions with human factors. Successful programs actively involve diverse stakeholders through participatory methods, align security measures with institutional goals, and integrate awareness activities into broader organizational frameworks. This review presents a versatile best practices framework for libraries that adapts to diverse contexts, digital literacy levels, and resource limitations. Integrating protection motivation theory with collaborative learning, we offer actionable recommendations for library professionals to cultivate sustainable cybersecurity cultures. Findings reveal that cybersecurity awareness is not just a technical necessity; it's a cultural imperative demanding continuous institutional commitment and collaboration among stakeholders.

Advancing Cybersecurity Education: Developing a Cybersecurity Higher Education Network in Finnish Universities

Piia Perälä — 2025-06-25

Cybersecurity is a critical element of national security strategies. European countries have established cybersecurity strategies to enhance their resilience against cyber threats. In Finland, the cybersecurity strategy emphasizes the importance of cybersecurity education and its development as essential components in preparing the nation to address cybersecurity threats. Achieving national cyber self-sufficiency will require a diverse range of skilled cybersecurity experts. However, the global shortage of cybersecurity specialists poses a significant challenge to developing and maintaining cyber sufficiency and resiliency. This shortage is also recognized in Finland. Universities play a crucial role in training cybersecurity experts through their education programs. In Finland, initiatives have been launched to develop cybersecurity higher education to address skills shortages. A key measure identified is developing an educational network for cybersecurity higher education. In early 2023, a three-year national project was launched to develop university-level cybersecurity education in Finland. The project involves nine Finnish universities and aims to strengthen cooperation between universities, industry, and the public sector in cybersecurity education. This collaboration enables the development of cybersecurity education for both degree students and working professionals. This paper describes the process and measures for developing national university-level cybersecurity education in Finland. It also aims to provide an understanding of the opportunities and challenges in developing an educational network in higher education. A key finding is that the educational network provides a solid basis for developing cybersecurity skills and efficiently using resources. Additionally, it enables the coordination of cybersecurity education at the national level, thus supporting the promotion of Finnish cybersecurity strategy objectives.

Security Vulnerability Assessment on Threads Application through Digital Forensics Analysis

Wadduwage Shanika Perera — 2025-06-25

The rapid emergence of new social media applications has introduced fresh vectors for cybercrime, highlighting the need for timely security vulnerability assessments. This paper presents a comprehensive security vulnerability assessment of Threads, a newly emerging social networking application, by examining its behaviour and data handling through a digital forensic analysis. The study followed a structured experiment which involved installing the the Universal Windows Platform (UWP) applications for Instagram and Threads on a Windows 11 device, conducting typical user activities between two test accounts, acquiring forensic disk images and memory dumps, capturing network traffic, followed by a digital forensic analysis of the discovered artifacts. The primary motivation behind this analysis is to uncover potential security vulnerabilities of the application through a forensic examination of data remnants left by the application. Data acquisition and analysis were carried out using tools such as FTK Imager, Autopsy, Belkasoft Evidence Center, Volatility 3 and Wireshark. The study revealed a range of security and privacy concerns related to the application’s data storage, memory usage, and network utilization. For instance, user-generated content and application metadata were found in application files without adequate encryption and sensitive user credentials were discovered, in plaintext. Additionally, insecure handling of backend communications and permissive CORS configurations were observed, introducing risks such as session hijacking and Cross-Site Scripting (XSS) vulnerabilities. Findings of this research underscore the need for improved security mechanisms in modern social media applications. This study provides valuable insights for developers, cybersecurity professionals, and digital forensic investigators to strengthen the security posture of current social networking applications.

Wearable Smart Devices: Innovations Through AI and Cyberbiosecurity Threats

Ashley Purnell — 2025-06-25

The integration of commercial health wearables (CHWs) with artificial intelligence (AI) has created innovative smart devices that provide continuous monitoring, analysis, and insights to improve health-related outcomes. They also help users to improve their physical fitness and detect early warning signs of health-related irregularities. Available over-the-counter, certain smartwatches and fitness trackers also aid in combating chronic and debilitating conditions like cardiovascular disease (CVD), which is the leading global cause of death (Brunier et al, 2020; Shajari et al, 2023). Exacerbated by the comorbid prevalence of obesity and diabetes, the treatment and management of CVD in the U.S. amounts to over $840 billion annually (Brunier et al, 2020). AI-powered CHWs are tools that help individuals make better daily health-related decisions to improve their cardiovascular health and fitness through automated analysis of critical biomarkers (e.g. blood pressure, heart rate, sleep patterns, and physical activity) and generative health-specific text alerts and recommendations. The advancements in cloud-based computing, data storage, nanotechnology in computer engineering, and integration of machine learning algorithms enable the data obtained from CHWs biometric sensors to be analyzed at rapid speeds. The acceptance of CHWs is increasing in popularity. In 2022, North American consumers purchased 42% of smart fitness trackers sold globally amounting to over $52 billion in sales. This commercial biotechnology industry is projected to have an annual growth rate of 17.6% (Laricchia, 2024). While CHWs are empowered by AI-enabled precision healthcare features, they also elevate the risk of cyberbiosecurity (CBS) threats (Jordan et al, 2020; Pauwels, 2023). CHWs, a repository of network-connected personal biological datasets, are vulnerable to unauthorized access, data corruption, inaccurate health recommendations, denial of user access, and potential risks to health and physical well-being outcomes (Affia et al, 2023). Cybercriminals use networked devices to execute destabilizing and malicious attacks on industries, governments, nations, and individuals causing financial, resource, reputational, and physical harm. However, CBS is an emerging field that studies the security risks that arise from the convergence of biotechnology systems enabled with internet access (DiEuliis et al, 2018; Guise et al, 2024). To protect against and mitigate CBS threats, consumers and developers of AI-powered CHWs must remain aware of the evolving CBS threats and employ methods to protect against unauthorized cyber breaches.

Enhancing Cyber Threat Intelligence (CTI) Exchange: A Governance Model for the DYNAMO Platform

Jyri Rajamäki — 2025-06-25

The growing complexity of cyber threats, especially within critical infrastructure sectors like healthcare, energy, and maritime, highlights the need for comprehensive frameworks to facilitate the exchange of Cyber Threat Intelligence (CTI). This paper presents a CTI Exchange Governance Model aimed at enhancing the CTI sharing process within the DYNAMO platform, a European Union initiative focused on improving resilience against cyber threats across various phases of the resilience cycle: Prepare, Prevent, Protect, Respond, Recover, and Learn & Adapt. The DYNAMO project provides a suite of tools and strategies to support organizations in critical sectors, enabling efficient threat detection, mitigation, and response while fostering collaboration and compliance with regulatory standards. Sector-specific scenarios have been developed to address unique vulnerabilities in areas like healthcare, energy, and maritime, ensuring practical and targeted solutions for improving cyber resilience. While DYNAMO’s integrated tools handle CTI generation and alerts, a standardized and cohesive framework is still needed to guide and streamline CTI sharing across sectors, addressing gaps in current practices that impact interoperability and timely response. This governance model is structured around five key pillars: Collaboration & Trust, Data Sensitivity & Standardization, Compliance & Regulatory Alignment, Real-Time Collaboration & Response, and Continuous Learning & Improvement. These pillars ensure a secure, standardized, and compliant approach to CTI exchange, particularly in sectors vulnerable to increasingly sophisticated attacks. The model is uniquely tailored to align with DYNAMO's mission, offering a sector-specific approach while integrating best practices from established cybersecurity frameworks. The model is operationalized through the DYNAMO platform, leveraging tools like the Early Warning System (EWS) for real-time CTI sharing and a Data Anonymization Tool to ensure privacy and regulatory compliance. As a result, a practical framework has been developed to tailor the model’s implementation across healthcare, energy, and maritime sectors, ensuring a scalable and adaptable approach to CTI sharing. Ultimately, the governance model enhances CTI exchange by addressing interoperability challenges and strengthens governance practices to support collaboration, improve incident response times, and foster continuous improvement.

The Impact of the NIS2 Directive on the Cybersecurity of Finland's Transportation Sector

Jyri Rajamäki — 2025-06-25

Sharing threat intelligence among stakeholders is crucial for a coordinated response to cyber threats. The updated cybersecurity directive of the European Union (NIS2) promotes collaboration and information sharing to strengthen cybersecurity across critical sectors, including transportation. This paper aims to examine how the NIS2 Directive has influenced the cybersecurity of Finland’s transportation sector. Qualitative methods, including a literature review, semi-structured interviews, and thematic and comparative analyses, were employed. The study focuses on the perspectives of key Finnish railway cybersecurity actors regarding the impact of the NIS2 directive and current practices. The results reveal variations in the implementation challenges and strengths among organizations, with a unanimous emphasis on risk management. Development suggestions include standardizing incident reporting processes, creating uniform guidelines, increasing cybersecurity expertise, and enhancing collaboration among national actors.

Cyber Warfare and Critical Infrastructure

Xavier Ramage — 2025-06-25

This paper identifies the growing threat that cyber warfare poses to a country's Critical Infrastructure (CI) and the Critical Information Infrastructure (CII) that accompanies it. CI is a term that describes all of the essential systems and services needed for the nation to function. CII describes the Information Systems responsible for the CI's operation. This includes energy grids, finance, water supplies, transportation, and healthcare facilities. This paper will focus mainly on the CI related to energy grids and finance. With the growing integration of digital technologies into these sectors and their CII, efficiency and connectivity have greatly been improved but have also introduced many vulnerabilities, making CII a prime target for cyberattacks. This paper will thoroughly examine cyber warfare's consequences on a country and its CI using real-world examples to determine its risks. A theoretical approach and the National Institute of Standards and Technology (NIST) framework will be analysed using case studies to identify the methods for detecting and patching vulnerabilities in CII. The analysis findings will be used to underscore the necessity of governments and industry leaders to invest in developing a strategy to protect and safeguard the country's CI and CII against cyber warfare.

Supporting Amphibious Forces with Partnered U.S: Japan Cyber Operations

Harrison Rashley — 2025-06-25

The first island chain is a threat environment characterized by persistent and sophisticated cyber activities by state
and non-state actors, as well as strategic competition with China, North Korea, and Russia. To operate in these conditions
the United States Marine Corps has proposed the Stand-in Force, a small, low-signature force establishing the forward edge
of a partnered defense-in-depth in the United States Indo-Pacific Command area of operations. This paper examines the
efficacy of utilizing partnered and allied cyber infrastructure to support persistent reconnaissance and counterreconnaissance
operations by Stand-In Forces within contested maritime zones. It focuses on Japan, a key ally in the Western
Pacific. Through a case study approach, it examines the nation’s cyber command structure, defense network security, existing
cyber agreements with the United States, and barriers to cooperation, congruently assessing their cyber capabilities and
willingness to cooperate in cyberspace. The result is a summary of their ability to support the Stand-In Forces in defensive
and offensive cyber operations, an analysis of current barriers, and the requirements of an ideally cyber-capable Stand-In
Force.

Implementing the European Cybersecurity Skills Framework (ECSF): A Case Study of EU Innovation Projects

Paresh Rathod — 2025-06-25

The European Cybersecurity Skills Framework (ECSF) offers a practical approach to developing a skilled cybersecurity workforce. The paper explores the application of the European Cybersecurity Skills Framework (ECSF) in real-world cybersecurity training in EU innovation projects, addressing a significant research gap. By providing insights and best practices, this study aims to support organisations and communities in enhancing cybersecurity talent and workforce development. It offers valuable information for stakeholders such as policymakers, educational institutions, training providers, and cybersecurity professionals. Ultimately, the goal is to promote a comprehensive understanding of cybersecurity skills development and strengthen Europe’s cybersecurity workforce. Ultimately, the goal is to promote a comprehensive understanding of cybersecurity skills development and to strengthen Europe’s cybersecurity workforce. In the field of cybersecurity, EU innovation projects play a vital role in developing new solutions and fostering a more resilient digital environment. This study specifically focuses on the relationship between implementing ECSF in the EU innovation projects, particularly CyberSecPro, NERO and CyberSynchrony. These projects aim to develop solutions for cybersecurity education and training. They also seek to strengthen the resilience of the European market against cyber threats by promoting the adoption of advanced cybersecurity solutions. This study highlights the practical implications of implementing the ECSF in these projects and its potential to enhance cybersecurity skills development and workforce competencies within EU nations.

Proposal of Harmonising Cybersecurity Professional Education and Training (CPET) in the European Union (EU): Exploratory Study

Paresh Rathod — 2025-06-25

This paper explores the critical need for harmonising Cybersecurity Professional Education and Training (CPET) across the European Union, helping professionals from all sectors of the economy to acquire the necessary knowledge, skills, capabilities and values to cope with the cybersecurity challenges in their daily work. The European Union (EU) has been at the forefront of addressing the growing cybersecurity challenges. However, cyber threats continue to evolve and spread quickly. It demands a coordinated approach to developing cybersecurity skills and knowledge. It is essential for strengthening the EU's overall security posture. This paper argues that the need for a robust and harmonised Cybersecurity Education and Training (CPET) framework or solutions is becoming increasingly critical. A qualitative research methodology is employed to better understand the complexities involved in CPET harmonisation. This study draws on a wide range of sources, including literature, expert interviews, and panel discussions, to examine the challenges and opportunities of harmonising cybersecurity education and training (CPET) across Europe. It argues that by adopting targeted strategic recommendations, the EU can strengthen its cybersecurity capabilities, boost resilience, and better protect its digital infrastructure through a more unified and effective approach.

Sabermetrics for Cyber: Collecting and Analyzing User Activity Data from Ephemeral Exercises

Jael Rivera — 2025-06-25

The term sabermetrics was coined in the 1970s by members of the Society for American Baseball Research (SABR) to describe how baseball teams use advanced analytics to evaluate talent and maximize performance both offensively and defensively. Sabermetrics transformed professional baseball through its data-driven approach, enabling teams to devise new tactics and strategies for improving individual and overall team performance. The concept of sabermetrics or advanced analytics can also be applied to the cybersecurity domain to improve performance, both offensively and defensively, and to better evaluate talent. To do this, data is needed. Cybersecurity exercises are well suited for providing this data because they are designed to develop critical technical skills in controlled, simulated environments that closely mirror real-world threats. However, preserving data for ephemeral cybersecurity exercises can be challenging because these environments are temporary, and when they are torn down, log data is lost unless deliberate actions are taken to retain the data for future use. This includes all information regarding the actions participants took in the exercise. x`Recognizing that important information can be gleaned by analyzing this data, the Software Engineering Institute (SEI) at Carnegie Mellon University developed a capability to capture a high-fidelity record of user activities during cybersecurity exercises. This paper discusses the motivation behind this development, the insights that can be gained from the collected data, and how the SEI configures exercises used in cybersecurity competitions to collect and store user activity data for future detailed analysis.

Feasibility of Conditional Variational Autoencoders for Phase-Averaged Synthetic Time Series

Matthias Rüb — 2025-06-25

In cybersecurity, synthetic data is beneficial for testing, training, and enhancing AI-driven defense systems without compromising sensitive information. Critical sectors like telecommunications, finance, energy, and healthcare generate vast amounts of time-series data, often requiring reduction methods such as phase-averaging to manage scale. However, this can obscure essential features, impacting anomaly detection and threat modeling. This study explores whether conditional Variational Autoencoders (cVAEs) can generate high-quality synthetic data when given only phase-averaged time series for training. Results on a biometric use-case show that cVAEs preserve intrinsic properties of reduced data, making it usable for classification and to a more restricted degree as training data in downstream cybersecurity applications.

Designing for Cyber Situational Awareness: Initial Results of a Literature Review

Mikko Salminen — 2025-06-25

Situational awareness is the prerequisite for decision making. According to the widely used theory by Mica Endsley, situational awareness can be segmented to three levels: 1) perception of elements of the environment in time and place, 2) understanding of the meaning of the situation formed by the elements, and 3) evaluation of the development of the situation. Systems for common operational picture (COP) have various functionalities for processing, mediating, analysing, and visualizing data with the goal to enable the decision makers to form situational awareness and understanding. Compared to other domains (e.g., land, air, naval), in the cyber domain the phenomena need novel types of visualizations and a map is not often the most suitable visualization platform. There is paucity of previous studies comparing the amount of research on cyber COP to the other operational domains. In addition, previous studies have not summarized the extant literature on methods to support decision makers’ metacognitive processes with cyber COP functionalities and visualizations. To address these gaps, the identified COP functionalities from the existing literature were classified following the 3-level model of situational awareness. In addition, previous studies on supporting the metacognitive processes, such as evaluating information novelty or credibility, by COP functionalities were identified. High research activity was observed for the COP within the cyber domain. In majority of the papers, the COP functionalities for cyber situational awareness were presented on a conceptual level with no evidence on implementation of them or their possible effectiveness in supporting the work of the situational awareness operators or the decision makers. This is a gap that calls for more research. Taken together, these findings can be used in steering future research for developing systems that support cyber situational awareness more effectively.

Demonstration and Evaluation of Defensive Cyber Operations Decision-Making Model

Pietari Sarjakivi — 2025-06-25

As technology has evolved, the world has become more dependent on digital services. Businesses are digitalizing their core processes to better match their clients’ needs and critical infrastructure providers are seeking performance improvements from digitalization. When assets are digital, cybercriminals and nation-states are increasing their offensive activities in the cyber domain. As a result of this, cyberattacks are growing in complexity and speed, forcing defenders to advance in their capabilities to respond to these threats. One key element in developing defensive capabilities is to understand the underlying decision-making models providing the basis for more effective tooling, operation planning, and organizational models. The purpose of this paper is to address this need by demonstrating a Defensive Cyber Operations (DCO) decision-making model constructed based on a wargaming exercise, to assess the usability and transferability of the model to real-world cyber operations and to further develop the model based on the feedback received. The research is based on the Design Science Research methodology and focuses on the demonstration and evaluation phases of the selected methodology. The constructed decision-making model was presented to an expert panel, consisting of 17 experienced professionals of 7 nationalities. They were selected based on their known experience of cyber operations or by the recommendation of previously interviewed panel members. The panel contributed to the model with their evaluation and ideas for improvement. Based on the findings of the expert panel, the model was further developed to include a clear notion of escalation for activities requiring a higher mandate, stronger collaboration and reporting with upstream managers and external stakeholders. In addition, several minor improvements were made to improve the usability of the model. The improved DCO decision model presented in this paper is endorsed by the expert panel as applicable and transferable to real-life DCOs, thus laying the groundwork for future research into automation and artificial intelligence augmentation of faster and more accurate DCO decision-making.

A Security-Conscious Primer on LoRa and LoRaWAN Technologies

Tomás Simões — 2025-06-25

At its core, the Internet of Things (IoT) paradigm encompasses a wealth of devices, mainly sensors, actuators and systems that can connect and exchange data through any means of communication, as long as they’re individually addressable and are a part of a network. There is a wide array of possible network types, among which Low-Power Short-Range Networks (LPSRNs) and Low-Power Wide-Area Networks (LPWANs) offer a great deal of potential to support energy efficient communications with low maintenance. LoRa (an abbreviation of “Long Range”), one of the most popular technologies for implementing LPWANs, is a radio-based technique derived from Chirp Spread Spectrum (CSS) technology (where “Chirp” stands for Compressed High Intensity Radar Pulse). However, when used as a standalone technology, it exposes exchanged data as LoRa devices simply transmit packets publicly without any built-in security. The LoRaWAN (LoRa Wide Area Network) framework addresses these shortcomings by providing a software layer on top of LoRa, supporting device addressing, management and message acknowledgement, while also providing a security framework with network and application encryption layers based on the AES-128 algorithm. LoRaWAN security mechanisms provide authentication and integrity protection of transmitted packets to the LoRaWAN Network Server (LNS), to ensure end-to-end encryption at the application layer. Due to its widespread application in IoT scenarios such as smart cities, smart transportation and environmental monitoring, the security of the LoraWAN framework is fundamental to ensure the security and safety of critical metering and telemetry infrastructures. In this paper we provide a primer on LoRa and LoRaWAN technologies and address the security and management-related aspects of this framework, also presenting a threat model for LoRaWAN networks based on the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) methodology, providing a convenient starting point for risk assessment and preventive/mitigation action planning.

Building Trust in Smart TVs: AI-Enhanced Cybersecurity for User Privacy and Ethical Monetization

Nakul Singh — 2025-06-25

As Smart TVs evolve into central hubs for IoT ecosystems, ensuring user trust through robust cybersecurity and ethical monetization practices has become paramount. This paper explores the integration of AI-driven cybersecurity features into Smart TVs, enabling them to safeguard user privacy and secure connected devices such as thermostats, smart speakers and home automation systems. By leveraging advanced AI techniques, including anomaly detection, behavioral analytics and federated learning, Smart TVs can monitor network traffic, detect vulnerabilities and mitigate potential cyber threats in real-time. For example, these systems can proactively identify and block IoT-based botnet attacks like Mirai, preventing unauthorized access to home networks. Additionally, AI-driven device typing enables Smart TVs to accurately classify and optimize the performance of connected devices, enhancing interoperability and user experience. The transformation of Smart TVs into trusted IoT hubs also presents significant monetization opportunities for manufacturers. Ethical monetization strategies, such as offering premium AI-powered security subscriptions, personalized automation services and bundled IoT device packages can generate revenue while prioritizing user trust. Privacy-preserving AI techniques such as federated learning and edge computing ensure that insights are monetized without collecting raw user data. Cross-selling and upselling opportunities arise as manufacturers integrate Smart TVs with complementary smart home products, fostering a seamless, secure ecosystem. Additionally, partnerships with cybersecurity firms and IoT developers further expand revenue streams, ensuring sustainable growth. Unlike traditional IoT security solutions, AI-powered Smart TVs provide native, real-time protection without requiring additional hardware, positioning them as the next frontier in home cybersecurity. As the industry advances, embedding privacy by design principles and offering users greater control over their data will be crucial in maintaining trust. This paper highlights how AI-enhanced cybersecurity and responsible monetization can redefine Smart TVs as both intelligent home automation hubs and ethical revenue generators, ensuring security, privacy, and user satisfaction while driving industry growth.

Critical Infrastructure Security and the Role of AI: An Overview

Siphesihle Sithungu — 2025-06-25

Critical Information Infrastructures (CIIs) are an increasingly important focus area of industrial automation, particularly regarding the current developments towards Industry 5.0 and the industrial metaverse. Critical Information Infrastructure Protection (CIIP) is one of the fastest growing areas of cyber security primarily due to the expectations of both large companies and governments to protect their critical infrastructure in the interest of economic stability and citizen security. The critical infrastructures themselves are becoming increasingly automated due to the increasing availability and lower cost of Artificial Intelligence (AI) methods for downstream tasks such as predictive maintenance, load forecasting and anomaly detection. AI methods can also be used to protect critical information infrastructures, for example by implementing sophisticated algorithms for threat modelling and intrusion detection. The focus of this work is on the latter: The applications (and potential) of AI to secure CIIs in the presence of increasing amounts of cyberattacks. It is becoming ever more important to understand the current state of the art in using AI to protect CII. For example, it is imperative to understand the general capabilities of AI for downstream tasks such as intrusion detection and investigate the potential capabilities of AI for upstream tasks such as self-supervised learning, representation learning and generative modelling specifically for cybersecurity.

Enhancing Cybersecurity in Healthcare: The KyberSoTe Project's Approach to Mitigating Cyber Threats

Ilkka Tikanmäki — 2025-06-25

In today's digital age, healthcare organisations are increasingly vulnerable to cyberattacks, making cybersecurity a crucial component of healthcare management. Protecting sensitive patient, medical, and personal data against hackers, cybercriminals, and other malicious entities cannot be understated. The CIA triad—confidentiality, integrity, and availability—is fundamental to cybersecurity in healthcare, safeguarding data privacy, accuracy, and access. The Cybersecurity in Everyday Work in the Social and Healthcare Sector (KyberSoTe) project is designed to identify prevalent cyber threats social and healthcare professionals encounter by utilising high-quality research, surveys, and firsthand data. Organisations in the social and healthcare sectors must implement practices to strengthen the cyber-safe behaviour of their personnel. The importance of cybersecurity lies in the presence of educated staff and a robust information security culture, as cybersecurity often relies on human vulnerability. Despite the increasing frequency of cyberattacks, awareness of cybersecurity threats and the impact of individual actions on organisational security remains low among social and healthcare professionals. The social and health sector faces a growing threat from cyberattacks, necessitating preparedness for present and future risks. Hospitals have adopted various strategies, such as enhanced staff training, endpoint management, stakeholder coordination, and anti-virus solutions, to bolster their cyber resilience. National and international organisations recommend measures, including software and application security, infrastructure protection, cloud and IoT security, and robust security management systems. Key components of cyber resilience include access control, information security, network security, and user security. Healthcare facilities can prevent cyberattacks through staff training, routine system updates, and advanced security tools. Prioritising cybersecurity and establishing detailed strategies and contingency plans are crucial for preventing intrusions. Insufficient security standards and a lack of comprehensive security strategies are reasons why hospitals are particularly vulnerable. Preventing data breaches that threaten patient data requires urgent attention to cybersecurity and cyber-hygiene practices. Healthcare institutions must develop clear policies and contingency plans to manage potential cyberattacks and their consequences. Emphasising the importance of cybersecurity, healthcare organisations must take proactive measures to safeguard sensitive patient data and prevent losses from system failures, reputational damage, and other cyberattack-related issues.

Cybersecurity Training in the Healthcare Domain

Ilkka Tikanmäki — 2025-06-25

Integrating digital technologies in healthcare, such as electronic health records (EHR), telemedicine, and smart devices, has significantly enhanced patient care and operational efficiency. However, this digital transformation also introduces substantial cybersecurity challenges, threatening patient safety and data integrity. This study examines the current state of cybersecurity training within the healthcare sector, highlighting the critical need for continuous and comprehensive training programs tailored to healthcare professionals' diverse needs and technical skill levels. The study identifies key vulnerabilities, including software weaknesses, human errors, and information security shortcomings, emphasising the importance of staff motivation and adherence to cybersecurity measures. Through a qualitative case study methodology, the study explores effective training practices that promote cybersecurity awareness and compliance among healthcare staff. Findings indicate that despite existing training efforts, many healthcare workers feel undertrained and uninformed about secure technology use, leading to frustration and potential data breaches. The study underscores the importance of customised training programs that address strong password practices, phishing detection, secure data management, and device protection. Additionally, it emphasises the role of healthcare workers in safeguarding Protected Health Information (PHI) and the necessity for a collaborative approach to cybersecurity risk management. The research concludes with recommendations for enhancing cybersecurity training and fostering a culture of vigilance and responsibility within healthcare organisations. This study uses a qualitative research methodology through desk research. The data collection process was based on existing cybersecurity policy documents, training materials, incident reports, and compliance information. The results were validated using multiple data sources to ensure data triangulation. The study's approach ensured an understanding of the current state of cybersecurity training in healthcare and provided practical recommendations for improving the effectiveness of training programs. This research may help further enhance the understanding and implementation of effective cybersecurity training programs in healthcare, ultimately improving the protection of sensitive health information and patient safety. This study’s research question addresses the modification of training and learning practices to improve healthcare professionals' awareness of and compliance with cybersecurity.

Enhancing Risk Management on IoT Medical Devices

Ilkka Tikanmäki — 2025-06-25

The Internet of Medical Things (IoMT) represents a transformative step in healthcare, enhancing patient outcomes through real-time monitoring and treatment. However, the increasing reliance on IoMT devices exposes critical vulnerabilities, posing significant risks to patient safety and healthcare operations. This paper evaluates the cybersecurity challenges of IoMT devices and explores how the DYNAMO tools (Cyber-Attack Forecasting, Secure AI, ThreatLens, and CTI Extractor) address these threats. A phased research approach was employed, with a literature review, DYNAMO tool analysis, and vulnerability-tool mapping. The results demonstrate the potential of advanced AI-driven tools to predict, detect, and mitigate threats, ensuring robust security for IoMT ecosystems. The research found promising results but acknowledges limitations due to the theoretical nature of the analysis. Without practical testing, the feasibility of these tools in real-world IoMT environments remains uncertain. For instance, CAF and CTI Extractor rely heavily on accurate and comprehensive data, which may not always be available in healthcare organisations. Secure AI's computational demands and ThreatLens's complex visualisations may present barriers, particularly for smaller healthcare facilities with limited resources or expertise.

Developing Cloud-Based Cyber Capacity Building Platforms

David Tileston — 2025-06-25

Creating and maintaining an effective cybersecurity workforce is a significant challenge for organizations due to the complexity of the cyberspace domain. Military organizations especially have problems due to the transitory nature of personnel and retention challenges. The Integrated Multinational Cyber Information Sharing and Training Environment (IMCITE) is a system that facilitates organizational development using a learning management system, organic and government-off-the-shelf training materials, hands-on cyber training labs, large-scale cyber exercises, and information sharing with other organizations. Additionally, IMCITE incorporates learning plans and competency frameworks to track training effectiveness and ensure alignment with training goals, enabling targeted and measurable training initiatives to help identify skill gaps, streamline career progression, and improve workforce readiness. In this paper, we will discuss the technical and other challenges involved with developing, deploying, maintaining, and training in the use of such a system.

The Utilization of Quantum Computing for AI Applications in Classical IT Network Environments

Monika Wolfmayr — 2025-06-25

Quantum computing is a new technological discovery that has the potential to transform industries based on high computational capabilities. This work explores how quantum computing will be integrated into AI applications and what impacts it will have on IT networks. A review of the recent literature shows that IT networks need to be upgraded to receive quantum-enhanced AI algorithms, as they require more computation power and faster real-time processing. It covers three major topics: the enabling of quantum AI applications, the role of QRC (quantum reservoir computing) in IT networking, and the challenges concerning the protocols of quantum communication, such as QKD (quantum key distribution). Network architectures of today’s state of the art will have to evolve toward enabling quantum-enabled AI, primarily regarding processing speed and interaction between the quantum and classical systems. This work, therefore, wishes to explain how such technological advances could influence AI applications and tune IT networks. We discuss the following questions: How can IT networks support the exploitation of quantum computing for AI applications? What effects do the dynamics and symmetries of quantum reservoir computing have on IT networks? Which IT networks can adapt to the challenges introduced by quantum computing technologies? The scope and depth of contributions reviewed in the articles together suggest huge potential for quantum computing in optimizing machine learning processes and IT networks with improved data handling and network management. At the same time, these ambitions are underlined by scaling concerns related to quantum hardware and qubit stabilization, and finally, the relative easiness with which quantum-classical computing is retrofitted into existing IT infrastructures. The findings suggest that hybrid quantum-classical systems will be essential in future IT infrastructure; efficiency and scalability will have to balance with security concerns in quantum computing environments.

Civic Cyber Defence / Resilience: A Review of Approaches

Matthew Warren — 2025-06-25

Cyber defence / security is a critical component of civic resilience, ensuring the protection and continuity of essential services and infrastructure in the face of cyber threats. As societies become increasingly digital, the potential for cyber attacks on public systems, such as utilities, healthcare, transportation, and government services, grows. These attacks can disrupt daily life, compromise sensitive data, and undermine public trust. But what happens in a national emergency? How is cyber security and disinformation considered from a civic cyber resilience perspective? What are the expectations of citizens in the first 72 hours of a national emergency? The paper will evaluate cyber advice offered to the citizens of a number of European countries. The evaluation will focus on the national advice offered from a technological, legal, and societal perspective. The analysis will focus on the different approaches of six European countries and what can be learned from these different approaches regarding Civic Defence and Resilience.

The Legal Pitfalls to Ratification of the United Nations Convention Against Cybercrime

Murdoch Watney — 2025-06-25

A safe and secure digital space benefits all countries. The growth and development of information and communication technologies (ICTs) are now moving at such a fast pace that keeping up with the threats that ICTs present to businesses, governments, and individuals necessitate a response on an international level. As far back as the early 2000’s, the Council of Europe recognised the threat that cybercrime presents to a safe and secure internet. It adopted a multilateral Convention on Cybercrime (Budapest Convention) in 2001 which came into effect in 2004. Since its adoption 68 countries have ratified it, but the Budapest Convention never achieved ratification on a global level, with the unfortunate consequence that a void existed on international level. As the risks to the cybersecurity landscape escalated, it became apparent that critical issues such as international consensus on which behaviour in cyberspace should be criminalised, how cooperation in the investigation of crime and sharing of evidence should be achieved, had to be addressed by the United Nations (UN). It is against this background that the first international Convention against Cybercrime is explored. The Convention traces its roots back to a United Nations General Assembly (UNGA) vote in 2019, when Russia challenged the Budapest Convention calling for an international framework to address cybercrime. Such a call was supported by BRICS nations and other developing countries but some Western countries were not enthusiastic. Following an arduous 5 year negotiation process, the UNGA adopted the Convention against Cybercrime on 24 December 2024. The adoption of the Convention may be a landmark achievement, but it cannot be considered a victory if the key players do not ratify it. For example, the United States’ (US) tech sector holds most of the world’s data and if the US does not ratify it, it will impact negatively on the operational value of the Convention. Furthermore, if countries decide not to ratify, it may heighten geo-political tension. The discussion highlights the objections and reservations to the Convention against Cybercrime, whether the concerns are justifiable and the possible impact of non-ratification.

Strategies to Tackle Disinformation: Operationalizing Zero Trust

Allison Wylde — 2025-06-25

Disinformation is now acknowledged as one of the leading threats to global security. Although trust is a central foundation in the take-up of disinformation and in its resulting loss of trust, little is known about the mechanisms of trust. In response, this conceptual paper first reviews a specific strand of trust and distrust literature from management, organization and conflict management studies models to attempt to disentangle the trust issue in disinformation. The method employed was based on a purposive literature review. This approach allowed generating a deep understanding of the foundational literature, in the context of understanding trust in disinformation and a transformative approach from cybersecurity zero trust as a potential solution to operationalize the aims of this research. Drawing from the emerging findings from the review, the paper then proposed leveraging zero trust as a tactic to counter disinformation. Although the limitations of a purposive literature review approach are acknowledged, calls for further research and action are presented thereby helping bridge potential methodological issues. The contribution of this paper presents an early-stage framework setting out the key tactics involved in operationalizing and achieving a zero trust mindset to safeguard against disinformation. Key implications for government, defense practitioners, academics and stakeholder communities are discussed.

Augmenting Cybersecurity Awareness at Critical Infrastructures in Developing Countries Through a Cybersecurity Governance Maturity Model

Hendrik Zwarts — 2025-06-25

As the utilization of cyber systems in the management and operation of critical infrastructures have grown, the cybersecurity threats to critical infrastructure sectors such as energy, healthcare, transportation and water simultaneously increased exponentially. Critical infrastructures in developing countries are particularly vulnerable to growing cybersecurity threats due to limited resources, inadequate cybersecurity policies and a general shortage of skilled cybersecurity specialists. Addressing these vulnerabilities is essential for developing countries to ensure the operational continuity, data protection and public safety associated with functioning critical infrastructures. An explorative literature review identified a number of aspects that can be used to counter the increasing cybersecurity threats to critical infrastructures in developing countries. Literature suggests that although there are defined norms and standards for critical infrastructures in developing countries, there is room for improvement in terms of the contribution that enhanced cybersecurity awareness can accomplish. A good cybersecurity awareness program must include sufficient training that is aligned with an organization’s objectives, focus on raising cybersecurity awareness while performing normal duties whilst creating an interactive cybersecurity communication culture between all stakeholders. This paper presents research that is in progress to develop a functional cybersecurity governance maturity model aimed at capacitating role players responsible for the safeguarding of critical infrastructure systems in developing countries. The primary aim of the evolving Critical Infrastructure Cyber Governance Maturity Model (CICGM²) is to improve the cybersecurity governance of critical infrastructure systems in developing countries. The purpose of the article is to specifically describe how the CICGM² can be used to assess and determine the level of maturity of cybersecurity awareness programs at critical infrastructures in developing countries. The integration of recognized cybersecurity governance frameworks and established cybersecurity maturity models into the CICGM² presents unique opportunities to establish, measure and manage cybersecurity awareness initiatives at critical infrastructure systems in developing countries. This article contributes to the field of cybersecurity governance by offering a non-technical, scalable and adaptable CICGM² for key stakeholders at critical infrastructures in developing countries that can be used to determine the level of the cybersecurity awareness initiatives for the facilities that they are responsible for.

AI Governance: Achieving EU AI Act Compliance in the Dynamo Project

Ilkka Tikanmäki — 2025-06-25

The European Union (EU) Artificial Intelligence (AI) Act introduces stringent requirements for AI systems, posing challenges for organisations seeking compliance. This study explores whether the AI Governance and Assurance (AIGA) framework can provide a structured approach to aligning the DYNAMO platform with these regulations. The Horizon DYNAMO project, funded by the EU, aims to improve cyber resilience by collecting the organisation’s skills data and creating custom and modified training programs. The DYNAMO project integrates AI solutions for threat intelligence and other purposes. The hypothesis is that the AIGA framework offers a robust governance structure that ensures compliance, supports ethical decision-making, and enhances transparency throughout the AI lifecycle. Using desk research, published literature by AIGA’s research team and EU AI Acts regulatory guidelines were analysed to evaluate the AIGA framework. This study focuses on applying AIGA to the governance phase, specifically addressing workflows and structures that embed compliance checkpoints and risk management mechanisms. This approach directly tackles key aspects of the EU AI Act, including risk-based system classification, transparency obligations, and continuous monitoring. Findings indicate that during the AIGA framework development, AIGA’s researchers paid particular attention to the emerging EU AI legislation, which caused it to align well with the regulatory requirements of the EU AI Act. To manage AI development and ensure compliance, the AIGA model offers root-level actions and a practical governance checklist. Implementing these governance tasks in a dynamic platform like DYNAMO requires further refinement and adaptation to each critical sector's specific environmental and stakeholder requirements to produce practical applicability. In conclusion, this study demonstrates that the AIGA framework can provide a strong foundation for regulatory compliance under the EU AI Act. By addressing governance challenges, this approach enables organisations to meet regulatory demands while maintaining ethical AI development and operational excellence and contributing to a future where AI is both innovative and responsible. Future work includes testing these implementations in real-world scenarios to confirm their effectiveness.

Evaluating the Effectiveness of Psychological Prompt Injection Attacks on Large Language Models for Social Engineering Artifact Generation

Thomas Heverin — 2025-06-25

This study explores the vulnerability of Large Language Models (LLMs) to prompt injection attacks, a critical security concern. We investigate the effectiveness of four psychological techniques (PTs) from social engineering – Impersonation, Incentive, Persuasion, and Quid Pro Quo – in facilitating these attacks. Prompt injection involves manipulating LLMs by embedding malicious instructions within user prompts, potentially generating harmful content or compromising sensitive data. Understanding these mechanisms is crucial for developing effective defenses. Our research assesses how these PTs influence prompt injection success rates against ChatGPT-4o mini and Gemma-7b-it LLMs used for ChatGPT and Gemini respectively. We hypothesized that PTs significantly increase the likelihood of successful attacks, with some techniques being more effective. 220 prompt injection tests (110 per LLM) were conducted, designed to elicit social-engineering artifacts like phishing emails, fake login screens, and ransomware notes, evaluating model susceptibility to diverse attack vectors. The four PTs were chosen based on their relevance to manipulating human behavior in social engineering. Impersonation involves assuming a trusted identity, Incentive offers rewards, Persuasion uses manipulative tactics, and Quid Pro Quo involves reciprocal exchanges. These techniques were adapted for prompt injections to simulate real-world social engineering scenarios. Statistical methods, including ANOVA and Kruskal-Wallis tests, assessed the overall impact of PTs. Mann-Whitney U tests with Bonferroni correction compared individual techniques, and Cohen’s d measured effect sizes. Results demonstrate a statistically significant impact of PTs on prompt injection success. Impersonation was most effective across both LLMs, followed by Persuasion and Quid Pro Quo, with Incentive being least effective. These findings align with social engineering principles, highlighting the power of impersonation and other manipulative tactics. Our research has significant implications for LLM security and AI-driven social engineering. LLM vulnerability to psychologically-driven prompt injections necessitates proactive security measures. Future research should focus on robust defense mechanisms, explore the interplay of PTs, and investigate their impact on LLM security. This study contributes to understanding LLM vulnerabilities and developing more resilient AI systems.

MISP Management Models for Effective Threat Intelligence in Cybersecurity

Saku-Lassi Eljaala — 2025-06-25

Studies conducted in the context of the DYNAMO Horizon Europe project reveal that a significant proportion of regional cyber threat intelligence (CTI) data is still shared through manual methods such as email and chat. While these systems are generally viewed positively, they are also understood to be prone to delays and inaccuracies. The interest in utilizing the Malware Information Sharing Platform (MISP) is rising, yet its implementation is still nascent. Effective integration of MISP into cybersecurity operations hinges on selecting an appropriate governance model. This paper evaluates four models—Centralized, Decentralized, Hybrid, and Federated—to understand their advantages, limitations, and suitability for diverse organizational needs. As cyber threats grow in complexity, organizations increasingly rely on collaborative tools like MISP, requiring robust management frameworks to ensure efficient threat intelligence sharing. This study involves a systematic review of literature and desk research of materials produced during the DYNAMO project to analyse different governance models in terms of their alignment with MISP's objectives, operational needs, and organizational structures. The study’s main conclusion is that no single governance model fits all scenarios. Centralized models ensure compliance and consistency, making them ideal for small or regulated environments. Decentralized models offer flexibility for organizations with varied local demands but risk fragmentation. Hybrid and Federated models balance centralized control with local autonomy, providing scalability and resilience for large or complex organizations. Among these, the hybrid model stands out for its ability to dynamically address cybersecurity threats while maintaining cohesive governance. However, successful MISP integration also depends on user engagement, clear protocols, and adaptability to evolving needs. This study provides actionable insights to optimize MISP governance, enhancing collaboration, compliance, and cybersecurity resilience. The study also highlights the importance of ongoing training, clear procedures, and active user participation to maximize MISP’s benefits. These insights help organizations build resilience and stay adaptable to evolving cybersecurity challenges.

Anchoring Security in Maritime: Defining and Protecting Critical Assets for Business Continuity

Ilkka Tikanmäki — 2025-06-25

This study highlights maritime operations increasingly relying on digital technologies, creating new cybersecurity vulnerabilities that threaten global trade. The study addresses this gap by developing a systematic approach to identify business-critical digital assets, focusing on cargo management systems that directly impact revenue generation. The methodology employs Attack Tree analysis, examining maritime digital assets through factors of production lens. Systems enabling cargo booking, loading, and revenue generation to determine criticality are analysed. Initial findings indicate that cargo management systems represent vital digital assets, directly impacting operational continuity. This study evaluates a framework for maritime operators to assess and protect their critical digital infrastructure, ensuring business continuity while bridging the gap between onshore and offshore cybersecurity requirements. Offshore maritime operators fall under International Maritime Organization (IMO) legislation. Onshore operations follow traditional frameworks, leaving no unified cybersecurity framework for maritime operators. The mixed methods approach combines qualitative interviews with maritime small and medium-sized enterprises (SMEs) and quantitative analysis of cybersecurity frameworks and risk management methods. Given SMEs’ limited resources and expertise, the study focuses on implementing a suitable risk management concept to help SMEs ensure business continuity and protect essential operations. Findings revealed that maritime operations increasingly depend on digital technologies, a trend already evident in both onshore and offshore operations. When focusing on business continuity and examining typical frameworks used by maritime operators, gaps between onshore and offshore operations were identified. Research is centred on addressing this gap, specifically through the ISO 22301 framework. The findings highlight a notable distinction between onshore and offshore operations. This study shows that small maritime companies must protect their crucial digital systems, especially cargo management. Using a simple security framework (ISO 22301) helps these companies stay safe both onshore and offshore. This method aids SMEs in focusing on protecting what matters most. Future research should find cheaper, easier ways to help these companies improve their cybersecurity smoothly.

Navigating the Cyber Resilience Act: Implications for the Dynamo Horizon Project

Jyri Rajamäki — 2025-06-25

This work-in-progress paper develops an operational model for the DYNAMO Horizon Europe Project to ensure compliance with the EU Cyber Resilience Act (CRA). Compliance with the CRA enables DYNAMO to provide a high level of security and maintain its competitiveness. By meeting the CRA requirements, DYNAMO can protect its users, strengthen its market position, and promote best practices in cybersecurity. The area in which DYNAMO works is critical to society, creating a complete platform of tools and frameworks for cyber threat intelligence. Tools included in the platform need to abide by the regulations in place and being compliant also helps DYNAMO ensure that the tools are safer for the users of its platform. The regulations cause complications and confusion without sufficient preparation. As a subject still under research, with pending regulation, this study provides future proofing and assistance in planning efficient transition to compliance. Compliance for third parties is simplified in regulation. Open-source software provides a powerful exception to this regulation as well, being useful as a method of risk transference through using these exceptions. DYNAMO can utilize these aspects of the CRA to enhance compliance. How different companies are fulfilling their vulnerability management regarding CRA is a venue for future research purposes, as are methods for futureproofing compliance, and the impacts of CRA on Artificial Intelligence use, and how this intersects with the AI Act.

EDUHints: A Human-in-the-Loop Small Language Model Hint Generation System for Cybersecurity Education

Taylor Wolff — 2025-06-25

The problem that we study is how to efficiently generate hints for students who are engaged in hands-on cybersecurity exercises. Students sometimes get stuck and can become frustrated when they are missing information that is necessary for solving a challenge. While large language models (LLMs) could help, they can be expensive to use and typically require the sharing of student data with third-party AI providers. In order to minimize computational overhead and financial costs, we chose to deploy a small language model (SLM) with retrieval-augmented generation (RAG). In addition, we use a human-in-the-loop approach, where the instructor reviews the AI-generated hints before they reach the student. This keeps the instructor involved, increases the quality of the hints presented to the student, and preserves student-instructor interaction while reducing the cognitive load on the instructor. We have tested our hint generation system “EDUHints” in the classroom, collecting qualitative responses from 15 students via three brief surveys.

Weaponizing Connectivity: The Role of Social Media and Cyberspace in Modern Subversion

Daphne Damons — 2025-06-25

The proliferation of social media has revolutionized modern warfare, transformed the nature of conflict and redefined the rules of engagement (Arquilla & Ronfeldt, 1993). The rapid evolution of social media platforms, with their speed and anonymity, has created complex tools with far-reaching impacts on global security and stability (Kaplan & Haenlein, 2010). The threat landscape has evolved significantly, shifting from traditional warfare to cyber operations short of war, which have significant implications for state power and global security. Thus, the traditional notion of warfare has undergone significant transformation with the advent of cyber operations and social media. As noted by Valeriano and Maness (2015). “Cyber warfare is a new and evolving form of conflict that is changing the way states interact with each other”. Cyber operations short of war refer to the use of cyber-attacks, propaganda, and disinformation to influence the actions of other states or non-state actors without resorting to conventional military force. Hence, nations can exert their influence and act without resorting to conventional military force. This new reality has given rise to a theater of hybrid threats, which demands innovative strategies for counteraction (Giannopoulos, G., et al 2020). This article examines the weaponization of connectivity, exploring how social media platforms and cyberspace are being leveraged as tools of modern subversion. Drawing on existing literature (Gladwell, 2010; Morozov, 2011) and recent global events, this research investigates how state and non-state actors are exploiting social media to further their strategic interests (Loader & Mercea, 2011) as well as providing a framework for countermeasures making use of examples. The implications of these actions for global security and stability are also examined (Nye, 2011). By shedding light on this underexplored topic, this article aims to contribute to a deeper understanding of how roll connectivity is weaponized to use social media and cyberspace in modern subversion.

Experimental Attacks on Quantum Computing and Quantum Machine Learning

Marc Maußner — 2025-06-25

2025 marks the UN International Year of Quantum Science and Technology. We expect this emerging technology to enter application in real world industry use cases in the next few years. The current focus in research and industry lies on the nominal function of quantum computing to show its “usefulness” of the technology. Hence, one should also start considering aspects of cybersecurity to prepare for currently known attacks when quantum computing is ready to be used in industry.This work provides an overview on quantum computing (QC) with the underlying used quantum mechanical phenomena. We set special highlight on quantum machine learning (QML) as it is expected to have higher expressiveness and shorter training times. The quantum machine learning lifecycle will be presented in detail with the current state of the art of theory and research of cybersecurity attacks.We aim to use this knowledge and start to construct simple experiments as proof-of-concepts for attacking assets in the CIA triad. These proof-of-concepts will set the base for attacks on more relevant use cases of QML models, leading to thoughts and experiments for countermeasures to be set up and put in place. The conclusion will consist of future work and the currently not in detail investigated sections of the lifecycle.

Cybersecurity Education in Finnish Universities of Applied Sciences: Workforce Alignment

Jani Ekqvist — 2025-06-25

Performing effectively in cybersecurity work roles demands a diverse professional skill set. Fresh graduates often struggle to meet the high expectations of employers. This study assesses how 12 Finnish universities of applied sciences equip students with the most relevant professional skills for graduates’ early careers. The question is topical because the cybersecurity profession suffers from a worldwide workforce shortage, with Finland requiring between 6000 and 13000 additional experts. This study compares the bachelor’s and master’s level study offerings in information and communications technology (ICT) of 12 universities of applied sciences in Finland with the professional skill requirements set by local companies and organizations for cybersecurity roles. The study offerings of participating universities are profiled and categorized based on the EU Joint Research Centre (JRC) Cybersecurity and Bloom’s taxonomies. As an outcome, this study represents visually how study offerings in the participating universities of applied sciences align with industry needs and employer expectations. Previous studies in Finland on university-level cybersecurity education have been based on the U.S.-originated National Initiative for Cybersecurity Education (NICE) Framework. This study extends the current understanding and leverages the latest interview and survey-based research results and the European Joint Research Centre Cybersecurity Taxonomy. Among the bachelor’s degree programs, five universities provide cybersecurity-focused programs, four universities offer complementary mid-level cybersecurity studies integrated within the non-cyber-focused education, and three universities have remarkably low-level cybersecurity study offerings in their curricula. The master’s degree programs are well-aligned with each other and complement the bachelor’s degree programs according to the Finnish dual model educational system.

Understanding the Dynamics of the Cyber Grey Zone: A Conceptual Framework

Shu-Jui Chang — 2025-06-25

Cyberspace has become a domain for state and non-state actors to engage in activities that operate in the area between peace and conflict, often referred to as the “grey zone.” These activities, which range from legal to illegal, exploit the lack of thresholds and norms, creating challenges for understanding impact and managing consequences. This research examines the complexities of cyberspace and grey zone activities, which operate between peace and wartime, using activities ranging from legality to illegality. Addressing the lack of clarity in understanding their impact and management, the study introduces a five-block framework to systematically analyse and triage these activities. The blocks – i) Incident, ii) Technical Analysis, iii) Strategic Context, iv) Operational Preparation, v) Legality and Political Will. This structured approach enables a comprehensive breakdown of situations, assessing strategic significance and providing a benchmark for evaluating proximity to thresholds. The framework is designed to assist policymakers, strategists, and cybersecurity professionals in navigating the complexities of grey zone activities in cyberspace. This study contributes to developing more effective responses to ambiguous and evolving threats by offering a tool for informed decision-making.

Challenges and Opportunities for Cross-Domain Cyber Threat Intelligence Sharing Towards Whole-of-Society Resilience

Bandara Dissanayake — 2025-06-25

The increasing sophistication, frequency, and scale of cyberattacks means that societies cannot rely on isolated and uncoordinated defences but should embrace collaboration and intelligence sharing to remain cyber resilient. In many countries intelligence sharing lies at the heart of national security architecture and is embedded in strategies and in legislation, such as USA’s Cybersecurity Information Sharing Act or the Australia’s Security of Critical Infrastructure Act. In cybersecurity, cyber threat intelligence (CTI) is data created through the careful analysis of cyber threats and adversary behaviours to produce high-quality, timely, actionable, and relevant insights, allowing organizations to confidently anticipate, detect, prevent, and respond to cyberattacks. CTI provides critical insights into potential threats, enabling real-time responses during incidents, targeted mitigation strategies, and rapid recovery. Cross-domain CTI sharing plays a key role in breaking down silos, fostering cooperation across industries and sectors thus giving recognition to the interconnected nature of today’s digital landscape, where a cyber threat in one domain can cascade into and impact other domains. By sharing actionable CTI, organizations can collectively identify vulnerabilities, respond to threats in real time, and protect critical societal functions such as healthcare, finance, energy, and communication while strengthening the overall resilience of interconnected systems. Around the world, enhancing CTI sharing has become increasingly critical and remains a key driver for societal cyber resilience, enabling organizations, communities, and individuals to anticipate, withstand, recover from, and adapt to and thrive amid the ever-evolving complexities of the cyber threat landscape. This study examines the challenges and opportunities for cross-domain CTI sharing through a comprehensive systematic review of literature, focusing on key issues such as protecting sensitive data from adversaries when shared outside every trusted organization in the system, building trust among diverse stakeholders, navigating governmental regulations, and ensuring seamless interoperability to enable stakeholders to remain in sharing and using CTI. The research underscores how collaboration across industries and sectors can foster a stronger, more unified defence against the ever-evolving threats in today’s cyber landscape.

Bridging Knowledge Gaps: Advancing Cybersecurity Education via Absorptive Capacity & Collaboration

Reza Esmaili — 2025-06-25

This work, based on my dissertation (Esmaili, 2024), investigates the growing knowledge gap between vocational cybersecurity education and the cybersecurity industry, driven by rapid technological advancements and the increasing demand for skilled professionals. This gap challenges educators’ ability to deliver current and relevant training, limiting their capacity to prepare students for the dynamic and evolving needs of the cybersecurity field (Yusuf, 2024). Absorptive capacity (ACAP)—the ability to recognize, assimilate, and apply external knowledge—serves as the conceptual framework to address this challenge.By integrating perspectives on absorptive capacity, knowledge creation, and collaboration, this study examines mechanisms that enhance effective learning within partnerships between vocational education programs and the cybersecurity industry. This research employs an action research methodology, structured across four iterative cycles: i) establishing partnerships, ii) implementing collaborative learning environments, iii) engaging educators as active learners, and iv) developing an innovation lab for knowledge co-creation. Data were collected through semi-structured interviews with educators, students, and cybersecurity professionals, and analyzed using open and axial coding to identify key themes and mechanisms.The findings show that trust-building, participatory decision-making, informal communication, and cross-functional activities are essential for strengthening educators’ ability to integrate new knowledge. Educators’ active involvement as learners proved crucial in bridging the knowledge gap and aligning curricula with the practical demands of the cybersecurity industry. The innovation lab emerged as a platform for knowledge co-creation, fostering meaningful collaboration between students, educators, and professionals.This research contributes to the literature by addressing gaps in ACAP implementation and emphasizing collaborative approaches to industry-education alignment. Key recommendations include promoting continuous professional development for educators, implementing co-creative learning models, and aligning cybersecurity education with industry needs to ensure future-proof training programs.

Evolving Advanced Persistent Threats (APTs) and Strengthening Global Cybersecurity Coordination

Raymond André Hagen — 2025-06-25

Advanced Persistent Threats (APTs) represent a sophisticated category of cyber threats that pose significant challenges to global security and stability. These threats are characterized by their stealth, persistence, and strategic focus, often orchestrated by state-sponsored entities or highly organized criminal groups. Their primary objectives are to infiltrate networks, exfiltrate sensitive data, and establish a persistent presence within critical systems, posing severe risks to national security, economic interests, and critical infrastructure. This study engages with the complexities of international cybersecurity efforts to combat APTs, drawing on insights from 19 cybersecurity experts across diverse sectors and regions. The research identifies several key barriers that hinder effective global collaboration in this realm. Among these are inconsistent regulatory frameworks that vary significantly across jurisdictions, trust deficits among international partners, and the technical limitations prevalent in emerging economies.
The findings underscore the importance of harmonizing legal frameworks and advocate for the standardization of cyber threat intelligence sharing protocols to enhance global cybersecurity postures. Successful strategies highlighted include the establishment of adaptive response mechanisms and robust public-private partnerships that leverage both governmental oversight and private-sector innovation.
Moreover, the study emphasizes that strengthening global coordination requires not only technological advancements but also trust-building and cooperative frameworks that transcend national boundaries. The paper suggests actionable strategies to bolster international cooperation, which includes enhancing the capacity for threat intelligence sharing and promoting regulatory harmonization.
In conclusion, this research illustrates that while the challenges are formidable, the strategic alignment of international policies and practices is crucial for an effective defense against APTs. The collaborative approaches detailed herein demonstrate potential pathways for achieving more resilient global cybersecurity infrastructure.

Understanding the Journeys of Online Crime Victims Through Law Enforcement in Britain

Angela Heeler — 2025-06-25

Many rely on digital technology and online services to conduct their lives and businesses. However, digital technology has broadened online crime (the term here denotes cybercrime and fraud), enabling transnational offending. Reported fraud and computer misuse offences continuously rise in the UK despite being under-reported, and total recorded crime falling. The situation for those falling victim to online crime is bleak; victims approach different organisations for help and advice and rarely receive the assistance they need. This paper concerns the journeys taken by victims of online crime when approaching Britain’s law enforcement. Adopting an exploratory methodology, the research maps organisations, processes and connections between organisations supporting victims. The mapping process and the resulting data displays illustrate the journeys that online crime victims take and how law enforcement supports victims. Snowball sampling was used to recruit 46 participants involved with victims of online crime (23 in British law enforcement). Through semi-structured interviews and analysing official documents and reports, the research uncovered the roles and connections between specialist law enforcement units supporting online crime victims. The research found broken systems in law enforcement-Action Fraud, a lack of access to data across forces/regions and a lack of knowledge. There is under-reporting of online crime, and victims take different journeys through law enforcement depending on whether they are victims of cyber-dependent or cyber-enabled crimes. While Action Fraud’s reporting systems are outdated and victims rarely report online crimes, this has in part led to resources being allocated to the most reported (rather than most prevalent) crimes. Victims take different journeys through law enforcement, even as victims of the same events. Victims of fraud (and other cyber-enabled crimes) rarely receive assistance, whereas victims of cyber-dependent crimes are always contacted. Team Cyber is a law enforcement structure dedicated to tackling cyber-dependent crime, which is not replicated for fraud.

Journalists' Reflections on Fake News: Insights from Qualitative Interviews

Anastasiia Iufereva — 2025-06-25

Although fake news is not new, its prominence has surged with the widespread adoption of technology, the intensification of diplomatic crises, and escalating conflicts between states. Given the significant negative impact of fake news on individuals and society, it is essential to understand the strategies professional journalists utilize to identify and counteract it. This research examines journalists’ perspectives on recognizing and detecting fake news online. Based on qualitative interviews with journalists from leading Italian media outlets, the study highlights the distinguishing characteristics of fake news and key detection strategies that form the foundation of contemporary media literacy.

Identification of the Emerging Sources of Cybersecurity Threats

Jussi Simola — 2025-06-25

Rapid evolution of technology has led to the emergence of new and sophisticated cybersecurity threats. Simultaneously, there is an increasing need to enhance understanding of the dynamic and evolving landscape. Organizations balance in managing a sufficient level of information security risks and establish protection against perceived cyber threats, for example, by training employees to identify and report suspicious emails and by adjusting security measures to a level that is pleasing to top management. The landscape of cybersecurity threats has appeared stable in recent years, and cyber criminals’ methods may be familiar and in the everyday news, but our vigilance should not be lowered. While overall awareness and capabilities are improving, cyberattacks are unfortunately matching that progress with increasingly sophisticated means. Technologically cyber threats are getting more sophisticated and intense challenging human minds by cleverly covered social engineering and unexpected zero-day exploits. Emerging technologies like generative Artificial Intelligence (AI), the global geopolitical situation, and aggressively evolving ransomware attacks are keeping cybersecurity professionals on their toes. What are the chances of winning the race against these invisible enemies without continuous monitoring and staying current with threat intelligence? This study aims to identify and analyse emerging threat sources by systematically reviewing recent research and examining well-established threat actor frameworks. The goal is to uncover the latest cybersecurity threats and signals that indicate their emergence. By using the present state of threat landscape within the European Union (EU) as a reference framework, this assessment provides a comprehensive. Key signals for identifying new threats are highlighted, such as unusual activity patterns and risk-based assessments. Additionally, the study identifies the most frequently used sources of threat information, emphasizing the importance of real-time data and recent publications in maintaining up-to-date threat awareness. The results highlight key themes and trends in the current cybersecurity landscape, revealing significant threat actors and novel attack vectors.

Building Cyber Resilience to Face the Challenges of Cognitive Warfare

Raluca Radu — 2025-06-25

In the context of strategic ambiguity characterizing the geopolitical landscape of the past two years, cyber resilience plays a vital role in advancing alliances' deterrence and defense goals while minimizing the effects of cognitive warfare. The EU addresses cyber resilience by implementing mandatory cybersecurity requirements to ensure the development of secure digital products, significantly reducing vulnerabilities that impact businesses (EU, 2020; EU, 2022). In contrast, NATO prioritizes cybersecurity in the context of communication systems and information-sharing frameworks, while encouraging member states to bolster their cyber defense capabilities (NATO, 2024). However, the susceptibility of the human factor as a target of cognitive warfare conducted through cyberattacks is not explicitly addressed in international cybersecurity policies. This theoretical research aims to identify methods and tools to enhance cyber resilience in response to the challenges of cognitive warfare. Through the available literature, this paper establishes the conceptual framework for understanding cyber resilience and cognitive warfare. Using observation as a research method, we identified a series of similarities in NATO and EU programs and strategies targeting the cognitive dimension, including measures aimed at countering disinformation, fostering resilience against psychological manipulation, and enhancing information-sharing protocols among member states. While the Alliances remain at the forefront of cyber defence, there is still room for improvement. To enhance cyber and organizational resilience, Romania's specialized cyber defense structures employ strategies focused on raising civil society awareness, integrating adaptability into the education system, and fostering effective communication and collaboration both within and across public institutions. The key observation presented in this study is that a comprehensive approach to building cyber resilience is essential not only for enhancing deterrence and defense capabilities, but also for effectively countering the multifaceted impacts of cognitive warfare, which increasingly exploit vulnerabilities in digital networks, information systems, and public perception. Furthermore, this serves as an initial step in a PhD research thesis aimed at offering states solutions for enhancing cyber resilience, with the goal of safeguarding their citizens from the challenges posed by cognitive warfare.

Adapting Bot Detection Models for Romania’s Disinformation Ecosystem

Stefania - Elena Stoica — 2025-06-25

The proliferation of social media bots and fake accounts has significantly disrupted information ecosystems, posing substantial challenges in detecting and mitigating disinformation. While machine learning and deep learning models have shown varying levels of success on platforms like Twitter and Facebook, they often fail to account for region-specific nuances critical for effective bot detection. Facebook and Twitter have been widely used in disinformation research due to their large user bases and historically open API access, facilitating large-scale data collection. This study addresses these gaps by proposing a hybrid detection framework tailored to Romania's disinformation landscape. Each society is shaped by its unique historical, cultural, linguistic, and geopolitical factors, influencing how disinformation spreads and resonates with different audiences. The proposed approach emphasizes well-established narratives that significantly influence vulnerable populations, including young adults with limited capacity for fact-checking and older adults with low levels of digital literacy. This research will begin by reviewing existing literature on bot detection methodologies and narrative analysis, identifying their strengths, limitations, and applicability to regional contexts. By integrating conventional detection methodologies with a refined analysis of niche and high-risk narratives, this research investigates how disinformation campaigns gain momentum and escalate, providing a deeper understanding of their dynamics and impact. The results will reveal patterns and strategies employed in the propagation of disinformation, contributing to the development of more targeted and effective detection systems. This method also facilitates the early identification of emerging disinformation clusters, offering timely and proactive intervention opportunities. This paper is part of a broader PhD research program centered on analysing narratives and narrative strategies in disinformation, with all findings supporting this overarching goal. The findings emphasize the importance of regional customization in bot detection frameworks, particularly for countries like Romania, where disinformation leverages historical, cultural, and socio-political triggers. These insights will strengthen the resilience of information ecosystems and hold significant value for cybersecurity professionals, social media platforms, and policymakers dedicated to combating manipulation and fostering a more secure digital environment.

How Quantum Computing Will Change the Status quo of Cyber Security

Jamison Chochrek — 2025-06-25

Three of the most popular questions in the private sector around Artificial Intelligence (AI) and Quantum Computers (QC) will be addressed: 1-How will these technologies impact and challenge today’s cybersecurity practices? 2- When are these predicted to occur? 3-What does AI coupled with QC mean for future Cybersecurity? As with any new technology, they can serve both positive and negative uses. The yin and yang dynamic has never more present in technology than the advent of Quantum Computers. Organizations are now seeking use cases for internally and externally
sourced AI solutions. This examination exposes how today's CPU architectures (RISC/CISC) are unable to compete with Quantum Computers that we are starting to see in the world today. While AI is now a force in the world, it is inhibited by the current CPUs. QC will "unlock and unleash" AI's real potential. This has both good and bad consequences for the world, like to solve a complex medical diagnosis to rendering passwords useless. For one to truly understand how AI can be “unlocked and unleashed”, a basic review of chemical-based computing sets the stage for where AI finds the raw compute
power to achieve its potential. This examination brings together the concepts of the exponential scale potential of QC by highlighting the first element Hydrogen. It will expose how quantum mechanical properties of an atom enable multi-orbital computing power. Finally, the examination concludes with predictions for how this impacts cybersecurity. Recommendations of resources, strategic considerations, legal impacts, and suggestions on how an organization could potentially proceed with preparing for the impact of this evolving technology. Today’s CPUs are woefully ill-equipped to
handle the massive workloads that AI requires. QC will ‘unlock and unleash’ AI's real potential by exponentially increasing the amount of data and calculations that can be done. The planet is now ‘all in’ in a new cyber arms race for Quantum superiority.

Malware Detection Using Dynamic Graph Neural Networks

Pushkaraj Kulkarni — 2025-06-25

The increasing complexity and sophistication of malware pose significant challenges to traditional detection techniques. Conventional methods like signature-based detection are ineffective against advanced threats such as polymorphic and zero-day malware. This research investigates the application of Dynamic Graph Neural Networks (DGNNs) for malware detection using a dataset of API call sequences. DGNNs, an advanced form of Graph Neural Networks, are capable of modeling dynamic graphs, capturing both the temporal and structural evolution of API interactions. Using these strengths, the study develops and evaluates a DGNN-based framework designed to effectively distinguish between benign and malicious behavior in real time, demonstrating its suitability for detecting complex, evolving malware patterns. The results show that DGNN outperform traditional machine learning models in detecting complex malware patterns, achieving high accuracy of up to 97%, F1 scores of up to 98% in unbalanced datasets, and competitive results in balanced datasets. The models also achieved ROC-AUC scores exceeding 97% in specific configurations, highlighting their effectiveness in identifying advanced malware pat- terns and resilience against novel threats. Although challenges in scalability and computational complexity remain, this work proposes potential solutions to enhance practical implementation. These findings highlight the potential of DGNNs to transform malware detection and significantly improve endpoint security, making them a promising tool for addressing the evolving challenges of modern cybersecurity.

Cybersecurity Practices, Challenges and Posture in Small and Medium Enterprises: A Survey-Study in Sweden

Anton Lindkvist — 2025-06-25

The ongoing digitization has increased businesses’ dependence on IT systems, thereby increasing their susceptibility to cyberattacks. This problem is particularly significant for Small and Medium Enterprises (SMEs) due to their limited resources and expertise in cybersecurity. Considering their essential role in the economy, protecting SMEs from cyber threats is vital for economic stability and growth. This study presents a survey analysis involving tech-oriented SMEs in Sweden to comprehensively assess their cybersecurity posture. The survey included 369 Swedish SMEs across various regions of Sweden. The quantitative and qualitative analyses indicated a lack of cybersecurity knowledge, challenges in developing secure products, and inadequate compliance with cyber-standards due to constraints related to lack of guidance, budget, time and staff shortage.

Cybersecurity Challenges and Mitigations for LLMs in DoD Applications

Corinne Yorkman — 2025-06-25

Great power competition has escalated globally, making it increasingly important for the Department of Defense (DoD) to adopt artificial intelligence (AI) technologies that are advanced and secure. Large language models (LLMs), which generate text, code, images, and other digital content based on data sets used in training have gained attention for their potential in DoD applications such as data analysis, intelligence processing, and communication. However, due to the complex architecture and extensive data dependency of LLMs, integrating LLMs into defense operations presents unique cybersecurity challenges. These risks, if not properly managed, could pose severe threats to national security and mission integrity. This survey paper categorizes these challenges into vulnerability-centric risks, such as data leakage, and misinformation, and threat-centric risks, including prompt manipulation and data poisoning, providing a comprehensive framework for understanding the potential risks of LLMs in DoD settings. Each category is reviewed to identify the primary risks, current mitigation strategies, and potential gaps, ultimately identifying where further research is needed. By summarizing the state of the art in LLM cybersecurity, this paper offers a foundational understanding of LLM security within the DoD. By advocating for a dual approach that considers both the evolving nature of cyber threats and the operational needs of the DoD, it aims to provide actionable recommendations to guide ongoing research in the integration of LLMs to DoD operations.