International Conference on Cyber Warfare and Security

Optimizing Cyber Protection Team (CPT) Operations: An Analysis of Task Synchronization and Process Agility in Defensive Cyber Operations

2025-03-21T02:38:46+00:00

The operations process for Cyber Protection Teams (CPTs) outlined in the U.S. Cyber Command’s (USCYBERCOM) Cyber Warfare Publication (CWP) 3-33.4, Cyber Protection Team Organization, Functions, And Employment, is currently hindered by inefficiencies stemming from a lack of synchronization between task assignment and execution. This disjointed approach results in a rigid, linear project lifecycle that fails to adapt to the dynamic tempo and increasing sophistication of adversarial cyber operations. Consequently, critical dependencies are missed, milestones are misaligned, and delays in the execution of defensive cyber operations (DCO) occur, ultimately impeding the CPT's ability to meet the strategic intent of USCYBERCOM, which emphasizes agility, creativity, and rapid deployment. This study critically examines the existing CPT operations process with the goal of identifying the optimal timeline for executing DCO missions while highlighting key inefficiencies that hinder operational effectiveness. By deconstructing the process into discrete work packages and analyzing task dependencies through Gantt chart modeling, the critical path is identified, and a best-case scenario is simulated. Even under ideal conditions, however, the process remains excessively rigid, resulting in prolonged timelines that undermine mission success. To address these shortcomings, this research advocates for the integration of agile project management methodologies into the CPT operations framework. By promoting flexibility, real-time feedback loops, and dynamic task sequencing, this approach would enhance the synchronization between planning and execution phases, enabling timelier and more effective DCO. The findings offer a pathway toward aligning the CPT operations process with USCYBERCOM’s vision of a more adaptive and responsive force capable of meeting the demands of the modern cyber threat landscape.

Cybersecurity Risk in Unmanned Aircraft Systems (UASs): Strategic Cybersecurity Threats of Unmanned Aerial Systems

2025-02-15T20:56:29+00:00

Unmanned Aerial Systems (UASs) have emerged as critical components across various sectors, including military, commercial, and civilian applications. However, their increasing prevalence has raised significant cybersecurity concerns. This paper explores the strategic cybersecurity threats associated with UASs, focusing on vulnerabilities inherent in their architecture, communication protocols, and operational frameworks. identifying key risk areas such as data interception, command-and-control (C2) breaches, and adversarial attacks on autonomous decision-making systems by analyzing recent incidents and emerging threat vectors. Additionally, examine the implications of these threats on national security, privacy, and infrastructure integrity. The paper advocates for a multifaceted approach to UAS cybersecurity, emphasizing the need for robust regulatory frameworks, enhanced encryption methods, and continuous threat assessment strategies. By addressing these cybersecurity challenges, stakeholders can better safeguard the operational integrity of UASs, thereby improving their utility and reliability in an increasingly complex digital landscape.

Integrating Interdisciplinary Theories and Metrics for Assessing Cyber Resilience in SMEs Amid Emerging Threats

2025-01-17T07:01:19+00:00

As we step into the era of Industry 4.0, digitalization is reshaping business and societal interactions. While this transformation brings numerous benefits—enhancing convenience, speed, and simplicity—it has also made organisations, particularly small and medium-sized enterprises (SMEs), increasingly vulnerable to digital risks. The rapid development of new technologies often outpaces the ability to fully comprehend and manage the associated risks, resulting in unpreparedness for the growing threat of cybercrimes. SMEs face heightened vulnerability due to their limited resources and inadequate risk assessment frameworks. The complexity of cyber threats continues to evolve alongside technological advancements, with the unpredictable nature of these risks resembling the chaotic impacts of natural disasters. Small disruptions can lead to disproportionately large consequences. Furthermore, human behaviours and cultural factors, frequently underestimated in cybersecurity strategies, play a critical role in shaping how SMEs respond to these challenges. In this paper, we aim to explore interdisciplinary approaches to resilience from various fields. By drawing on perspectives beyond conventional cybersecurity frameworks, we seek to develop a more comprehensive approach to understanding and mitigating the risks SMEs face. Through a review of literature from diverse disciplines, this short paper will be the initial preparation work for the further research on means that can make SMEs more resilient to cyber threats and crimes.

Exploring Cyberspace and the Grey Zone: Insights from Multistakeholder Perspectives

2025-03-12T17:56:12+00:00

Cyber operations link the virtual and physical worlds, involving diverse stakeholders, including civilians, governments, academics, and the military. This research addresses gaps in understanding cyberspace and the grey zone, which is conventionally seen as the area between peacetime and wartime with legal to illegal behaviour, and implications on attack and defence strategies through insights gained from conferences and workshops. An observational study of the various stakeholder communities was undertaken from seven events spanning academia, government. Community perspectives were surfaced using onsite observation, note taking for the presentation sessions and keynotes, with the Computer-Assisted Qualitative Data Analysis Software (CAQDAS) used to conduct data analysis and to develop new insights. The themes identified include current dynamics (The horizon), preparation (On the horizon), next steps (Over the horizon), and audience interactions (In the room). These observations provide a nuanced understanding of contemporary cyber conflict and strategic approaches to cybersecurity.

Computational Forensics: The Essential Role of Logs in APT and Advanced Cyberattack Response

2025-02-03T11:29:36+00:00

Advanced Persistent Threats (APTs) represent one of the most complex challenges in modern cybersecurity, characterized by their stealth, persistence, and sophistication. This study investigates the critical yet underutilized role of log analysis in detecting and responding to APTs, drawing on semi-structured interviews with 12 cybersecurity professionals from diverse sectors. Findings highlight logs as indispensable tools for identifying anomalies, reconstructing attack timelines, and understanding adversary tactics, techniques, and procedures (TTPs). However, barriers such as overwhelming data volumes, lack of standardization, and limited analytical tools hinder their effective utilization. To address these challenges, the study proposes actionable recommendations, including the adoption of standardized log formats, AI-driven real-time analysis, enhanced visibility across systems, and collaboration for threat intelligence sharing. These findings underscore logs’ dual role as investigative assets and catalysts for improved cybersecurity resilience, offering a strategic roadmap for leveraging log analysis to counter evolving APT threats.

Applying LEAN-principles on Cybersecurity Online Course: A Three-Year Longitude Study

2024-12-19T12:47:01+00:00

Universities are increasingly pressured to work more efficiently with fewer resources while maintaining their relevance to the workforce and high educational quality. These demands are even higher in cybersecurity because the work-life indicates a competent workforce gap, and the availability of qualified instructors and educators is limited. As a solution, Laurea University of Applied Sciences piloted an online, LEAN-based, 5 ECTS introductory-level cybersecurity course in 2020, optimizing the use of resources based on industrial LEAN practices. The course was structured around the industry-relevant CompTIA Security+ competency framework, and instructors utilized third-party materials as much as possible, including videos, e-books, relevant internet sources, and CTF exercises. In practice, the teachers shifted from traditional content creators to instructors, focusing on pedagogical design, assessment, counseling, and tutoring. Now, four years later, this model is still in use, allowing for a deeper examination of its long-term performance. This study focuses on the same course structure as in 2020 but closely examines eight implementations offered between 2022 and 2024 implementations involving 550 students. The study applies quantitative and qualitative research approaches to relevant research metrics, including student pass rates, grade distributions, student feedback, and teacher observations. The results are promising, and the longitudinal research presented shows that LEAN-based online studies can be designed to be resource-efficient, work-life relevant, and engaging for students. However, LEAN-based online studies could lose a sense of community due to individual studies and a high automation rate. Additionally, complex tasks, like CTF exercises, still require teachers’ guidance and feedback.

Competency Requirements for the Juniors in the Finnish Cybersecurity Service and Consultancy Business

2024-12-11T14:04:16+00:00

Fresh graduates or career changers face challenges entering the competitive cybersecurity job market. Cybersecurity is evolving rapidly, and even professionals must put in extra effort to keep themselves updated and competent. Most existing studies on the competency requirements in the Finnish job market are based on surveys, literature reviews, and trends, and in-depth work-life skills analysis is limited. This phenomenon makes Finnish higher education institutes’ work challenging because they need to train graduates for the local, European and global job markets with relevant work-life skills, and in-depth input from the workforce is essential. This study aims to find more in-depth input from the work-life. It identifies the work-life skills required in the cybersecurity service and consultancy business, particularly for junior-level positions available to fresh graduates in the Finnish job market. The case study is based on in-depth interviews with eight representatives from five companies that offer cybersecurity services in Finland. The interviewees had 5 to 24 years of working experience and represented positions ranging from technical experts to directors. The data was analyzed using an AI-aided analysis methodology, the enhanced European Joint Research Center Cybersecurity Taxonomy and the European Catalogue of Soft Skills References to ensure a comprehensive and job market-compliant outcome covering hard and soft skills. The results show that traditional cybersecurity competencies, including software, hardware, and network security, are still the most valued in the hard skills category. Still, incident handling and information security management skills are essential as well. Employers highly value soft skills such as problem-solving, critical thinking, communication, and teamwork. In summary, Finnish higher education institutes should ensure that both skill categories are covered in their training programs.

Comprehensive Security Assessment of Holy Stone Drones: Examining Attack Vectors

2025-01-15T20:33:06+00:00

In an era where unmanned aerial vehicles (UAVs) are becoming indispensable across various sectors, from agriculture and logistics to emergency response and warfare, the security of these devices has never been more critical. However, the very features that make drones indispensable also expose them to significant security risks. As UAVs become more pervasive, their vulnerabilities, particularly in commercial off-the-shelf (COTS) models, present escalating threats to privacy, safety, and national security. This study offers a meticulous security analysis of four Holy Stone drone models HS175D, HS430, HS360S, and HS720 chosen for their relevance across varying regulatory frameworks and user bases. Our research uncovers critical vulnerabilities within these UAVs, including exposed Telnet services and unsecured RTSP links, which are particularly concerning due to their potential for unauthorized access and control. Through a combination of rigorous attack simulations and forensic analyses, we demonstrate how these weaknesses can be exploited to intercept sensitive data and disrupt drone operations. The forensic component of our study involved extracting and visualizing flight logs using advanced techniques, revealing how easily attackers can access and manipulate crucial information, raising alarm about the security of drone operations. In addition to identifying these vulnerabilities, we conducted comprehensive reliability testing on the tools and techniques employed in our analysis. This testing was performed across all drone models, utilizing multiple commands and time-based evaluations to ensure the consistency and accuracy of our findings. Our study concludes with the identification of two critical vulnerabilities, which were reported to the manufacturer, underscoring the urgent need for enhanced security measures in UAV design and operation. By highlighting these vulnerabilities and proposing targeted mitigation strategies, this research contributes to the ongoing discourse on UAV security, advocating for robust industry-wide standards to safeguard against evolving cyber threats.

Identifying Cybersecurity Elements for a Cybersecurity Framework in Higher Education

2025-01-29T08:11:34+00:00

This study provides a framework and strategy for the creation of a cybersecurity culture in higher education institutions. Cybersecurity is identified as very important in higher education institutions have to accept responsibility for protecting the institution’s assets and personal information of staff and students. This study focuses on the challenges that higher education institutions confront in creating a cyber-secure environment, of which many relate to culture. Establishing a strong cybersecurity culture can be difficult due to variables such as the institution's size and the relatively short duration of student enrolment, which is three to four years on average. The paper includes a detailed roadmap for creating an appropriate cybersecurity culture in higher education institutions. It emphasises the critical role played by all parties concerned in achieving this goal, including administrators, academic staff, and students. As a result, higher education institutions can build a culture that prioritises cybersecurity and fosters safe behaviour among all participants while adhering to the principles presented in this paper.

Forensic Insights into SenseCAP: A Comprehensive Examination of Technical and LoRa Connectivity Dimensions

2024-12-03T03:24:43+00:00

The rapid expansion of Internet of Things (IoT) devices has reshaped various sectors by improving connectivity, efficiency, and convenience. Central to this transformation are LoRa (Long Range) and LoRaWAN (Long Range Wide Area Network) technologies, which provide reliable, low-power, long-range communication critical for IoT applications. As these systems evolve, examining security vulnerabilities and forensic challenges becomes increasingly essential. This paper explores digital forensics within IoT environments, focusing on the methodologies and tools required to secure and maintain the integrity of IoT deployments. By analyzing artifacts and log data from SenseCAP devices, the study offers insights into device operations and user interactions. Additionally, frequency analysis conducted via Software-Defined Radio (SDR) confirmed LoRa communication within expected frequency bands. The findings highlight the importance of robust forensic investigations to protect IoT ecosystems from cyber threats. Through an extensive literature review and empirical analysis, this paper contributes to advancing IoT device forensics, proposing strategies to address emerging challenges and enhance the resilience of IoT infrastructures in an increasingly interconnected world.

Exploring the Possibilities of Splunk Enterprise Security in Advanced Cyber Threat Detection

2025-02-04T08:44:19+00:00

Cybersecurity is a critical concern for organizations as cyber threats grow increasingly frequent and sophisticated. Real-time detection and response to these threats are essential for safeguarding data and maintaining operational continuity. Splunk Enterprise Security (ES), a robust Security Information and Event Management (SIEM) platform, offers advanced tools for identifying and mitigating cyber threats. This paper explores the possibilities of using Splunk ES to enhance advanced cyber threat detection, focusing on its features, capabilities, and real-world applications. Splunk ES collects, indexes, and analyzes extensive machine data from diverse sources, including system logs, network traffic, and security devices. With real-time monitoring and comprehensive visibility into an organization’s IT ecosystem, Splunk ES enables early detection of suspicious activities. It offers pre-configured security content, such as correlation searches, dashboards, and reports, to streamline threat identification and incident response. A notable strength of Splunk ES lies in its flexibility, allowing users to customize detection rules and dashboards to meet specific organizational needs. The platform's adaptive response features support automated actions based on predefined criteria, significantly reducing the time from threat detection to mitigation. Furthermore, the integration of machine learning enhances its ability to detect patterns and anomalies, including those that might bypass traditional signature-based detection methods. In practice, Splunk ES has demonstrated its efficacy in addressing diverse cyber threats, including advanced persistent threats (APTs), insider threats, and zero-day vulnerabilities. By offering scalable and powerful tools, Splunk ES enables organizations to detect, analyze, and respond to security risks efficiently, paving the way for more robust cybersecurity strategies. This study examines the potential of Splunk ES as a vital asset in the fight against advanced cyber threats.

Simulation of Human Organizations with Computational Human Factors Against Phishing Campaigns

2024-12-14T00:05:19+00:00

Traditionally, cybersecurity has focused on identifying and addressing system-level vulnerabilities that cybercriminals could exploit. As technical defenses have become more sophisticated, cybercriminals have shifted their tactics toward exploiting human users through social engineering techniques. This shift demonstrates how a single mistake by an individual within an organization can allow attackers to bypass even the most robust cybersecurity systems. Consequently, researchers have long sought to understand which human factors make individuals more susceptible to social engineering attacks. While the relationship between susceptibility to social engineering attacks and static human factors, such as age, gender, and personality, has been widely explored in empirical studies, research into the relationship between dynamic human factors, such as fatigue, perceived vulnerability, and job performance, and susceptibility to social engineering tactics has been limited. To address this gap, we propose a simulation-based methodology to explore how dynamic human factors correlate with susceptibility to spearphishing, one of the most prevalent forms of social engineering. In this study, we replicate a real-world human organization that was previously the subject of a spearphishing empirical study. Then, we computationally model dynamic human factors such as fatigue, perceived vulnerability, and job performance by integrating regression models from various human factors studies. Next, we simulate spearphishing attacks using different combinations of dynamic human factor values to explore their relationship with susceptibility to these attacks. Our simulation study reveals that when end users within an organization exhibit higher perceived vulnerability, higher job performance, and lower fatigue, they are more likely to adhere to security policies, which in turn results in both the overall number of users tricked by a spearphishing campaign and the total amount of exfiltrated data decreasing. Based on these hypotheses derived from simulation results and statistical analysis, we recommend which organizational policies should be prioritized to effectively mitigate spearphishing risks.

Small Actors, Big Disruptions: The Chaos of Shadow Strikes in Asymmetric Cyber Warfare

2025-01-31T22:10:25+00:00

Amidst the rapidly evolving cyber realm, a new battleground has emerged characterized by a relentless struggle within the shadows. From these trenches, Asymmetric cyber-attacks have risen as a significant challenge, allowing smaller and less resourced actors to exploit the vulnerabilities of more powerful adversaries. This warfare disrupts and destabilizes critical systems disproportionately, achieving significant impacts with relatively modest resources. The ability of these smaller actors to inflict considerable damage signifies a crucial shift in the power dynamics of cyber conflict. It is becoming increasingly clear that we need more adaptive and resilient strategies to address the evolving cyber landscape. This paper explores the complex and disruptive nature of these 'shadow strikes' using a mixed methods approach, integrating both empirical case analyses and theoretical frameworks. Additionally, examining high-profile incidents like Stuxnet, Operation Aurora, and the Ukraine Power Grid attack, to uncover the tactics employed by asymmetric actors bypassing conventional defences. These case studies reveal significant vulnerabilities within established cybersecurity protocols, underlining the need for more adaptive and resilient strategies. Through a comprehensive analysis, this study offers actionable recommendations for policymakers, cybersecurity professionals, and organizational leaders. By proposing advanced frameworks, such as Zero Trust Architecture and international collaboration, the paper aims to bolster global cybersecurity resilience. Furthermore, addressing weaknesses in current defence mechanisms and presents practical insights into threat detection and mitigation. Ultimately, this research contributes to the broader discourse, thoroughly examining the disruptive power in asymmetric cyber warfare. This research highlights immediate risks organizations and nations face due to insufficiently adaptive defence mechanisms, providing a crucial roadmap for shaping future cybersecurity policies that can withstand the rapidly evolving threat landscape. This research stresses the urgent and immediate need for enhanced defensive postures and innovative strategies to counteract the growing threat of shadow strikes, ensuring stronger, more secure systems for the future

Cybercrime Policing Collaboration in South Africa: Exploring A Stakeholder Approach

2024-11-19T19:46:22+00:00

The sophistication of crimes committed using Information and Communication Technology (ICT) has become a policing challenge for law enforcement globally. The complexity with the policing of economic cybercrime is that law enforcement’s primary orientation focuses on traditional crime, and processes on how to handle cybercrime are lacking. Conversely, policing cybercrime for organisations has a corporate governance aspect to it. This is because governance instruments such as the business continuity plan (BCP), disaster recovery plan (DRP) and response plans are necessary to ensure business continuity in case of any eventuality. For instance, after a cyber-incident, the organisation’s priority is to restore operations and to protect critical ICT infrastructure. This has a negative bearing on policing because law enforcement might not get an opportunity to investigate timeously. The effective policing of economic cybercrime cannot be isolated to one entity. Cross sectoral partnerships between law enforcement and organisations in South Africa (SA) are required in addressing knowledge and capacity issues. However, collaboration between police and organisations is complex since both stakeholders have different interests. Organisations need to be profitable and satisfy their board members’ interests. While law enforcement has a responsibility to satisfy the public interests by ensuring that there is order and that the law is being upheld. Personal interviews conducted with cyber experts will provision insight as it pertains to the extent to which organisations are willing to commit in partnering with a stakeholder that does not explicitly contribute towards their value creation. Similarly, insight on how the enacted cyber related legislature has affected organisations in handling individuals’ personal information will be gained. Furthermore, interviews with academics in the cybersecurity discipline will provision insight on the relevance of police and organisations’ collaboration in addressing cybercrime in SA. Moreover, insight on how saturation of the collected data was attained will be provisioned.

Implementation of Extended Differential Privacy for Electric Vehicles Using the Novel Filtering Approach

2025-01-02T17:46:54+00:00

As electric vehicles (EVs) become more integrated into intelligent transportation systems, vast amounts of personal and operational data, such as location, driving patterns, and energy consumption, are continuously collected. Ensuring privacy for this sensitive data is critical to prevent tracking, profiling, and unauthorised access. This paper presents the implementation of event-wise differential privacy (DP) to safeguard individual data points in EV ecosystems, focusing on protecting event-level information like GPS updates and charging events. By utilizing the Laplace mechanism, noise is added to each event to guarantee privacy without compromising overall data utility. Additionally, we introduce a Kalman filter to mitigate the impact of noise, improving the accuracy of post-processed data while preserving privacy. The proposed framework demonstrates how event-wise DP can protect user information while still enabling accurate vehicle operations and analytics. Our approach highlights the balance between privacy and functionality, offering a scalable solution to enhance data protection in future smart mobility infrastructures. This research lays the groundwork for further advancements in privacy-preserving technologies within the EV sector, contributing to safer and more secure data-driven systems. To further alleviate the error in the utility of dataset by mitigating the noisy data generated through event-wise differential privacy, we integrate a Kalman filter into our framework. The Kalman filter is a unique and efficient tool for truncating the noise by correct prediction of the mechanism over time. In this research, it helps mitigate the impact of Laplace noise introduced for privacy preservation, ensuring smooth and comparatively accurate data while maintaining user privacy. In the last section of this paper the comparison of results would be provided before and after the implementation of Event-Wise Differential Privacy and the results obtained by the Kalman Filter for improving the utility keeping a trade-off between error and the usefulness of the dataset.

Forensic Examinations of Alexa for Smart Home Privacy and Cybercrime Investigation.

2025-03-04T14:38:58+00:00

Integrating Internet of Things (IoT) devices into smart homes has necessitated the development of novel strategies to address the difficulties and complexities of cyber-attacks and privacy concerns in the current digital threat landscape. One unaddressed challenge is the lack of clarity of information collected and stored by these IoT devices in smart homes. The data storage process and privacy compliance of smart home appliances, such as security cameras, thermostats, and smart speakers, are examined in this study. More specifically, this study focuses on sensitive data storage and potential breach exposure, including user commands, timestamps, and network traffic logs of these devices. To achieve this, forensic tools were deployed to collect and examine data from gadgets like Google Nest and Amazon Alexa/Echo following an experimental setup. These technologies were used in a hypothetical investigation that intentionally breached a restricted smart home network and replicated criminal activities. The gathered data was examined to determine the proof of the breach and ensure the chain of events. The findings provided a thorough forensic investigation into the potential digital artifacts within the device and exposed prevalent vulnerabilities of IoT ecosystems regarding usage privacy. This study advances the fields of digital forensics and smart home security by offering useful insights and suggestions for improving the security of IoT devices.

Safeguarding Smart Inhaler Devices and Patient Privacy in Respiratory Health Monitoring

2025-03-15T19:44:13+00:00

The rapid development of Internet of Things (IoT) technology has significantly impacted various market sectors. According to Li et al (2024), an estimated 75 billion devices will be on the market in 2025. The healthcare industry is a target to improve patient care and ease healthcare provider burdens. Chronic respiratory disease is likely to benefit from their inclusion, with 545 million people worldwide recorded to suffer in patients using these devices can track their dosage, while healthcare providers can improve medication administration and monitor respiratory health (Soriano et al, 2020). The growing prevalence of IoT devices, including intelligent inhalers like the Propeller Health System Smart Inhaler, Breather Fit, and Lookee O2 Ring, underscores the increasing importance of network connectivity and software development. While IoT medical devices offer numerous benefits, they also come with security vulnerabilities that can expose patient data to cyber-attacks. It’s crucial to prioritize security measures in developing and deploying IoT medical devices, especially in personalized health monitoring systems for individuals with respiratory conditions. Addressing the security gaps and vulnerabilities in IoT devices is essential to ensure patient data’s safety and privacy. Efforts are underway to assess the security risks associated with intelligent inhalers and respiratory medical devices by understanding usability behaviour and technological elements to identify and address vulnerabilities effectively. This work analyses usability behaviour and technical vulnerabilities, emphasizing the confidentiality of information gained from Smart Inhalers. It then extrapolates to interrogate potential vulnerabilities with Implantable Medical Devices (IMDs). Our work explores the tensions in device development through the intersection of IoT technology and respiratory health, particularly in the context of intelligent inhalers and other breathing medical devices, calling for integrating robust security measures into the development and deployment of IoT devices to safeguard patient data and ensure the secure functioning of these critical healthcare technologies.

Mental Health Impacts of Cybercrime

2025-02-13T00:04:55+00:00

The evolving landscape of online dating has given rise to increasingly sophisticated forms of deception, from traditional catfishing to emerging systemic frauds such as romance-related "pig butchering" and Intimacy Manipulated Fraud Industrialization (IMFI). While these practices differ in execution, they share a troubling commonality: psychological exploitation with profound emotional, mental, and financial consequences for victims. This narrative literature review explores these deceptive phenomena, illuminating their operational mechanisms, psychological impacts, and the systemic factors enabling their proliferation. Catfishing, initially perceived as individual deceit, has become more pervasive with technological advancements, leaving victims in emotional distress and reluctant to report due to stigma and shame. "Pig butchering" introduces a hybrid form of romance and financial fraud, characterized by emotionally manipulative relationships that evolve into fraudulent investment schemes. Victims are "fattened" emotionally and financially before being left financially destitute, with cryptocurrency scams being a primary tool. IMFI further industrializes deception, employing structured operations and unwitting individuals as "chat moderators" under false pretenses, thereby scaling fraud to enterprise-level efficiency. By framing these online romance scams as a public health issue, this review underscores the broader implications beyond financial losses, including diminished trust in digital relationships and long-term psychological harm. The interdisciplinary approach integrates perspectives from cybersecurity, psychology, cybercrime, and cyberpsychology to highlight the urgent need for comprehensive solutions. This study advances the conversation on these evolving threats and calls for robust safeguards and preventive measures to mitigate the societal risks posed by online dating platforms.

Quantifying Cyber Security Risk through Interest Rate Calculation in Debt Management

2025-02-15T09:05:54+00:00

This paper introduces a novel Interest Rate Calculation Model for cyber security risk quantification, addressing the challenges of cyber security debt management. Unlike traditional qualitative risk assessments, this model applies financial principles to quantify risk impact dynamically, integrating seamlessly with industry frameworks. By framing cyber security risks in financial terms, the model enhances decision-making, promotes strategic resource allocation, and fosters stakeholder engagement. Through a structured methodology, it empowers organisations to assess, prioritise, and mitigate cyber security debt efficiently, ensuring long-term resilience in an evolving threat landscape.

Heading into the Future: The Dynamic Adaptable IA Training Assessment Tool!

2024-12-22T14:19:57+00:00

Information awareness training and assessment have not changed much in the last twenty years. Although most information awareness programs have an assessment, it is used as a check-the-box item. Employees are required to do the training and then take a test of between 10 and 20 questions and achieve a score of at least 70%. The results show that everyone in the organization has some risk, but this information does not help cybersecurity professionals identify and mitigate the risk. With human beings being the primary attack vector, we need to do more to understand people and develop ways of changing behaviour. The Dynamic Adaptable IA Training Assessment Tool developed for this study uses a novel approach to include human behaviours and social media usage factors as part of a susceptibility algorithm designed to assess better an employee’s risk of becoming a victim of cybercrime. This study demonstrates that the current methods of assessing risk within an organization lead to a false sense of security. Reinforcing the need to change how we assess risk within an organization.

SPARK: Exposing Vulnerabilities in Collaborative Display Systems and Session-Key Exposure

2025-02-21T00:22:34+00:00

This study investigates the vulnerabilities of Solstice Pods, wireless collaboration devices often used in academic environments, focusing on universities with publicly exposed devices. We analyzed 22 universities, each with 10 or fewer Solstice Pods exposed on Censys.io, a platform for identifying publicly exposed devices. This subset was selected to emphasize vulnerabilities in smaller, publicly exposed systems, without excluding large institutions that may have only a few devices exposed. Our research centers on unauthorized access to device configuration pages and the retrieval of live session keys, which are critical for screen sharing. From 81 exposed Solstice Pods, we manually examined several IP addresses and found that critical configurations, including screen-key disabling, password changes, and session key retrieval, were accessible in some cases. To scale testing, we developed the Solstice Pod Access Retrieval Key (SPARK), a Python tool using SSL/TLS requests to interact with the devices' configuration pages. The SPARK tool successfully generated live session keys in 13 instances across 9 universities, while 68 attempts failed. Statistical analysis revealed that self-signed certificates (issued by Mersive, the Solstice Pod vendor) significantly reduced vulnerability to the SPARK tool, with a success rate of 8.33% for devices using self-signed certificates, compared to 63.89% for those with non-self-signed certificates. To assess the statistical significance of this difference, Chi-square and Fisher’s exact tests were performed, yielding p-values of 0.0464 and 0.0231, respectively. Additionally, a proportions test showed a highly significant result with a p-value of 0.00077. This study underscores the risks of publicly exposed Solstice Pods and highlights the real-world consequences of these vulnerabilities. If exploited, these vulnerabilities could lead to unauthorized access to sensitive data, disruption of university operations, and compromise of ongoing academic collaborations. The findings call for stronger security measures, particularly the use of self-signed certificates, to reduce vulnerabilities and protect sensitive information in these devices.

Did the Cyber Team Win?

2025-03-20T14:06:52+00:00

Cyber team performance in military conflict scenarios is very difficult to quantify due to its ambiguous nature. This
research effort aims to improve our understanding of how cyber teams affect the terrain they are charged with protecting,
and which other forces depend on. An agent-based modeling and simulation software called the Cyber Forces-Interactions-
Terrain (Cyber-FIT) framework is used to simulate realistic cyber team missions in contested cyberspace and then quantify
their performance from observable data sources. The software ingests configuration files to setup agent characteristics and
then, after simulation runs, outputs data files that are used for statistical analysis. Two virtual experiments are conducted in
this work. The first tests different team setups in terms of skill level against varying adversary complexity levels to
demonstrate the importance of human resourcing in the cyber forces. The second analyses deployment delay time to an
active conflict which depicts the efficacy of agent-based modeling of cyber assets for wargaming applications. All face
validated simulations are based on a combination of industry frameworks, survey data, and empirical data to give a
sufficiently realistic representation of cyber conflict. As military forces become ever more dependent on cyberspace to realize
effects and project power, the understanding of cyberspace as a terrain of war becomes more critical. This research takes
on the difficult task of defining and computationally modeling the abstract phenomenon that is cyberspace. This gives battle
commander and military leadership a better answer to: did the cyber team win?

Quantum Resistant Cryptography and Cyberwarfare

2025-01-01T21:51:27+00:00

Quantum computing poses a significant threat to conventional cryptographic systems that rely on the difficulty of mathematical problems such as integer factorization and discrete logarithms. These systems underpin much of the current security infrastructure, including public key cryptography and digital signatures. As quantum computers approach practical viability, there is an urgent need to transition to quantum-resistant cryptographic solutions that can secure digital communications against adversaries equipped with quantum capabilities. This paper explores the landscape of quantum-resistant cryptography, focusing on those algorithms that have emerged either as standards or as leading algorithm. Furthermore, the paper examines the progress of standardization efforts, such as the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) initiative, and the implications of deploying these algorithms in existing systems. By addressing the practical considerations for adoption, this study aims to provide a comprehensive overview of the current state and future directions of quantum-resistant cryptography, ensuring robust security in a post-quantum world.

Deepfake Technology: Emerging Threats and Security Implications

2025-01-15T00:28:59+00:00

Deepfake technology is advancing rapidly and poses a range of cybersecurity concerns. Deepfakes have been used to perpetrate elaborate financial frauds. There is also the concern of deepfakes being used to influence elections. Deepfakes can fabricate statements or actions by public figures, influencing elections, public opinion, or policy decisions or simply to amplify disinformation. Adversaries can use deepfakes to spread propaganda or misinformation, destabilizing political or military scenarios. As deepfakes become more prevalent, individuals may begin to doubt authentic content, creating a "reality apathy" where distinguishing truth from fiction becomes difficult.

From Elements to Effects: The Strategic Imperative to Understand "National Cyber Power"

2025-02-19T15:03:32+00:00

Increases in the use of Artificial Intelligence in industry, government, military, and daily life have brought cyber challenges and concerns to the fore. Each new development in disruptive technology broadens the attack surface for cyber-attacks and the necessity for cyber defense. The increased use of automation during and after the COVID-19 Pandemic has incentivized activity by state, non-state, and criminal actors in the cyber realm. An exponential increase in the use of Artificial Intelligence has brought along with it a requirement for data and energy for storage, access, and computing. Many nations have written strategic documents and strategies for dealing with national “cyber power”, a term that is multifaceted and reaches beyond the traditional “cyber” realm. Current national cyber strategies over-emphasize cybersecurity and under-emphasize the structural elements behind cyber power, such as energy resources and data availability. Further, they are written to address one small aspect of national cyber power as defined by common indices, resulting in a fractured and de-synced national strategic approach to gaining national cyber power. In an era of AI ubiquity, strategic leaders need to make sound decisions about how to invest in the most critical areas to defend, maintain, and grow cyber power. Therefore, national cyber strategies should examine the full requirements for national cyber power. This paper will examine the critical components of a definition of “national cyber power” through a literature review of various national cyber security strategies and policy documents from various countries, think tank reports on cyber strategy, industry reports and white papers, and meta-analyses on cyber power and cyber capabilities. We examine the current and expected future trends in technology and how those are likely to shape the strategic environment. Finally, from this body of knowledge, we propose new considerations to retool strategic cyber documents.

Investigating The Implications of Cyberattacks Against Precision Agricultural Equipment

2024-12-06T23:21:42+00:00

As various technologies are integrated and implemented into the food and agricultural industry, it is increasingly important for stakeholders throughout the sector to identify and reduce cybersecurity vulnerabilities and risks associated with these technologies. However, numerous industry and government reports suggest that many farmers and agricultural equipment manufacturers do not fully understand the cyber threats posed by modern agricultural technologies, including CAN bus-driven farming equipment. This paper addresses this knowledge gap by attempting to quantify the cybersecurity risks associated with cyberattacks on farming equipment that utilize CAN bus technology. The contribution of this paper is twofold. First, it presents a hypothetical case study, using real-world data, to illustrate the specific and wider impacts of a cyberattack on a CAN bus-driven fertilizer applicator employed in row-crop farming. Second, it establishes a foundation for future research on quantifying cybersecurity risks related to agricultural machinery.

Security Evaluation of Password Managers: A Comparative Analysis and Penetration Testing of Existing Solutions

2025-02-03T15:23:12+00:00

In both personal and organizational contexts, password managers have become indispensable tools for the protection and management of sensitive digital information. With the growing reliance on online services, the security of password storage solutions is paramount to defending against data breaches, unauthorized access, and other forms of cyber-attacks. This paper presents a detailed analysis of password managers over the last two decades, focusing on the evolution of security mechanisms and strategies for safeguarding master passwords, encryption methodologies, and backup procedures. By tracing the historical development of these tools, significant advancements in securing user credentials are highlighted. A thorough evaluation of the most widely used password managers, such as LastPass, 1Password, Bitwarden, or Dashlane, is conducted, with attention to their adherence to modern security standards, including encryption algorithms (e.g., AES-256), zero-knowledge architecture, and multi-factor authentication. The comparative analysis identifies both the strengths and weaknesses of these solutions, particularly in how effectively they defend against common attack vectors such as brute-force attacks, phishing, and malware. In the practical section, a structured penetration testing framework is introduced to assess the resilience of selected password managers under various real-world attack scenarios. This framework is intended not only to evaluate the current robustness of these tools but also to offer insight into potential vulnerabilities that may not yet be widely recognized. While the discovery of significant new security flaws is not anticipated, this evaluation serves as a validation of the security models employed by these products. The findings are expected to contribute to the ongoing development of more secure password management solutions, offering practical recommendations for developers, security professionals, and end-users. The paper concludes with a forward-looking discussion on how emerging cybersecurity trends, such as biometrics, decentralized security models, and quantum computing, may shape the future of password management tools.

Extracting Cyber Threat Intelligence from Port Scans: A Taxonomy- Based Approach

2025-01-28T12:23:29+00:00

Port scans are a common preliminary step for a variety of cyberattacks, from simple hackers, attempted automated exploitation, to professional groups and state actors. They serve as a reconnaissance technique that facilitates the planning and execution of future attacks and are often conducted stealthily over extended periods to evade monitoring systems, making them challenging to identify and analyse. Despite this, effective detection and analysis of port scans can yield valuable cyber threat intelligence (CTI), enabling defenders to prioritize defensive measures, deploy and optimize protective infrastructure such as Intrusion Detection and Prevention Systems (IDS/IPS), and anticipate potential attacks by analysing the characteristics and frequency of scans. However, the huge amount of data generated by port scans and other network events hides the significant operations and complicates the extraction of actionable intelligence. We present a comprehensive taxonomy designed to classify and analyse port scans systematically. We focus on interpreting detected port scans rather than their detection, leveraging the wide availability of detection tools. Our taxonomy assesses key attributes of port scans, including the intent, origin, potential hostile gain, damage potential, available intelligence, and the necessity for responsive actions. We then propose an 8-step classification process to guide this analysis. It begins with a thorough technical analysis of the scan which can be provided by various detection frameworks. Based on that, the legitimacy of a detected scan is determined, distinguishing between malicious intent and benign activities like friendly analysis, general research, or internet background noise. Next, we generate a "fingerprint" of the scan and cross-reference it against a database of known scans, compiled from historical data, CTI repositories, and incident reports. The analysis further evaluates the scan’s target, the information it may have revealed, and its success level. We also explore the broader intelligence that can be gleaned from the scan, enhancing situational awareness of our systems. Finally, we assess the technical response options, considering their feasibility and cost-effectiveness, and determine whether proactive measures are warranted. We show that our structured approach to port scan analysis improves the generation of actionable intelligence and supports informed decision-making for defensive strategies.

Tactics and Techniques of Information Operations: Gaps in US Response to Counter Malign Influence

2025-01-08T14:06:20+00:00

The modern information environment has transformed the dynamics of international conflict and politics. A byproduct of the capabilities offered by ubiquitous hyperconnectivity is continuous efforts by state and non-state actors to shape, manipulate, distort, or exploit information to influence public perception. These operations can deliberately disrupt social cohesion or undermine the stability and security of governments and societies. A thorough understanding of modern information threats is necessary to maintain the rules-based international order. Information threats (e.g., campaigns spreading false health information, exacerbation of domestic social issues, attacks on national reputation) aim to sow distrust and discord to gain a competitive advantage. Over the past two decades, US government agencies have been forced to modify outdated policies to counter information threats, often with mixed results. Despite recent academic frameworks and policy efforts to address information threats, gaps remain in addressing those that cross authorities, disciplines, and boundaries by their nature. This survey systematizes the tactics and techniques used in the conduct of information operations. We then present case studies to elucidate gaps and align the features of information operations against current US counter malign influence policies.

Obfuscation, Stealth, and Non-Attribution in Automated Red Team Tools

2025-01-17T17:35:52+00:00

In the rapidly evolving landscape of cybersecurity, large military and government organizations face ever increasing persistent and sophisticated threats against their enterprise networks. The challenge of defending these networks is compounded by the increasing complexity and stealth of cyber-attacks, which can evade traditional security systems and measures, and remain undetected for extended periods. As a result, the need for advanced defensive strategies and tools that can keep pace with these evolving threats has never been more critical, however, current automated red teaming tools are limited in their ability to emulate advanced persistent threat (APT) behaviors. Supporting such behaviors in automated security assessments and tools can be helpful for improving organizations’ cyber defense preparedness. This research demonstrates how obfuscation, stealth, and non-attribution techniques can be effectively automated into red teaming tools. We have enhanced our Cyber Automated Red Team Tool (CARTT) by integrating advanced evasion techniques to better simulate sophisticated cyber threats. By incorporating Metasploit Framework evasion modules and new custom Internet Control Message Protocol (ICMP) and Domain Name System (DNS) evasion capabilities into CARTT, its ability to evade detection by common security controls is significantly improved. In doing this, the research demonstrates how obfuscation, stealth, and non-attribution techniques can be effectively automated into red teaming tools. The enhanced CARTT has been tested in a virtualized operational environment, demonstrating its effectiveness in identifying vulnerabilities and assessing the robustness of security measures on a simulated enterprise network. The research results showed successful evasion of antivirus detection systems and covert data exfiltration using the newly implemented evasion techniques. The enhanced CARTT enables network managers as well as cybersecurity professionals to conduct more thorough evaluations of defense mechanisms against sophisticated threats, ultimately strengthening overall cybersecurity postures. The integration of sophisticated evasion techniques into CARTT represents a critical step in realizing the objectives of the DoD Cyber Strategy.

Systematically Analysing Prompt Injection Vulnerabilities in Diverse LLM Architectures

2025-01-19T14:00:16+00:00

This paper presents an exploratory systematic analysis of prompt injection vulnerabilities across 36 diverse large language models (LLMs), revealing significant security concerns in these widely adopted AI tools. Prompt injection attacks, which involve crafting inputs to manipulate LLM outputs, pose risks such as unauthorized access, data leaks, and misinformation. Through 144 tests with four tailored prompt injections, we found that 56% of attempts successfully bypassed LLM safeguards, with vulnerability rates ranging from 53% to 61% across different prompt designs. Notably, 28% of tested LLMs were susceptible to all four prompts, indicating a critical lack of robustness. Our findings show that model size and architecture significantly influence susceptibility, with smaller models generally more prone to attacks. Statistical methods, including random forest feature analysis and logistic regression, revealed that model parameters play a primary role in vulnerability, though LLM type also contributes. Clustering analysis further identified distinct vulnerability profiles based on model configuration, underscoring the need for multi-faceted defence strategies. The study's implications are broad, particularly for sectors integrating LLMs into sensitive applications. Our results align with OWASP and MITRE’s security frameworks, highlighting the urgency for proactive measures, such as human oversight and trust boundaries, to protect against prompt injection risks. Future research should explore multilingual prompt injections and multi-step attack defences to enhance the resilience of LLMs in complex, real-world environments. This work contributes valuable insights into LLM vulnerabilities, aiming to advance the field toward safer AI deployments.

Cyber Protection Strategies: Balancing Insurance and Security

2024-12-03T19:36:26+00:00

Firms employ various cybersecurity measures such as procedural controls, technical measures, and physical installations to mitigate and maintain risk at acceptable levels. The advent of cyber insurance has introduced a new dynamic, potentially discouraging self-protection due to coverage for losses. However, recent trends indicate a shift towards integrating cyber insurance into Information Technology (IT) risk management strategies. Cyber insurance can incentivize firms to optimally allocate security resources, particularly when premiums are tied to a firm’s security level. The availability and pricing of insurance coverage reflect an organization’s commitment to mitigating potential losses incurred from security breaches. This study examines the impact of cyber insurance on self-protection by developing an expected utility model that combines risk preference and utility theory. The model is contextualized within a monopolistic market scenario with mandatory participation, where organizations must purchase cyber insurance. This compulsion incentivizes firms to enhance their security posture to secure favorable insurance pricing. The study compares risk preferences across different scenarios, both with and without cyber insurance. Our findings show that premium discrimination affects agents differently based on risk preferences. Risk-neutral agents are more responsive to varying premiums, adjusting their investment in preventive measures accordingly. In contrast, risk-averse agents prefer to transfer risk through insurance rather than invest heavily in prevention. The study provides insights into firms’ risk management strategies, particularly regarding purchasing cyber insurance and selecting appropriate premium policies. By highlighting how incentive mechanisms like cyber insurance can align IT strategies with the overarching goal of safeguarding cyberspace, this research contributes to understanding behavioral aspects of cybersecurity practices. Moreover, the study underscores the importance of aligning insurance premiums with security investments to create a balanced approach to risk management. By doing so, firms can protect themselves more effectively and contribute to a more secure digital environment.

Food Security and Cyber Warfare: Vulnerabilities, Implications and Resilience-building

2025-03-10T14:47:49+00:00

This paper examines cyber security readiness in the food sector, considers whether this sector could potentially be targeted as part of a future cyber warfare attack, and discusses why the sector may be vulnerable to attack, the implications of such an attack, and potential routes for enhancing its cyber resilience. The food sector is recognised as a part of critical national infrastructure, and academic literature has reviewed some of the cyber security risks associated with the use of agricultural sensors, the emergence of ‘Agriculture 4.0, and the use of computer systems across the food production supply chain. However, the field of ‘food security’ studies does not yet feature a sustained focus on cyber security, and only a few studies in cyber security have considered the wider implications of cyber vulnerabilities for the sector. Moreover, the emergence of offensive cyber weapons raises the prospect that such weapons could in future be used to target food systems. Although International Humanitarian Law prohibits the targeting of the civilian food supply, it cannot be guaranteed that this supply is not impacted by cyber warfare attacks in the future. The paper draws from a recent systematic literature review as well as from relevant areas of scholarship to present a preliminary analysis of possible cyber vulnerabilities in the food sector and policy recommendations.

How Does Military Professionalization Affect Cyber Capacity Development?

2024-11-25T03:30:59+00:00

This paper investigates how military professionalization influences a state's propensity to incorporate cybersecurity responsibilities within their militaries. We argue that states with more professional militaries would be more likely to initiate cyber-capacity development. Employing quantitative analysis, this study analyzes cross-national data to test the hypothesis that states with higher levels of military professionalization are more likely to initiate the development of military cyber capacities. Our empirical results support this hypothesis, demonstrating a significant positive correlation between the degree of military professionalization and the likelihood of adopting new cybersecurity responsibilities. Our results also offer explanation as to which dimensions of professionalization are more strongly related to the adoption of military cyber capabilities.

Humanizing Cyber War: A Geneva Conventions-based Framework for Cyber Warfare

2025-02-04T05:33:57+00:00

Cyber warfare has emerged as a defining threat of the 21st century, presenting unique challenges that existing international humanitarian laws, such as the Geneva Conventions, are ill-equipped to address. This paper proposes a framework equivalent to the Geneva Conventions to regulate cyber warfare, ensuring the protection of civilian life, critical infrastructure, and digital systems during armed conflicts. By adapting the principles of distinction, proportionality, necessity, and humanity to the cyber domain, this proposal outlines protocols for safeguarding critical infrastructure, civilian data, maritime and satellite networks, and prohibiting indiscriminate cyber weapons and cyber hostage-taking. Drawing from case studies, such as the Russia-Ukraine conflict and the 2024 Israel-Hezbollah pager attack, the paper demonstrates how cyber warfare blurs the lines between combatants and civilians, amplifying the risk of collateral damage. Building on existing frameworks and academic proposals, this paper advocates for international cooperation, clear accountability mechanisms, and the establishment of humanitarian principles to govern cyber operations.

Cognitive Marginality: A Framework For Targeted Manipulation

2025-03-08T04:00:42+00:00

The “Marginal Man” is a foundational concept in social sciences that explores individuals existing between two cultures. This paper extends the concept into the cognitive domain, defining “cognitive marginality” as a state where individuals critically assess conflicting truths. The literature review conducted during this research identifies that there is no consistent framework that connects psychological behaviors to methods of targeted manipulation through information warfare. By exploring psychographic segmentation, cognitive dissonance, and modern information manipulation techniques, this research proposes a framework for identifying when individuals are most susceptible to influence. Applications of this framework could improve information campaigns, enhance detection of manipulation, and bolster defenses against adversarial influence.

Vulnerabilities to Crypto Currency Scams and Online Persuasion Strategies

2024-12-23T11:05:09+00:00

As deepfakes and scams online become more common, many individuals, organizations and nation-states struggle to maintain trust and remain credible sources for their stakeholders. Increasingly algorithms shape the digital information landscape, choosing what content is displayed and deepening the individual silos of information seeking. Recently it has been suggested that the best efforts to combat misinformation are not to try to stop its spread but through understanding the vulnerabilities on which it lands in the individual receiving the false information. There is an urgent need to investigate the mechanisms and extent of deception in online environments, as little is known about these specific vulnerabilities that then cause individuals to become victims for online scams. In the digital environment, different vulnerabilities exist yet they result from siloed studies in specific contexts. This paper starts by categorizing the different levels on which digital communication may be vulnerable. Further, this research asks how these vulnerabilities are utilized and what persuasion tactics are at use when crypto scams are concerned. Building on the persuasion principles, this paper analyzes three recent highly successful online scams. The findings conclude that social proof and scarcity were most used influence mechanisms, suggesting that scam prevention needs to understanding the vulnerabilities on which these influence mechanisms build.

Fuzzy AHP Model for Courses of Action Comparison in Military Operations

2024-11-12T08:44:41+00:00

In the realm of military operations, effective decision-making is fundamental, and the integration of advanced analytical tools can greatly enhance this process. This study introduces an Artificial Intelligence (AI) model based on the Fuzzy Analytic Hierarchy Process (Fuzzy-AHP) for comparing Courses of Action (COAs) in military operations. By combining fuzzy logic with the structured framework of AHP, the model effectively addresses the inherent uncertainty and multifaceted nature of military decision-making processes. Utilizing linguistic variables and fuzzy numbers, the system captures the ambiguity present in expert judgments and operational parameters, allowing for a more nuanced evaluation of various COAs. The proposed model features a hierarchical structure of decision criteria, encompassing technological and operations variables, each assessed using relevant fuzzy representations to reflect varying degrees of importance. The experimental results indicate that such an approach complements traditional decision-making methods in terms of flexibility, consistency, and its capacity to handle complex, multi-criteria scenarios typical in military contexts. Moreover, the model proposed demonstrates particular adaptability to changing operational environments and provides clear, explainable results that are essential for military planners. Therefore, this research contributes to the development of responsible and trustworthy AI-based solutions for military decision-making support, addressing critical challenges in the comparison of COAs.

Risks and Control Measures for Building Trustworthy Autonomous Weapon Systems

2024-11-18T10:43:53+00:00

This research examines the risks and control measures associated with building trustworthy Autonomous Weapon Systems (AWS), a rapidly evolving technology with various implications for military operations and international security. While AWS present advantages in precision and efficiency, they also imply operational, technical, and ethical challenges. Through a comprehensive analysis of relevant studies, this article identifies key risks inherent in AWS development, including algorithmic biases, unintended engagements, and cyber security vulnerabilities. For these, control measures are proposed to mitigate and avoid them, such as advanced fail-safe mechanisms, multi-layered human oversight protocols, and robust cyber security solutions. Particular attention is given to the role of meaningful human control as a fundamental mechanism for enhancing AWS trustworthiness without compromising operational effectiveness. The findings highlight the need for a dynamic, proactive, multidisciplinary risk-based approach to AWS development as trustworthy systems, emphasising the importance of international collaboration in establishing standardised risk assessment methodologies, trustworthiness benchmarks, and certification processes. Moreover, by systematically analysing both risks and control measures, this research provides a design framework for addressing the complex challenges of building trustworthy AWS in the context of evolving warfare technologies.

Hybrid AI Model for Proportionality Assessment in Military Operations

2024-12-19T11:33:41+00:00

In recent years, Artificial Intelligence (AI) has revolutionized the military domain and in particular the planning, execution, and assessment of military operations, leading to the development of advanced decision support systems. In this context, this research introduces a novel hybrid AI model for proportionality assessment in military operations, merging the advantages of artificial neural networks with fuzzy logic to create a robust and adaptable system. This approach combines the learning capabilities and pattern recognition strengths of neural networks with the ability of fuzzy logic to handle uncertainty and linguistic variables. In this way, the model addresses the complex challenge of estimating collateral damage and military advantage in dynamic operational environments and further proposes proportionality assessment decisions. Experimental results demonstrate that this intelligent approach contributes to existing models in both accuracy and explainability terms. Moreover, the model is adaptable to diverse scenarios and provides clear, interpretable results, aspects that are crucial for military decision-makers. By bridging the gap between data-driven learning and expert knowledge representation, this research contributes to the development of more ethical and legally compliant AI solutions for military operations, particularly in the critical domain of proportionality assessment in targeting decisions.

Comparison of AWS and AZURE in Prototype for Automated Selected Security Controls

2024-12-13T16:01:20+00:00

The cloud computing phenomenon has achieved global popularity, with enterprises increasingly relying on cloud services for day-to-day business operations. However, the rapid dissemination of new malicious code variants with zero-day assaults in the cloud creates confusion and broad worry because the attackers' motives often remain unknown. This paper discusses a safer computing platform or model that detects harmful or malicious code in a cloud environment and automatically selects the best security control for defence. Automated selection of the best security controls for real-time defence is crucial in cloud environments. The study utilizes pefile library in Python to extract signature bytes, N-gram algorithm for signature bytes segmentation, the C4.5 algorithm for constructing signature clusters, and a Python program to determine the best security control. The model was developed and tested using Microsoft Azure and the Amazon Web Services cloud infrastructure, with results demonstrating its effectiveness on both platforms in detecting malicious code and timely selecting an optimal security control for real-time defence.

Mitigating Ransomware in Government-Managed Institutions: A Global Critical Information Infrastructure Perspective

2025-02-01T13:36:40+00:00

This paper examines the escalating ransomware threats faced by government-managed educational institutions, focusing on their vulnerabilities, case studies, and mitigation strategies. With the adoption of Bring Your Own Device (BYOD) policies, schools increasingly expose their networks to cyber risks, making them attractive targets for cybercriminals. Case studies, including attacks on the Los Angeles Unified School District and the University of California, San Francisco, illustrate the profound impact of ransomware incidents and the diverse responses of institutions. Effective cybersecurity measures are crucial, emphasizing the need for prioritized spending, comprehensive security training, and advanced detection and response strategies. The role of government is also vital, as it develops legislation, guidelines, and funding opportunities to enhance educational cybersecurity. Recommendations include technical measures to secure networks and collaborative educational initiatives to share best practices. Ultimately, this research study underscores the necessity of continuous adaptation and government support in fortifying defences against ransomware threats. By fostering a cybersecurity awareness and resilience culture, educational institutions can better protect sensitive data and ensure the safety of their operations in an increasingly tricky digital landscape.

Towards an Artifact to Assess Differential Privacy in Microdata Streams

2025-01-02T05:51:17+00:00

As continued data breaches allow state-level threat actors to assemble expansive dossiers on populations to carry out information warfare objectives, protecting personal privacy in published data sets and internal data stores is increasingly essential to civilian and societal safety. At the same time, the explosion of high-resolution, high-accuracy microdata streams, such as timestamped geolocation coordinates collected simultaneously by hardware platforms, operating systems, and a multitude of on-device applications and sites establishes a layered, highly-correlated pattern of life that can uniquely identify individuals and allow for targeted information warfare actions. Differential privacy (DP) is an advanced but highly effective technique in protecting sensitive data streams. This robust approach preserves privacy in published data sets through additive statistical noise sampled from Gaussian or Laplacian probability distributions. Data sets that contain highly correlated event-based data require specialized techniques to preserve mathematical DP guarantees in microdata streams beyond “user-level” applications available in most off-the-shelf approaches. Because practitioners need more tools to assess the robustness of differentially private outputs in microdata streams, application errors may result in future reidentification and privacy loss for data subjects. This research yields an artifact that can reassociate events in microdata streams when insufficient naive approaches are used. It also serves as a tool for implementers to validate their approaches in highly correlated event data.

Cognitive Warfare and Cybersecurity: Strategic Implications for Global Security

2025-01-13T06:34:31+00:00

This conceptual paper explores the emerging domain of cognitive warfare, focusing on its strategic dimensions and the approaches of some state actors. Cognitive warfare transcends traditional psychological and information warfare by targeting the perceptions, emotions, and cognitive functions of adversaries, ultimately disrupting decision-making processes. Through a detailed analysis of Chinese and Russian tactics, this study explores how cognitive warfare is used to destabilize democratic institutions, manipulate public opinion, and create social fragmentation. The paper further investigates how these strategies challenge established concepts of warfare and security. It concludes by offering insights into the broader implications for national and global security, presenting defense frameworks and strategies to mitigate the growing threat of cognitive warfare.

Influencers as Tools in Hybrid Operations Online

2024-11-15T06:51:48+00:00

The study highlights the risks and threats that influencers pose to national security, as they serve as political role models and agenda setters for young people. Young people trust influencers and various digital platforms but do not view them as threats to national security. The digital revolution and information technology have reshaped power and legitimacy, and influencers can influence young people to turn against their own state, radicalize people, and make them distrust officials, politicians, and the military. They use digital platforms for their advantage, and young people trust influencers as truthtellers more than traditional gatekeepers. However, the risks to national security cannot be tackled by simply banning or regulating platforms like TikTok and Meta.

Exploring the Intersection of Cybersecurity, Neurocapitalism, and Biodesign

2025-03-11T22:01:21+00:00

The convergence of neurocapitalism and biodesign presents a promising future for the healthcare and technology industries. Neurocapitalism, a model characterized by monetizing neurological processes and behaviors, has profoundly impacted economies, technologies, and societal structures. Simultaneously, biodesign, which combines biology and design principles to develop innovative solutions, has emerged as a critical approach to healthcare innovation. Armed with the knowledge that neurocapitalism and biodesign rely heavily on data management, this commentary explores how insights from cyber security can protect the data involved. For this research, we delve into the foundational principles of neurocapitalism by elaborating on its core tenets and implications for various aspects of society, we establish a comprehensive understanding of biodesign by highlighting its significance in driving transformative advancements in healthcare, while simultaneously proposing strategies for enhancing the security of the sensitive information connected to the data used in both industries. Meanwhile, we identify intersections between neurocapitalism and biodesign through an interdisciplinary lens, revealing shared principles and potential synergies while proposing strategies for improving data safety. As we address the challenges and ethical considerations associated with combining neurocapitalism and biodesign, we also identify the security risks and the ethical implications that arise because of the lack of security. Looking ahead, we envision a future where the secure data used by neurocapitalism continues to shape the evolution of biodesign unethically. We also envision a future where by embracing a multidisciplinary approach and fostering collaboration across professions, the secure data can be used to create designs that work around neurocaptialism, unlocking new opportunities for innovation and addressing pressing healthcare challenges. By doing this, we are creating the possibility for more meaningful advances in cyber security, biodesign, and ultimately for individuals worldwide. As we conclude, we reflect on how the synergy between neurocapitalism and biodesign offers a fertile ground for exploration and innovation in healthcare and its data security. Through strategic integration and ethical stewardship, we can harness the critique of neurocapitalism to catalyze transformative change and usher in a more beneficial era of healthcare innovation.

Security Model against private data sharing by Streaming (OTT) platforms using Generative Adversarial Networks

2024-12-17T15:49:37+00:00

The expansion of television streaming services has transformed media consumption, providing unparalleled convenience and access to content. Streamers frequently gather comprehensive user data, encompassing viewing patterns, individual preferences, and financial details. This data can be commercialised via collaborations with external advertisers and data brokers, thereby engendering considerable privacy violations, identity theft, and user confidence deterioration. Generative Adversarial Networks (GANs) present a promising method for improving detection techniques of data transmitted to third parties. GANs can be trained to replicate standard data flow patterns and detect anomalies that suggest unauthorised data sharing. Additionally, GANs can produce synthetic data that simulate authentic user behaviour, thereby aiding in developing resilient real-time detection models. Moreover, GANs can create sophisticated data anonymisation techniques to monitor whether user data has been shared. This paper introduces an innovative, multifaceted security and privacy model utilising GANs and deep learning methodologies to identify and alleviate these threats. It compares the GAN model against traditional Support Vector Machine and Random Forests Classifier models. Our methodology integrates anomaly detection and graphs convolutional networks with generative adversarial networks to detect dubious data-sharing activities. The proposed model illustrates the efficacy of deep learning models, specifically GANs, in identifying unauthorised data-sharing platforms.

Cybersecurity Concerns on Mobile Phones: A Systematic Review

2025-01-08T14:50:09+00:00

Mobile devices have become an important part of our everyday lives since they offer access to a large variety of ubiquitous services. Because of this technological revolution, the deployment of mobile systems can offer sophisticated and complex services; like mobile payments, mobile health and even mobile government. Due to these astounding reasons, the number and types of vulnerabilities exploiting these services and communication channels have increased as well. This signifies that continuous investigation and understanding of the challenges and issues in mobile platforms is crucial. Hence, the primary aim of this study was to conduct a systematic literature review on mobile phone attacks, to gain a better understanding of the different attacks and threats to mobile devices. The focus was on four critical elements of the device, which are the: mobile operating system, firmware, applications and websites and lastly, connectivity. The PRISMA 2020 statement guided the systematic literature review. 675 journal articles and conference papers published between 2018 and 2024 were retrieved and 32 were considered for this study. The findings suggest that in 2023 alone, the number of cyber-attacks on mobile devices surged to 33 million. Also, the study found that there are various malware that can attack mobile devices namely virus, worms, botnets, trojans, ransomware, backdoors and root kits, due to these attacks the users’ privacy is compromised. These attacks exploit mobile security vulnerabilities to capture sensitive data or impersonate trusted entities. Cybercriminals recurrently dispersed mobile threats through both official and unofficial application stores. Malicious applications and websites are amongst the most popular attacks, followed by mobile ransomware and phishing. This study highlights various attacks that warrant further investigation, and future research should examine the controls and safeguards associated with each security issue. Additionally, there is a pressing need to advance lightweight, real-time malware detection systems that can operate effectively on mobile devices with limited resource.

Creating a Cybersecurity Culture Framework in Higher Education

2025-01-07T14:31:14+00:00

The increasing cybersecurity threats to higher education institutions in Africa necessitate risk management frameworks that are resilient and sensitive to regional needs. This paper applies Modified General Morphological Analysis (MGMA) to identify essential elements for an adaptable cybersecurity framework, focusing on the African higher education context. African institutions face many challenges, like limited funding, underdeveloped digital infrastructures, and rising cyberattacks. Our proposed MGMA is a structured methodology to examine key cybersecurity dimensions: governance, policy, technical controls, capacity building, and resource allocation. This approach allows for assessing complex interrelations among these elements, aimed at practical solutions suitable for African institutions. This study focuses on risk management approaches to address the specific vulnerabilities of African higher education institutions (HEIs), such as restricted budgets, inadequate cybersecurity teams, and increasing reliance on digital systems. The study promotes collaborative efforts by creating institutional networks, sharing resources, and enhancing cybersecurity expertise across Africa. The findings will guide decision-makers in aligning cybersecurity investments with strategic institutional goals, providing a framework for protecting critical educational assets, strengthening resilience, and advancing digital infrastructure development across African higher education.

Human Factors Engineering in Explainable AI: Putting People First

2025-02-12T20:59:14+00:00

This paper examines the integration of human factors engineering into Explainable Artificial Intelligence (XAI) to develop AI systems that are both human-centered and technically robust. The increasing use of AI technologies in high-stakes domains, such as healthcare, finance, and emergency response, underscores the urgent need for explainability, trust, and transparency. However, the field of XAI faces critical challenges, including the absence of standardized definitions and evaluation frameworks, which hinder the assessment and effectiveness of explainability techniques. Human factors engineering, an interdisciplinary field focused on optimizing human-system interactions, offers a comprehensive framework to address these challenges. By applying principles such as user-centered design, error management, and system adaptability, human factors engineering ensures AI systems align with human cognitive abilities and behavioral patterns. This alignment enhances usability, fosters trust, and reduces blind reliance on AI by ensuring explanations are clear, actionable, and tailored to diverse user needs. Additionally, human factors engineering emphasizes inclusivity and accessibility, promoting equitable AI systems that serve varied populations effectively. This paper explores the intersection of HFE and XAI, highlighting their complementary roles in bridging algorithmic complexity with actionable understanding. It further investigates how human factors engineering principles address sociotechnical challenges, including fairness, accountability, and inclusivity, in AI deployment. The findings demonstrate that the integration of human factors engineering and XAI advances the creation of AI systems that are not only technologically sophisticated but also ethically aligned and user-focused. This interdisciplinary synergy is a pathway to develop equitable, effective, and trustworthy AI solutions, fostering informed decision-making and enhancing user confidence across diverse applications.

Exploring Mitigative Strategies to Prevent Burnout in Cybersecurity

2025-02-12T20:53:18+00:00

Burnout poses a critical challenge in cybersecurity, affecting both individual well-being and organizational effectiveness. Despite its importance, limited scholarly research exists on preventive strategies specific to cybersecurity, hindering the development of evidence-based approaches. Current literature predominantly examines the causes, constructs, and theoretical models of burnout in cybersecurity, with insufficient focus on preventing this occupation phenomenon. This study addresses this gap by synthesizing existing research to propose strategic initiatives to combat burnout among cybersecurity professionals. Key prevention strategies include dynamic prioritization frameworks, flexible work policies, role-specific interventions to balance workloads and alleviate stress, personalized recognition programs, resilience-oriented onboarding, and enhanced engagement and psychological readiness. Other vital initiatives include supportive workplace cultures, inclusive environments, leadership development, and access to mental health resources, which are critical for mitigating emotional exhaustion and depersonalization. This research highlights initiatives, emphasizing the urgent need for further research to fill the gap in burnout prevention strategies for cybersecurity. By adopting a multifaceted approach, organizations can foster resilience, enhance employee well-being, and strengthen their capacity to address complex challenges to develop mitigative strategies to prevent burnout in cybersecurity.

The Intersection of Cyberwarfare, Social Media, and Adolescent Self- Esteem: A Forensic Cyberpsychology Analysis

2025-02-23T00:11:49+00:00

Adolescents' online interactions are reshaping cybersecurity challenges, with social media serving as both an outlet for self-expression and a source of psychological vulnerability. Positive impacts, such as creative self-expression and supportive communities, enhance self-worth, with studies showing a 25% increase in self-esteem among participants in such activities. However, cyber warfare, algorithmic exposure to idealized content, and excessive social comparison pose significant threats; 30% of victims report severe psychological distress, and 40% experience reduced self-esteem due to online interactions. Algorithmic biases amplify these issues, with 40% of adolescents engaged in upward comparisons reporting self-worth declines, and 30% exposed to cyberbullying experiencing severe distress. Mediating factors such as active parental involvement and digital literacy are critical to mitigating these risks. From a forensic cyberpsychology perspective, algorithm manipulation and the exploitation of adolescent vulnerabilities on social media mirror strategies used in cyber warfare and information operations. Adolescents' behaviors and susceptibility to influence make them targets for disinformation campaigns, raising concerns for cybersecurity technologies and threat intelligence. This study employs a forensic cyberpsychology framework to analyze the dual role of social media, synthesizing findings from recent empirical studies. The approach incorporates thematic analysis of evidence related to positive influences like creative self-expression and disruptive impacts such as cyberbullying and algorithm-driven biases, alongside mediating factors like parental involvement and digital literacy. Connections to broader cybersecurity issues, including information warfare and social engineering, are explored, highlighting the risks of cyber psychological warfare and manipulation as critical in addressing insider threats and fostering cyber resilience. Key findings reveal that participation in supportive communities boosts self-esteem by 25%, while creative self-expression enhances self-worth. Recommendations include collaboration among platform developers, educators, and policymakers to integrate digital literacy programs, enhance algorithm transparency, and implement ethical frameworks. These measures are essential for fostering psychological resilience and effective cybersecurity strategies.

A Machine Learning-Based Intrusion Detection Algorithm for Securing Bioinformatics Pipelines

2025-02-18T23:22:52+00:00

Bioinformatics pipelines, which process vast amounts of sensitive biological data, are increasingly targeted by cyberattacks. Traditional security measures often fail to provide adequate protection due to the unique computational and network characteristics of these pipelines. This study proposes a machine learning-based Intrusion Detection System (IDS) tailored specifically for bioinformatics workflows. While the CICIDS2017 dataset serves as the primary benchmark, we augment the study with bioinformatics-specific network traffic to ensure relevance. We compare the performance of four machine learning algorithms Random Forest (RF), Support Vector Machine (SVM), Convolutional Neural Network (CNN), and Gradient Boosting Machine (GBM) and explore hybrid models for enhanced detection. Our findings highlight GBM's superior accuracy (98.3%) while also addressing its computational overhead and susceptibility to adversarial attacks. The study contributes novel insights by integrating real-world bioinformatics traffic data and proposing adaptive security strategies for genomic research environments.

Ethical Implications of WannaCry: A Cybersecurity Dilemma

2025-02-13T21:47:17+00:00

The WannaCry ransomware attack of May 2017 marked a critical turning point in cybersecurity history, prompting profound ethical discussions about software vulnerability management. This comprehensive analysis examines the ethical dimensions of the WannaCry incident, focusing on the responsibilities of government agencies, technology companies, and security professionals in handling zero-day vulnerabilities. The study investigates the complex balance between national security interests and global cybersecurity while proposing ethical frameworks for future practice. Through a detailed examination of the attack's global impact and subsequent incidents, we demonstrate the ongoing relevance of lessons learned from WannaCry to contemporary cybersecurity challenges.

The Evolution of Phishing and Future Directions: A Review

2025-02-22T00:57:30+00:00

Phishing has emerged as one of the most persistent and evolving threats in cybersecurity. Its development from simple email scams to highly sophisticated and targeted attacks has been driven by technological advancements, the rise of social media, and the increasing availability of personal data online. This paper provides a comprehensive review of the evolution of phishing, examining key milestones in its history, current trends, and future directions. Emphasis is placed on the integration of emerging technologies such as artificial intelligence (AI) and machine learning (ML), the role of phishing-as-a-service (PhaaS) platforms, and the challenges posed by deepfake phishing and the Internet of Things (IoT). The paper concludes by discussing potential strategies for combating these evolving threats and proposes future research directions to enhance phishing detection and prevention mechanisms. Additionally, the study examines the growing intersection between phishing attacks and state-sponsored cyber operations, highlighting the increasing sophistication of threat actors and their exploitation of geopolitical events for targeted campaigns. The research also addresses the critical need for adaptive defense mechanisms that can respond to the rapid evolution of attack vectors while maintaining usability for legitimate users.

What if we Defeated Cybercriminals with an AI-Generated Voodoo ‘Curse Back’? Considering a Socially Engineered Ethical Alternative to Hacking Back

2024-11-20T16:46:56+00:00

Cybercriminals are influenced by beliefs in the supernatural and paranormal as much as we are. This practitioner’s position paper will explore how artificially influencing a cybercriminal’s belief that someone is cursing them models an ethical, socially engineered alternative for behaviorally disrupting cybercriminals. Rather than ‘hacking back’ cybercriminals, this paper asks how Nigerian cybercriminals using Voodoo to threaten victims and competitors would respond behaviorally if they believed they had been Voodoo cursed. Even Nigerian cybercriminals who do not believe in or practice Voodoo have demonstrated they are culturally and socially vulnerable to the suggestion they have been cursed, and they often threaten others with curses. This practitioner’s paper visualizes an integrated framework of distrust and “sinister attribution error”, explaining how people generally respond to imagined and IRL events based on their beliefs, but particularly how Nigerian cybercriminals who use real and imagined Voodoo cursing are vulnerable to these cognitive errors when trying to make sense of their unfavorable or troubling life circumstances and experiences. Visualizing this integrated framework would involve ingesting Nigerian cybercriminal communications, where there is use of Voodoo and other curses to fine-tune an LLM to generate artificial intelligence content mimicking what appear to be curses directed at Nigerian cybercriminals. However, this practitioner’s paper will only attempt to position the behavioral foundations of this socially engineered ethical alternative to ‘hacking back’, for transgressive investigators with authorities and in some cases researchers or activists who believe there is a need to take a more aggressive approach to degrading Nigerian cybercriminal enterprises.

fbi Most Wanted Girlfriend: The Futurist Model of Fugitive Trans Hacker and Merchandiser Maia Arson Crimew’s Meaning Making

2024-11-20T16:50:55+00:00

We are used to hearing about cybercriminals promoting themselves, but what if the merchandise a cybercriminal made about their own hacking experience revealed more about who they are? American law enforcement officials indicted Swiss trans hacktivist maia arson crimew in March 2021 for over a dozen hacks where she publicly disclosed proprietary information from more than a hundred organizations. Officials noted the profit from “hacking-inspired clothing” she created as an overt act in her criminal conspiracy. This practitioner’s case study applies theoretical frameworks of psychological ownership and egocentric categorization, to explore how possessing products and creating products communicates the kind of person you are and the kind of person you want to become, suggesting maia’s merchandising may have been how she made meaning rather than a criminal act in a conspiracy. This practitioner’s case study will analyze samples of her merchandise within these frameworks. This paper will provide further context for that analysis with review of a sample of her podcast interviews in the immediate years after her indictment. This practitioner’s case study suggests that applying these alternative frameworks to behavioral analysis of cybercrime personalities like maia that proclaim a range of motivations and identities, could provide greater insight into increasingly diffuse hack-and-leak narratives across cybercrime communities.

System Reliability Analysis: Impact of Structural Anomalies in State Voter Registration Systems

2025-03-21T10:43:38+00:00

This analysis examines fundamental reliability issues in state voter registration systems stemming from structural
database anomalies and record reconciliation failures. Research reveals systemic inconsistencies that impair basic database
functionality, including: irreconcilable discrepancies between state and county voting records, widespread record duplication
(cloning), retroactive historical modifications, and algorithmically obscured data relationships. These issues create
mathematical uncertainties in both individual and aggregate voter participation records that cannot be resolved through
standard auditing procedures. The cumulative effect renders these systems incapable of reliably performing their core
function of accurately tracking voter participation, independent of the original causes of these anomalies.

Enhancing Cybersecurity Through a Revised Risk Management Framework

2025-03-11T21:37:28+00:00

The Department of Defense (DoD) relies on a secure and resilient communication infrastructure to enable critical functions and command and control operations. Ensuring the security of this infrastructure is essential, and the DoD follows the Risk Management Framework (RMF) established by the National Institute of Standards and Technology (NIST) to assess and manage cybersecurity risks. While the RMF is designed to standardize security practices across the DoD, the current process suffers from several shortcomings. These include excessive subjectivity, inefficiencies, and a compliance-driven focus that does not adequately address the rapidly evolving technological landscape and emerging threats. This paper seeks to explore revisions to the RMF that could improve its objectivity, efficiency, and threat-based focus, ultimately enhancing its overall effectiveness. By reviewing existing literature, including studies from the Naval Postgraduate School and NIST publications, this research will identify key inefficiencies in the current RMF process and propose targeted improvements. Specifically, the paper will examine gaps between expected and actual cybersecurity performance, streamline the Authority to Operate (ATO) process, and offer solutions aimed at improving both transparency and operational efficiency while reducing redundant efforts. In addition to addressing inefficiencies, this research will focus on enhancing RMF’s adaptability to emerging technologies and the dynamic nature of modern threats. As cyber threats become more sophisticated and as the pace of technological innovation accelerates, a more flexible, forward-looking RMF is essential to maintaining operational security. The research will also explore how to integrate real-time threat intelligence and automation into the RMF process to further strengthen its capabilities. The expected outcome is a more agile and responsive RMF that better aligns with the DoD's evolving mission needs and technological advancements. The proposed revisions are intended to enhance joint integration, improve the overall cybersecurity posture, and increase operational effectiveness, ensuring the DoD's communication infrastructure remains secure, adaptable, and capable of responding to future challenges and adversarial threats.

An Overview of Video Game Biometrics Collection and Considerations for Cyberbiosecurity

2025-03-06T17:33:43+00:00

Over the past fifty years, the global cost of consumer electronics has significantly decreased, leading to greater accessibility to both biosensing systems and interactive entertainment platforms. This increased access has naturally resulted in higher usage of medical and entertainment electronics. However, the intersection of these technologies, combined with invasive data harvesting practices, has raised concerns about the potential misuse of biological signals to manipulate individuals' behavior both within and beyond the video game environment. Currently, biometric data in video games are employed in various ways, such as using Heart Rate Variability (HRV) as a performance metric and integrating eye tracking to enhance hardware capabilities (Hughes & Jorda, 2021). Moreover, patents filed by companies in the interactive entertainment industry indicate ongoing efforts to use personalized data, including biometric and behavioral information, to identify and exploit gambling-like behaviors in players. These technologies, when combined with demographic data, can be utilized to predict and modify behavior to maximize profits. The implementation of these analyses varies across platforms, ranging from general-purpose mobile devices capable of offering interactive entertainment to specialized technologies designed exclusively for video games. Additionally, the concept of “truth decay” is explored in relation to video game-based advertisements, highlighting the blurring of lines between entertainment and persuasion. Furthermore, video games are increasingly recognized as potential training environments, where behavior can be influenced or conditioned in specific ways. As these technologies continue to evolve, the ethical implications of using biometric data in such contexts become ever more critical, warranting careful consideration and regulation to prevent the exploitation of players and to ensure that these powerful tools are used responsibly. Potential solutions to the exploitation of younger users of interactive entertainment are offered, demonstrating failures of current mechanisms and the abdication of responsibility of entertainment conglomerates. A collection of policies in the style of GDPR that could be used to safeguard users from unwanted interactions with their technologies are offered as a conclusion.

Governance for Cyber Threat Intelligence (CTI) Exchange Across the DYNAMO Resilience Cycle

2024-11-26T17:07:02+00:00

Cyber threats continue to escalate in complexity and frequency, underlining the need for effective Cyber Threat Intelligence (CTI) exchange to secure critical infrastructures across various sectors. However, the sharing of CTI is often impeded by concerns relating to security, trust, compliance, and coordination among stakeholders. Existing frameworks such as NIST’s Risk Management Framework (RMF) and ENISA’s CTI Maturity Model provide foundational guidance. Still, they are inadequate in fully addressing the sector-specific challenges realised by industries such as healthcare, energy, and maritime. This paper explores the need for a governance framework for CTI exchange by analysing existing literature, frameworks and use cases from critical sectors. The objective is to identify areas where governance is essential for ensuring secure, efficient, and compliant CTI exchange, with a particular focus on sector-specific challenges. The DYNAMO project, a European Union initiative, serves as a key case study for demonstrating how governance principles can be integrated into practical CTI exchange systems. The governance needs for CTI exchange are examined across six phases of the resilience cycle i.e. Prepare, Prevent, Protect, Respond, Recover, and Learn & Adapt. This analysis highlights how a structured governance framework can enhance the effectiveness, security, and compliance of CTI exchange in critical infrastructure sectors. By aligning governance principles with each phase of the resilience cycle, the paper demonstrates how sector-specific challenges can be addressed through improved coordination, regulatory adherence, and continuous learning. The paper concludes that while existing frameworks provide a solid foundation, sector-specific governance models are needed to address the unique risks and regulatory requirements of critical infrastructures. As DYNAMO’s tools are piloted in healthcare, energy, and maritime sectors, future research will focus on validating the proposed governance model through real-world applications, ensuring that it is adaptable to evolving cyber threats and sectoral needs.

A Snapshot of the Biocybersecurity/Cyberbiosecurity Landscape (2017-2024)

2025-02-17T08:10:38+00:00

The global bioeconomy is extremely valuable, comprising healthcare, agriculture, logistics, and biotechnology, and more (Murch et al, 2018; Kircher, 2019; Khandekar & Ghosh, 2023). The increased integration of digital systems within biological domains within the modern bioeconomy has exposed vulnerabilities that exist at the intersection of cybersecurity, cyber-physical security, and biosecurity, referred to as "Cyberbiosecurity" (CBS) or "Biocybersecurity" (BCS) (Murch et al, 2018; Potter and Palmer, 2023). These respectively focus on protecting biological data and systems from cyber threats and addressing the security of cyber systems that interact with biological entities. Their landscape has evolved considerably and vulnerabilities found pose risks to infrastructure and human lives, as cyberattacks could disrupt essential bio-based and related systems such as medical supply chains, food systems, research, and all connected to it (Murch et al, 2018; Potter and Palmer, 2023). Given the complexity and interconnectedness of these domains, the need for interdisciplinary collaboration between experts in cybersecurity, biosecurity, and biotechnological innovation is more pressing than ever. Addressing these emerging threats requires a multifaceted approach combining technical safeguards with policies that enhance resilience across the bioeconomy. There is considerable benefit to viewing what work is mapped over the combined landscape. In order to map the research landscape and track the progess and explorations of this work, research publications were compiled and analyzed using search operators including "Cyberbiosecurity," "Biocybersecurity," "Digital Biosecurity," and "Cyber-biosecurity" to identify critical trends and contributions over the past seven years. In this we have found many different players and trends by year. This work finds that the intersections of Cybersecurity and Biosecurity presents an evolving landscape with significant benefits, novel applications, but also heightened global risks. When properly examined, our communities can meet the emerging challenges.

Expanding the Cyber Mission Space with the Expansion of Security Cooperation in the Era of Great Power Competition

2025-03-03T21:44:08+00:00

As great power competition intensifies, cybersecurity has emerged as both a battleground and an opportunity for cooperation. Malign actors exploit cyber infrastructure to undermine international order while simultaneously presenting themselves as contributors to economic growth. This paper proposes a novel framework for managing cybersecurity challenges by establishing regional Cyber Centers of Excellence (CCoEs), aligned with existing internet governance structures. The research outlines three key contributions: (1) mapping cyberspace governance to align cyber defense responsibilities with existing regional partnerships, (2) enhancing multinational mission assurance through CCoEs as collaborative hubs, and (3) leveraging proactive cyber operations such as “hunt forward” to increase partner capacity against cyber threats. By integrating established security cooperation mechanisms with new cybersecurity frameworks, this paper offers policymakers and cybersecurity professionals a roadmap to strengthen global cyber defense efforts while balancing national sovereignty and collective security.

Information Maneuver in the United States Marine Corps

2025-03-12T17:41:13+00:00

In 2017, Secretary of Defense James Mattis formally addressed and introduced the seventh joint warfighting function: information. This resulted in an explosion of literature across the military services in an attempt to define this new function and its many facets. Research reveals information can be viewed as data with meaning, a domain, a warfighting function, and an action when paired with maneuver. Conceptual frameworks have been proposed for the latter, but no consensus has been reached between service branches. Specifically, maneuver within the information environment has yet to be defined. The physical aspect of maneuver can be understood through actions executed in time and space. However, maneuver becomes an abstract concept as soon as the information environment is introduced. This becomes a problem for practitioners, planners and commanders alike when implemented without foundational direction. A framework must be provided for Marines to learn, implement, and refine. This paper aims to: 1) define information maneuver, 2) accentuate the relationship between information maneuver, the information warfighting function, and the six remaining warfighting functions, 3) delineate the need for research that develops the Marine Corps’ understanding of information maneuver to enable effective employment of information maneuver specialists.

Business Continuity Against Cyber Interruptions

2025-03-21T11:02:52+00:00

Resilience and continuity management have wide societal impacts and are particularly important for critical
infrastructure organizations. Organizations face constant risk of cyber incidents. Business continuity management
strategies rely increasingly on networks of organizations. The research question of this study is: How to ensure business
continuity in case of cyber interruptions? Master’s students contributed the practical data collection of the sample, which
are 25 interviews of Finnish continuity professionals. This data collection was performed as part of their studies in
Continuity management. All interviewees have consented to their answers being used as research data. The analysis is
based extracting data to the Data Extraction Table (DET) that was specifically designed, based on the research question of
this study. The results show that it is important to create a continuity plan grounded on risk assessment and defined
actions for possible disruptions. Secure and up-to-date infrastructures with good security measures are recommended.
Backup in secure storage locations and backup systems for critical data help restore data. Also, developing methods to
continue essential operations even if ICT systems are unavailable, is advisable. Regular staff training on cyber security,
response protocols, identifying potential threats, and clear internal and external communication are needed when hit by a
cyber incident. Identifying critical operations and recognizing the most important processes will help prioritize during an
interruption, and alternative methods can help to continue essential operations when ICT systems are down. BCM
processes offer frameworks that help build organizational resilience and can facilitate efficient responses when
encountering critical events.

Ethical Challenges in Cyber Warfare: A Modular Evaluation of Offensive Cyber Justification

2025-01-02T14:27:57+00:00

Competition and conflict in cyberspace at all levels of society have become persistent in the modern world. As individuals and organizations are obliged or incentivized to engage in such competition -- either defensively or offensively -- understanding the ethical implications of cyber operations is increasingly essential. Ensuring actions in cyberspace are ethically coherent with actions in other arenas protects persons and organizations from cognitive dissonance. It can impose normative forces to keep cyberspace compatible with civil society as it is presently understood. Rather than applying extant and monolithic ethical frameworks to cyber operations, this paper explores a modular approach to ethical framework construction. We examine how cyber action might be justified by multiple broad ethical paradigms, determining how different traditions might shape ethical justifications and, therefore, the permissibility and scope of cyber actions. The paper focuses on the ethical justification for offensive actions by examining different case studies and ethical framework constructions, highlighting how the foundational decisions that define a person's or organization's ethical framework subsequently determine the scope of action permitted to or required of that entity. Ultimately, the paper seeks to reconcile the new conflict domain of cyber with longstanding ethical reasoning about conflict in general and to highlight the specific deviations or reconsiderations this new frontier may require.

Cyber Threats in Hospitals: GDPR and NIS2 Regulations in Preventing USB Injections

2025-01-27T09:25:32+00:00

Cybersecurity is crucial in healthcare due to the escalating use of digital technologies and the rise in cyber-attack risks. This research demonstrates the necessity for robust strategies to safeguard physical and digital infrastructures, ensuring the security of patient data and healthcare services. Healthcare providers can protect themselves from the prevalent cyber-attack risks by establishing robust security measures, protocols, and actions. The study aims to demonstrate the importance of aligning cybersecurity measures with the stringent regulatory demands of the General Data Protection Regulation (GDPR) and the Network and Information Systems Directive (NIS2). The security, privacy, and integrity of patient data within systems require a commitment to technical enhancements and procedural changes. Adhering to these regulations is not just obligatory, but also advantageous, as a secure information environment bolsters patients' confidence in the healthcare system. However, it is not easy to achieve a healthcare environment that is completely safe and compliant due to many challenges. Numerous challenges exist, such as enforcing uniform security measures across disparate systems and integrating new security technologies into legacy environments.

The rising use of USB devices by healthcare staff has made hospital work areas more accessible to non-employees, including patients, their families, and students at university hospitals. Staff members may not fully comprehend the risks associated with using USB devices for exchanging clinical information. A virus infection in a portable USB device connected to Point of Care Testing (POCT) equipment can result in a partial denial of service. Navigating the complicated regulatory requirements adds to the complexity of this vital task. Although there are many obstacles, the proposed strategies provide a clear path to move forward. Organisations can fortify themselves against rising cyber threats by fostering a culture of continuous improvement and dedication, investing in the modernisation of outdated systems, and placing cybersecurity at the forefront of healthcare service delivery. This proactive approach is about safeguarding the core of healthcare, which is the health and safety of patients. The research question is: What vulnerabilities do USB devices introduce into healthcare systems, and how do they conflict with GDPR and NIS2 standards?

Using the Instrumentality of Law and Policy in Balancing Privacy Issues, Security and Civil Liberties in a Digital Era

2025-03-21T11:08:14+00:00

Information technology is rapidly changing our world. It avails us with new opportunities to interact,
communicate and do businesses. The wide and increased usage of the internet has made communication easy, fast and
efficient. On the other hand, information and communication technology also provides an avalanche of avenues through
which harm can be perpetrated to our security both individually and collectively. The threats and challenges posed by
information technology continue to evolve on daily basis, hence the need to protect our human and constitutionally
guaranteed rights. The tug of war between privacy concerns and security has become a defining issue of the digital age.
The paper aims to discuss the need for the government to regulate the new threats posed by information technology using
the instrumentality of the law. This paper made use of primary sources of data such as such as enabling laws, acts and
secondary sources of data, conventions, and journal articles. The study is also analytical and comparative in nature. The
paper finds that advanced and sophisticated technology have facilitated constant intrusion into people’s personal data and
communications. There is need to protect legal, ethical and social values against these constantly up surging technologies.
The paper therefore recommends amongst others that there is an urgent need to finding the right equilibrium between
privacy threats and constitutionally guaranteed civil liberties as the society embraces emerging technology like artificial
intelligence and its likes. Thus, governments need to develop significant legal frameworks to regulate government
surveillance steps, increase transparency and implement privacy-enhancing measures.

The Roles of PA and MISO in Modern Warfare

2025-03-21T11:52:43+00:00

The relationship between Public Affairs and Military Information Support (MISO)/ Psychological Operations
(PSYOP) has become increasingly relevant in today’s modern information warfare. The current military doctrine describes
PA and MISO as separate yet coordinated activities. PA focuses on providing truthful information to the public, while MISO
aims to influence target audiences through strategically crafted messages. Although both PA and MISO share the common
goal of combating disinformation and developing effective narratives within the realm of information warfare, they are
usually regarded as separate and distinct fields. This separation can create challenges in coordinating efforts between the
two areas. This paper analyzes joint doctrinal frameworks and select real-world cases to explore the relationship between
PA and MISO, and how these activities complement each other to improve military communication strategy. The research
specifically addresses two questions: RQ1: What is the doctrinal relationship between PA And MISO? and RQ2: How can PA
and MISO complement each other to improve military communication strategy while countering propaganda? By analyzing
tactics used in the Second Nagorno-Karabakh War, the Russia-Ukraine War, and the Israel-Hamas War, and current military
doctrine, this study demonstrates that the complementary efforts of MISO and PA can provide a significant advantage to the
side that dominates the information war. The study concludes that integrating PA and MISO can enhance the credibility and
persuasiveness of military communication efforts, as long as their distinct roles are respected and maintained.

Towards an Ontology-Driven Approach for Contextualized Cybersecurity Awareness

2025-02-19T10:36:11+00:00

Traditional training in the form of classrooms and on-site sessions require that participants are present at a specific time and place. Furthermore, traditional learning compels learners to follow a set schedule and does not provide any leeway for those that struggle to understand certain ideas or those that may want to progress faster. While some platforms have been developed to assist with cyber security awareness and digital literacy, they may not offer the benefit of contextualized learning. A “one-size fits all” strategy may not be the best in this rapidly evolving cyber landscape we live in. To assist in solving this problem, a research study was conducted on existing training techniques. This was used to propose an ontology-based solution for cybersecurity awareness that can be applied to certain sectors whereby contextualization is a critical need.

On Adding Context to Automated .NET Malware Analysis

2025-01-09T17:04:27+00:00

Malware analysis benefits substantially with the help of automation. When it comes to analysing .NET malware samples, there is a dearth of automated analysis tools that provide quality results. Streamlining the malware analysis workflow to assist in completing the process in a timely manner is another challenging task. We determine that adding context to each piece of extractable information could help an analyst in understanding the functionality of the .NET sample better. In this paper, we introduce a standalone command-line application developed in Python, designed to assist analysts in .NET malware analysis. We follow a static analysis approach to extract features from the samples, to identify higher-level capabilities and to provide exact indicators of compromise. We do not rely on dynamic analysis as it only follows one path of execution. We compare the results of the tool with similar existing tools that can analyse .NET samples. Through a qualitative evaluation, we showcase the utility of the tool in terms of providing significant insights to a malware analyst. We study openly published Malware Analysis Reports (MARs) that are generated through extensive analysis and observe how the tool can provide the same insights in a simple and reliable manner.

Cybersecurity Awareness Through Interactive Learning Using the CyberVigilance Game

2024-11-26T17:13:51+00:00

Cybersecurity has become increasingly important in today’s digital landscape, with end users bearing a major duty to ensure the security of computer systems. A significant percent of data breaches are associated with human involvement, highlighting the crucial role individuals play in cybersecurity and the necessity of developing practical solutions to mitigate security risks associated with human factors. Traditional training approaches often fail to adequately address cybersecurity-related human errors due to low engagement levels and lack of interactivity. To address these shortcomings, this research introduces 'CyberVigilance,' an instructional cybersecurity game designed for students. It is implemented as an interactive educational game to teach cybersecurity principles. The game contributes to cybersecurity awareness by offering students an engaging, hands-on learning experience. The feedback and scoring mechanisms within the game reinforce the importance of cybersecurity awareness, motivating students to apply what they have learned in practical contexts. Using a multi-agent system (MAS), CyberVigilance integrates cards and feedback to represent various cybersecurity scenarios in a competitive game where students act as defenders against computer-simulated attacks. Students earn points by selecting cards linked to cybersecurity awareness, which enhances their decision-making skills and prepares them for real-world cybersecurity threats. Most importantly, the game captures data on students' performance, which is then analyzed to assess the effectiveness of the MAS in predicting and classifying their actions using machine learning (ML). This ML-driven approach aims to provide insights into students’ decision-making patterns, identify areas needing improvement, and adaptively enhance training by tailoring feedback to strengthen cybersecurity skills.

Exploring the Regulation of Commercial Cyber Intrusion Capabilities’ Proliferation and Misuse

2024-11-04T12:45:36+00:00

The commercial cyber intrusion industry has grown prolifically without any legal constraints for many years. Many governments and private clients contributed to the cyber intrusion capabilities’ proliferation by paying millions of dollars to private companies for a variety of covert offensive cyber capabilities. The risk it presented to national security, rule of law and human rights’ protection was not anticipated. Unchecked commercialisation of intrusion capabilities made its way to malicious state and non-state threat actors who would not have had access to it had it not been for the commercialisation. The harm resulting from the commercial development, selling, export and use of intrusion capabilities have contributed to make an already insecure digital ecosystem even less safe. Governments are exploring the regulation of commercial intrusion capabilities. The United States (US) government issued an executive order (EO) in 2023 banning the buying, export and use of commercial spyware on a domestic level that presents a risk to national security, rule of law, and human rights. Countries, such as the US, France and the United Kingdom (UK), took initiatives on a global level. The US issued a joint statement aimed at reigning in the proliferation of commercial spyware whereas France and the UK launched the Palm Mall Process in 2024 focussing on establishing norms that can serve as guidelines for the development and use of commercial intrusion capabilities. The discussion explores the necessity to regulate the commercial intrusion industry to ensure that digital intrusion capabilities are used in a responsible and human rights’ respecting manner. The aim of regulating commercial intrusion capabilities is to make the digital ecosystem safer. The discussion evaluates the effectiveness of the initiatives to restrain the commercial intrusion industry, and prevent the misuse of these capabilities. The misuse of commercial intrusion capabilities constitutes an ongoing threat. Governments and companies must broaden their focus beyond controlling the commercial intrusion industry. They must extend their attention to cyber resilience and risk mitigation, and aim at having the necessary cybersecurity measures in place to prevent, detect, respond and recover from the malicious or irresponsible use of intrusion capabilities.

Mobile Phone Firmware and Hardware Hacking Detection System

2024-11-21T17:53:36+00:00

Mobile devices have become prevalent due to the features they offer to their users, such as browsing the internet, digitising notes, sending and receiving invoices, asset management, recording signatures, checking emails and accessing social media platforms. In 2021, the number of mobile devices operating worldwide stood at almost 15 billion, expected to reach 18.22 billion by 2025. The sheer volume of sensitive information stored on these devices, from personal data to corporate credentials, makes them an enticing prospect for malicious actors. The increasing reliance on these mobile devices for personal and professional purposes underscores the importance of robust security measures. Modern hacking techniques often target mobile hardware and firmware vulnerabilities, jeopardising user privacy and data integrity. This research introduces the "Mobile Phone Firmware and Hardware Hacking Detection System", a comprehensive solution built with Python to detect unauthorised firmware and hardware modifications in mobile devices. The system integrates various modules, including tools for secure user interaction, machine learning-based for Android applications analysis, desktop user interface, and real-time threat detection. A meticulous review of existing research was conducted to gauge the current landscape of mobile phone hacking detection. The proposed system showcases innovative features like firmware attack detection, application behaviour analysis, and hardware integrity checks. This research addressed the escalating issue of mobile phone security by providing a system that can potentially thwart unauthorised access and data breaches. The system's implementation details include the user interface, Android app analysis, threat detection algorithm, firmware hack detector and the phone's low-level connector. Comparative analysis with existing solutions reveals the model's robustness in detecting hacking attempts while highlighting potential improvement areas. Although the system demonstrates significant capabilities, it is crucial to consider the potential challenges posed by more sophisticated firmware and hardware hacking techniques, such as those exploiting previously unknown vulnerabilities.

Analysis of the Issues Related to the Problem of Enhanced Data Security in Space

2025-01-16T07:54:38+00:00

As space exploration and use expands, the need for strong data security measures becomes increasingly important. This article explores the unique challenges of protecting data in space-based systems and proposes solutions to address these challenges. The vulnerability of space-based communications networks, satellite systems, and terrestrial infrastructure to cyber threats and potential attacks is studied. An overview of the literature on space data security reveals a variety of existing vulnerabilities and challenges in protecting sensitive information transmitted to and from space. Issues such as data interception, unauthorized access, and the impact of space weather events are prominent concerns that have been documented. Overview of a comprehensive framework for improving data security in space environments based on encryption, authentication, security protocols, intrusion detection, and physical security principles. By implementing these solutions, space agencies and organizations can ensure confidentiality, integrity, and availability of data and ensure safe operations in the space sector.

Influence of Public Perceptions on Cybersecurity Policy Framework Formation

2025-02-28T10:33:53+00:00

This systematic literature review seeks to understand influence of the relationship between public perceptions and governmental responses to cybersecurity. The focus is on how these perceptions influence policy formulation processes. This is achieved by comparing the approaches of the United States of America (U.S.A), China, Australia, and Sweden. We analyse the alignment and discrepancies between public expectations and governmental cybersecurity strategies. And examine the legislative and practical challenges of bringing public views into play within effective policy frameworks. While the findings highlight high public awareness and concern about cybersecurity, the analysis appears to overly generalize without considering disparities in public awareness across socio-economic groups or regional variations, raising questions about the representativeness of these conclusions. What we reveal across governance models is a common tendency for reactive rather than proactive governmental responses with differing degrees of openness and public participation. Hence, a conclusion is drawn on the proposal of a theoretical framework that would promote a participative approach to policymaking in cybersecurity between governments and the public. A policy which enhances its relevance and effectiveness by being resonant with the public's concerns and global standards. This policy serves as the foundation for robust, practical, and highly inclusive cybersecurity frameworks designed not only to address technological threats but also to align with public expectations and perspectives on national security.

An Experimental Evaluation on Proposing a Methodology for Assessment of Packing in DFIR of Ransomware Binaries

2025-01-06T02:46:25+00:00

When investigating ransomware incidents, DFIR (Digital Forensics and Incident Response) personnel and law enforcement agents are often tasked with performing Forensic Analysis and Reverse Engineering of malware to understand, evaluate and assess key features of the malicious executable to be able to establish authorship and materiality of the cyber-attack. In this light, there is often the challenge of dealing with packing of executable files, a feature that malware authors employ to hide malicious features, to avoid detection or to hinder reverse engineering. Although there are many options for malware analysts to deal with this issue, such as online sandbox services and platforms designed for automated, large-scale malware analysis of binaries, they might not be the suitable for DFIR personnel and law enforcement actors entrusted with the investigation of cyber incidents, because, amongst other factors, they might entail the submission of a live sample to a external website or platform, leading to a breach in the chain of custody and confidentiality. They may not output pertinent information of forensic value, act as black boxes, or they may not accurately or sufficiently replicate the environment or IT ecosystem present in each incident. They are often paid-for services or with often limited or inflexible resources and time constraints for free analysis options. Given this, we discuss some of the peculiarities of assessing the packing aspect of malware in the context of ransomware incidents, while carrying out an experimental evaluation of a methodology for assessing that feature in ransomware binaries. The main goal of this assessment is to determine whether a given ransomware sample unpacks itself and how, while also providing the analyst valuable insights about key characteristics of its unpacking process. The proposed methodology combines static and dynamic analysis indicators, in a dynamic multi-pass approach for increased robustness, while also adopting previously established metrics for measuring unpacking found in previous, generic malware research.

AI-Driven Cybersecurity Strategies for ISPs: Balancing Threat Mitigation and Monetization

2025-02-12T07:30:57+00:00

As traditional revenue streams from bundled internet, voice, and TV services decline due to the rise of OTT platforms like Netflix and voice-over-IP services such as WhatsApp, Internet Service Providers (ISPs) are seeking innovative strategies to remain competitive. This white paper highlights the pivotal role of AI-driven cybersecurity in securing household video and data traffic across broadband, video streaming, and smart home devices, offering ISPs a powerful tool to enhance customer experiences and boost Average Revenue Per User (ARPU). By leveraging AI technologies, ISPs can safeguard and optimize the flow of data across connected homes, ensuring a seamless, secure, and high-quality experience for users. AI-driven cybersecurity solutions enable ISPs to monitor and protect video streaming content, gaming applications, and smart home devices such as IP cameras. These solutions not only enhance security but also improve network performance by identifying and mitigating potential vulnerabilities in real time. By integrating AI-powered cybersecurity tools with real-time Quality of Experience (QoE) analytics, ISPs gain deep insights into user behavior and device interactions. This allows them to proactively address issues such as data breaches, service interruptions, and latency, ensuring uninterrupted and high-quality service delivery. Armed with these insights, ISPs can create personalized service bundles that combine premium cybersecurity features with high-demand offerings such as 4K streaming, low-latency gaming, and smart home automation. For example, ISPs can offer tailored packages that include advanced firewall protection, parental controls, and IoT device management alongside premium content and high-speed internet options. These AI-driven bundling strategies not only enhance the security and performance of connected devices but also unlock new revenue streams by upselling premium packages to customers. Additionally, value-added features such as real-time security alerts, periodic reports, and integrated support services foster customer trust and loyalty. By leveraging AI to optimize both security and service delivery, ISPs can reduce churn, increase customer satisfaction, and significantly boost ARPU. This strategic approach positions ISPs as leaders in the competitive broadband and entertainment landscape, enabling them to thrive in an era of evolving consumer demands and technological advancements.

Cultivating Cybersecurity: Designing a Cybersecurity Curriculum for the Food and Agriculture Sector

2024-12-09T19:00:25+00:00

As technology increasingly integrates into farm settings, the food and agriculture sector has become vulnerable to cyberattacks. However, previous research has indicated that many farmers and food producers lack the cybersecurity education they require to identify and mitigate the growing number of threats and risks impacting the industry. This paper presents an ongoing research effort describing a cybersecurity initiative to educate various populations in the farming and agriculture community. The initiative proposes the development and delivery of a ten-module cybersecurity course, to create a more secure workforce, focusing on individuals who, in the past, have received minimal exposure to cybersecurity education initiatives.

DYNAMO and the EU AI Act: Balancing Innovation and Regulation

2025-01-27T09:18:48+00:00

This work-in-progress paper examines the impact of the European Union’s Artificial Intelligence Act (EU AI Act) on the EU-funded cybersecurity project DYNAMO, which integrates Business Continuity Management (BCM) and Cyber Threat Intelligence (CTI) to enhance the resilience of critical sectors such as healthcare, transportation, and energy. The research analyses the requirements and implications of the EU AI Act on the DYNAMO platform, aiming to provide key insights for policymakers, and industry professionals, and the main goal is to facilitate informed decision-making and promote the ethical development of artificial intelligence in the EU. To achieve this, the ALTAI tool (Assessment List for Trustworthy Artificial Intelligence) can be used to ensure compliance with ethical principles in the DYNAMO project. The study addresses the research question: How does the EU AI Act affect the development, deployment, and operational efficiency of AI-driven cybersecurity solutions in the DYNAMO project? Through a comprehensive literature review and secondary research, the paper examines the regulatory environment focusing on data governance, algorithmic transparency, accountability, and ethical considerations. Results indicate that while the EU AI Act imposes stringent requirements on high-risk AI systems, such as those used by DYNAMO, it also offers opportunities for responsible innovation. As highlighted by the study, continuous collaboration and dialogue among stakeholders are crucial to navigating the evolving regulatory landscape. The findings underscore the need for robust cybersecurity strategies to comply with regulatory standards and enhance the security and resilience of critical infrastructures.

Cyber Security Risks in Wearable Devices

2025-01-07T21:42:20+00:00

The growing popularity of wearable devices, particularly for medical and fitness applications, has increased reliance on these technologies for tracking biometric data. These devices typically transmit data in multiple stages, beginning with Bluetooth Low Energy (BLE) connectivity, followed by transmission to internet-enabled devices, and ultimately to cloud storage. Each communication step introduces potential cybersecurity vulnerabilities. Understanding the functionality of wearable devices, the data transmission process, and the associated cyber risks, is crucial to safeguarding users against cyberattacks. This paper explores the types of sensors used in wearables, the data transmission workflow, and the cybersecurity challenges involved. It also discusses potential preventative measures to mitigate these risks.