International Conference on Cyber Warfare and Security <p>The International Conference on Information Warfare and Security has been run on an annual basis since 2004. Conference Proceedings have been published each year and authors have been encouraged to upload their papers to university repositories. In addition the proceedings are indexed by a number of indexing bodies.</p> <p>From 2022 the publishers have decided to make all conference proceedings fully open access. Individual papers and full proceedings can be accessed via this system.</p> <p><strong>PLEASE NOTE THAT IF YOU WISH TO SUBMIT A PAPER TO THIS CONFERENCE YOU SHOULD VISIT THE CONFERENCE WEBSITE AT<a href=""></a> THIS PORTAL IS FOR AUTHORS OF ACCEPTED PAPERS ONLY.</strong></p> en-US (Sue Nugus) (Sue Nugus) Thu, 21 Mar 2024 17:16:22 +0000 OJS 60 Using Blockchain to Secure Digital Identity and Privacy Across Digital Sectors <p>In the digital age digital data has been seen as the new currency for both companies and bad actors,<br>leading to mismanagement of personal data by both entities. This mismanagement could lead to personal data<br>being breached while this may prove to be beneficial to certain entities, this however is not the case for users<br>and digital citizens. In recent years there has been an influx in data breaches and data mismanagement cases<br>throughout various industries, including corporations such as Apple and Facebook, involving critical data<br>relating to user&amp;#39;s digital identities, personal data, and other identifiable information. This issue may be<br>addressed by employing the use of blockchain technology, a technology that has been recognized as a secure<br>system promoting security and privacy, we can prevent this mismanagement of data and data breaches from<br>happening. While blockchain is a relatively new technology, there is potential to use it in the current age of the<br>internet and digital identities by employing blockchain technology to secure one’s digital identity. This research<br>aims to propose a potential solution to the issue of data protection and data breaches by proposing and<br>making use of a conceptual model which makes use of a multi-level blockchain system. The system isolates<br>data from digital identities between various digital platforms to minimize the amount of data breaches that<br>may occur – further minimizing the amount of personal data which may be breached. This system allows the<br>user to have full control over who may access their private data, while preventing bad actors from accessing<br>the data without the user’s authorization. The multi-level blockchain splits the user&amp;#39;s data according to<br>industrial or digital sector in which their data is used, with a master blockchain acting as the connecting link to<br>a person&amp;#39;s digital identity. Making use of this multi-level blockchain allows for the user to control who has<br>access to their data, while remaining anonymous and secure in a digital platform‘s database or digital storage.</p> Jaynill Gopal, Stacey Omeleze-Baror Copyright (c) 2024 Jaynill Gopal, Stacey Omeleze-Baror Thu, 21 Mar 2024 00:00:00 +0000 Defining the "Cyber-Pearl Harbor" - Validation of the DSLP-framework in "Offensive Cyberspace Operations Targeting Ukraine: A Cyber Pearl-Harbor" <div><span lang="EN-GB">The use of cyberattacks against organizations, health care and individuals have increased along with the constant digitalisation. Nations have also fallen victim to cyberattacks, often combined with other means of war. A Cyber-Pearl Harbor (further shortened as CPH) is a term mentioned by the former United States Secretary of Defense, Mr. Leon Panetta, who described it as “combined attacks that result in human death and physical destruction and that paralyzes an entire nation”. Gazmend Huskaj used Panetta's definition in order to create a framework (herein the “DSLP-framework”) for classifying an event as a CPH. This study strives to see if the DSLP-framework can be validated since the term has been widely used for the last 25 years. However, a universal definition of the term seems to be missing, therefore it is not certain that the criteria presented in the framework is accurate. A qualitative case study was conducted through a literature review regarding the term CPH and semi structured interviews with three experts were done, which were later analysed through a thematic analysis. The framework was applied to three real life cases: a public health sector in Costa Rica, a TV-tower in Kyiv, Ukraine and the grocery company Coop in Sweden. The result from applying the DSLP-framework to each case was that only the case of TV-tower in Kiev, Ukraine, could be classified as a CPH. The following conclusions were drawn in this study: 1) The framework could not be validated due to lack of data, and 2) The interviewees views differed from the framework making it hard to find common ground.</span></div> Jonathan Lilja, Eleshwa Eishayea, Gazmend Huskaj Copyright (c) 2024 Jonathan Lilja, Eleshwa Eishayea, Gazmend Huskaj Thu, 21 Mar 2024 00:00:00 +0000 Assessing the Effectiveness of ADS-B Mitigations <p>The rise in aerial traffic necessitates aircraft localisation methods that go beyond radar technology's built-in capabilities. The Automated Dependent Surveillance-Broadcast (ADS-B) system is a novel aircraft localisation method that promises to provide the necessary precision to handle the current air traffic surge. The Federal Aviation Administration has, therefore, enforced ADS-B's deployment. However, the architecture of the ADS-B system holds several vulnerabilities. Most of these vulnerabilities are because ADS-B is designed to rely on wireless networks. This paper provides an in-depth analysis of the ADS-B threat landscape and potential mitigations to better understand their distinct characteristics and impact on the ADS-B system. Addressing these security concerns is imperative to ensure ADS-B systems' robustness and trustworthiness and safeguard the aviation industry from potential cyber threats. The paper concludes with a critical review of how well the proposed mitigations address the identified security threats.</p> Heinke Lubbe, Rudi Serfontein, Marijke Coetzee Copyright (c) 2024 Heinke Lubbe, Rudi Serfontein, Marijke Coetzee Thu, 21 Mar 2024 00:00:00 +0000 Identifying the Scope of Cybersecurity Research Conducted in the Maritime Industry: 2003 - 2023 <p>The maritime industry plays a pivotal role in the modern economy, global trade, safety and transportation globally. Due to the rapid advancement and utilisation of technology in the field, the maritime industry is increasingly vulnerable to cybersecurity threats. The last decade saw many instances of infrastructure having been exploited or attacked, such as the maritime vessels themselves, the port infrastructure and the supply chain. Each component constituting the maritime industry requires unique system critical operations to ensure cybersecurity, however this paper focuses on certain aspects of the maritime industry only. As cybersecurity in the maritime industry is a growing field, this study determines the scope of cybersecurity research on maritime infrastructure which has been published to establish a baseline understanding of the current field. The paper presents the results from a systematic literature review conducted to assess the scope of current cybersecurity work published focusing on the maritime industry. The result from the study clearly shows the increased attention to cybersecurity in the maritime industry, which can be seen from the increased number of publications which showed a sharp increase after 2014.</p> Tshepo Mawer, Sune von Solms, Johan Meyer Copyright (c) 2024 Tshepo Mawer, Sune von Solms, Johan Meyer Thu, 21 Mar 2024 00:00:00 +0000 National Critical Information Infrastructure Protection through Cybersecurity: A National Government Perspective <p>The South African national government is forging ahead with digitalisation plans to enhance socioeconomic growth in the country. However, digitalisation is accompanied by detrimental cybersecurity risks that may potentially exacerbate the vulnerability of the National Critical Information Infrastructure (NCII) of South Africa to cyber-attacks. Therefore, the envisaged digitalisation benefits in South Africa may be offset by the increased cybersecurity risk on the NCII of the country. Through a theoretical literature review, this study aims to investigate digitalisation and identify the cybersecurity risks it poses to the National Critical Information Infrastructure of South Africa, from a national government policy perspective. A gap has been identified in Information and Communications Technology for Development (ICT4D) research studies that researchers tend to focus on the implementation of ICTs while neglecting the policy aspect that is meant to direct and control the implementation of ICTs. Therefore, this study bridges this gap by approaching digitalisation and cybersecurity from a national government policy perspective. The output of this study is a National Critical Information Infrastructure Protection (through Cybersecurity) Conceptual Framework (NCIIP-CF) that is applicable to all spheres of government (local, provincial or national) as policy makers. The NCIIP-CF demonstrates an approach that embeds cybersecurity in the digitalisation process for the national government of South Africa, thus enabling an NCII that is resilient to cybersecurity risks.</p> Thulisile Dephney Mkhwanazi, Lynn Futcher Copyright (c) 2024 Thulisile Dephney Mkhwanazi, Lynn Futcher Thu, 21 Mar 2024 00:00:00 +0000 Intelligence Agencies’ move to the Cloud: Challenges and Opportunities <p>The purpose of this research is to discover more about the challenges and opportunities faced by intelligence agencies wishing to move their data to the cloud. Intelligence agencies collect and process enormous amounts of data and information and need the tools to do so. Two intelligence communities have moved to the cloud to face these issues but there is little scientific knowledge about moving an intelligence agency’s data to the cloud. No research on the topic could be found and this study aims to fill part of that gap by using a case study research strategy and interviews with experts in the field. A literature review was completed to understand previously identified challenges when adopting cloud and was used to create two sets of interview questions. Five interviews were conducted, and a thematic analysis done resulting in fourteen themes. The themes revealed that there are many challenges with laws and regulations being the biggest one, while the opportunities brought by a cloud solution are the processing and analysis of data, and information sharing.</p> Karin Säberg, Gazmend Huskaj Copyright (c) 2024 Karin Säberg, Gazmend Huskaj Thu, 21 Mar 2024 00:00:00 +0000 Enhancing Privacy and Security in Large-Language Models: A Zero-Knowledge Proof Approach <p>The explosive growth of Large-Language Models (LLMs), particularly Generative Pre-trained Transformer (GPT) models, has revolutionised fields ranging from natural language processing to creative writing. Yet, their reliance on vast, often unverified data sources introduces a critical vulnerability: unreliability and security concerns. Traditional GPT models, while impressive in their capabilities, struggle with limited factual accuracy and susceptibility to manipulation by biased or malicious data. This poses a significant risk in professional and personal environments where sensitive or mission-critical data is paramount. This work tackles this challenge head-on by proposing a novel approach to enhance GPT security and reliability: leveraging Zero-Knowledge Proofs (ZKPs). Unlike traditional cryptographic methods that require sensitive data exchange, ZKPs allow one party to convincingly prove the truth of a statement, without revealing the underlying information. In the context of GPTs, ZKPs can validate the legitimacy and quality of data sources used in GPT computations, combating data manipulation and misinformation. This ensures trustworthy outputs, even when incorporating third-party data (TPD). ZKPs can securely verify user identities and access privileges, preventing unauthorised access to sensitive data and functionality. This protects critical information and promotes responsible LLM usage. ZKPs can identify and filter out manipulative prompts designed to elicit harmful or biased responses from GPTs. This safeguards against malicious actors and promotes ethical LLM development. ZKPs facilitate training specialised GPT models on targeted datasets, resulting in deeper understanding and more accurate outputs within specific domains. This allows the creation of ‘expert-GPT’ applications in specialised fields like healthcare, finance, and legal services. The integration of ZKPs into GPT models represents a crucial step towards overcoming trust and security barriers. Our research demonstrates the viability and efficacy of this approach, with our ZKP-based authentication system achieving promising results in data verification, user control, and malicious prompt detection. These findings lay the groundwork for a future where GPTs, empowered by ZKPs, operate with unwavering integrity, fostering trust and accelerating ethical AI development across diverse domains.</p> Shridhar Singh Copyright (c) 2024 Shridhar Singh Thu, 21 Mar 2024 00:00:00 +0000 Securi-Chain: Enhancing Smart Contract Security in Blockchain Systems Through Optimized Access Control <p>With the increase in usage of blockchain technology across domains, there is a high demand for the need of secure access control and a high level of security for smart contracts within blockchain to accommodate the domains that already implement blockchain and become accessible to other domains that require a high level of security in its transactions. This paper aims to evaluate the relationship between the best practices of access control and security of smart contracts in blockchain to optimise the usage of both technologies for blockchain usage across domains into a generalized blockchain model named the <em>Securi-Chain</em> Model. A literature review compares the relationship between access control and the security of smart contracts across three domains: Healthcare, IoT, and e-voting. Based on the findings of the literature review, <em>Securi-Chain</em> is proposed to implement the best practices displayed in these three domains and combine them in a way that ensures secure transactions across blockchain as a generalized approach that can be used throughout various domains. This model will also implement methods that enhance the security of transaction processes within the system. A Case Scenario is used to implement the <em>Securi-Chain</em> Model for the Healthcare and e-voting domains to display how this proposed model is used for domains that have been researched. The research that is conducted found that blockchain networks can support not only high-level access control across transactions in a network but also the security of smart contracts that comply to safeguard confidentiality, integrity, and data accessibility. <em>Secrui-Chain</em>, as well as the findings of the literature review, seem to benefit the domains that have been researched, as well as domains that require a high level of security regarding transactions across a network. These domains can benefit from using blockchain technology as well as the level of security that comes with the access control and security of smart contracts that have been implemented in <em>Securi-Chain</em>.</p> Keanu Swart, Stacey Omeleze Baror, Hein Venter Copyright (c) 2024 Keanu Swart, Stacey Omeleze Baror, Hein Venter Thu, 21 Mar 2024 00:00:00 +0000 Using Digital Forensics for Android Smartphone Devices to aid Criminal Investigations <p>In the past decade, there has been an exponential adoption and ownership of smartphones by billions of users worldwide. However, as smartphone usage increases, criminals have taken advantage of them for illicit or criminal purposes. In criminal investigations, smartphone data has become an invaluable source of information. This study focuses on constructing a snapshot of Android-operated smartphone data to assist investigators in answering critical investigative questions. &nbsp;A thorough review of the literature with regard to the use of smartphone evidence in criminal cases, with the goal of emphasising the investigative phase and the supportive role of mobile data evidence in guiding investigations will be performed. In order to identify additional persons of interest and develop a thorough understanding of the case, the methodology will entail analysing user profiles, smartphone usage patterns, communication logs, application usage, geographic lookups, and device interactions. By conducting a thorough examination of relevant literature, designing a suitable model, and executing a case study, the study intends to offer valuable perspectives on the creation of timelines or visual representations derived from smartphone data. The results of this study will contribute to improving the efficacy of mobile forensics in assisting investigators and facilitating the use of Android-operated smartphone data as supporting evidence in criminal investigations.</p> Stephanie Agenbag, Andre Henney, Heloise Pieterse Copyright (c) 2024 Stephanie Agenbag, Andre Henney, Heloise Pieterse Thu, 21 Mar 2024 00:00:00 +0000 Deep Learning-based Framework for Detecting Malicious Insider-Inspired Cyberattacks Activities in Organisations <div> <p class="Abstract"><span lang="EN-US">Abstract—</span><span lang="EN-US"> Cyberattacks are happening at an alarming rate both in developed and developing countries. This is due to more users now being connected to the global village (internet). Significant strides have been taken by organisations to protect information technology assets together with data, by doing defense-in-depth, using firewalls and access control approaches collectively. These approaches work well in detecting attacks by outsider cyber-attackers. In recent cyberattacks the perpetrators have been those within the organisation, as they can easily bypass security measures especially those with high privileges and they can go undetected for quite a long time. We propose a deep learning approach termed Automatic_ IDS_ Deep model (framework) that is infused with intrusion detection systems to give timely detection of malicious activities by those within the organisation. Experiments were conducted and averaging of results was done to determine accuracy, recall, and precision of the proposed model. The model (framework) offers better results on its performance in detecting attacks that are perpetrated&nbsp; within the organisation.</span></p> </div> <div> <p class="keywords">&nbsp;</p> </div> Gibson Chengetanai, Teandai R. Chandigere, Pepukai Chengetanai, Rachna Verma Copyright (c) 2024 Gibson Chengetanai, Teandai R. Chandigere, Pepukai Chengetanai, Rachna Verma Thu, 21 Mar 2024 00:00:00 +0000 Active Gait System for Real-Time Surveillance Against Cyber-Physical Attacks <p>Cyberterrorism, espionage, and warfare are serious threats to national security. These attacks can harm people or destroy critical infrastructures like the data centres, computer networks, and systems. Surveillance systems currently used in monitoring critical infrastructures, national key points, and military exclusion zones (MEZ) are ineffective in detecting unauthorised intrusions. These issues compromise the stability of the countries, and the safety of the citizens and result in the loss of important assets. This experimental research study developed a Cyber Physical Security (CPS) defense gait-recognition monitoring system. Autonomous Machine Learning (ML) technology was employed to enhance the precision and reliability of the system against CPA, in tracking access, managing security clearances, and triggering alerts in the event of unauthorized entries to restricted areas.</p> <p>&nbsp;</p> Glen Moepi, Topside Mathonsi Copyright (c) 2024 Glen Moepi, Topside Mathonsi Thu, 21 Mar 2024 00:00:00 +0000 Utilization and Sharing of Cyber Threat Intelligence Produced by Open-Source Intelligence <p>Open-source intelligence (OSINT) is crucial for enhancing organizational cybersecurity by proactively identifying and mitigating potential threats using publicly available information. This study, part of the DYNAMO project, explores the production of cyber threat information (CTI) through OSINT, its application in safeguarding against cyber threats, and the necessary elements for secure information exchange between organizations. The authors employed an integrative literature review of various sources, including industry literature, articles, blog posts, studies, and organizational websites, which were then systematically analyzed using content analysis. The research focuses on OSINT tools and techniques emphasizing the need for expertise in discerning relevant data and respecting privacy rights. Human judgment is highlighted as crucial in ethical decision-making despite the significant role of technology in data collection. Platforms like the Malware Information Sharing Platform (MISP) facilitate the sharing of threat information, promoting prevention and identification of cyber-attacks. Ethical considerations, adherence to data protection legislation, and compliance with directives like the revision of the Network and Information Security Directive (NIS2) and artificial intelligence regulations are paramount. In conclusion, OSINT is a valuable tool for cybersecurity, requiring expertise, transparent processes, and a balanced integration of technology and human skills. The ethical dimensions of OSINT and the role of artificial intelligence merit separate in-depth studies.</p> Jyri Rajamäki, Stephen McMenamin Copyright (c) 2024 Jyri Rajamäki, Stephen McMenamin Thu, 21 Mar 2024 00:00:00 +0000 Implementation of OSINT for Improving an International Finance Sector Organization’s Cybersecurity <p>This work-in-progress paper addresses the need to improve intelligence processes and enhance an organization's response to cyber threats while managing associated risks and improving Business Continuity Management (BCM). The paper focuses on the role of Open-Source Intelligence (OSINT) in Cyber Threat Intelligence (CTI) gathering and presents an operational process for its implementation. The process includes defining goals, selecting open sources, data collection, filtering, analysis, and reporting. Testing in an international financial sector organization yielded positive results, demonstrating the process's value in threat intelligence. Future research should clarify the role of artificial intelligence in OSINT</p> Jyri Rajamäki, Krista Tiitta Copyright (c) 2024 Jyri Rajamäki, Krista Tiitta Thu, 21 Mar 2024 00:00:00 +0000 Art Crime Does not pay: Multiplexed Social Network Analysis in Cultural Heritage Trafficking Forensics <p>Nowadays, crimes connected to cultural heritage can feature as a staple for organised crime networks and act as financial enablers for international conflicts, including terrorism organisations and even inter-state conflicts, in several ways. Goods of cultural significance include a range of valuable objects related to human cultures, like works of art, historical artefacts, and other antiques, but also forgeries based on such objects. These crimes are almost always transnational, for instance, involving theft or looting in one country and goods moved across borders to be sold. This article presents an intelligence methodology based on Social Network Analysis (SNA) techniques that can support law enforcement agencies (LEAs) in their daily struggle against criminals that also pose a threat to national security. The methodology proposed is based on the building of a blended, multiplexed social network graph, deriving from the fusion of a diverse set of data sources, both in the open-source domain (OSINT) and in the classified domain. We will present data collection methods, correlation between sources, possible ways to generate blended links between individuals that retain information from different sources, and SNA techniques applied to intelligence and investigations. The article provides an answer to the following research questions: how we can detect and identify criminal activities and networks related to cultural goods crimes, how we can assist LEAs in countering illicit trafficking, and how we can ensure that art crime does not pay.</p> Jarno Salonen, Alessandro Guarino Copyright (c) 2024 Jarno Salonen, Alessandro Guarino Thu, 21 Mar 2024 00:00:00 +0000 Managing Cyber Security Debt: Strategies for Identification, Prioritisation, and Mitigation <p>This paper explores cyber security debt, a technical debt arising from unaddressed security vulnerabilities in an organisation's IT systems. These vulnerabilities accumulate due to resource limitations, time constraints, and expertise gaps, potentially leading to security breaches and data compromises. The paper outlines the cyber security debt management process involving identification, prioritisation, and mitigation strategies. Drawing parallels to financial debt, the authors emphasise the escalating risks of delaying cyber security debt repayment. The paper underscores the significance of diligent debt management in maintaining digital resilience and mitigating cyber threats. The increasing interconnectedness of systems and rapid software development has given rise to a hidden challenge known as cyber security debt. Cyber security debt is posed as a subset of technical debt, encompassing the accumulation of security vulnerabilities within an organisation's IT infrastructure and applications. Drawing a parallel between cyber security debt and its financial counterpart, the authors underscore the grave risks of deferring debt repayment. Just as financial debt accrues interest, unresolved security vulnerabilities compound over time, elevating the likelihood of breaches and data exposure. A poignant case study of the Equifax breach exemplifies the real-world consequences of neglecting security debt management. The failure to patch a well-known vulnerability led to a colossal data breach, highlighting the urgency of addressing security weaknesses promptly. Complex in nature, cyber security debt materialises when organisations fail to address vulnerabilities during various operational life cycles. These vulnerabilities might remain concealed within IT architecture, legacy code, or third-party libraries, posing a formidable challenge to detection and resolution. By understanding the parallels between financial and cyber security debt and proactively managing the latter, organisations can enhance their ability to safeguard against evolving cyber threats and maintain a robust security posture.</p> Christo Coetzer, Louise Leenen Copyright (c) 2024 Christo Coetzer, Louise Leenen Thu, 21 Mar 2024 00:00:00 +0000 An AI Model for Digital Forensic Readiness in the Cloud using Secure Access Service Edge <p>Computing infrastructure has evolved and has brought about changes to the ways that work and business are carried out. Cloud computing has redefined these workspaces by providing connectivity and tools to enable productivity, collaboration, and flexibility.&nbsp;&nbsp; As work moves outside the centralised office and goes remote, users are accessing the cloud directly, leaving the protection of the corporate network and leaving the users’ computing platforms open to threats. In the pre-cloud era, the data centre for organisations was the single location where digital assets would be housed and non-complicated security parameters implemented. The firewall would be the main security perimeter implemented to secure the network in this pre-cloud era. The advent of cloud computing has brought potential areas and gaps in securing the organisational data, information and communication connectivity to the cloud-based resources. As such, there is need to rethink and redesign the models which can be implemented to secure the cloud computing services. The cloud should be in a state of digital forensics readiness in order to facilitate digital forensics investigation. The study focuses on the development of an artificial intelligence model for digital forensic readiness for the cloud using secure access service edge. This integrated approach might assist in the provisioning of cloud security.</p> taurai Hungwe, Prof Hein Venter Copyright (c) 2024 taurai Hungwe, Prof Hein Venter Thu, 21 Mar 2024 00:00:00 +0000 On the Benefits of Vulnerability Data Consolidation in Application Security <p>This research aims to build upon a conceptual idea of consolidating all application security vulnerability data from monitoring, detection, and discovery tools into a physical system that allows for convergence of observation and response to an event that is a threat. Multiple application security testing and monitoring tools are deployed at different layers of an application architecture and capture activities that occur at that layer. This multi-layer data capture is disconnected without any analysis of data lineage from the externally exposed web attack surface to deep down into the application and data layers. It is only through this data consolidation can one provide a reliable statistical analysis of correlating multiple vulnerability information and synthesize an attack pattern and predict possible events accurately. The benefits of such a system are discussed in this paper that includes how one can organize the data, identifying temporal and spatial correlation of events, focusing on specific web requests that point to a specific vulnerability, and formulating a fast response to such events. Advantages of integrating with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR/XSOAR), Extended Detection Response (XDR) are briefly discussed. The analysis can be further used to develop a predictive system using deep learning (DL) techniques using correlation of application security vulnerability information.</p> Santanam Kasturi, Xiaolong Li, Peng Li, John Pickard Copyright (c) 2024 Santanam Kasturi, Xiaolong Li, Peng Li, John Pickard Thu, 21 Mar 2024 00:00:00 +0000 Options for Signalling Cyber Deterrence Using Cyber Capabilities <p>The possibility of demonstrating power in cyberspace to create deterrence is a controversial topic. The desire of states to hide their true cyber capabilities leads to a reluctance to reveal their existing cyber power. However, the core idea of deterrence involves demonstrating power and signalling the will to use it so that the potential aggressor would find it less tempting to carry out aggression. Several studies attempt to solve the challenges related to cyber deterrence with a holistic approach, where deterrence in cyberspace is produced as part of a comprehensive deterrence using all instruments of state power, such as diplomatic, information, military, economic and legal capabilities. In turn, some studies argue that for credibility, cyber deterrence must include measures implemented specifically in cyberspace because cyberattacks can only be responded to in real-time with cyber capabilities. This paper argues that demonstrating cyber power is both necessary and profitable for the credibility of deterrence, although the nature of cyberspace and related technologies pose some limitations. This study examines the possibilities of demonstrating cyber power in concrete ways and aims to add a new perspective to academic debate. Cyber deterrence is investigated from the perspective of classical deterrence theory, including deterrence by denial and deterrence by punishment. By examining cyber deterrence literature using content analysis, deterrents that can be produced with cyber capabilities are defined, and examples of means to produce these effects are presented. According to the central observation of the study, a state can choose whether to demonstrate cyber power by revealing the victories achieved in real-life cyber battles, by demonstrating force in another state's cyberterritory or by disclosing selected capabilities in separate simulations without a real-life connection.</p> Maria Keinonen, Kimmo Halunen Copyright (c) 2024 Maria Keinonen, Kimmo Halunen Thu, 21 Mar 2024 00:00:00 +0000 A Federated Distributed Digital Forensic Readiness Model for the Cloud <p class="western" lang="en-GB"><span style="color: #222222;">Digital forensics in modern, cloud-based, microservice-based applications are complicated by multiple layers of abstraction, thereby making it difficult to accurately capture and correlate events that occur across these layers due to filtering caused by abstraction. The complexities linked to each layer of abstraction are primarily invisible to subsequent layers. Similarly, software services are often composed of one or more services provided by various service providers across the globe. Investigators are often faced with situations where breaches span over multiple service provider boundaries where not all digital forensic readiness evidence artefacts are captured by the service provider's forensic readiness processes. Instead, digital evidence artefacts are scattered across multiple service provider domains. This paper presents a novel, federated distributed digital forensic readiness model suitable for use in software-as-service, platform-as-service and infrastructure-as-service provider scenarios. The proposed model enables a service provider to capture and inspect forensic readiness artefacts in environments with various layers of abstraction. More importantly, the model also offers a way to share and access forensic readiness artefacts in a forensically sound manner to ultimately ensure that investigators can obtain a clear view of digital forensic events as they occur between amalgamated services provided by one or more separate service providers.&nbsp;</span></p> Renico Koen, Hein Venter Copyright (c) 2024 Renico Koen, Hein Venter Thu, 21 Mar 2024 00:00:00 +0000 Strengthening Aviation Cybersecurity with Security Operations Centres <p>Even though cybersecurity is a top priority for the aviation industry, research indicates that there are still many challenges to address. Modern aviation systems encompass cloud computing, OT, IoT, mobile devices, and traditional IT infrastructure. The network complexity has expanded the attack surface, leading to an increase in security incidents. Due to this complexity, detecting security incidents on time is challenging. Research indicates that it may take up to 196 days to detect an incident and another 56 days to address it, highlighting the urgency of improving security response. In this regard, establishing Security Operations Centres (SOCs) in the aviation sector must be addressed. SOCs can be instrumental in reducing the time it takes to detect and respond to security incidents. They provide visibility into threats, aid investigations, and enhance forensic efforts, enabling proactive threat mitigation. Research has been carried out on SOC implementations for specific domains like IoT, mobile devices, and higher education, neglecting aviation systems. Aviation systems such as Air Traffic Management (ATM) face unique security vulnerabilities, including signal modification, jamming, flooding, data and command injection, GPS spoofing, and blocking attacks, primarily due to their reliance on wireless technology. Most of these wireless technologies do not use encryption or authentication because they were designed to maximise performance. Insufficient funding also negatively affects ATM systems, resulting in the wide use of legacy ATM systems and a shortage of skilled personnel. ATM systems are considered critical infrastructure frequently targeted by well-resourced threat actors, including terrorists and nation-state actors, necessitating higher protection levels. This paper motivates the development of a customised SOC implementation framework for ATM systems to enhance aviation security by increasing visibility into threats and facilitating timely remediation.</p> Wesley Murisa, Marijke Coetzee Copyright (c) 2024 Wesley Murisa, Marijke Coetzee Thu, 21 Mar 2024 00:00:00 +0000 Quantum-Secure Signalling Model for L1/L2 Next-Gen Interconnect and Roaming Networks Over IPX for NB-IoT Traffic: A Review <p>Signalling security is critical for next-generation mobile (NGN) networks to ensure integrity, privacy, and confidentiality of communication protocols. However, recent research on existing 5G standards has uncovered vulnerabilities that could be exploited by emerging surveillance threats such as HiddenArt and Harvest Now Decrypt Later (HNDTL), as well as the prospect of quantum computing threatening to break classical cryptographic techniques. This systematic literature review (SLR) investigates quantum-based signalling solutions to mitigate these threats in interconnect and roaming 5G networks (IRN) over IP eXchange for Narrowband Internet of Things (NB-IoT) traffic. A database search was conducted, studies were selected and compared based on methods, approaches, techniques, and limitations. The SLR found that quantum key distribution (QKD) combined with quantum teleportation (QT) can protect and mitigate threats and attacks on signalling networks when protocols interact and interoperate in carrier networks. QKD techniques can be used for L1 protocols, while secure direct quantum communication can be used for L2 protocols. This study concludes that further studies are needed to integrate different techniques and protocols for L1/L2 signalling networks to create a robust quantum-secure signalling model for global interconnect and roaming NGN.</p> Themba Ngobeni, Boniface Kabaso Copyright (c) 2024 Themba Ngobeni, Boniface Kabaso Thu, 21 Mar 2024 00:00:00 +0000 Integrating Enterprise Architecture into Cybersecurity Risk Management in Higher Education <p>Cybercriminals constantly seek new methods to infiltrate a company's defences, making cybersecurity investments essential. Enterprise architecture (EA) provides a systematic risk detection and mitigation process by emphasising the interdependencies between systems, data, processes, people, and other factors. This paper provides a comprehensive approach, also referred to as a process, based on EA to assist African universities in developing a comprehensive cybersecurity plan. The EA process comprises four pillars: business architecture, data architecture, application architecture, and technology architecture. African universities can develop a comprehensive cybersecurity strategy using an EA approach in cybersecurity to achieve institutional goals and objectives. The potential attack surface comprises isolated EA components and their interconnections.This article comprehensively examines various EA processes such as business, information, application, and technology architecture. These processes are carefully analysed to evaluate the organisational structures and uncover opportunities to enhance security protocols. Additionally, we delve deep into abstract security patterns, seeking to cultivate an environment of trustworthiness within complex systems. Our research findings underscore the significant potential within African higher education institutions. By embracing a model-based approach to risk analysis and mitigation, these institutions can fortify their cybersecurity defences to ensure uninterrupted business operations and enhance overall resilience in the face of evolving security challenges.When we combine EA and information security (ICS), we uncover many vulnerabilities malicious actors might exploit. By embracing a holistic EA-based methodology, institutions can craft and implement robust security protocols to safeguard their components and connections. Leveraging EA, our proposed integrated approach aims to forge a comprehensive cybersecurity risk management strategy tailored to the African higher education sector. This strategy seeks to facilitate the identification of critical elements and their intricate interrelationships, thus formulating an effective defence strategy against potential cyber threats. The synergy promises to elevate cybersecurity practices, ensure uninterrupted business operations, and fortify the continent's resilience.</p> Mafika Nkambule, Joey Jansen van Vuuren Copyright (c) 2024 Mafika Nkambule, Joey Jansen van Vuuren Thu, 21 Mar 2024 00:00:00 +0000 A Study into Privacy and Legal Issues in Cloud Computing: The Mozambican Context <p>During the last 10 years, Cloud computing has become an evolving technology providing several benefits such as cost reduction and high flexibility. However, one of the main challenges related to cloud computing is related to data security and privacy. Despite this, worldwide many countries, specially developed countries have adopted cloud computing technology. In Africa, specifically in the Southern African Development Community (SADC), Mozambique is one the countries who has recently adopted cloud computing technology. However, on the contrary to countries such as Mauritius and South Africa, Mozambique still does not have a national strategy for cloud computing in place, including security and privacy issues. International organizations such as ENISA and NIST as well as ITU have published frameworks related to cloud computing adoption covering data security and privacy issues. Therefore, in this paper we first analyze the cloud computing frameworks published by these international organizations. In addition, the paper also analyses the adoption of cloud computing in developed and developing countries, such as USA, UK, Germany, Mauritius and South Africa. From these analyses, the paper presents some recommendations for Mozambique to adopt best practices and follow international frameworks related to cloud computing including data security and privacy.</p> ambrosio Patricio Vumo Copyright (c) 2024 ambrosio Patricio Vumo Thu, 21 Mar 2024 00:00:00 +0000 Cybersecurity Implications of Virtual Currency Reward Systems in the Metaverse <p>In the digital age, the metaverse emerges as a revolutionary platform, intertwining virtual reality, augmented reality, and the internet. Central to its allure is the virtual currency reward system, a dynamic mechanism driving user engagement and economic transactions. However, with innovation comes vulnerability. This paper delves into the pressing question: How do virtual currency reward systems in the metaverse introduce cybersecurity threats, and what measures can safeguard against them? The metaverse's vastness, while offering unparalleled opportunities, is a fertile ground for cyber threats. As users navigate virtual landscapes, engage in transactions, and earn rewards, they become potential targets for cyberattacks. This research, rooted in a comprehensive literature review, identifies the gaps in current cybersecurity measures within the metaverse's virtual currency reward systems. Through a vivid case scenario, we illustrate the real-world ramifications of these vulnerabilities, offering readers a tangible grasp of potential threats. Our methodology, a blend of qualitative analysis and conceptual modelling, dissects the intricate relationship between reward systems and their cybersecurity implications. The findings, derived from rigorous analysis, unveil a set of best practices tailored to combat cybersecurity threats specific to virtual currency reward systems. The distilled insights propose a suite of best practices, encompassing both preventive and reactive strategies tailored for the unique challenges posed by virtual currency systems. This research holds immense value for a diverse audience: metaverse users seeking a secure experience, businesses aiming to establish a foothold in this digital realm, cybersecurity professionals navigating new challenges, and platform developers striving for robustness. In essence, as the metaverse's horizon expands, understanding and fortifying its virtual currency reward systems against cyber threats becomes paramount. This paper offers a roadmap to that secure future, emphasizing the need for vigilance, innovation, and collaboration in the face of evolving cyber challenges.</p> Hamza Allimia, Stacey Baror, Hein Venter Copyright (c) 2024 Hamza Allimia, Stacey Baror, Hein Venter Thu, 21 Mar 2024 00:00:00 +0000 On The Zero-Trust Intranet Certification Problem <p>Securing corporate networks and ensuring the trustworthiness of network resources are critical security concerns for organisations in today's interconnected digital landscape. The <em>zero-trust security model</em> is an approach to designing and implementing ICT systems which prescribes that clients and servers cannot be trusted automatically, even when connected to networks traditionally considered trusted. The implementation of the zero-trust model within the corporate <em>intranet</em> requires a secure method to verify the identity of local servers. On the <em>Internet</em>, trust in the identity of public servers is established by well-known public Certificate Authorities (CAs), which issue digital certificates to securely identify servers. However, local <em>intranet</em> servers exist within the internal address space of the network. Consequently, it is impossible to naturally obtain digital certificates for these servers, validly signed by a public CA, without publicly disclosing sensitive information such as intranet server Domain Name System (DNS) records. This leaves organisations with the option of relying on endpoint management systems to install custom CA root certificates on all corporate browsers or, in some cases, ignoring the problem altogether.</p> <p>In this paper, we draw on practical experience in the deployment of cybersecurity devices in corporate intranets to formally define the <em>intranet certification problem</em>. We specify five requirements that a solution to this problem must satisfy<em>.</em> We then conduct a comprehensive review of existing candidate solutions and academic research relevant to the intranet certification problem. Specifically, existing ICT systems for public key infrastructure and endpoint management are identified and evaluated with respect to their ability to meet the stated requirements for solving the intranet certification problem, as well as their cost. Our study reveals that solutions that meet the technical and security requirements of the intranet certification problem are beyond the reach of smaller private sector companies and public sector organisations in underdeveloped and emerging economies. The high cost and technical expertise required for their implementation and management render these solutions impractical. Consequently, by relying on servers with self-signed certificates, these entities inadvertently leave their servers susceptible to impersonation, information theft, and unauthorised resource access, thus violating the fundamental principles of the zero-trust model. We conclude that a gap exists for a simple, cost-effective, and easily managed solution to the intranet certification problem.</p> Danielle Botha-Badenhorst, André Martin McDonald, Graham David Barbour, Ethan Buckinjohn, Wian Gertenbach Copyright (c) 2024 Danielle Botha-Badenhorst, André Martin McDonald, Graham David Barbour, Ethan Buckinjohn, Wian Gertenbach Thu, 21 Mar 2024 00:00:00 +0000 Social Media as a Strategic Advantage during Cyberwarfare: A Systematic Literature Review <p>In recent years, cyberspace has been shaped by a rapid and transformative technological evolution, which ushered in an era characterised by unparalleled connectivity and innovation. However, this remarkable progress has brought a concerning surge in cyberattacks that have fundamentally altered cyberspace dynamics and refined the nature of contemporary warfare. This refinement was vividly illustrated in the recent Russia-Ukraine conflict, where cyberspace played a pivotal role, blurring the traditional boundaries of conflict in the cyber age. As a result, this study used secondary data to examine how various social media platforms such as Twitter, Facebook, TikTok, and Telegram were used as a strategic advantage during the conflict. The findings disclosed that Russia employed offensive propaganda against Ukraine, while Ukraine adopted a defensive stance, effectively countering the narrative through an active online presence. Moreover, this study underscored the substantial role of social media in warfare and its continued significance in future conflicts. Furthermore, this study provided recommendations for nations to better prepare for such conflicts. The recommendations provide valuable insights to assist decision-makers and policymakers in enhancing cybersecurity awareness and practices within their respective countries.</p> Errol Baloyi, Oyena Mahlasela, Nokuthaba Siphambili, Mayan Stegmann Copyright (c) 2024 Errol Baloyi, Oyena Mahlasela, Nokuthaba Siphambili, Mayan Stegmann Thu, 21 Mar 2024 00:00:00 +0000 The Role of Industry-Academia Partnerships Can Play in Cybersecurity: <p>Cybercrime presents a pervasive threat globally, affecting governments, organizations, and individuals. Addressing this threat requires collaborative efforts, particularly between industry and academia. This paper delves into the key role played by industry-academia partnerships in elevating cybersecurity training and awareness, intending to narrow gaps and align the trajectories of cybersecurity professionals. Employing a secondary research methodology, this study provides insights into the impact of collaborations between academia and industry on Cybersecurity education and awareness. It identifies areas within the education sector that can be improved to enhance cybersecurity awareness. The findings emphasize the crucial role of industry-academia partnerships in advancing cybersecurity awareness and resilience, offering potential solutions for cultivating skilled cybersecurity professionals. Additionally, the research aims to contribute to policymaking by advocating for laws and regulations that encourage collaborations between state institutions and industry to mitigate cybersecurity crime effectively.</p> <p><strong>&nbsp;</strong></p> Benjamin Yankson, Emmanuel Berkoh, Mubarak Hussein, Yvonne Dadson Copyright (c) 2024 Benjamin Yankson, Emmanuel Berkoh, Mubarak Hussein, Yvonne Dadson Thu, 21 Mar 2024 00:00:00 +0000 Cryptocurrency-crime Investigation: Fraudulent use of Bitcoin in a Divorce Case <p>Bitcoin and cryptocurrency adoption has increased significantly over the past few years. The significant growth in the industry has been matched by growth of crimes in this domain; not only in scams and dark-web illegal trading, but also in white-collar crimes with fraud and perjury occurring increasingly. With blockchain technology, the world of financial infidelity has become increasingly sophisticated. There is a common belief that blockchain and cryptocurrency provide means of hiding funds from the public or close associates who may not be familiar with the technology. The rise of cryptocurrency has also led to spouses hiding digital assets during divorce settlements. This study presents a use case of a couple in the midst of a divorce where one of the spouses was accused of perjury for failure to declare bitcoin holdings, obtained via Bitcoin mining, and possibly other forms of cryptocurrency and digital assets to the court. The plaintiff is entitled to fifty percent of all assets. While property, stocks, bonds, and bank accounts can easily be traced, cryptocurrency assets are more complex to trace but it is not impossible. This paper illustrates how such a case can be investigated by following the flow of funds on the blockchain, using tools such as Maltego and QLUE. The paper thus presents an investigative process that can be followed for a new category of forensic investigation.</p> Johannes George Botha, Louise Leenen Copyright (c) 2024 Johannes George Botha, Louise Leenen Thu, 21 Mar 2024 00:00:00 +0000 Capture the Flag with ChatGPT: Security Testing with AI ChatBots <p>Penetration testing, commonly referred to as pen testing, is a process of assessing the security of a computer system or network by simulating an attack from an external or internal threat actor. One type of pen testing exercise that has become popular among cybersecurity enthusiasts is called Capture the Flag (CTF). This involves solving a series of challenges that simulate real-world hacking scenarios, with the goal of capturing a flag that represents a piece of sensitive information. Recently, there has been a growing interest in the use of natural language processing (NLP) and machine learning (ML) technologies for penetration testing and CTF exercises. One such technology that has received significant attention is ChatGPT, a large language model (LLM) trained by OpenAI based on the GPT-3.5 architecture. The use of ChatGPT in CTFs has several potential benefits for participants and organisers, including more dynamic and realistic scenarios and enhanced learning experiences, and enhance the effectiveness and realism of CTFs.. Future research can explore more sophisticated models and evaluate the effectiveness of ChatGPT in improving the performance of participants in CTFs.</p> David Chamberlain, Ellis Casey Copyright (c) 2024 David Chamberlain, Ellis Casey Thu, 21 Mar 2024 00:00:00 +0000 Teenagers: A Social Media Threat Vector <p>Social media has grown significantly since the early days.&nbsp; During this time, social media has grown to be a mainstay in most teenagers’ lives.&nbsp; Whether they are on Facebook, Snapchat, X (formerly Twitter), or TikTok, teenagers have fully integrated social media into their lives.&nbsp; Teens tend to post the ins and outs of their lives, sharing sensitive information about themselves to people they know, but also to strangers.&nbsp; Although social media can be used for good, it can also be used by nefarious threat actors to take advantage of teenagers.&nbsp; Social engineers count on their subject's desire to increase the number of virtual connections, which may increase the endorphin response received when they get “likes”.<strong>&nbsp; </strong>As such, social engineers create targeting accounts and then try to get as many people to accept them as possible.&nbsp; This increased footprint levitates the chances of a successful social engineering attack. &nbsp;Add to this, when someone shares an abundance of information about themselves, social engineers use this information to target individuals with spear phishing attacks. &nbsp;To further exacerbate the situation, social media uses algorithms to target its users and feed them with a significant amount of information that is not always vetted as being truthful.&nbsp; When someone is influenced by disinformation, it increases their susceptibility by taking away their desire to verify the truth, but rather accept that what they are being told is the truth.&nbsp; This case study examines the dynamics associated with teenagers and their susceptibility to becoming a victim of cybercrime and how social media perpetuates this situation.</p> Henry Collier, Charlotte Morton Copyright (c) 2024 Henry Collier, Charlotte Morton Thu, 21 Mar 2024 00:00:00 +0000 Past and Present Russian Information Operations in Ukraine: Competition into Conflict <p><span class="s9">Sovereign </span><span class="s9">nation-states seek to ensure the survival and advancement of national goals through cooperation, competition, and conflict. &nbsp;This paper explores the use of irregular warfare prior to and during the transition from competition to conflict as an international tool to assert control over public narratives. &nbsp;This stratagem has been made an increasingly effective tool through means of the Internet. &nbsp;Informational warfare is not a new concept, however, the precedent of operations in the information environment in</span><span class="s9"> concert with operations in the physical realm have started to take shape in the struggle between Ukraine and Russia over the past several decades. &nbsp;The visualization of the competition continuum model allows us to examine events and understand how actions taken in the cyber realm </span><span class="s9">effect</span><span class="s9"> an informational narrative, and not simply be portrayed as a method of simple attack and defense. &nbsp;</span></p> Stephen Defibaugh Copyright (c) 2024 Stephen Defibaugh Thu, 21 Mar 2024 00:00:00 +0000 Ransomware Detection Using Portable Executable Imports <p>In recent years, there has been a substantial surge in ransomware attacks, wreaking havoc on both organizations and individuals. These attacks, driven by the lure of profits, particularly with the widespread use of cryptocurrencies, have prompted attackers to continuously develop innovative evasion techniques and obfuscation tactics to avoid detection. Ransomware, employing seemingly benign functions such as encryption and file-locking, poses a formidable challenge for detection as it evolves beyond traditional signature-based methods. Consequently, there is a growing need to identify previously unexplored and unstudied ransomware strains, necessitating the deployment of artificial intelligence (AI) to discern the unique characteristics and objectives of ransomware. The adoption of AI hinges on the prior selection of distinguishing features. Given that ransomware's intent fundamentally differs from that of benign files, there are variations in the structure of Portable Executables (PE) files. This study posits that the imports used by PE files can serve as a discriminating factor between ransomware and benign files. This research explored using machine learning models to detect ransomware by analysing and deriving insights from the PE Imports structure. To achieve this, the study trains seven machine learning classifiers, namely Random Forest, Logistic Regression, Naïve Bayes, Support Vector Machine, K-Nearest Neighbors, Gradient Boost, and Decision Tree. These models are trained on a dataset of carefully selected features derived from PE imports. The classifiers are benchmarked and ranked based on several evaluation metrics, including latency, accuracy, and confidence levels. For a model to be effective in ransomware detection, it should offer near real-time and highly confident accuracy. In other words, it should exhibit low latency, high accuracy, and strong AUC rates. Among the models, Logistic Regression emerges as the top performer, identifying ransomware programs with an impressive 98.5% accuracy and a confidence level of 98.6% within a mere 0.998-millisecond latency. This study conclusively affirms the efficacy of employing PE imports for ransomware detection.</p> Tanatswa Ruramai Dendere, Avinash Singh Copyright (c) 2024 Tanatswa Ruramai Dendere, Avinash Singh Thu, 21 Mar 2024 00:00:00 +0000 A Proposed High-Level Methodology on How OSINT is applied in Blockchain Investigations <p>The characteristics of blockchain established a desirable platform for entities to innovate and operate in a secure, transparent, and decentralised manner. However, cybercriminals have increasingly found refuge in the decentralised environment of blockchain technology. Cryptocurrencies are increasingly misused in malicious activities that encompass the trade of illicit goods, money laundering, various types of scams and ransomware attacks. The total cryptocurrency value received by illicit addresses reached an all-time high of $20.6 billion in 2022 according to Chainalysis. The inherent privacy and anonymity features of many blockchain networks make it challenging for law enforcement and regulatory agencies to track and apprehend wrongdoers. Consequently, a pressing need arises not only to initiate investigations on the blockchain to identify unlawful activities, but also to discover connections between these activities and the identities of the responsible individuals. Due to blockchain data being publicly available, the application of Open-Source Intelligence (OSINT) techniques is proposed to facilitate these types of investigations. In the context of blockchain, OSINT, together with investigation tools hold the promise of unearthing valuable information that could aid in attributing malicious activities to the individuals responsible for those actions. By analysing and synthesizing data from publicly accessible sources, such as data from blockchain explorers and link analysis tools such Chainalysis, Maltego or Spiderfoot, investigators could potentially unveil valuable clues that assist in building a comprehensive picture of blockchain-related criminal activities. Ultimately, with sufficient information and actionable intelligence collected, the main goal is to link it to Know Your Customer (KYC) data, that could be obtained from cryptocurrency exchanges via a subpoena from law enforcement agencies. This paper delves into the mechanisms of various OSINT tools and techniques, to determine their adaptability to the specific demands of blockchain investigations. This study provides a methodology and recommendations with insights into how these tools can be wielded to bridge the gap between blockchain's pseudonymity and real-world identities.</p> Wian Gertenbach, Johnny Botha, Louise Leenen Copyright (c) 2024 Wian Gertenbach, Johnny Botha, Louise Leenen Thu, 21 Mar 2024 00:00:00 +0000 An Ontology of Cyberspace as a Basis for Decision-making in Cyberoperations <p>In the cyberoperations community there is a commonly accepted starting point for describing cyberspace as comprising of multiple planes through which information flows. However, the model is not a tool that facilitates planning and executing cyberoperations. Tools do exist in the form of technical cybersecurity ontologies. At the moment the link between technical ontologies, that are the tools of experts, and the operational planning process is limited. These technical ontologies provide automated information that would support operational planning. At the moment cybersecurity experts translate the information that military professionals need, which may cause insufficiencies or distortions in communication or cause inconsistencies in the planning process.&nbsp;&nbsp;This paper presents the ongoing work of developing a model of cyberspace in the form of a core ontology. The ontology describes the flow of digital information between persons and the enabling technology as well as geographical data. It is intended as a tool that supports operational planning and decision-making in and through cyberspace, by enabling automation and reasoning. The model is created using the well-established Constructive Research Approach (CRA) methodology, and is developed on earlier research. CRA consists of six phases in which (1) the problem is defined, (2) an understanding of the topic is generated, (3) a solution (model) is constructed which then is (4) demonstrated. Then the models (5) theoretical connections are presented and the (6) scope of applicability is assessed. The challenges of developing an ontology of cyberspace as part of the third phase of the methodology are in focus. The ontology serves as an operational core ontology, aiming to link cybersecurity domain ontologies to the DOLCE+DnS Ultralite (DUL) foundational ontology. The ontology is based on research in Cyberspace Geography and Cyber Terrain. No earlier attempts at creating a core ontology of cyberspace grounded in a foundational ontology, based on these concepts, were found. Overall, the use of reference ontologies in cyberspace research is scarce and few are grounded in a foundational ontology.&nbsp;The starting point for the ontology is a model of cyberspace comprising of six layers, which are the 1) geographic layer, 2) physical network layer, 3) logical network layer, 4) socio-organizational layer, 5) virtual persona layer and finally the 6) persona layer. The model was complemented with levels describing action and information and partially excluded the outer levels 1 and 6, which were directly linked to the DUL foundational ontology.</p> Alexander Grandin Copyright (c) 2024 Alexander Grandin Thu, 21 Mar 2024 00:00:00 +0000 Learn, Unlearn and Relearn: Adaptive Cybersecurity Culture Model <p>In the ever-evolving cyberspace landscape, organisations face persistent threats that continuously mutate and adapt. To effectively defend against these dynamic cyber threats, a fundamental shift in cybersecurity culture is imperative. This paper presents a novel Adaptive Cybersecurity Culture Model (ACCM) that encapsulates the principles of "Learn, Unlearn, and Relearn" as a strategic stance to foster resilience and adaptability in the face of evolving cyber threats. The ACCM emphasizes the importance of continuous learning as the cornerstone of cybersecurity culture. It advocates the adoption of a growth mindset within organisations, encouraging employees to stay updated with emerging threats, technologies, and best practices. However, the model goes beyond mere learning; it underscores the significance of unlearning outdated practices and misconceptions that may hinder effective cybersecurity. Furthermore, the ACC model introduces the concept of "Relearn," emphasizing the need to rapidly adapt and evolve strategies and tactics in response to ever-changing cyber threats. It promotes a culture of agility and adaptability, enabling organisations to respond effectively to both known and unforeseen cyber challenges. The model presented in this paper draws from case studies of various industries to illustrate the successful adoption and transformation of cybersecurity culture using the Learn, Unlearn, and Relearn principles. The ACCM represents a paradigm shift in cybersecurity culture, acknowledging that the ability to adapt is as critical as the ability to protect. By fostering a culture of continuous learning, unlearning, and relearning, organisations can proactively enhance their cyber resilience and effectively defend against the ever-evolving cyber threat landscape. This paper provides a roadmap for organisations to embark on this transformative journey toward a more adaptive and resilient cybersecurity culture.</p> Tapiwa Gundu Copyright (c) 2024 Tapiwa Gundu Thu, 21 Mar 2024 00:00:00 +0000 Anomaly Detection for the MIL-STD-1553B Multiplex Data Bus Using an LSTM Autoencoder <p>Due to the modernization of commercial and military aircraft, real-time systems and their connectivity to ground based networks, including the Internet, that were thought to be “air-gapped”, are becoming more susceptible to cyber-attack. Most real-time systems that communicate using the Military Standard 1553B Multiplex data bus (MIL-STD-1553B) protocol do not have the ability to detect cyber-attacks. These systems were originally developed with safety and redundancy in mind, not security. These two factors introduce attack vectors to MIL-STD-1553B communication buses and expose associated avionics systems to exploitation. Recent approaches to anomaly detection for the MIL-STD-1553B data bus have leveraged statistical analysis, Markov Chain modelling, remote terminal fingerprinting and signature-based detection. However, their comparative effectiveness is unknown. Regarding the statistical analysis technique, the lack of accuracy and precision in detecting the start and stop time of anomalous events are not ideal for conducting investigations due to the sheer volume of messages still required to be manually analysed. Deep learning techniques offer an effective means of anomaly detection and applying these techniques to the MIL-STD-1553B data bus could provide more accurate and precise detection times when anomalies or attacks are present, when compared to known statistical analysis, leading to more efficient forensic investigations of anomalous events.</p> Brian Lachine, Alec Harlow, Vincent Roberge Copyright (c) 2024 Brian Lachine, Alec Harlow, Vincent Roberge Thu, 21 Mar 2024 00:00:00 +0000 Authentication in a Hyperconnected World: Challenges, Opportunities and Approaches <p>Authentication and integrity are the prerequisites for trustworthy and secure communication. Without unambiguous knowledge of who is being interacted with, no confidential content can be exchanged, no (remote) access to systems and equipment can be granted, and no trust can be established. This situation is further exacerbated by an increasing interconnection and globalization towards a hyperconnected world. (Communication) Participants are no longer necessarily in close physical and social proximity and do not need to know each other, but can have their source/destination anywhere in the world.</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; An authentication process is used to verify that someone -whether human or machine-, is in fact who she claims to be: The process thus includes a validation step to evaluate an assertion. However, systems differ in terms of their requirements, for instance with regard to the authentication options available, the time period required for re-authentication and the frequency of re-authentication, as well as the level of security to be achieved with authentication. The latter particularly with regard to the cost/benefit ratio of the application. Additionally, there are efforts to finally abolish traditional passwords, passphrases and pin codes and render them obsolete.</p> <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; In this work, technologies and methods for authentication beyond passwords and trustworthy authentication will be examined, particularly with regard to future communication infrastructures such as Beyond 5G and Sixth Generation (6G) wireless systems. Thereby, the impact of Artificial Intelligence (AI) methods, but also the relevance to Quantum Key Distribution (QKD) and Post Quantum Cryptography, as well as the use of 6G-enabling technologies like Reconfigurable Intelligent Surfaces (RISs), Wireless Optical Communication (WOC) and Physical Layer Security (PhySec), for example as additional factors of a multi-factor authentication process, will be considered, along with Body Area Networks (BANs) and the integration of the human body relying on biometrics. The various concepts are compared with regard to their requirements, limitations and possible applications in order to provide the user with an orientation as to which authentication method is conceivable and useful in which specific scenarios.</p> Christoph Lipps, Jan Herbst, Rekha Reddy, Matthias Rüb, Hans D. Schotten Copyright (c) 2024 Christoph Lipps, Jan Herbst, Rekha Reddy, Matthias Rüb, Hans D. Schotten Thu, 21 Mar 2024 00:00:00 +0000 Human-Centered AI in Military Cyber Operations <p>Military Cyber Operations are an integral part of modern warfare and national security strategies as they crossed the science fiction realm, represent a real operational battlefield, and developed into an option in military toolboxes. Seeing ongoing technological advancements that allow the creation and use of complex mechanisms and technologies, the increasing digitalization of critical infrastructure, the growing abundance of data collected, generated, and exchanged between multiple parties, and the rise of stakeholders engaging in building and/or executing military Cyber Operations together with the increased number of such operations being conducted all over the globe reflects important lessons that need to be learned: the core element of such operations are humans: they build, acquire, execute, and assess them while also being impacted entities by them, e.g., through (psychological or physical) injury or death, or damage or destructions of human infrastructure. Moreover, the key process governing all the life cycle phases of military Cyber Operations is human decision-making or humanly assisted/augmented decision-making relying on advanced intelligent methods built with AI. Nevertheless, building and conducting military Cyber Operations should be done in a legal, responsible, and effective way&nbsp; implying a deep understanding of the context and adversary, proper target and cyber weapon selection, development, and use, and a clear overview of potential effects produced. These represent important aspects that should be properly defined and tackled in this domain. Hence, this research aims to introduce the Human-Centred AI concept and approach in the military cyber domain to illustrate ways to prioritize human involvement and interaction, human understanding, effective decision-making, and ethical considerations when building and conducting military Cyber Operations. To this end, an extensive literature review is conducted in the military, cyber, and AI domains together with instantiation on military Cyber Operations.</p> Clara Maathuis Copyright (c) 2024 Clara Maathuis Thu, 21 Mar 2024 00:00:00 +0000 Towards Trustworthy AI-based Military Cyber Operations <p>Within the dynamic realm of contemporary warfare, Artificial Intelligence (AI) emerges as a transformative force that reshapes the ways and means used to strategize, execute, and assess military operations. In this journey, the use of AI spans functions and capabilities like intelligence analysis, target engagement decision-making support, weapon autonomy, and effects analytics. Concurrently, AI enhances, e.g., the effectiveness of military plans and capabilities having the potential to reducing risks to civilians, civilian objects, and military personnel. In this rapidly evolving arena, military Cyber Operations gained unprecedented prominence due to their intrinsic digital and cross-domain nature, speed, and became a clear option to achieving military goals, and a mature set of alternatives to conventional ones. Nonetheless, they need continuous assessment, deal with different uncertainty types produced by characteristics like anonymity and can imply psychological impact. Hence, such military operations demand meticulous planning, sophisticated execution, and a deep understanding of technical, military-legal, ethical, and strategic implications and consequences. This represents a direct call for building solutions that align the potential of AI with the responsible and safe conduct of military operations in the military cyber domain: building trustworthy AI-based military Cyber Operations. While incipient efforts to tackle important dimensions of such an approach exist in this domain, a direct and unified approach that unifies them as a commitment and artefact lacks. To tackle this knowledge gap, this research aims to build a bridge between the above-mentioned dimensions by proposing a working definition and framework for building trustworthy AI-based military Cyber Operations using the Design Science Research methodology.</p> Clara Maathuis Copyright (c) 2024 Clara Maathuis Thu, 21 Mar 2024 00:00:00 +0000 Ukrainian Thoughts and Feelings based on One Year War Content Analysis <p>In the age of remarkable technological innovations such as AI, quantum computing, IoT, and blockchain, one could argue that the world is becoming an increasingly connected, advanced, enlightened, and peaceful place. Nevertheless, paradoxically, conflicts and wars are still born deeply rooted in complex strategic, historical, and economic dynamics, and continue to arise finding a direct representation in both physical and digital battlefields through powerful and dynamic environments like social media. This environment enabled unprecedented connectivity and ideas, thoughts, ideologies, and experiences exchange shaping the narrative, amplifying ideas, feelings, and experiences while directly addressing the underlying causes, dynamics, and implications of conflicts and war through a multifaceted and multi-nuanced approach. The outbreak and ongoing war in Ukraine took the international community off guard representing a significant turning point in the contemporary era that received immediately intensive global attention, united global humanitarian, and strategic efforts to support and help the ones in need, and reflected its geopolitical and economic global complexities, dynamics, and implications. At the same time, a high degree of disinformation and misinformation exists surrounding different aspects about this war e.g., actions taken, and impact produced on civilians, which contributes to creating an altered perspective of reality. While different conventional media and social media outlets together with research, governmental, and practitioner efforts revealed and reflected on the nature, major incidents, and their known impact on civilians and civilian objects as well as military personnel and military objects, yet limited attention and a lower voice is given through dedicated studies to thoughts and emotions of Ukrainian users in unconventional social media platforms like Telegram. This represents the knowledge gap tackled in this research by building a set of Machine Learning-based solutions for analysing the discourses and sentiments of Ukrainian users using the Design Science Research methodology in a Data Science research approach. From this analysis, reflection is provided to important days and incidents experienced by Ukrainian population since February 2022 in the first year of war. &nbsp;</p> Clara Maathuis, Iddo Kerkhof Copyright (c) 2024 Clara Maathuis, Iddo Kerkhof Thu, 21 Mar 2024 00:00:00 +0000 Can You Give Me a Lift? <div> <p class="LO-Normal"><span lang="EN-GB">Static Analysis (SA) is the practice of examining computer program source code for errors or vulnerabilities outside the compiler’s capabilities. To carry out Static Analysis on computer programs, various tools exist that parse and examine each line for known issues. These tools do not compile the program, nor do they run the program. Instead, they analyse the source code directly and infer properties about the program without executing it - thus “static” analysis. Static analysis is not new. Early UNIX contained a program called “lint” for static analysis; a tool that has now existed since the late 1970s (Johnson 1978). Increasingly, however, modern static analysis practices indicate a more focused intent; find cybersecurity weaknesses. </span><span lang="EN-GB" style="font-size: 0.875rem;">At the 22</span><span lang="EN-GB" style="font-size: 0.875rem;">nd</span><span lang="EN-GB" style="font-size: 0.875rem;"> European Conference on Cyber Warfare and Security, the authors presented the background of Intermediate Representations (IRs) and described how this “middleware” representation can be utilized for static analysis of source code for cybersecurity weaknesses. By examining an IR, potential flaws in the source code can be located. When utilizing the IR as opposed to the original high-level language, the static analysis process becomes independent of the original source language; if several languages such as C, Rust, and others all compile into the same IR, static analysis of the IR allows the analysis process to no longer be tied to the high-level language grammar or syntax. </span><span style="font-size: 0.875rem;">The previous paper implemented a literature survey of available IR analysis tools to discover prior work; the authors have subsequently advanced the research and are actively using an IR framework, LLVM, for vulnerability analysis. In this research, source code in a high-level language is first compiled to LLVM and the resulting IR is used for analysis. This approach uses a “code-to-IR” SA analysis preparation paradigm. At the same time, there is the potential for binary “lifters” to be used. These tools “lift” an executable program – binary machine instructions – back to LLVM. In this way, the paradigm can also be reversed such that static analysis of LLVM can be performed on source code compiled into LLVM, </span><em style="font-size: 0.875rem;">or</em><span style="font-size: 0.875rem;"> on executable programs in the field that are “lifted”. This begs: how effective are these “lifters”? </span><span style="font-size: 0.875rem;">In this work, the authors present experiences in installation and operation of several binary “lifters” available as open-source projects. Some are supported better than others, some operate better than others, and some don’t operate at all. Those that do lead to the follow-up: Is the “lifted” code suitable for static analysis, or is it too obfuscated relative to the original program? This paper describes just that – our efforts and results in locating a binary “lifter” suitable for bringing executable program test cases back to LLVM for analysis by the cybersecurity vulnerability tool concurrently under development.</span></p> </div> William Mahoney, Adam Spanier Copyright (c) 2024 William Mahoney, Adam Spanier Thu, 21 Mar 2024 00:00:00 +0000 Cybercrime Classification: A Victimology-based approach <div><span lang="EN-GB">The need for understanding cybercrime and the possibility of its occurrence is significant to mitigate its adverse effects on society. A comprehensive universally agreed-upon classification scheme for cybercrime is hugely lacking in terms of utilizing a complete perspective of the entities involved in the same. A new perspective in cybercrime classification is moving beyond the machines and focusing on the humans, especially the victims. Cyber victimization extends from the single user to a mass or system perspective, thereby representing governments, organizations, and society to be categorized as victims. This paper proposes a novel ontological classification of cyber victimology that can help illustrate the complete cybercrime incident from the perspective of the victim. We utilize a multidimensional typology to represent the dimensions and classifications of the cybercrime victim. We then analyse the semantic relationships between the ontological objects to develop a comprehensive victimology representation. The understanding of the type and role of the victim provides new insight into the analysis of the cyber incident. Moreover, the resultant representation can serve as an extension to current cybercrime ontological frameworks and help in providing a new point of defence in cybercrime incidents. Finally, such a victimology-based classification can subsequently result in a dynamic ontology which can be queried to obtain relevant insights into the nature and occurrence of cybercrimes.</span></div> Sayonnha Mandal Copyright (c) 2024 Sayonnha Mandal Thu, 21 Mar 2024 00:00:00 +0000 Chain of Custody and Evidence Integrity Verification Using Blockchain Technology <p>The validity and integrity of digital evidence and the chain of custody are crucial to all digital forensic investigations. All new evidence and access logs of the original evidence should be logged in a document called the ‘chain of custody’. This document shows the timeline of any piece of evidence from the time it was recorded until the end of the investigation. In a traditional digital investigation, trusted parties, such as an investigator, are allowed access to the digital evidence and follow a strict process when dealing with data. These trusted parties have the capability to alter the data making the evidence inadmissible in a court of law. Alternatively, these trusted parties may also alter the data accidentally or with malicious intent, due to a lack of transparency and non-repudiation. Blockchain technology can solve this issue, however, existing research shows that adopting blockchain does not provide adequate transparent access control mechanisms. Consequently, this makes blockchain difficult to adopt due to the one-to-one mapping and the inability to easily validate the chain of custody and evidence admissibility. &nbsp;Current methodologies rely on an external off-chain access control mechanism, which, regrettably, remains susceptible to potential breaches that could compromise its integrity and validity. This paper proposes an enhanced model to provide access control through smart contracts, ensuring immutability, flexibility, transparency, and non-repudiation of both the access control mechanisms and the digital evidence itself. This is achieved by moving the access control mechanism to the blockchain. This tracks any changes made through the access control mechanism, further ensuring transparency and integrity. This smart contract-based access control builds off role-based access control, allowing for more complex hierarchies to be used. This model aims to allow for both modularity, making adoption easier for existing digital forensic tools, and encouraging digital investigation and litigation to become more streamlined. &nbsp;Existing tools can easily integrate with the proposed model adding an extra layer of non-repudiation, transparency, and integrity.</p> Adir Miller, Avinash Singh Copyright (c) 2024 Adir Miller, Avinash Singh Thu, 21 Mar 2024 00:00:00 +0000 Cyber Resilience, Dependability and Security <p>There is a continuing skills shortage associated with digital security and DevSecOps (World Economic Forum, 2023), but this paper argues that is due to non-recognition that it is time for cyber security and/or digital security to be defined, and a further separation of specialisms in computing to be made apparent. This has become increasingly important when considering Artificial Intelligence. The problem is not new. This paper presents a refinement of the principles suggested by Milner (2007) of using a model to describe behaviour and organise software, grappling with seemingly intractable and complex problems which cross boundaries between different systems: engineering, technological, social, economic, legal, and political, each with a distinct perspective and goal. It emphasises Hoare’s (1996) assertion that system failures are largely due to failed analysis impacting development of resilient systems. It argues that there are dichotomies between resilience – a system security/safety perspective, dependability – a user/consumer perspective, and security – a technology perspective. Many proposed systems to date have conflated these perspectives in the secure by design paradigm which requires a depth of knowledge and expertise. Unicorns are rare. This paper suggests how to overcome the skills shortage utilising the skill sets that are available in a manner that maximises the contribution to digital security. Recognising that not everyone and everything needs to communicate with the world reduces complexity and can increase trust. Concentration on the operational purpose of a system, resulting in an Operational Design Domain (ODD) reduces complexity further. Additional reduction in complexity is achieved by placing resilience in an engineering and programming development context, grounded in acceptable behaviours, while accepting dependability as a user expectation of system behaviour, and cyber security as a separate specialism addressing access to systems and infrastructure. Much of this paper is a reversion to defensive programming through the ODD. There is a need for any solution to the skills shortage be scalable and economic, and this paper suggests how that can be achieved using existing skill sets targeted at their specialisms.</p> Gareth Davies, Angela Mison, Peter Eden Copyright (c) 2024 Gareth Davies, Angela Mison, Peter Eden Thu, 21 Mar 2024 00:00:00 +0000 Cross-disciplinary AI supply chain risk assessment <p>While AI remains chip based and part of both commercial and national strategic superiority goals, it is useful to examine the security and risks associated with achieving those goals. The future strategy rests perilously on an unstable inverted triangle of financial and economic reality. This paper presents the AI chip supply chain as an inverted triangle which base/apex is dependent on a global single supplier with the capability of producing equipment essential for their manufacture. It highlights the dependence on a single company for the fabrication of those chips, and the security risks associated with that supplier being Taiwanese in limited foreign ownership. It is suggested that the increasing tensions between China and the USA have resulted, in part, from this dependence, which was demonstrated by the supply chain crisis resulting from Covid-19. The attempt to reduce this dependence led to the CHIPS and Science Act 2022, signed into law by President Biden. In part of the inverted triangle are found Big Tech and the major Cloud Service Providers. They vary between 60% - 80% of their market capital being in financial institutional ownership, most of which is held by a very limited number of institutions, not all of whom are publicly quoted. To doubt the influence wielded by those financial institutions, just a single institution with major Big Tech and Cloud holdings has, at 31 December 2022, USD 8.59 trillion of assets under management. This represents economic power and places it between the equivalent Gross Domestic Product of China (USD 19.37 trillion) and Japan (USD 4.41 trillion) the second and third entries behind the USA in the GDP rankings. Financial institutions are market driven to achieve growth, contribute to economic stability, and are to an extent regulated by unelected vested interests and organisations. The battlefield for national supremacy of AI may concern chips, until the arrival of quantum AI. Current Chinese economic woes are providing the momentum for pre-emptive strikes at the semiconductor industry, and an inverted triangle is neither a secure nor stable structure for a supply chain.</p> Gareth Davies, Angela Mison, Dr. Richard Ward Copyright (c) 2024 Gareth Davies, Angela Mison, Dr. Richard Ward Thu, 21 Mar 2024 00:00:00 +0000 Proof of Concept of a Digital Forensic Readiness Cybercrime Language as a Service <p>Welcome to the 21st century, where more devices are connected to the Internet than people on this earth. Each device will be or has been a target of cybercrime. The popularity of text-based cybercrimes has become prevalent with the advancement of the Internet. The number of cybercrimes increases yearly, unlike the reports of such crimes. The major problem is the lack of awareness and protection from cybercrimes. These issues cascade into greater consequences, such as a shortfall of reports, deficiency of cybercrime data, etc. The DFClaaS system is proposed as a solution; it allows users to report text-based cybercrimes anonymously. Next, several NLP techniques are applied to such reports to comprehend text-based cybercrimes as a language, and once the usage of the language is detected, an investigation proceeds. Subscribed users are individuals or businesses that are in some regard connected to the Internet. The DFClaaS system aims to protect its users from text-based cybercrimes and provide digital forensic investigators resources to conduct a successful investigation, enriching digital forensics research. The system is a feature-rich digital forensics readiness tool that will track the aggressive advancements of text-based cybercrimes, thus serving and protecting its users.</p> Maryam Mohamad Al Mahdi, Stacey Baror Copyright (c) 2024 Maryam Mohamad Al Mahdi, Stacey Baror Thu, 21 Mar 2024 00:00:00 +0000 An Analysis of Cybersecurity Architectures <p>The 4th Industrial Revolution has increased high-capacity connectivity, new human-machine interactions largely with IoTs and smart devices. This digital revolution offers incredible conveniences such as the ability for users to access volumes of data, governments can address social challenges, connect remote villages in the country, and more. Once secluded systems are now connected and sharing information. This connectedness also poses some inconveniences as well, whenever a device joins the Internet, it becomes publicly discovered. Once these devices are discovered, they become open to cyberattacks. Cybersecurity has become a crucial part of daily life as cyberattacks have increased over time and have become more and more severe. The challenge that cybersecurity consultants find is the difficulty of measuring cybersecurity efforts in organizations. Another challenge could be finding a cybersecurity architecture that is effective and can fit different situations. The main aim of this study was to develop a comprehensive cybersecurity architecture that can be used by cybersecurity consultants when measuring cybersecurity effectiveness. This study conducted an in-depth literature review on current cybersecurity architectures offered by national and international cybersecurity organizations. The identified cybersecurity architectures that have been developed by other organizations were translated, interpreted, compared, and synthesized and a new cybersecurity architecture is proposed. The proposed cybersecurity architecture has the NIST goals as a foundation and the CIA triad at the center. The proposed cybersecurity architecture has domains such as application and Systems security, Information security, Network security, End-point security, Critical Infrastructure security, Mobile security, Storage security, etc. The proposed cybersecurity architecture seeks to assist cybersecurity consultants in answering questions from executives such as: Are we secure? Are security investments delivering value to the business? What is our preparedness for a cyberattack?</p> Noluntu Mpekoa Copyright (c) 2024 Noluntu Mpekoa Thu, 21 Mar 2024 00:00:00 +0000 Bibliometric Analysis of Cyber Warfare Research in Africa: Landscape and Trends <p>As the digital landscape continues to evolve, cyber warfare has emerged as a prominent domain of warfare, with superpower nations actively demonstrating their capabilities in the cyberspace. This study posits that African countries exhibit a relative lag in research and development of cyber warfare capabilities, as evidenced by the absence of African nations in the National Cyber Power Index released by the Belfer Centre for Science and International Affairs in 2022. To address this knowledge gap, this paper presents a comprehensive bibliometric analysis of cyber warfare research and development within the African continent. The analysis aims to illuminate research productivity, performance, science mapping, and key contributors at both national and institutional levels. It seeks to uncover thematic trends, pinpoint key research areas, and identify research connections within the African context. This research evaluates the African continent's research participation and development in the cyber and/or information warfare domain over the past 23 years. The analysis encompasses scholarly articles and conference proceedings published between 2000 and 2023, utilizing Scopus as the primary data source. Preliminary findings suggest that cyber warfare research in Africa is concentrated in a limited number of countries, with South Africa emerging as the leading contributor. A comparative analysis further reveals that developed countries generally outpace African nations in cyber warfare research and development, corroborating the rankings presented in the National Cyber Power Index (NCPI) and Global Cybersecurity Index (GCI).</p> Jabu Mtsweni, Mphahlela Thaba Copyright (c) 2024 Jabu Mtsweni, Mphahlela Thaba Thu, 21 Mar 2024 00:00:00 +0000 Systematic Review to Propose a Blockchain-based Digital Forensic Ready Internet Voting System <p>The ballot paper-based voting system has a high risk of data manipulation and vote tampering due to a lack of immutability, transparency and privacy. This systematic review is conducted with the intention of proposing a digital forensic-ready internet voting process to mitigate issues of vote rigging and vote fraud. The review focused on current and up-to-date literature. Publications that are out of this date range were ignored and considered stale or irrelevant. We extracted and reviewed publications with either or all the following keywords: “digital forensic”, “internet voting”, “e-voting” and “blockchain”. A total of thirteen databases were consulted. These include ACM, IEEE, Web of Science, Science Direct, Academic Search Complete, Access Science, ProQuest, Oxford Academy, Ingenta, Cambridge Core and Clarivate. From the inclusion list of one hundred and five (105) studies that were looked at in detail, twenty of them (i.e.,19%) covered blockchain technology. Two percent (2%) of them were focused on digital forensics in internet voting. The results herein were synthesised and presented in a qualitative methodology. The review shows that a secure and reliable digital forensic system could effectively mitigate vote rigging and fraud. Therefore, we proposed a blockchain-based digital forensic-ready internet voting system. The proposed system is beneficial to the electorate, election observers, electoral candidates, electoral administration bodies as well as the national law enforcement agencies.</p> <p>&nbsp;</p> Edmore Muyambo, Stacey Omeleze Baror Copyright (c) 2024 Edmore Muyambo, Stacey Omeleze Baror Thu, 21 Mar 2024 00:00:00 +0000 Theory-Guided Feature Selection in Cybercrime Data Science <p>Cybercrime data science is being significantly hampered by the presence of 'noisy' features within vast and complex datasets. We draw from the theoretical insights of the behavioural sciences to propose a feature selection model to enrich and improve the value and interpretability of cybercrime intelligence datasets. We piloted our theory-guided feature selection approach on a subset of intelligence datafeeds provided by a global fraud and cybercrime tracking firm. The results of the proposed social influence feature selection model show significant improvement in the interpretability of the machine learning-based exploratory analysis and advanced visualization techniques in an experimental setting. The feature selection model yielded rich insights about cybercriminal psychological tactics from social engineering scam data and has potential applicability in the areas of cyberthreat response and cybersecurity awareness training. Our study shows the value of an interdisciplinary theory-guided approach to cybercrime data analytics that integrates scientific knowledge from the behavioural sciences and data science expertise. Our paper concludes by suggesting avenues for future research on theory-guided feature selection seeking to incorporate behavioural science knowledge in cybercrime data science. We intend to refine, automate, evaluate, and scale our model in future research to assess its effectiveness in producing insights about cybercriminal activities and informing decision-making in a naturalistic and real-time setting. In future research efforts, we aim to automate the encoding of features and apply a wider range of machine learning tools and evaluation metrics to extract more meaningful insights into cybercriminal psychological tactics. We also intend to refine our model on larger datasets to enhance its efficiency and responsiveness to real-time cybercrime data. &nbsp;We call on data scientists and cybercrime domain experts to work together to apply theory-guided feature selection to improve processes of knowledge discovery that enhance our cybersecurity capabilities.</p> Shiven Naidoo, Rennie Naidoo Copyright (c) 2024 Shiven Naidoo, Rennie Naidoo Thu, 21 Mar 2024 00:00:00 +0000 Infusing Morabaraba game design to develop a cybersecurity awareness game (CyberMoraba) <p>Numerous studies have confirmed the effectiveness of Cybersecurity Awareness Games (CAGs) in enhancing the security posture of diverse organizations. As these organizations increasingly face the formidable challenge of cyberattacks, implementing serious CAGs to solve this issue has become a paramount concern. This article introduces an innovative approach to cybersecurity education by presenting a serious CAG. The game aims to effectively educate students about critical aspects of cybersecurity awareness engagingly and interactively. The study aimed to redefine cybersecurity awareness training by introducing an indigenous game design that intricately incorporates the traditional South African Morabaraba board game. While the effectiveness of non-indigenous games like "Capture The Flag (CTF)" in cybersecurity training is acknowledged, indigenous designs have been overlooked. This research creatively integrates Morabaraba's gameplay into cybersecurity training, adapting it into a competitive game where players adopt the roles of either defenders or attackers, with corresponding tokens/images symbolizing various cyber defense and attack strategies. Both the defenders and attackers in the game can elevate their awareness scores by strategically positioning defensive or attacking images on the game board. Subsequently, a judging entity assesses the players' moves and assigns scores based on the accuracy of the images placed. The game mirrors real-world scenarios, promoting strategic thinking and leveraging interactive gameplay for practical insights into cybersecurity awareness. Players demonstrate their cybersecurity knowledge through offensive and defensive strategies. A group of 40 students evaluated the game's effectiveness, highlighting its potential to create an engaging and competitive learning environment that imparts cybersecurity principles and practical application. The evaluation of the game mechanics demonstrated a remarkably positive outcome, with students expressing both enjoyment and an enhanced understanding of cybersecurity awareness.</p> Mike Wa Nkongolo Copyright (c) 2024 Mike Wa Nkongolo Thu, 21 Mar 2024 00:00:00 +0000 Bahrun Naim’s Hacking Manifesto: How A Historical Model of Cyber Threat Mischaracterization Helps Us Diffuse a Dead Cyberterrorist Influencer <p>The late Bahrun Naim is generally considered one of the most recognizable names of historical Indonesian cyber terrorist actors, where he continues to be characterized as a “computer guru” and hacker who supported Indonesian extremist and Islamic State hacking.&nbsp; This paper is the first reexamination of Naim’s lengthy e-book manifesto chapters on hacking, finding that most of the tutorial demonstrations on hacking tools readers might believe Naim performed were screen shots of other online content that Naim appeared to have plagiarized.&nbsp; This practitioner’s paper suggests that Naim is a historical model of cyber threat mischaracterization, questioning who Naim was signaling with his hacking manifesto and why so many audiences including cyber threat analysts may have been influenced by reports on him.&nbsp; This paper evaluates Naim’s <em>native</em> and <em>researched</em> technical knowledge based on his manifesto, suggesting the perception of Naim’s native technical knowledge may have been embellished.&nbsp; This paper offers a conceptual interdisciplinary model for practitioners and researchers evaluating cyberterrorists’ technical pedigrees and social environments.&nbsp; This model can also be applied to countering the range of cyber warfare including narrative warfare conducted by cyberterrorists, often revealing shortcomings in the mythos of cyberterrorists’ influence and technical skills.</p> Tim Pappa Copyright (c) 2024 Tim Pappa Thu, 21 Mar 2024 00:00:00 +0000 Typology of State Actors' Behavior in Cyber Space <p>Cyberwar is no longer subject to "if" but "when." Despite growing interest in cyberspace and cyber war readiness and resilience among academics, researchers, policymakers, and the media, the area needs to be more robust with different terminology that strategically captures the activities of state actors in cyberspace. The paper aims to provide a strategic classification of the activities of state actors in cyberspace. A typology is developed to encapsulate the strategic complexity of the activities of state actors in this terrain. The typology can illuminate the current global proportion and payoff of each type.</p> Ada Peter, Ujunwa Ohakpougwu Copyright (c) 2024 Ada Peter, Ujunwa Ohakpougwu Thu, 21 Mar 2024 00:00:00 +0000 Friend or Foe – The Impact of ChatGPT on Capture the Flag Competitions <p>ChatGPT, an artificial intelligence (AI)-based chatbot, has taken the world by storm since the technology’s release to the public in November 2022. The first reactions were awe and amazement as ChatGPT presented the capability to instantly respond to various text-based questions following a conversational approach. However, it is ChatGPT’s ability to complete more advanced tasks, such as supplying source code to programming-related questions or generating complete articles focusing on a specific topic, which has caused eyebrows to be raised. The capabilities offered by ChatGPT, fuelled by popularity and easy accessibility, have introduced several new challenges for the academic sector. One such challenge is the concept of AI-assisted cheating, where students utilise chatbots, such as ChatGPT, to answer specific questions or complete assignments. Although various research studies have explored the impact of ChatGPT on university education, few studies have discussed the influence of ChatGPT on Capture the Flag (CTF) competitions. CTF competitions offer a popular platform to promote cybersecurity education, allowing students to gain hands-on experience solving cybersecurity challenges in a fun but controlled environment. The typical style of CTF challenges usually follows a question-answer format, which offers students the ideal opportunity to enlist the assistance of ChatGPT. This paper investigates the ability of ChatGPT to assist and aid students in solving CTF challenges. The exploratory study involves past CTF challenges across various categories and the questioning of ChatGPT in an attempt to solve the challenges. The outcome of the study reveals that although ChatGPT can assist students with challenges during CTF competitions, the assistance that can be offered is minimal. Instead of producing answers to CTF challenges, ChatGPT can merely offer insight or guidance regarding the questions asked.</p> Heloise Pieterse Copyright (c) 2024 Heloise Pieterse Thu, 21 Mar 2024 00:00:00 +0000 Reverse-Engineering of Disinformation Campaigns During the War in Ukraine <p style="font-weight: 400;">Information operations have long been a part of warfare. Disinformation campaigns, in particular, are usually launched by states in order to mislead and confuse populations in adversarial countries, but also to obtain support for their actions from domestic audiences. These campaigns threaten human security, at the individual level, but also state- and even international security. The invasion of Ukraine by Russia came with a new wave of disinformation not only in Ukraine itself, but also in countries from various other continents. This paper studies the characteristics of the spread of disinformation from the first day of the war in February 2022 through July 2023. The data we used in this study came from the EUvsDisinfo project, established by the European Union’s East StratCom Task Force in 2015. In particular, we included variables about the topic of these articles containing disinformation, the specific target audience, and origin of the source disseminating the disinformation. The results indicate that the articles concerned predominantly security-focused topics, and to a lesser extent economic and cultural issues. Interestingly, the target audience for the disinformation articles focused predominantly on non-EU/NATO audiences – they overwhelmingly targeted Russian-speaking populations, but also Arab-speaking and Armenian-speaking populations. The majority of the articles were also from Russian sources. The results also provided other additional insights into the characteristics of disinformation during the war which are discussed in the paper as well. Based our findings, we provide policy recommendations for protection against disinformation campaigns for both EU/NATO-members and countries which were affected by these campaigns but are not members of either of these organizations.</p> Lora Pitman, Ava Baratz, Kelly Morgan, Marcy Alvarado Copyright (c) 2024 Lora Pitman, Ava Baratz, Kelly Morgan, Marcy Alvarado Thu, 21 Mar 2024 00:00:00 +0000 Deepfakes: The Legal Implications <p>The development of deepfakes began in 2017, when a software developer on the Reddit online platform began posting his creations in which he swapped the faces of Hollywood celebrities onto the faces of adult film artists, while in 2018, the comedic actor Jordan Peele posted a deepfake video of former U.S. President Obama insulting former U.S. President Trump and warning of the dangers of deepfake media. With the viral use of deepfakes by 2019, the U.S. House Intelligence Committee began hearings on the potential threats to U.S. security posed by deepfakes. Unfortunately, deepfakes have become even more sophisticated and difficult to detect. With easy accessibility to the applications of deepfakes, its usage has increased drastically over the last five years. Deepfakes are now designed to harass, intimidate, degrade, and threaten people and often leads to the creation and dissemination of misinformation as well as creating confusion about important state and non-state issues. A deepfake may also breach IP rights e.g., by unlawfully exploiting a specific line, trademark or label. Furthermore, deepfakes may cause more severe problems such as violation of the human rights, right of privacy, personal data protection rights apart from the copyright infringements. While just a few governments have approved AI regulations, the majority have not due to concerns around the freedom of speech. And while most online platforms such as YouTube have implemented a number of legal mechanisms to control the content posted on their platforms, it remains a time consuming and costly affair. A major challenge is that deep fakes often remain indetectable by the unaided human eye, which lead to the development by governments and private platform to develop deep-fake detecting technologies and regulations around their usage. This paper seeks to discuss the legal and ethical implications and responsibilities of the use of deepfake technologies as well as to highlight the various social and legal challenges which both regulators and the society face while considering the potential role of online content dissemination platforms and governments in addressing deep fakes.</p> Trishana Ramluckan Copyright (c) 2024 Trishana Ramluckan Thu, 21 Mar 2024 00:00:00 +0000 Metaverse: Virtual Currencies as a Mechanism for Employee Engagement and Retention <p>Virtual currencies, including cryptocurrencies and non-fungible tokens (NFT’s), are increasingly used as rewards in virtual environments. Traditional reward systems have been effective in improving employee satisfaction and retention but with the shift to hybrid or remote work post-COVID-19, organisations need adapted reward systems. However, the problem of this research is that it’s unclear how virtual currencies can be effectively utilised as a reward system, in the Metaverse, and their impact on employee motivation and engagement. This study explores this by reviewing literature, analysing reward mechanisms, and proposing a conceptual model to evaluate the feasibility of such a reward system. The study considers factors like social comparison and loss aversion as well as rewards known to boost motivation and engagement. The flexibility of virtual currencies for conversion or exchange into rewards offers numerous possibilities, with specific reward choices left to organisations’ discretion. This study offers promise to organisations seeking to retain and motivate their employees, ultimately contributing to increased productivity. In turn, employees can benefit from improved job satisfaction and reduced work-related pressures. The study’s conclusion assesses the usefulness of this research and outlines potential areas for future research.</p> Shelley Robertson, Stacey Baror, Hein Venter Copyright (c) 2024 Shelley Robertson, Stacey Baror, Hein Venter Thu, 21 Mar 2024 00:00:00 +0000 Cybersafe: Gamifying Cybersecurity Training with a Training App <p style="font-weight: 400;">The rapidly evolving digital landscape has triggered a surge in cybersecurity threats, particularly social engineering techniques which demand innovative and accessible countermeasures to combat them in an accessible and real-time format. We present "Cybersafe," a mobile application designed to empower users to identify and combat common social engineering exploits effectively. The transformative concept behind this initiative aims to reshape traditional cybersecurity training by introducing a gamified, user-friendly platform suitable for all age groups. Cybersafe’s application's functionality revolves around interactive quizzes that assess users' ability to identify threats. The findings from the research serve as a valuable resource for cybersecurity trainers, application developers, and organizations striving for a secure digital environment.</p> Carlos Roque, Gareth Moodley, Sayonnha Mandal Copyright (c) 2024 Carlos Roque, Gareth Moodley, Sayonnha Mandal Thu, 21 Mar 2024 00:00:00 +0000 Analysis of Media Influence on Military Decision-Making <p>Information warfare challenges, including the "CNN Effect," are increasing in quantity and complexity as the internet saturates modern life. Media communications, reliable or not, are constantly injected into American life, affecting opinions, decision-making, and actions—which may result in terrifying and permanent consequences when the media influences military members and government leaders.<em> </em> This research focuses on the immersive learning environment—an engaging, simulation-based educational experience with realistic conflict scenarios where students apply lesson objectives through hands-on activities. Instructors conduct immersive learning in the US Air Force Academy's (USAFA) Multi-Domain Laboratory. Traditionally, students were taught military strategy in a classroom where they engaged in wargaming by rolling dice using a board game. Now, the Military &amp; Strategic Studies (MSS) Department uses hands-on, real-time wargaming with unique hardware and software to teach future leaders how to apply classroom concepts using experiential learning. Wargames are critical for meeting the priorities of the Joint Chiefs of Staff—specifically, preparing leaders to conduct joint operations in all domains by integrating experiential learning. The guidance explains that "curricula should leverage live, virtual, constructive, and gaming methodologies with wargames… to develop deeper insight and ingenuity." The wargame with media provides external influences like news and information from various sources, which may influence students' decision-making process, resulting in "The CNN Effect." "The CNN Effect" is a short-hand way to explain how news reports drive government leaders' responses, including military decision-making. This project builds upon existing research uniquely because this study examines decision-making from multiple leaders based on the same simulated media in USAFA's immersive learning environment. This research uses mixed methods analysis to explore how students act based on the wargame media inputs and compare course outcome differences after receiving enhanced Information Operations education or when exposed to different quantities of broadcasts. The Information Warfare (news literacy) module enhances education on the media's influence on decision-making and trust for students. Students learned to identify and research information sources, analyze biases, opinion versus fact-based reporting, and compare news reports from various outlets. </p> Bonnie Rushing Copyright (c) 2024 Bonnie Rushing Thu, 21 Mar 2024 00:00:00 +0000 Building Cybersecurity Capacities in Zambia’s Business Sector: Guideline for SMEs <p>This research explores cybersecurity awareness and implementation within Zambia’s small and medium-sized enterprises (SMEs), a sector increasingly targeted by cyberattacks that lead to substantial financial losses. The study’s primary aim was to enhance cyber awareness and develop actionable guidelines for SMEs in Zambia. Utilising an interpretivist philosophy and inductive approach, the methodology encompassed semi-structured interviews, cross-sectional analysis, and a comprehensive review of CISA, ENISA guidelines, and Zambia’s Data Protection Act. Findings indicate a notable deficit in cybersecurity training and awareness among SMEs. Key concerns include inadequate data security measures, a lack of formal cybersecurity policies, and a reliance on basic tools like antivirus software. In response, the study formulated targeted guidelines, emphasising the integration of cyber awareness into SME governance and risk management. These guidelines have garnered significant interest from Zambian government entities, highlighting their potential influence on national cybersecurity policy. The study contributes theoretically by contextualising international cybersecurity standards within Zambia’s unique SME landscape. Methodologically, it pioneers a Cyber Awareness Framework tailored to Zambian SMEs, underscoring the critical role of human factors in cybersecurity. Practically, the research has sparked engagement among SMEs and government bodies, demonstrating its applicability and potential for shaping policy. However, limitations include reliance on outdated demographic data and a focus on digitally enabled SMEs, potentially overlooking broader IT governance aspects and less digitized businesses. Future research should aim for comprehensive, up-to-date analysis across all SME sectors, contributing to a more inclusive and resilient cybersecurity landscape in Zambia.</p> Goni Saar, Rabelani Dagada Copyright (c) 2024 Goni Saar, Rabelani Dagada Thu, 21 Mar 2024 00:00:00 +0000 Coming Back Down to Earth: A Grounded Look at Space Cybersecurity in Southeast Asia <p>This paper aims to open discussion regarding the absence of cybersecurity efforts for space systems in Southeast Asia and its implications. Although there is a consensus on the need for action, Southeast Asian states have not taken any concrete steps to address the challenge of space cybersecurity. Lacking sovereign capabilities, regulatory structures, and initiatives to tackle complex accidents that are waiting to happen, Southeast Asia is not adequately equipped to deal with the growing risk of attack on its space ecosystem. With increasing militarization of space programs, exponentially growing dominance of private sector, and reduced barriers of entry for malicious non-state actors, delaying any action for strengthening space cybersecurity can produce detrimental impact given the necessity of space sector for civil, commercial, and national sustenance in the region. Southeast Asia is in a unique position where the nascency of space sector and lack of rigid structures allows flexibility to learn, translate, and adapt existing initiatives and frameworks. To be on a path to bridge the gap between reality and the ideal, the region should focus on articulating principles and guidelines. The author proposes realistic policy recommendations and directions Southeast Asian states and the region at-large should pursue for promoting medium and long-term sustainability and usability, and for maintaining cybersecurity of space assets.</p> Shantanu Sharma Copyright (c) 2024 Shantanu Sharma Thu, 21 Mar 2024 00:00:00 +0000 A Privacy-Compliant Process for Digital Forensics Readiness <p>This research paper examines the issue of privacy compliance in digital forensics readiness, specifically in relation to the breach of confidentiality during analysis of collected data on users. This is a problem because the collection and analysis of digital evidence during these investigations can have a potential impact on individuals’ privacy rights. The study’s methodology involves a literature review of relevant research, an analysis of privacy regulations, and a case study of a real-world digital forensics investigation. The main findings of the study indicate that organizations need to develop and implement robust privacy measures and data protection policies to ensure that their digital forensics readiness efforts are privacy compliant and do not compromise user privacy. Some examples of why this is necessary are provided in the research to address these privacy compliance issues, this study proposes a measure, this measure implements technical safeguards to protect user data and maintains its confidentiality. By implementing the proposed measures, organizations can maintain their digital forensics readiness while also protecting user privacy.</p> Gabriel Shoderu, Stacey Baror, Hein Venter Copyright (c) 2024 Gabriel Shoderu, Stacey Baror, Hein Venter Thu, 21 Mar 2024 00:00:00 +0000 Impact of Cyber Security Operations on Hardware Requirements for Stable and Workable Industrial Environments <p>Securing electricity distribution is one of the most important principles of the EU cyber security strategy. For example, European cyber security regulations, such as NIS2 (Network and Information Security Directive), CER (Critical Entities Resilience Directive), and Cyber Resilience Act (CRA) together aim to create a foundation and guidelines for international standards in various industries and the operation of critical infrastructure. Securing critical infrastructure is a common goal for Western operators. The new European Union (EU) directives bring new requirements to critical infrastructure administrators, device manufacturers and operators. Previously, member states have had responsibility for compliance with the directives, but they have been given freedom in the method by which they approach the requirements. Currently, member states' solutions are not always uniform, which has led to increased difficulties in coordination on a multi-national level. This, in turn, may lead to difficulties in coordination when responding to cybersecurity threats and attacks on critical infrastructure. The new regulation focuses on unifying the reporting between member states, reporting requirements of severe critical infrastructure events, and creating cybersecurity risk management procedures. In this study, we will provide a novel solution on how critical infrastructure administrators, device manufacturers, and operators may respond and become compliant with the new EU directives. To reach compliance and to enable the responsibilities that are required by the directive, the critical infrastructure devices and environment must have the capability to enable the responsible parties to identify, protect, detect, respond, and report. This sequence of actions is cyclical in nature since the identification of threats and vulnerabilities requires reports, which in turn requires data and detection. Our study focuses on the hardware requirements this causes on the manufacturing specifications, such as data collection and detection capabilities. The research belongs to the CSG project, and the purpose is to develop a governance model to minimize Operational Technology related risks and create a new standardized operating environment for the seamless utilization of energy solutions and industrial environment. The results of the study will be used in the analysis of requirements definitions in the OT environment.</p> Jussi Simola, Arttu Takala, Riku Lehkonen, Tapio Frantti, Reijo Savola Copyright (c) 2024 Jussi Simola, Arttu Takala, Riku Lehkonen, Tapio Frantti, Reijo Savola Thu, 21 Mar 2024 00:00:00 +0000 Hardware Sequence Combinators <p>Recent advances in formal methods for constructing parsers have employed the notion of <em>combinators</em>: primitive elemental parsers with well-defined methods for combining them in sequences or through choice. This paper explores the subtleties associated with leveraging <em>sequence combinators</em> to produce compact, custom hardware traffic validators. This involves a fully automated process that takes as input a formal grammar specifying message formats and produces a parsing circuit capable of validating traffic headers and payload content. The resulting circuit is deployed through network <em>guard</em> appliances that employ Field Programmable Gate Array (FPGA) devices, or alternatively, within the on-chip FPGA associated with System-on-Chip (SoC) devices, such as the Xilinx UltraScale MPSoC. Each guard appliance acts as a hidden “bump-in-the-wire” that either forwards or drops individual packets based on the message parsing outcome, thereby hardening network segments against zero-day attacks and persistent implants. Guards may operate on a wide variety traffic protocols and formats including TCP/IP, CAN/J1939, or MIL-STD-1553. The central step in parser construction is to build a collection of standard shift/reduce parsing tables that can be employed by a push-down automata to check each byte in a message. Typically, these tables are sparse, resulting in excessive use of FPGA circuit resources to represent them. By leveraging sequence combinators, along with other optimizations, we have been able to produce highly compact representations that can reduce table size by up to 95% for non-trivial grammars. Depending on the grammar, this translates directly into FPGA resource reductions. The reductions now make it viable to implement complex parsers on small, inexpensive FPGA’s, or alternatively combine parsers with encryption and encapsulation to enhance guard capabilities.</p> Stephen Taylor, Gunnar Pope Copyright (c) 2024 Stephen Taylor, Gunnar Pope Thu, 21 Mar 2024 00:00:00 +0000 A Strategic Path for Digital Transformation in Cyber Warfare for African Militaries <p>Digital disruption has changed the battlefield and increased its complexity for the war fighter. The modern battlefield continues to increase this complexity, due to the evolution of components that constitute military capability. The technologies, processes and the users are such components. The modern battlefield relies on advanced technologies tapping on high connectivity, are more lethal, precise, and autonomous. Due to this evolution, areas once thought to be safe from conventional attacks are increasingly becoming vulnerable. This evolution of technology and shorter development curves have also increased the prominence of the cyberspace, as a domain of war. However, many militaries, especially in Africa are still operating legacy systems and struggling with modernizing their systems to take advantage of the digital evolution. This paper, therefore, uses a systematic literature review and benchmarking focusing on selected super cyber power nations’ indices to propose a strategic path for African militaries to drive digital transformation in their operational environments. The roadmap is proposed to stimulate the establishment and enhancement of African militaries’ cyber warfighting capabilities in the digital age. The objectives of this digital transformation path include establishing a digital backbone, where all the sensors, effectors and the deciders are plugged to share information and intelligence.</p> Mphahlela James Thaba, Jabu Mtsweni Copyright (c) 2024 Mphahlela James Thaba, Jabu Mtsweni Thu, 21 Mar 2024 00:00:00 +0000 Adversarial Camera Patch: An Effective and Robust Physical-World Attack on Object Detectors <div><span lang="EN-US">Physical adversarial attacks present a novel and growing challenge in cybersecurity, especially for systems reliant on physical inputs for Deep Neural Networks (DNNs), such as those found in Internet of Things (IoT) devices. They are vulnerable to physical adversarial attacks where real-world objects or environments are manipulated to mislead DNNs, thereby threatening the operational integrity and security of IoT devices. The camera-based attacks are one of the most practical adversarial attacks, which are easy to implement and more robust than all the other attack methods, and pose a big threat to the security of IoT. This paper proposes Adversarial Camera Patch (ADCP), a novel approach that employs a single-camera patch to launch robust physical adversarial attacks against object detectors. ADCP optimizes the physical parameters of the camera patch using Particle Swarm Optimization (PSO) to identify the most adversarial configuration.&nbsp;</span><span lang="EN-US">The optimized camera patch is then attached to the lens to generate stealthy and robust adversarial samples physically.&nbsp;</span><span lang="EN-US">The effectiveness of the proposed&nbsp;</span><span lang="EN-US">approach is validated through ablation experiments in a digital&nbsp;</span><span lang="EN-US">environment, with experimental results demonstrating its effectiveness even under worst-case&nbsp;</span><span lang="EN-US">scenarios (minimal width, maximum transparency). Notably, ADCP exhibits higher robustness in both&nbsp;</span><span lang="EN-US">digital and physical domains&nbsp;</span><span lang="EN-US">compared to the baseline.&nbsp;</span><span lang="EN-US">Given the simplicity, robustness, and stealthiness of ADCP, we advocate&nbsp;</span><span lang="EN-US">for attention towards the&nbsp;</span><span lang="EN-US">ADCP framework as it offers a means to achieve&nbsp;</span><span lang="EN-US">streamlined, robust, and stealthy physical atta</span><span lang="EN-US">cks.&nbsp;</span><span lang="EN-US">Our adversarial attacks pose new challenges and requirements for cybersecurity.</span></div> Kalibinuer Tiliwalidi, Bei Hui, Chengyin Hu, Jingjing Ge Copyright (c) 2024 Kalibinuer Tiliwalidi, Bei Hui, Chengyin Hu, Jingjing Ge Thu, 21 Mar 2024 00:00:00 +0000 A Case Study on Multi-Countries Money Laundering Scheme and A Proposed Automatic Detection System <p>This paper presents a case study on the Franco-Israeli syndicates orchestrating their cross-continental money laundering schemes.&nbsp; These money laundering schemes have been operating for over two decades, ever since China’s entry to the World Trade Organization in 2001. &nbsp;The paper reviews the operation of the money laundering schemes in detail and highlights the difficulties encountered by bankers and investigators in unearthing and investigating criminal activities within the banking systems. &nbsp;The paper then proposes an automatic anti-money laundering system, which is expected to address these difficulties. Preliminary experimental results show that the system successfully identifies the crux of these money laundering syndicates within a few days’ time, something which usually takes years of investigation to track down the suspects using traditional methods, as well as its ability to initiate pre-warning procedures to the banks and law enforcement agencies once suspicious transaction clusters are found. &nbsp;The paper concludes with &nbsp;a discussion on the legal implications encompassing the evidence projected by this system.</p> Xiao Tan, Tsz-Fung Tony Tse, Siu Ming Yiu, Hiu-Man Human Lam Copyright (c) 2024 Xiao Tan, Tsz-Fung Tony Tse, Siu Ming Yiu, Hiu-Man Human Lam Thu, 21 Mar 2024 00:00:00 +0000 Cyber Operations in Peace and War: A Framework for Persistent Engagement <p>During 1990s, the concept of information warfare (IW) and information operations (including cyber operations, psychological operations, and electronic warfare) could be conducted with varying intensity across all stages of peace and conflict. At that time, many of the concepts related to cyber operations were still hypothetical. Subsequently, conflicts and competition between states have demonstrated the capabilities and limitations of cyber operations. Research emerging in 2022 by multiple authors demonstrate the limitations and usage of offensive cyber operations and maintaining a sustainable military cyber capability, as well as proposing alternative models for conflict in cyberspace. Alongside this, there has been increased attention on the impact of ICTs on international security and the responsible behaviour of nation-states in cyberspace. There is still ambiguity and different perspectives on the application of international law in cyberspace. This uncertainty disrupts the original models of IW and warfare, which assumed clear distinctions amongst the conflict stages. Both the discourse of ICTs in international security and recent conflict necessitate a reconsideration of the decades-old view of IW in times of peace, war and the grey zone in between. This paper proposes a framework for the roles of cyber operations across the stages of conflict based on contemporary perspectives on the utility of cyber operations as well as practical examples. In rethinking the IW model, a multidisciplinary view is required, considering the technical, legal, social and international security perspectives.</p> Brett van Niekerk Copyright (c) 2024 Brett van Niekerk Thu, 21 Mar 2024 00:00:00 +0000 Unpacking AI Security Considerations <p>The field of Artificial Intelligence has emerged as a convincing tool to be used in a myriad of applications like finance, traffic prediction, health and travel sectors. Due to the enormous benefits provided in terms of automation, convenience, processing time, reduced manhours, and productivity, AI is being seen as the next technical revolution. AI is being showcased as a useful tool to stimulate creativity as well as provide support with its tremendous computational power. The release of tools like ChatGPT has exploded onto the technological scene. Users are making use of Large Language Models (LLMs) and tools to perform a host of activities like writing an essay, translating documents, and finding travel plans. However, the popularity of these tools has not been without risk. In the technology marketplace, the race to dominance can force competitors to waive safety concerns in favour of product adoption. Many are unaware of the potential dangers and risks that may inherently reside within AI tools. This paper looks at the potential risks of AI tools such the creation of misinformation or scams. AI security has now become a paramount concern that should not be ignored. In this paper, the potential risks and threat vectors of Artificial Intelligence will be covered. The aim will be to provide insight into the malicious use of Artificial Intelligence Tools through a discussion of techniques to bypass security controls. The paper aims to provide a more detailed account on how AI can be manipulated in order to empower users about the latest attack schemes.</p> Namosha Veerasamy, Danielle Badenhorst, Mazwi Ntshangase, Errol Baloyi; Noku Siphambili; Oyena Mahlasela Copyright (c) 2024 Namosha Veerasamy, Danielle Badenhorst, Mazwi Ntshangase, Errol Baloyi; Noku Siphambili; Oyena Mahlasela Thu, 21 Mar 2024 00:00:00 +0000 Recognising Cyber Blockades as Crimes Against Humanity: Can International Criminal Law Keep Up? <p>As a result of the heavily digitalised world on top of our increasing online presence and interconnectedness, states and civilian populations are becoming more and more vulnerable to cyber attacks. It is thus imperative to examine the dangers large scale cyber attacks pose with respect to their contribution to potential human suffering. As such, these large scale cyber attacks, especially a cyber blockade, may be able to constitute an international crime. The Prosecutor of the International Criminal Court announced at the Digital Front Lines conference that his office is willing to investigate cyber operations as potential war crimes given that they are capable of causing severe consequences akin to kinetic warfare. (Yoon Onn, 2023) This is the first significant step towards recognising the harmful effects of malicious cyber operations as international crimes. However, not only is the Rome Statute itself silent on cyber operations as potential international crimes, the ICC has not yet seen a case concerning malicious cyber activities as either a war crime or as a crime against humanity.<span class="Apple-converted-space"> </span>As such, the central question the paper seeks to answer is whether the Rome Statute could potentially encompass cyber blockades as the crime against humanity of “other inhumane acts” under Article 7(1)(k) of the Rome Statute. The paper looks at crimes against humanity for three reasons: firstly, Karim Khan KC has already touched on cyber attacks potentially prosecuted as war crimes, as mentioned above, thus the knowledge gap is gradually being bridged with respect to war crimes. Secondly, there is an absence of any regulatory framework should a cyber blockade be unleashed in peacetime, where international humanitarian principles do not apply. Thirdly, establishing a cyber blockade as a crime against humanity would lead to greater individual criminal responsibility as opposed to a war crimes conviction. This, in turn, would send a strong deterrent message in both war and peace.</p> Dora Vanda Velenczei Copyright (c) 2024 Dora Vanda Velenczei Thu, 21 Mar 2024 00:00:00 +0000 Covert Subversive Agents and Consensus Disruption on Large Projects <p>Is it possible to dramatically affect and influence military and other projects through social engineering of the consensus processes? In this paper we explore the impact that subversive agents can have on the ability of projects to move forward by disrupting the social cohesion and decision-making abilities of the processes designed to reach consensus. A consensus simulator is used to model group social cohesion behaviour in the context of project deliverables and show what the effect can be on the effort to reach consensus (number of meetings) as well as the time to reach consensus (calendar time) when subversive agents attempt to influence the groups making up the project team in such a way that it delays the ability of the team to reach consensus on key decisions. Many military options are available to delay enemy projects, including the assassination of enemy scientists, sanctions aimed at denying key project components, or even direct military action such as bombing the enemy facilities. However, this paper focusses on aspects of soft-force projection through covert disruption of project timelines. A social simulator was constructed that models individual agent’s beliefs about various key topics within the context of a project. The effect that a small number of subversive agents can have on the time- and effort of a project is shown. In their covert actions, these subversive agents need to stay hidden, and thus their covert actions are limited, yet they can exert significant damage to the project in terms of delays. In this paper we present results showing the effects that such a small group can have, as well as pointing out that there seem to be a critical group size over which the subversive agents can not only have significant impact on project-delays but can also steer and direct certain key decisions.</p> Johannes Vorster, Louise Leenen Copyright (c) 2024 Johannes Vorster, Louise Leenen Thu, 21 Mar 2024 00:00:00 +0000 Exploring South Africa’s Cybersecurity Legal Framework regulating Information Confidentiality, Integrity, and Availability <p>The discussion critically evaluates the effectiveness of laws dealing with cyber threats within the context of the South African cybersecurity landscape. It deals with the legal response to non-state cyber operations to national security and law enforcement by means of the domestic law and not with state or state-sponsored cyber operations which falls within the remit of the international law. Globally the digital ecosystems of all countries face a common denominator, namely the threat of cyber operations and how to deal with it effectively. There are various cyber operations, but the discussion mainly deals with cyber operations that target the confidentiality, availability and integrity of information and the effectiveness of the South African cybersecurity legislation in protecting information. The effectiveness of the following legislation will be deliberated: • The Protection of Personal Information Act (POPIA) 4 of 2013. POPIA does not define a data breach, nor does it indicate the time in which the breach must be reported to the Information Regulator (IR). In 2021 the Department of Justice and Constitutional Development (Department) suffered a ransomware attack. The breach was reported to the IR. In July 2023 the Department became the first institution to be fined for failure to comply with an enforcement notice. • The Cybercrimes Act 119 of 2021. The ransomware attack suffered by the Department in 2021 constitutes a cybercrime, but how effective is the Cybercrimes Act to facilitate the investigation and prosecution of the threat actor(s) who orchestrated the attack? Should there not be guidelines in respect of a ransomware attack prescribing a compulsory reporting obligation or discouraging payment of ransom. The first line of defense to offensive non-state cyber operations is a robust and resilient cybersecurity legal framework. Although a government cannot eliminate all possible threats, it can mitigate the risks, and this can be achieved by means of a comprehensive cybersecurity strategy. A country should have a cybersecurity strategy and it will be determined if for example the 2023 United States of America cybersecurity strategy could serve as guidance to South Africa. <br />Why is your paper of interest to the conference participants? Use this space to persuade the reviewers why they should select this abstract for the conference : In today’s digital world, one cannot ignore the importance of cybersecurity. One single security breach may result in the exposure of the personal information of millions of people. Cybersecurity legislation is therefore essential to ensure the protection of government departments, institutions, businesses and individuals against malicious cyber operations.</p> Murdoch Watney Copyright (c) 2024 Murdoch Watney Thu, 21 Mar 2024 00:00:00 +0000