Content modification attacks on consensus seeking multi-agent system with double-integrator dynamics.

PubMed

Dong, Yimeng; Gupta, Nirupam; Chopra, Nikhil

2016-11-01

In this paper, vulnerability of a distributed consensus seeking multi-agent system (MAS) with double-integrator dynamics against edge-bound content modification cyber attacks is studied. In particular, we define a specific edge-bound content modification cyber attack called malignant content modification attack (MCoMA), which results in unbounded growth of an appropriately defined group disagreement vector. Properties of MCoMA are utilized to design detection and mitigation algorithms so as to impart resilience in the considered MAS against MCoMA. Additionally, the proposed detection mechanism is extended to detect the general edge-bound content modification attacks (not just MCoMA). Finally, the efficacies of the proposed results are illustrated through numerical simulations.

Content modification attacks on consensus seeking multi-agent system with double-integrator dynamics

NASA Astrophysics Data System (ADS)

Dong, Yimeng; Gupta, Nirupam; Chopra, Nikhil

2016-11-01

In this paper, vulnerability of a distributed consensus seeking multi-agent system (MAS) with double-integrator dynamics against edge-bound content modification cyber attacks is studied. In particular, we define a specific edge-bound content modification cyber attack called malignant content modification attack (MCoMA), which results in unbounded growth of an appropriately defined group disagreement vector. Properties of MCoMA are utilized to design detection and mitigation algorithms so as to impart resilience in the considered MAS against MCoMA. Additionally, the proposed detection mechanism is extended to detect the general edge-bound content modification attacks (not just MCoMA). Finally, the efficacies of the proposed results are illustrated through numerical simulations.

Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui

Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less

Situational awareness of a coordinated cyber attack

NASA Astrophysics Data System (ADS)

Sudit, Moises; Stotz, Adam; Holender, Michael

2005-03-01

As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

Phase-Space Detection of Cyber Events

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Ferber, Aaron E; Prowell, Stacy J

Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The datamore » analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.« less

Cyber situational awareness and differential hardening

NASA Astrophysics Data System (ADS)

Dwivedi, Anurag; Tebben, Dan

2012-06-01

The advent of cyber threats has created a need for a new network planning, design, architecture, operations, control, situational awareness, management, and maintenance paradigms. Primary considerations include the ability to assess cyber attack resiliency of the network, and rapidly detect, isolate, and operate during deliberate simultaneous attacks against the network nodes and links. Legacy network planning relied on automatic protection of a network in the event of a single fault or a very few simultaneous faults in mesh networks, but in the future it must be augmented to include improved network resiliency and vulnerability awareness to cyber attacks. Ability to design a resilient network requires the development of methods to define, and quantify the network resiliency to attacks, and to be able to develop new optimization strategies for maintaining operations in the midst of these newly emerging cyber threats. Ways to quantify resiliency, and its use in visualizing cyber vulnerability awareness and in identifying node or link criticality, are presented in the current work, as well as a methodology of differential network hardening based on the criticality profile of cyber network components.

Testbed-based Performance Evaluation of Attack Resilient Control for AGC

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Sridhar, Siddharth; McKinnon, Archibald D.

The modern electric power grid is a complex cyber-physical system whose reliable operation is enabled by a wide-area monitoring and control infrastructure. This infrastructure, supported by an extensive communication backbone, enables several control applications functioning at multiple time scales to ensure the grid is maintained within stable operating limits. Recent events have shown that vulnerabilities in this infrastructure may be exploited to manipulate the data being exchanged. Such a scenario could cause the associated control application to mis-operate, potentially causing system-wide instabilities. There is a growing emphasis on looking beyond traditional cybersecurity solutions to mitigate such threats. In this papermore » we perform a testbed-based validation of one such solution - Attack Resilient Control (ARC) - on Iowa State University's \\textit{PowerCyber} testbed. ARC is a cyber-physical security solution that combines domain-specific anomaly detection and model-based mitigation to detect stealthy attacks on Automatic Generation Control (AGC). In this paper, we first describe the implementation architecture of the experiment on the testbed. Next, we demonstrate the capability of stealthy attack templates to cause forced under-frequency load shedding in a 3-area test system. We then validate the performance of ARC by measuring its ability to detect and mitigate these attacks. Our results reveal that ARC is efficient in detecting stealthy attacks and enables AGC to maintain system operating frequency close to its nominal value during an attack. Our studies also highlight the importance of testbed-based experimentation for evaluating the performance of cyber-physical security and control applications.« less

A Method of Synchrophasor Technology for Detecting and Analyzing Cyber-Attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCann, Roy; Al-Sarray, Muthanna

Studying cybersecurity events and analyzing their impacts encourage planners and operators to develop innovative approaches for preventing attacks in order to avoid outages and other disruptions. This work considers two parts in security studies; detecting an integrity attack and examining its effects on power system generators. The detection was conducted through employing synchrophasor technology to provide authentication of ACG commands based on observed system operating characteristics. The examination of an attack is completed via a detailed simulation of a modified IEEE 68-bus benchmark model to show the associated power system dynamic response. The results of the simulation are discussed formore » assessing the impacts of cyber threats.« less

Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection

NASA Astrophysics Data System (ADS)

Levchuk, Georgiy; Colonna-Romano, John; Eslami, Mohammed

2017-05-01

The United States increasingly relies on cyber-physical systems to conduct military and commercial operations. Attacks on these systems have increased dramatically around the globe. The attackers constantly change their methods, making state-of-the-art commercial and military intrusion detection systems ineffective. In this paper, we present a model to identify functional behavior of network devices from netflow traces. Our model includes two innovations. First, we define novel features for a host IP using detection of application graph patterns in IP's host graph constructed from 5-min aggregated packet flows. Second, we present the first application, to the best of our knowledge, of Graph Semi-Supervised Learning (GSSL) to the space of IP behavior classification. Using a cyber-attack dataset collected from NetFlow packet traces, we show that GSSL trained with only 20% of the data achieves higher attack detection rates than Support Vector Machines (SVM) and Naïve Bayes (NB) classifiers trained with 80% of data points. We also show how to improve detection quality by filtering out web browsing data, and conclude with discussion of future research directions.

Vulnerability of water supply systems to cyber-physical attacks

NASA Astrophysics Data System (ADS)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

Engaging the Nation’s Critical Infrastructure Sector to Deter Cyber Threats

DTIC Science & Technology

2013-03-01

is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries... economy .16 DDOS attacks are based on multiple, malware infected personal computers, organized into networks called botnets, and are directed by...not condemn the actions of those involved. Of the two attacks on Estonia and Georgia, it was Estonia that had the greatest damage to its economy

What good cyber resilience looks like.

PubMed

Hult, Fredrik; Sivanesan, Giri

In January 2012, the World Economic Forum made cyber attacks its fourth top global risk. In the 2013 risk report, cyber attacks were noted to be an even higher risk in absolute terms. The reliance of critical infrastructure on cyber working has never been higher; the frequency, intensity, impact and sophistication of attacks is growing. This trend looks likely to continue. It can be argued that it is no longer a question whether an organisation will be successfully hacked, but how long it will take to detect. In the ever-changing cyber environment, traditional protection techniques and reliance on preventive controls are not enough. A more agile approach is required to give assurance of a sufficiently secure digital society. Are we faced with a paradigm shift or a storm in a digital teacup? This paper offers an introduction to why cyber is important, a wider taxonomy on the topic and some historical context on how the discipline of cyber security has evolved, and an interpretation on what this means in the new normal of today.

Introducing cyber.

PubMed

Hult, Fredrik; Sivanesan, Giri

In January 2012, the World Economic Forum made cyber attacks its fourth top global risk. In the 2013 risk report, cyber attacks were noted to be an even higher risk in absolute terms. The reliance of critical infrastructure on cyber working has never been higher; the frequency, intensity, impact and sophistication of attacks is growing. This trend looks likely to continue. It can be argued that it is no longer a question whether an organisation will be successfully hacked, but how long it will take to detect. In the ever-changing cyber environment, traditional protection techniques and reliance on preventive controls are not enough. A more agile approach is required to give assurance of a sufficiently secure digital society. Are we faced with a paradigm shift or a storm in a digital teacup? This paper offers an introduction to why cyber is important, a wider taxonomy on the topic and some historical context on how the discipline of cyber security has evolved, and an interpretation on what this means in the new normal of today.

The Challenges of Defense Support of Civil Authorities and Homeland Defense in the Cyber Domain

DTIC Science & Technology

2013-05-20

Information Grid ( GIG ) against a cyber attack has taken the forefront in national level discussions. The U.S. homeland’s assumed sanctuary against...other U.S. government agencies and key operators within the private sector to detect, deter, prevent, and thwart exploitation of CIKR and the GIG ...CIKR) and the Global Information Grid ( GIG ) against a cyber attack has taken the forefront in national level discussions. The U.S. homeland’s

Cybersecurity for distributed energy resources and smart inverters

DOE PAGES

Qi, Junjian; Hahn, Adam; Lu, Xiaonan; ...

2016-12-01

The increased penetration of distributed energy resources (DER) will significantly increase the number of devices that are owned and controlled by consumers and third parties. These devices have a significant dependency on digital communication and control, which presents a growing risk from cyber attacks. This paper proposes a holistic attack-resilient framework to protect the the integrated DER and the critical power grid infrastructure from malicious cyber attacks, helping ensure the secure integration of DER without harming the grid reliability and stability. Specifically, we discuss the architecture of the cyber-physical power system with a high penetration of DER and analyze themore » unique cybersecurity challenges introduced by DER integration. Next, we summarize important attack scenarios against DER, propose a systematic DER resilience analysis methodology, and develop effective and quantifiable resilience metrics and design principles. Lastly, we introduce attack prevention, detection, and response measures specifically designed for DER integration across cyber, physical device, and utility layers of the future smart grid.« less

Cybersecurity for distributed energy resources and smart inverters

DOE Office of Scientific and Technical Information (OSTI.GOV)

Qi, Junjian; Hahn, Adam; Lu, Xiaonan

The increased penetration of distributed energy resources (DER) will significantly increase the number of devices that are owned and controlled by consumers and third parties. These devices have a significant dependency on digital communication and control, which presents a growing risk from cyber attacks. This paper proposes a holistic attack-resilient framework to protect the the integrated DER and the critical power grid infrastructure from malicious cyber attacks, helping ensure the secure integration of DER without harming the grid reliability and stability. Specifically, we discuss the architecture of the cyber-physical power system with a high penetration of DER and analyze themore » unique cybersecurity challenges introduced by DER integration. Next, we summarize important attack scenarios against DER, propose a systematic DER resilience analysis methodology, and develop effective and quantifiable resilience metrics and design principles. Lastly, we introduce attack prevention, detection, and response measures specifically designed for DER integration across cyber, physical device, and utility layers of the future smart grid.« less

Cyber attacks against state estimation in power systems: Vulnerability analysis and protection strategies

NASA Astrophysics Data System (ADS)

Liu, Xuan

Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to separate the power grid into several subnetworks, then distributed protection strategy is applied to each subnetwork.

Integrated situational awareness for cyber attack detection, analysis, and mitigation

NASA Astrophysics Data System (ADS)

Cheng, Yi; Sagduyu, Yalin; Deng, Julia; Li, Jason; Liu, Peng

2012-06-01

Real-time cyberspace situational awareness is critical for securing and protecting today's enterprise networks from various cyber threats. When a security incident occurs, network administrators and security analysts need to know what exactly has happened in the network, why it happened, and what actions or countermeasures should be taken to quickly mitigate the potential impacts. In this paper, we propose an integrated cyberspace situational awareness system for efficient cyber attack detection, analysis and mitigation in large-scale enterprise networks. Essentially, a cyberspace common operational picture will be developed, which is a multi-layer graphical model and can efficiently capture and represent the statuses, relationships, and interdependencies of various entities and elements within and among different levels of a network. Once shared among authorized users, this cyberspace common operational picture can provide an integrated view of the logical, physical, and cyber domains, and a unique visualization of disparate data sets to support decision makers. In addition, advanced analyses, such as Bayesian Network analysis, will be explored to address the information uncertainty, dynamic and complex cyber attack detection, and optimal impact mitigation issues. All the developed technologies will be further integrated into an automatic software toolkit to achieve near real-time cyberspace situational awareness and impact mitigation in large-scale computer networks.

Temporal Cyber Attack Detection.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ingram, Joey Burton; Draelos, Timothy J.; Galiardi, Meghan

Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms requiremore » large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.« less

A cyber-event correlation framework and metrics

NASA Astrophysics Data System (ADS)

Kang, Myong H.; Mayfield, Terry

2003-08-01

In this paper, we propose a cyber-event fusion, correlation, and situation assessment framework that, when instantiated, will allow cyber defenders to better understand the local, regional, and global cyber-situation. This framework, with associated metrics, can be used to guide assessment of our existing cyber-defense capabilities, and to help evaluate the state of cyber-event correlation research and where we must focus our future cyber-event correlation research. The framework, based on the cyber-event gathering activities and analysis functions, consists of five operational steps, each of which provides a richer set of contextual information to support greater situational understanding. The first three steps are categorically depicted as increasingly richer and broader-scoped contexts achieved through correlation activity, while in the final two steps, these richer contexts are achieved through analytical activities (situation assessment, and threat analysis & prediction). Category 1 Correlation focuses on the detection of suspicious activities and the correlation of events from a single cyber-event source. Category 2 Correlation clusters the same or similar events from multiple detectors that are located at close proximity and prioritizes them. Finally, the events from different time periods and event sources at different location/regions are correlated at Category 3 to recognize the relationship among different events. This is the category that focuses on the detection of large-scale and coordinated attacks. The situation assessment step (Category 4) focuses on the assessment of cyber asset damage and the analysis of the impact on missions. The threat analysis and prediction step (Category 5) analyzes attacks based on attack traces and predicts the next steps. Metrics that can distinguish correlation and cyber-situation assessment tools for each category are also proposed.

Social Sentiment Sensor in Twitter for Predicting Cyber-Attacks Using ℓ1 Regularization

PubMed Central

Sanchez-Perez, Gabriel; Toscano-Medina, Karina; Martinez-Hernandez, Victor; Olivares-Mercado, Jesus; Sanchez, Victor

2018-01-01

In recent years, online social media information has been the subject of study in several data science fields due to its impact on users as a communication and expression channel. Data gathered from online platforms such as Twitter has the potential to facilitate research over social phenomena based on sentiment analysis, which usually employs Natural Language Processing and Machine Learning techniques to interpret sentimental tendencies related to users’ opinions and make predictions about real events. Cyber-attacks are not isolated from opinion subjectivity on online social networks. Various security attacks are performed by hacker activists motivated by reactions from polemic social events. In this paper, a methodology for tracking social data that can trigger cyber-attacks is developed. Our main contribution lies in the monthly prediction of tweets with content related to security attacks and the incidents detected based on ℓ1 regularization. PMID:29710833

Social Sentiment Sensor in Twitter for Predicting Cyber-Attacks Using ℓ₁ Regularization.

PubMed

Hernandez-Suarez, Aldo; Sanchez-Perez, Gabriel; Toscano-Medina, Karina; Martinez-Hernandez, Victor; Perez-Meana, Hector; Olivares-Mercado, Jesus; Sanchez, Victor

2018-04-29

In recent years, online social media information has been the subject of study in several data science fields due to its impact on users as a communication and expression channel. Data gathered from online platforms such as Twitter has the potential to facilitate research over social phenomena based on sentiment analysis, which usually employs Natural Language Processing and Machine Learning techniques to interpret sentimental tendencies related to users’ opinions and make predictions about real events. Cyber-attacks are not isolated from opinion subjectivity on online social networks. Various security attacks are performed by hacker activists motivated by reactions from polemic social events. In this paper, a methodology for tracking social data that can trigger cyber-attacks is developed. Our main contribution lies in the monthly prediction of tweets with content related to security attacks and the incidents detected based on ℓ 1 regularization.

Detection of complex cyber attacks

NASA Astrophysics Data System (ADS)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

High Assurance Control of Cyber-Physical Systems with Application to Unmanned Aircraft Systems

NASA Astrophysics Data System (ADS)

Kwon, Cheolhyeon

With recent progress in the networked embedded control technology, cyber attacks have become one of the major threats to Cyber-Physical Systems (CPSs) due to their close integration of physical processes, computational resources, and communication capabilities. While CPSs have various applications in both military and civilian uses, their on-board automation and communication afford significant advantages over a system without such abilities, but these benefits come at the cost of possible vulnerability to cyber attacks. Traditionally, most cyber security studies in CPSs are mainly based on the computer security perspective, focusing on issues such as the trustworthiness of data flow, without rigorously considering the system's physical processes such as real-time dynamic behaviors. While computer security components are key elements in the hardware/software layer, these methods alone are not sufficient for diagnosing the healthiness of the CPSs' physical behavior. In seeking to address this problem, this research work proposes a control theoretic perspective approach which can accurately represent the interactions between the physical behavior and the logical behavior (computing resources) of the CPS. Then a controls domain aspect is explored extending beyond just the logical process of the CPS to include the underlying physical behavior. This approach will allow the CPS whose physical operations are robust/resilient to the damage caused by cyber attacks, successfully complementing the existing CPS security architecture. It is important to note that traditional fault-tolerant/robust control methods could not be directly applicable to achieve resiliency against malicious cyber attacks which can be designed sophisticatedly to spoof the security/safety monitoring system (note this is different from common faults). Thus, security issues at this layer require different risk management to detect cyber attacks and mitigate their impact within the context of a unified physical and logical process model of the CPS. Specifically, three main tasks are discussed in this presentation: (i) we first investigate diverse granularity of the interactions inside the CPS and propose feasible cyber attack models to characterize the compromised behavior of the CPS with various measures, from its severity to detectability; (ii) based on this risk information, our approach to securing the CPS addresses both monitoring of and high assurance control design against cyber attacks by developing on-line safety assessment and mitigation algorithms; and (iii) by extending the developed theories and methods from a single CPS to multiple CPSs, we examine the security and safety of multi-CPS network that are strongly dependent on the network topology, cooperation protocols between individual CPSs, etc. The effectiveness of the analytical findings is demonstrated and validated with illustrative examples, especially unmanned aircraft system (UAS) applications.

Dataset of anomalies and malicious acts in a cyber-physical subsystem.

PubMed

Laso, Pedro Merino; Brosset, David; Puentes, John

2017-10-01

This article presents a dataset produced to investigate how data and information quality estimations enable to detect aNomalies and malicious acts in cyber-physical systems. Data were acquired making use of a cyber-physical subsystem consisting of liquid containers for fuel or water, along with its automated control and data acquisition infrastructure. Described data consist of temporal series representing five operational scenarios - Normal, aNomalies, breakdown, sabotages, and cyber-attacks - corresponding to 15 different real situations. The dataset is publicly available in the .zip file published with the article, to investigate and compare faulty operation detection and characterization methods for cyber-physical systems.

Risk assessment for physical and cyber attacks on critical infrastructures.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Bryan J.; Sholander, Peter E.; Phelan, James M.

2005-08-01

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). This paper presents a risk assessment methodology that accounts for both physical and cyber security. It also preserves the traditional security paradigm of detect, delay and respond, while accounting for the possibility that a facility may be able to recover from or mitigate the results ofmore » a successful attack before serious consequences occur. The methodology provides a means for ranking those assets most at risk from malevolent attacks. Because the methodology is automated the analyst can also play 'what if with mitigation measures to gain a better understanding of how to best expend resources towards securing the facilities. It is simple enough to be applied to large infrastructure facilities without developing highly complicated models. Finally, it is applicable to facilities with extensive security as well as those that are less well-protected.« less

Uncertainty and Risk Management in Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Li, Jason; Ou, Xinming; Rajagopalan, Raj

Handling cyber threats unavoidably needs to deal with both uncertain and imprecise information. What we can observe as potential malicious activities can seldom give us 100% confidence on important questions we care about, e.g. what machines are compromised and what damage has been incurred. In security planning, we need information on how likely a vulnerability can lead to a successful compromise to better balance security and functionality, performance, and ease of use. These information are at best qualitative and are often vague and imprecise. In cyber situational awareness, we have to rely on such imperfect information to detect real attacks and to prevent an attack from happening through appropriate risk management. This chapter surveys existing technologies in handling uncertainty and risk management in cyber situational awareness.

Smart Grid Integrity Attacks: Characterizations and Countermeasures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Annarita Giani; Eilyan Bitar; Miles McQueen

2011-10-01

Real power injections at loads and generators, and real power flows on selected lines in a transmission network are monitored, transmitted over a SCADA network to the system operator, and used in state estimation algorithms to make dispatch, re-balance and other energy management system [EMS] decisions. Coordinated cyber attacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm. These unobservable attacks present a serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacksmore » [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of power meters on lines is presented. This requires O(n2m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known secure phase measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyber attacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyber attacks.« less

Human Subject Research Protocol: Computer-Aided Human Centric Cyber Situation Awareness: Understanding Cognitive Processes of Cyber Analysts

DTIC Science & Technology

2013-11-01

by existing cyber-attack detection tools far exceeds the analysts’ cognitive capabilities. Grounded in perceptual and cognitive theory , many visual...Processes Inspired by the sense-making theory discussed earlier, we model the analytical reasoning process of cyber analysts using three key...analyst are called “working hypotheses”); each hypothesis could trigger further actions to confirm or disconfirm it. New actions will lead to new

Cyber Vigilance: The Human Factor

DTIC Science & Technology

2016-10-21

88ABW-2014-5661; American Intelligence Journal 14. Cyber-defenders face lengthy, repetitive work assignments with few critical signals and little...research is inadvisable. To understand this unique domain, we asked participants to perform a simulated cybersecurity task, searching for attack...detection. To avoid this, IDS detection algorithms are purposely liberal, broadly flagging any activity that resembles a known American Intelligence

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's abilitymore » to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.« less

Cyberprints: Identifying Cyber Attackers by Feature Analysis

ERIC Educational Resources Information Center

Blakely, Benjamin A.

2012-01-01

The problem of attributing cyber attacks is one of increasing importance. Without a solid method of demonstrating the origin of a cyber attack, any attempts to deter would-be cyber attackers are wasted. Existing methods of attribution make unfounded assumptions about the environment in which they will operate: omniscience (the ability to gather,…

Enhancing the cyber-security of smart grids with applications to synchrophasor data

NASA Astrophysics Data System (ADS)

Pal, Seemita

In the power grids, Supervisory Control and Data Acquisition (SCADA) systems are used as part of the Energy Management System (EMS) for enabling grid monitoring, control and protection. In recent times, with the ongoing installation of thousands of Phasor Measurement Units (PMUs), system operators are becoming increasingly reliant on PMU-generated synchrophasor measurements for executing wide-area monitoring and real-time control. The availability of PMU data facilitates dynamic state estimation of the system, thus improving the efficiency and resiliency of the grid. Since the SCADA and PMU data are used to make critical control decisions including actuation of physical systems, the timely availability and integrity of this networked data is of paramount importance. Absence or wrong control actions can potentially lead to disruption of operations, monetary loss, damage to equipments or surroundings or even blackout. This has posed new challenges to information security especially in this age of ever-increasing cyber-attacks. In this thesis, potential cyber-attacks on smart grids are presented and effective and implementable schemes are proposed for detecting them. The focus is mainly on three kinds of cyber-attacks and their detection: (i) gray-hole attacks on synchrophasor systems, (ii) PMU data manipulation attacks and (iii) data integrity attacks on SCADA systems. In the case of gray-hole attacks, also known as packet-drop attacks, the adversary may arbitrarily drop PMU data packets as they traverse the network, resulting in unavailability of time-sensitive data for the various critical power system applications. The fundamental challenge is to distinguish packets dropped by the adversary from those that occur naturally due to network congestion.The proposed gray-hole attack detection technique is based on exploiting the inherent timing information in the GPS time-stamped PMU data packets and using the temporal trends of the latencies to classify the cause of packet-drops and finally detect attacks, if any. In the case of PMU data manipulation attacks, the attacker may modify the data in the PMU packets in order to bias the system states and influence the control center into taking wrong decisions. The proposed detection technique is based on evaluating the equivalent impedances of the transmission lines and classifying the observed anomalies to determine the presence of attack and its location. The scheme for detecting data integrity attacks on SCADA systems is based on utilizing synchrophasor measurements from available PMUs in the grid. The proposed method uses a difference measure, developed in this thesis, to determine the relative divergence and mis-correlation between the datasets. Based on the estimated difference measure, tampered and genuine data can be distinguished. The proposed detection mechanisms have demonstrated high accuracy in real-time detection of attacks of various magnitudes, simulated on real PMU data obtained from the NY grid. By performing alarm clustering, the occurrence of false alarms has been reduced to almost zero. The solutions are computationally inexpensive, low on cost, do not add any overhead, and do not require any feedback from the network.

SecureCPS: Defending a nanosatellite cyber-physical system

NASA Astrophysics Data System (ADS)

Forbes, Lance; Vu, Huy; Udrea, Bogdan; Hagar, Hamilton; Koutsoukos, Xenofon D.; Yampolskiy, Mark

2014-06-01

Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-­orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-­cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-­physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-­Riddle's ARAPAIMA nanosatellite architecture, where we assume any off-­the-­shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt's Cyber Physical -­ Attack Description Language (CP-­ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-­cost Root of Trust (RoT) Module, Global InfoTek's Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.

Metrics for Assessment of Smart Grid Data Integrity Attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Annarita Giani; Miles McQueen; Russell Bent

2012-07-01

There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised datamore » by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.« less

Physical Watermarking for Securing Cyber-Physical Systems via Packet Drop Injections

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ozel, Omur; Weekrakkody, Sean; Sinopoli, Bruno

Physical watermarking is a well known solution for detecting integrity attacks on Cyber-Physical Systems (CPSs) such as the smart grid. Here, a random control input is injected into the system in order to authenticate physical dynamics and sensors which may have been corrupted by adversaries. Packet drops may naturally occur in a CPS due to network imperfections. To our knowledge, previous work has not considered the role of packet drops in detecting integrity attacks. In this paper, we investigate the merit of injecting Bernoulli packet drops into the control inputs sent to actuators as a new physical watermarking scheme. Withmore » the classical linear quadratic objective function and an independent and identically distributed packet drop injection sequence, we study the effect of packet drops on meeting security and control objectives. Our results indicate that the packet drops could act as a potential physical watermark for attack detection in CPSs.« less

Hybrid Intrusion Forecasting Framework for Early Warning System

NASA Astrophysics Data System (ADS)

Kim, Sehun; Shin, Seong-Jun; Kim, Hyunwoo; Kwon, Ki Hoon; Han, Younggoo

Recently, cyber attacks have become a serious hindrance to the stability of Internet. These attacks exploit interconnectivity of networks, propagate in an instant, and have become more sophisticated and evolutionary. Traditional Internet security systems such as firewalls, IDS and IPS are limited in terms of detecting recent cyber attacks in advance as these systems respond to Internet attacks only after the attacks inflict serious damage. In this paper, we propose a hybrid intrusion forecasting system framework for an early warning system. The proposed system utilizes three types of forecasting methods: time-series analysis, probabilistic modeling, and data mining method. By combining these methods, it is possible to take advantage of the forecasting technique of each while overcoming their drawbacks. Experimental results show that the hybrid intrusion forecasting method outperforms each of three forecasting methods.

Cyber terror.

PubMed

Haugh, Richard

2003-06-01

If terrorists attack America's health care info-tech systems, it probably won't be one big blow but rather a series of small incursions that are much more difficult to detect. How can your hospital protect its IT system before and after such insidious attacks.

Protecting ICS Systems Within the Energy Sector from Cyber Attacks

NASA Astrophysics Data System (ADS)

Barnes, Shaquille

Advance persistent threat (APT) groups are continuing to attack the energy sector through cyberspace, which poses a risk to our society, national security, and economy. Industrial control systems (ICSs) are not designed to handle cyber-attacks, which is why asset owners need to implement the correct proactive and reactive measures to mitigate the risk to their ICS environments. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 290 incidents for fiscal year 2016, where 59 of those incidents came from the Energy Sector. APT groups know how vulnerable energy sector ICS systems are and the destruction they can cause when they go offline such as loss of production, loss of life, and economic impact. Defending against APT groups requires more than just passive controls such as firewalls and antivirus solutions. Asset owners should implement a combination of best practices and active defense in their environment to defend against APT groups. Cyber-attacks against critical infrastructure will become more complex and harder to detect and respond to with traditional security controls. The purpose of this paper was to provide asset owners with the correct security controls and methodologies to help defend against APT groups.

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2014 CFR

2014-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2013 CFR

2013-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2012 CFR

2012-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

Co-Simulation Platform For Characterizing Cyber Attacks in Cyber Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sadi, Mohammad A. H.; Ali, Mohammad Hassan; Dasgupta, Dipankar

Smart grid is a complex cyber physical system containing a numerous and variety of sources, devices, controllers and loads. Communication/Information infrastructure is the backbone of the smart grid system where different grid components are connected with each other through this structure. Therefore, the drawbacks of the information technology related issues are also becoming a part of the smart grid. Further, smart grid is also vulnerable to the grid related disturbances. For such a dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and OPNET based co-simulated test bed to carry out a cyber-intrusion inmore » a cyber-network for modern power systems and smart grid. The effect of the cyber intrusion on the physical power system is also presented. The IEEE 30 bus power system model is used to demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack in the cyber network. Different disturbance situations in the proposed test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.« less

Human Capital Development - Resilient Cyber Physical Systems

DTIC Science & Technology

2017-09-29

Human Capital Development – Resilient Cyber Physical Systems Technical Report SERC-2017-TR-113 September 29, 2017 Principal Investigator...4.2.2 Cyber Attack Taxonomy for Cyber Physical Systems .............................................................................. 43 4.2.3...Cyber- physical System Attack Taxonomy ................................................................................................ 44 4.2.4

Three tenets for secure cyber-physical system design and assessment

NASA Astrophysics Data System (ADS)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

Taxonomies of Cyber Adversaries and Attacks: A Survey of Incidents and Approaches

DOE Office of Scientific and Technical Information (OSTI.GOV)

Meyers, C A; Powers, S S; Faissol, D M

In this paper we construct taxonomies of cyber adversaries and methods of attack, drawing from a survey of the literature in the area of cyber crime. We begin by addressing the scope of cyber crime, noting its prevalence and effects on the US economy. We then survey the literature on cyber adversaries, presenting a taxonomy of the different types of adversaries and their corresponding methods, motivations, maliciousness, and skill levels. Subsequently we survey the literature on cyber attacks, giving a taxonomy of the different classes of attacks, subtypes, and threat descriptions. The goal of this paper is to inform futuremore » studies of cyber security on the shape and characteristics of the risk space and its associated adversaries.« less

DETERMINING ELECTRONIC AND CYBER ATTACK RISK LEVEL FOR UNMANNED AIRCRAFT IN A CONTESTED ENVIRONMENT

DTIC Science & Technology

2016-08-01

AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY DETERMINING ELECTRONIC AND CYBER ATTACK RISK LEVEL FOR UNMANNED AIRCRAFT IN A CONTESTED ENVIRONMENT...iii ABSTRACT During operations in a contested air environment, adversary electronic warfare (EW) and cyber-attack capability will pose a high...10 Russian Federation Electronic Warfare Systems ...................................................12 Chinese Cyber Warfare Program

Towards Reliable Evaluation of Anomaly-Based Intrusion Detection Performance

NASA Technical Reports Server (NTRS)

Viswanathan, Arun

2012-01-01

This report describes the results of research into the effects of environment-induced noise on the evaluation process for anomaly detectors in the cyber security domain. This research was conducted during a 10-week summer internship program from the 19th of August, 2012 to the 23rd of August, 2012 at the Jet Propulsion Laboratory in Pasadena, California. The research performed lies within the larger context of the Los Angeles Department of Water and Power (LADWP) Smart Grid cyber security project, a Department of Energy (DoE) funded effort involving the Jet Propulsion Laboratory, California Institute of Technology and the University of Southern California/ Information Sciences Institute. The results of the present effort constitute an important contribution towards building more rigorous evaluation paradigms for anomaly-based intrusion detectors in complex cyber physical systems such as the Smart Grid. Anomaly detection is a key strategy for cyber intrusion detection and operates by identifying deviations from profiles of nominal behavior and are thus conceptually appealing for detecting "novel" attacks. Evaluating the performance of such a detector requires assessing: (a) how well it captures the model of nominal behavior, and (b) how well it detects attacks (deviations from normality). Current evaluation methods produce results that give insufficient insight into the operation of a detector, inevitably resulting in a significantly poor characterization of a detectors performance. In this work, we first describe a preliminary taxonomy of key evaluation constructs that are necessary for establishing rigor in the evaluation regime of an anomaly detector. We then focus on clarifying the impact of the operational environment on the manifestation of attacks in monitored data. We show how dynamic and evolving environments can introduce high variability into the data stream perturbing detector performance. Prior research has focused on understanding the impact of this variability in training data for anomaly detectors, but has ignored variability in the attack signal that will necessarily affect the evaluation results for such detectors. We posit that current evaluation strategies implicitly assume that attacks always manifest in a stable manner; we show that this assumption is wrong. We describe a simple experiment to demonstrate the effects of environmental noise on the manifestation of attacks in data and introduce the notion of attack manifestation stability. Finally, we argue that conclusions about detector performance will be unreliable and incomplete if the stability of attack manifestation is not accounted for in the evaluation strategy.

77 FR 61433 - Applications and Amendments to Facility Operating Licenses and Combined Licenses Involving...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-09

... attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that... provide assurance that safety-related SSCs are protected from cyber attacks. Implementation of 10 CFR 73... of ``high assurance of adequate protection against cyber attacks.'' The proposed revision would not...

Department of Defense Information Network (DODIN): A Study of Current Cyber Threats and Best Practices for Network Security

DTIC Science & Technology

2016-06-10

DODIN) is being threatened by state actors, non-state actors, and continuous hacking and cyber-attacks. These threats against the network come in a...variety of forms; physical attacks from radio jamming, logical cyber threats from hacking , or a combination of both physical and logical attacks. Each...year the number of hacking attacks is increasing. Corporations like Symantec publish annual reports on cyber threats and provide tips for best

CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical Systems

DTIC Science & Technology

2018-04-19

AFRL-AFOSR-JP-TR-2018-0035 CORESAFE:A Formal Approach against Code Replacement Attacks on Cyber Physical Systems Sandeep Shukla INDIAN INSTITUTE OF...Formal Approach against Code Replacement Attacks on Cyber Physical Systems 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386-16-1-4099 5c.  PROGRAM ELEMENT...Institute of Technology Kanpur India Final Report for AOARD Grant “CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical

Techniques for Cyber Attack Attribution

DTIC Science & Technology

2003-10-01

Asaka, Midori, Shunji Okazawa, Atsushi Taguchi, and Shigeki Goto. June 1999. “A Method of Tracing Intruders by Use of Mobile Agents”, INET’99. http...Tsuchiya, Takefumi Onabuta, Shunji Okazawa, and Shigeki Goto. November 1999. “Local Attack Detection and Intrusion Route Tracing”, IEICE Transaction on

Impact modeling and prediction of attacks on cyber targets

NASA Astrophysics Data System (ADS)

Khalili, Aram; Michalk, Brian; Alford, Lee; Henney, Chris; Gilbert, Logan

2010-04-01

In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

Realizing situation awareness within a cyber environment

NASA Astrophysics Data System (ADS)

Tadda, George; Salerno, John J.; Boulware, Douglas; Hinman, Michael; Gorton, Samuel

2006-04-01

Situation Awareness (SA) problems all require an understanding of current activities, an ability to anticipate what may happen next, and techniques to analyze the threat or impact of current activities and predictions. These processes of SA are common regardless of the domain and can be applied to the detection of cyber attacks. This paper will describe the application of a SA framework to implementing Cyber SA, describe some metrics for measuring and evaluating systems implementing Cyber SA, and discuss ongoing work in this area. We conclude with some ideas for future activities.

A Markov game theoretic data fusion approach for cyber situational awareness

NASA Astrophysics Data System (ADS)

Shen, Dan; Chen, Genshe; Cruz, Jose B., Jr.; Haynes, Leonard; Kruger, Martin; Blasch, Erik

2007-04-01

This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level situation/threat assessment (L2/L3) data fusion based on Markov game model and Hierarchical Entity Aggregation (HEA) are proposed to refine the primitive prediction generated by adaptive feature/pattern recognition and capture new unknown features. A Markov (Stochastic) game method is used to estimate the belief of each possible cyber attack pattern. Game theory captures the nature of cyber conflicts: determination of the attacking-force strategies is tightly coupled to determination of the defense-force strategies and vice versa. Also, Markov game theory deals with uncertainty and incompleteness of available information. A software tool is developed to demonstrate the performance of the high level information fusion for cyber network defense situation and a simulation example shows the enhanced understating of cyber-network defense.

Development of JSDF Cyber Warfare Defense Critical Capability

DTIC Science & Technology

2010-03-01

attack identification capability is essential for a nation to defend her vital infrastructures against offensive cyber warfare . Although the necessity of...cyber-attack identification capability is quite clear, the Japans preparation against cyber warfare is quite limited.

Cyber Attacks and Terrorism: A Twenty-First Century Conundrum.

PubMed

Albahar, Marwan

2017-01-05

In the recent years, an alarming rise in the incidence of cyber attacks has made cyber security a major concern for nations across the globe. Given the current volatile socio-political environment and the massive increase in the incidence of terrorism, it is imperative that government agencies rapidly realize the possibility of cyber space exploitation by terrorist organizations and state players to disrupt the normal way of life. The threat level of cyber terrorism has never been as high as it is today, and this has created a lot of insecurity and fear. This study has focused on different aspects of cyber attacks and explored the reasons behind their increasing popularity among the terrorist organizations and state players. This study proposes an empirical model that can be used to estimate the risk levels associated with different types of cyber attacks and thereby provide a road map to conceptualize and formulate highly effective counter measures and cyber security policies.

Interval forecasting of cyber-attacks on industrial control systems

NASA Astrophysics Data System (ADS)

Ivanyo, Y. M.; Krakovsky, Y. M.; Luzgin, A. N.

2018-03-01

At present, cyber-security issues of industrial control systems occupy one of the key niches in a state system of planning and management Functional disruption of these systems via cyber-attacks may lead to emergencies related to loss of life, environmental disasters, major financial and economic damage, or disrupted activities of cities and settlements. There is then an urgent need to develop protection methods against cyber-attacks. This paper studied the results of cyber-attack interval forecasting with a pre-set intensity level of cyber-attacks. Interval forecasting is the forecasting of one interval from two predetermined ones in which a future value of the indicator will be obtained. For this, probability estimates of these events were used. For interval forecasting, a probabilistic neural network with a dynamic updating value of the smoothing parameter was used. A dividing bound of these intervals was determined by a calculation method based on statistical characteristics of the indicator. The number of cyber-attacks per hour that were received through a honeypot from March to September 2013 for the group ‘zeppo-norcal’ was selected as the indicator.

Modeling Cyber Conflicts Using an Extended Petri Net Formalism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Zakrzewska, Anita N; Ferragut, Erik M

2011-01-01

When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real- time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions. Furthermore, we address this need by extending the Petri net formalism to allow real-time cyber conflicts to be modeled in a way thatmore » is expressive and concise. This formalism includes transitions controlled by players as well as firing rates attached to transitions. This allows us to model both player actions and factors that are beyond the control of players in real-time. We show that our formalism is able to represent situational aware- ness, concurrent actions, incomplete information and objective functions. These factors make it well-suited to modeling cyber conflicts in a way that allows for useful analysis. MITRE has compiled the Common Attack Pattern Enumera- tion and Classification (CAPEC), an extensive list of cyber attacks at various levels of abstraction. CAPEC includes factors such as attack prerequisites, possible countermeasures, and attack goals. These elements are vital to understanding cyber attacks and to generating the corresponding real-time responses. We demonstrate that the formalism can be used to extract precise models of cyber attacks from CAPEC. Several case studies show that our Petri net formalism is more expressive than other models, such as attack graphs, for modeling cyber conflicts and that it is amenable to exploring cyber strategies.« less

Sandia National Laboratories: Malware Technical Exchange Meeting (MTEM)

Science.gov Websites

Cyber & Infrastructure Security Global Security Remote Sensing & Verification Research Research Against Malware Detection of Malware Malware Research Malware in Mobile Devices Malware Attack Trends Malware Malware Research Malware in Mobile Devices Malware Attack Trends Success Stories of COTS Products

Cyber threat impact assessment and analysis for space vehicle architectures

NASA Astrophysics Data System (ADS)

McGraw, Robert M.; Fowler, Mark J.; Umphress, David; MacDonald, Richard A.

2014-06-01

This paper covers research into an assessment of potential impacts and techniques to detect and mitigate cyber attacks that affect the networks and control systems of space vehicles. Such systems, if subverted by malicious insiders, external hackers and/or supply chain threats, can be controlled in a manner to cause physical damage to the space platforms. Similar attacks on Earth-borne cyber physical systems include the Shamoon, Duqu, Flame and Stuxnet exploits. These have been used to bring down foreign power generation and refining systems. This paper discusses the potential impacts of similar cyber attacks on space-based platforms through the use of simulation models, including custom models developed in Python using SimPy and commercial SATCOM analysis tools, as an example STK/SOLIS. The paper discusses the architecture and fidelity of the simulation model that has been developed for performing the impact assessment. The paper walks through the application of an attack vector at the subsystem level and how it affects the control and orientation of the space vehicle. SimPy is used to model and extract raw impact data at the bus level, while STK/SOLIS is used to extract raw impact data at the subsystem level and to visually display the effect on the physical plant of the space vehicle.

Simulating cyber warfare and cyber defenses: information value considerations

NASA Astrophysics Data System (ADS)

Stytz, Martin R.; Banks, Sheila B.

2011-06-01

Simulating cyber warfare is critical to the preparation of decision-makers for the challenges posed by cyber attacks. Simulation is the only means we have to prepare decision-makers for the inevitable cyber attacks upon the information they will need for decision-making and to develop cyber warfare strategies and tactics. Currently, there is no theory regarding the strategies that should be used to achieve objectives in offensive or defensive cyber warfare, and cyber warfare occurs too rarely to use real-world experience to develop effective strategies. To simulate cyber warfare by affecting the information used for decision-making, we modify the information content of the rings that are compromised during in a decision-making context. The number of rings affected and value of the information that is altered (i.e., the closeness of the ring to the center) is determined by the expertise of the decision-maker and the learning outcome(s) for the simulation exercise. We determine which information rings are compromised using the probability that the simulated cyber defenses that protect each ring can be compromised. These probabilities are based upon prior cyber attack activity in the simulation exercise as well as similar real-world cyber attacks. To determine which information in a compromised "ring" to alter, the simulation environment maintains a record of the cyber attacks that have succeeded in the simulation environment as well as the decision-making context. These two pieces of information are used to compute an estimate of the likelihood that the cyber attack can alter, destroy, or falsify each piece of information in a compromised ring. The unpredictability of information alteration in our approach adds greater realism to the cyber event. This paper suggests a new technique that can be used for cyber warfare simulation, the ring approach for modeling context-dependent information value, and our means for considering information value when assigning cyber resources to information protection tasks. The first section of the paper introduces the cyber warfare simulation challenge and the reasons for its importance. The second section contains background information related to our research. The third section contains a discussion of the information ring technique and its use for simulating cyber attacks. The fourth section contains a summary and suggestions for research.

Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision-Theoretic Approach.

PubMed

He, Meilin; Devine, Laura; Zhuang, Jun

2018-02-01

The government, private sectors, and others users of the Internet are increasingly faced with the risk of cyber incidents. Damage to computer systems and theft of sensitive data caused by cyber attacks have the potential to result in lasting harm to entities under attack, or to society as a whole. The effects of cyber attacks are not always obvious, and detecting them is not a simple proposition. As the U.S. federal government believes that information sharing on cybersecurity issues among organizations is essential to safety, security, and resilience, the importance of trusted information exchange has been emphasized to support public and private decision making by encouraging the creation of the Information Sharing and Analysis Center (ISAC). Through a decision-theoretic approach, this article provides new perspectives on ISAC, and the advent of the new Information Sharing and Analysis Organizations (ISAOs), which are intended to provide similar benefits to organizations that cannot fit easily into the ISAC structure. To help understand the processes of information sharing against cyber threats, this article illustrates 15 representative information sharing structures between ISAC, government, and other participating entities, and provide discussions on the strategic interactions between different stakeholders. This article also identifies the costs of information sharing and information security borne by different parties in this public-private partnership both before and after cyber attacks, as well as the two main benefits. This article provides perspectives on the mechanism of information sharing and some detailed cost-benefit analysis. © 2017 Society for Risk Analysis.

Cybersecurity Dynamics

DTIC Science & Technology

2014-08-20

of Cybersecurity Dynamics emerged. Intuitively, Cybersecurity Dynamics describes the evolution of cybersecurity state as caused by cyber attack...Dynamics emerged. Intuitively, Cybersecurity Dynamics describes the evolution of cybersecurity state as caused by cyber attack-defense interactions...evolution of cyberse- curity state as caused by cyber attack-defense interactions. By studying Cybersecurity Dynamics, we can characterize the

Moving Target Techniques: Cyber Resilience throught Randomization, Diversity, and Dynamism

DTIC Science & Technology

2017-03-03

Moving Target Techniques: Cyber Resilience through Randomization, Diversity, and Dynamism Hamed Okhravi and Howard Shrobe Overview: The static...nature of computer systems makes them vulnerable to cyber attacks. Consider a situation where an attacker wants to compromise a remote system running... cyber resilience that attempts to rebalance the cyber landscape is known as cyber moving target (MT) (or just moving target) techniques. Moving target

Game Theory and Uncertainty Quantification for Cyber Defense Applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Halappanavar, Mahantesh; Tipireddy, Ramakrishna

Cyber-system defenders face the challenging task of protecting critical assets and information continually against multiple types of malicious attackers. Defenders typically operate within resource constraints while attackers operate at relatively low costs. As a result, design and development of resilient cyber-systems that can support mission goals under attack while accounting for the dynamics between attackers and defenders is an important research problem.

Advanced Cyber Attack Modeling Analysis and Visualization

DTIC Science & Technology

2010-03-01

Graph Analysis Network Web Logs Netflow Data TCP Dump Data System Logs Detect Protect Security Management What-If Figure 8. TVA attack graphs for...Clustered Graphs,” in Proceedings of the Symposium on Graph Drawing, September 1996. [25] K. Lakkaraju, W. Yurcik, A. Lee, “NVisionIP: NetFlow

75 FR 76041 - Notice; Applications and Amendments to Facility Operating Licenses Involving Proposed No...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-07

... 73.54 are implemented in order to identify, evaluate, and mitigate cyber attacks up to and including... communications systems and networks are protected from cyber attacks. The proposed change requiring the... 10 CFR 73.54 Rule are protected from cyber attacks and has no impact on the probability or...

Cyber-Critical Infrastructure Protection Using Real-Time Payload-Based Anomaly Detection

NASA Astrophysics Data System (ADS)

Düssel, Patrick; Gehl, Christian; Laskov, Pavel; Bußer, Jens-Uwe; Störmann, Christof; Kästner, Jan

With an increasing demand of inter-connectivity and protocol standardization modern cyber-critical infrastructures are exposed to a multitude of serious threats that may give rise to severe damage for life and assets without the implementation of proper safeguards. Thus, we propose a method that is capable to reliably detect unknown, exploit-based attacks on cyber-critical infrastructures carried out over the network. We illustrate the effectiveness of the proposed method by conducting experiments on network traffic that can be found in modern industrial control systems. Moreover, we provide results of a throughput measuring which demonstrate the real-time capabilities of our system.

Cybersecurity Awareness in the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Scholtz, Jean; Franklin, Lyndsey; Le Blanc, Katya L.

2016-07-10

We report on a series of interviews and observations conducted with control room dispatchers in a bulk electrical system. These dispatchers must react quickly to incidents as they happen in order to ensure the reliability and safe operation of the power grid. They do not have the time to evaluate incidents for signs of cyber-attack as part of their initial response. Cyber-attack detection involves multiple personnel from a variety of roles at both local and regional levels. Smart grid technology will improve detection and defense capabilities of the future grid, however, the current infrastructure remains a mixture of old andmore » new equipment which will continue to operate for some time. Thus, research still needs to focus on strategies for the detection of malicious activity on current infrastructure as well as protection and remediation.« less

Model-based approach for cyber-physical attack detection in water distribution systems.

PubMed

Housh, Mashor; Ohar, Ziv

2018-08-01

Modern Water Distribution Systems (WDSs) are often controlled by Supervisory Control and Data Acquisition (SCADA) systems and Programmable Logic Controllers (PLCs) which manage their operation and maintain a reliable water supply. As such, and with the cyber layer becoming a central component of WDS operations, these systems are at a greater risk of being subjected to cyberattacks. This paper offers a model-based methodology based on a detailed hydraulic understanding of WDSs combined with an anomaly detection algorithm for the identification of complex cyberattacks that cannot be fully identified by hydraulically based rules alone. The results show that the proposed algorithm is capable of achieving the best-known performance when tested on the data published in the BATtle of the Attack Detection ALgorithms (BATADAL) competition (http://www.batadal.net). Copyright © 2018. Published by Elsevier Ltd.

Securing Cyberspace: Approaches to Developing an Effective Cyber-Security Strategy

DTIC Science & Technology

2011-05-15

attackers, cyber - criminals or even teenage hackers. Protecting cyberspace is a national security priority. President Obama’s National Security...prefers to engage international law enforcement to investigate and catch cyber criminals .40 International cooperation could resolve jurisdictional...sheltered them. Similarly, a state that fails to prosecute cyber - criminals , or who gives safe haven to individuals or groups that conduct cyber-attacks

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE PAGES

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.; ...

2015-04-06

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models.

PubMed

Rao, Nageswara S V; Poole, Stephen W; Ma, Chris Y T; He, Fei; Zhuang, Jun; Yau, David K Y

2016-04-01

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures. © 2015 Society for Risk Analysis.

Emerging Roles of Combat Communication Squadrons in Cyber Warfare as Related to Computer Network Attack, Defense and Exploitation

DTIC Science & Technology

2011-06-01

EMERGING ROLES OF COMBAT COMMUNICATION SQUADRONS IN CYBER WARFARE AS RELATED TO COMPUTER NETWORK ATTACK, DEFENSE AND EXPLOITATION GRADUATE RESEARCH...Communication Squadrons in Cyber Warfare as Related to Computer Network Attack, Defense and Exploitation GRADUATE RESEARCH PROJECT Presented to the Faculty...Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Master of Cyber Warfare Michael J. Myers Major, USAF June 2011

The Limits of Cyberspace Deterrence

DTIC Science & Technology

2014-01-01

networks are secure, this protection would also take the form of deterring, preventing, detect- ing, and defending against cyber attacks . As a result...tar- get into inaction. In a nuclear scenario, all nations are aware of the American ability to attribute a nuclear attack to its source, U.S...through degraded environment and improving ability to attribute and defeat attacks on systems and infrastructure. Military must provide broad range of

A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.

Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may helpmore » address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.« less

Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Landine, Guy P.; Craig, Philip A.

Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the needmore » to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.« less

Netwar

NASA Astrophysics Data System (ADS)

Keen, Arthur A.

2006-04-01

This paper describes technology being developed at 21st Century Technologies to automate Computer Network Operations (CNO). CNO refers to DoD activities related to Attacking and Defending Computer Networks (CNA & CND). Next generation cyber threats are emerging in the form of powerful Internet services and tools that automate intelligence gathering, planning, testing, and surveillance. We will focus on "Search-Engine Hacks", queries that can retrieve lists of router/switch/server passwords, control panels, accessible cameras, software keys, VPN connection files, and vulnerable web applications. Examples include "Titan Rain" attacks against DoD facilities and the Santy worm, which identifies vulnerable sites by searching Google for URLs containing application-specific strings. This trend will result in increasingly sophisticated and automated intelligence-driven cyber attacks coordinated across multiple domains that are difficult to defeat or even understand with current technology. One traditional method of CNO relies on surveillance detection as an attack predictor. Unfortunately, surveillance detection is difficult because attackers can perform search engine-driven surveillance such as with Google Hacks, and avoid touching the target site. Therefore, attack observables represent only about 5% of the attacker's total attack time, and are inadequate to provide warning. In order to predict attacks and defend against them, CNO must also employ more sophisticated techniques and work to understand the attacker's Motives, Means and Opportunities (MMO). CNO must use automated reconnaissance tools, such as Google, to identify information vulnerabilities, and then utilize Internet tools to observe the intelligence gathering, planning, testing, and collaboration activities that represent 95% of the attacker's effort.

Finite Energy and Bounded Attacks on Control System Sensor Signals

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

Control system networks are increasingly being connected to enterprise level networks. These connections leave critical industrial controls systems vulnerable to cyber-attacks. Most of the effort in protecting these cyber-physical systems (CPS) has been in securing the networks using information security techniques and protection and reliability concerns at the control system level against random hardware and software failures. However, besides these failures the inability of information security techniques to protect against all intrusions means that the control system must be resilient to various signal attacks for which new analysis and detection methods need to be developed. In this paper, sensor signalmore » attacks are analyzed for observer-based controlled systems. The threat surface for sensor signal attacks is subdivided into denial of service, finite energy, and bounded attacks. In particular, the error signals between states of attack free systems and systems subject to these attacks are quantified. Optimal sensor and actuator signal attacks for the finite and infinite horizon linear quadratic (LQ) control in terms of maximizing the corresponding cost functions are computed. The closed-loop system under optimal signal attacks are provided. Illustrative numerical examples are provided together with an application to a power network with distributed LQ controllers.« less

Heavy-tailed distribution of the SSH Brute-force attack duration in a multi-user environment

NASA Astrophysics Data System (ADS)

Lee, Jae-Kook; Kim, Sung-Jun; Park, Chan Yeol; Hong, Taeyoung; Chae, Huiseung

2016-07-01

Quite a number of cyber-attacks to be place against supercomputers that provide highperformance computing (HPC) services to public researcher. Particularly, although the secure shell protocol (SSH) brute-force attack is one of the traditional attack methods, it is still being used. Because stealth attacks that feign regular access may occur, they are even harder to detect. In this paper, we introduce methods to detect SSH brute-force attacks by analyzing the server's unsuccessful access logs and the firewall's drop events in a multi-user environment. Then, we analyze the durations of the SSH brute-force attacks that are detected by applying these methods. The results of an analysis of about 10 thousands attack source IP addresses show that the behaviors of abnormal users using SSH brute-force attacks are based on human dynamic characteristics of a typical heavy-tailed distribution.

Protecting water and wastewater infrastructure from cyber attacks

NASA Astrophysics Data System (ADS)

Panguluri, Srinivas; Phillips, William; Cusimano, John

2011-12-01

Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

Adaptive optimisation-offline cyber attack on remote state estimator

NASA Astrophysics Data System (ADS)

Huang, Xin; Dong, Jiuxiang

2017-10-01

Security issues of cyber-physical systems have received increasing attentions in recent years. In this paper, deception attacks on the remote state estimator equipped with the chi-squared failure detector are considered, and it is assumed that the attacker can monitor and modify all the sensor data. A novel adaptive optimisation-offline cyber attack strategy is proposed, where using the current and previous sensor data, the attack can yield the largest estimation error covariance while ensuring to be undetected by the chi-squared monitor. From the attacker's perspective, the attack is better than the existing linear deception attacks to degrade the system performance. Finally, some numerical examples are provided to demonstrate theoretical results.

Current and potential cyber attacks on medical journals; guidelines for improving security.

PubMed

Dadkhah, Mehdi; Seno, Seyed Amin Hosseini; Borchardt, Glenn

2017-03-01

At the moment, scholarly publishing is faced with much academic misconduct and threats such as predatory journals, hijacked journals, phishing, and other scams. In response, we have been discussing this misconduct and trying to increase the awareness of researchers, but it seems that there is a lack of research that presents guidelines for editors to help them protect themselves against these threats. It seems that information security is missing in some parts of scholarly publishing that particularly involves medical journals. In this paper, we explain different types of cyber-attacks that especially threaten editors and academic journals. We then explain the details involved in each type of attack. Finally, we present general guidelines for detection and prevention of the attacks. In some cases, we use small experiments to show that our claim is true. Finally, we conclude the paper with a prioritization of these attacks. Copyright © 2016 European Federation of Internal Medicine. Published by Elsevier B.V. All rights reserved.

Command Disaggregation Attack and Mitigation in Industrial Internet of Things

PubMed Central

Zhu, Pei-Dong; Hu, Yi-Fan; Cui, Peng-Shuai; Zhang, Yan

2017-01-01

A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework. PMID:29065461

Command Disaggregation Attack and Mitigation in Industrial Internet of Things.

PubMed

Xun, Peng; Zhu, Pei-Dong; Hu, Yi-Fan; Cui, Peng-Shuai; Zhang, Yan

2017-10-21

A cyber-physical attack in the industrial Internet of Things can cause severe damage to physical system. In this paper, we focus on the command disaggregation attack, wherein attackers modify disaggregated commands by intruding command aggregators like programmable logic controllers, and then maliciously manipulate the physical process. It is necessary to investigate these attacks, analyze their impact on the physical process, and seek effective detection mechanisms. We depict two different types of command disaggregation attack modes: (1) the command sequence is disordered and (2) disaggregated sub-commands are allocated to wrong actuators. We describe three attack models to implement these modes with going undetected by existing detection methods. A novel and effective framework is provided to detect command disaggregation attacks. The framework utilizes the correlations among two-tier command sequences, including commands from the output of central controller and sub-commands from the input of actuators, to detect attacks before disruptions occur. We have designed components of the framework and explain how to mine and use these correlations to detect attacks. We present two case studies to validate different levels of impact from various attack models and the effectiveness of the detection framework. Finally, we discuss how to enhance the detection framework.

Cyber War: The Next Frontier for NATO

DTIC Science & Technology

2015-03-01

cyber-attacks as a way to advance their agenda. Common examples of cyber- attacks include computer viruses, worms , malware, and distributed denial of...take advantage of security holes and cause damage to computer systems, steal financial data, or acquire sensitive secrets. As technology becomes

Susceptibility of SCADA systems and the energy sector

NASA Astrophysics Data System (ADS)

Goike, Lindsay

The research in this paper focused on analyzing SCADA systems in the energy sector for susceptibility to cyber attacks, in furtherance of providing suggestions to mitigate current and future cyber attacks. The research will be addressing the questions: how are SCADA systems susceptible to cyber attacks, and what are the suggested ways to mitigate both current and future cyber attacks. The five main categories of security vulnerabilities facing current SCADA systems were found to be: connectivity to the Internet, failure to plan, interdependency of sectors, numerous different types of threats, and outdated software. Some of the recommendations mentioned to mitigate current and future risks were: virtual private networks, risk assessments, increased physical security, updating of software, and firewalls.

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

PubMed

Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

Cyber Vulnerabilities Within Critical Infrastructure: The Flaws of Industrial Control Systems in the Oil and Gas Industry

NASA Astrophysics Data System (ADS)

Alpi, Danielle Marie

The 16 sectors of critical infrastructure in the US are susceptible to cyber-attacks. Potential attacks come from internal and external threats. These attacks target the industrial control systems (ICS) of companies within critical infrastructure. Weakness in the energy sector's ICS, specifically the oil and gas industry, can result in economic and ecological disaster. The purpose of this study was to establish means for oil companies to identify and stop cyber-attacks specifically APT threats. This research reviewed current cyber vulnerabilities and ways in which a cyber-attack may be deterred. This research found that there are insecure devices within ICS that are not regularly updated. Therefore, security issues have amassed. Safety procedures and training thereof are often neglected. Jurisdiction is unclear in regard to critical infrastructure. The recommendations this research offers are further examination of information sharing methods, development of analytic platforms, and better methods for the implementation of defense-in-depth security measures.

Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment

PubMed Central

Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

2013-01-01

Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation’s electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments. PMID:25685516

Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment.

PubMed

Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

2014-07-01

Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation's electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments.

Unsupervised Anomaly Detection Based on Clustering and Multiple One-Class SVM

NASA Astrophysics Data System (ADS)

Song, Jungsuk; Takakura, Hiroki; Okabe, Yasuo; Kwon, Yongjin

Intrusion detection system (IDS) has played an important role as a device to defend our networks from cyber attacks. However, since it is unable to detect unknown attacks, i.e., 0-day attacks, the ultimate challenge in intrusion detection field is how we can exactly identify such an attack by an automated manner. Over the past few years, several studies on solving these problems have been made on anomaly detection using unsupervised learning techniques such as clustering, one-class support vector machine (SVM), etc. Although they enable one to construct intrusion detection models at low cost and effort, and have capability to detect unforeseen attacks, they still have mainly two problems in intrusion detection: a low detection rate and a high false positive rate. In this paper, we propose a new anomaly detection method based on clustering and multiple one-class SVM in order to improve the detection rate while maintaining a low false positive rate. We evaluated our method using KDD Cup 1999 data set. Evaluation results show that our approach outperforms the existing algorithms reported in the literature; especially in detection of unknown attacks.

The system of technical diagnostics of the industrial safety information network

NASA Astrophysics Data System (ADS)

Repp, P. V.

2017-01-01

This research is devoted to problems of safety of the industrial information network. Basic sub-networks, ensuring reliable operation of the elements of the industrial Automatic Process Control System, were identified. The core tasks of technical diagnostics of industrial information safety were presented. The structure of the technical diagnostics system of the information safety was proposed. It includes two parts: a generator of cyber-attacks and the virtual model of the enterprise information network. The virtual model was obtained by scanning a real enterprise network. A new classification of cyber-attacks was proposed. This classification enables one to design an efficient generator of cyber-attacks sets for testing the virtual modes of the industrial information network. The numerical method of the Monte Carlo (with LPτ - sequences of Sobol), and Markov chain was considered as the design method for the cyber-attacks generation algorithm. The proposed system also includes a diagnostic analyzer, performing expert functions. As an integrative quantitative indicator of the network reliability the stability factor (Kstab) was selected. This factor is determined by the weight of sets of cyber-attacks, identifying the vulnerability of the network. The weight depends on the frequency and complexity of cyber-attacks, the degree of damage, complexity of remediation. The proposed Kstab is an effective integral quantitative measure of the information network reliability.

Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, Yuan; Kar, Soummya; Moura, Jose M. F.

This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarmmore » rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Lastly, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.« less

Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems

DOE PAGES

Chen, Yuan; Kar, Soummya; Moura, Jose M. F.

2017-03-31

This paper studies an attacker against a cyberphysical system (CPS) whose goal is to move the state of a CPS to a target state while ensuring that his or her probability of being detected does not exceed a given bound. The attacker’s probability of being detected is related to the nonnegative bias induced by his or her attack on the CPS’s detection statistic. We formulate a linear quadratic cost function that captures the attacker’s control goal and establish constraints on the induced bias that reflect the attacker’s detection-avoidance objectives. When the attacker is constrained to be detected at the false-alarmmore » rate of the detector, we show that the optimal attack strategy reduces to a linear feedback of the attacker’s state estimate. In the case that the attacker’s bias is upper bounded by a positive constant, we provide two algorithms – an optimal algorithm and a sub-optimal, less computationally intensive algorithm – to find suitable attack sequences. Lastly, we illustrate our attack strategies in numerical examples based on a remotely-controlled helicopter under attack.« less

Using a Prediction Model to Manage Cyber Security Threats.

PubMed

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

PubMed Central

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glenn, Colleen; Sterbentz, Dane; Wright, Aaron

With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. The potential for malicious actors to access and adversely affect physical electricity assets of U.S. electricity generation, transmission, or distribution systems via cyber means is a primary concern for utilities contributing to the bulk electric system. This paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks,more » the likelihood of cyber attacks, and the impacts cyber events and threat actors can achieve on the power grid. In addition, this paper highlights utility perspectives, perceived challenges, and requests for assistance in addressing cyber threats to the electric sector. There have been no reported targeted cyber attacks carried out against utilities in the U.S. that have resulted in permanent or long term damage to power system operations thus far, yet electric utilities throughout the U.S. have seen a steady rise in cyber and physical security related events that continue to raise concern. Asset owners and operators understand that the effects of a coordinated cyber and physical attack on a utility’s operations would threaten electric system reliability–and potentially result in large scale power outages. Utilities are routinely faced with new challenges for dealing with these cyber threats to the grid and consequently maintain a set of best practices to keep systems secure and up to date. Among the greatest challenges is a lack of knowledge or strategy to mitigate new risks that emerge as a result of an exponential rise in complexity of modern control systems. This paper compiles an open-source analysis of cyber threats and risks to the electric grid, utility best practices for prevention and response to cyber threats, and utility suggestions about how the federal government can aid utilities in combating and mitigating risks.« less

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Milos Manic

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, thismore » paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.« less

Information System Incidents: The Development of a Damage Assessment Model

DTIC Science & Technology

1999-12-01

Cyber criminals use creativity, knowledge, software, and hardware to attack and infiltrate information systems (IS) in order to copy, delete, or...the Internet led to an increase in cyber criminals and a variety or cyber crimes such as attacks, intrusions, introduction of viruses, and data theft...organizations on information systems is contributing to the increased number of cyber criminals . Additionally, the growing sophistication and availability of

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

PubMed Central

Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

Cyber Signal/Noise Characteristics and Sensor Models for Early Cyber Indications and Warning

DTIC Science & Technology

2005-09-01

investigating and simulating attack scenarios. The sensors are, in effect , mathematical functions. These functions range from simple functions of...172 8.1.2 Examine each attack scenario or case to derive the cause- effect network for the attack scenario...threat profiles............................ 174 8.1.4 Develop attack profiles by enlarging the cause- effect network of each attack scenario with

A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property.

PubMed

Andrijcic, Eva; Horowitz, Barry

2006-08-01

The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

The game-theoretic national interstate economic model : an integrated framework to quantify the economic impacts of cyber-terrorist behavior.

DOT National Transportation Integrated Search

2014-12-01

This study suggests an integrated framework to quantify cyber attack impacts on the U.S. airport security system. A cyber attack by terrorists on the U.S. involves complex : strategic behavior by the terrorists because they could plan to invade an ai...

3 CFR 8427 - Proclamation 8427 of October 1, 2009. National Cybersecurity Awareness Month, 2009

Code of Federal Regulations, 2010 CFR

2010-01-01

... solutions at work and at home. Our Nation’s growing dependence on cyber and information-related technologies, coupled with an increasing threat of malicious cyber attacks and loss of privacy, has given rise to the... digital infrastructures. Cyber attacks and their viral ability to infect networks, devices, and software...

Minimum State Awareness for Resilient Control Systems Under Cyber-Attack

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kisner, Roger; Fugate, David L; McIntyre, Timothy J

2012-01-01

State awareness for a control system is the accurate knowledge of the internal states of the system realization. To maintain stable operation, a controller requires a certain degree of state awareness. By definition, a cyber-attacker decreases the state awareness by modifying or removing the information available to the operator and control system. By doing so, the attacker can directly cause damage to the physical system through the control system, or indirectly by causing the operator to react in a damaging manner to the false information. In a number of recent papers, detection and mitigation strategies have been proposed that assumemore » state awareness. The goal of the attacker to reduce or remove state awareness makes this assumption invalid for most situations. One of the central problems of resilient control is developing methods to retain sufficient state awareness to continue operation during a cyberattack. In this paper, we will define state awareness, discuss the consequences of loss of state awareness, and some potential research directions for maintaining state awareness.« less

Effective traffic features selection algorithm for cyber-attacks samples

NASA Astrophysics Data System (ADS)

Li, Yihong; Liu, Fangzheng; Du, Zhenyu

2018-05-01

By studying the defense scheme of Network attacks, this paper propose an effective traffic features selection algorithm based on k-means++ clustering to deal with the problem of high dimensionality of traffic features which extracted from cyber-attacks samples. Firstly, this algorithm divide the original feature set into attack traffic feature set and background traffic feature set by the clustering. Then, we calculates the variation of clustering performance after removing a certain feature. Finally, evaluating the degree of distinctiveness of the feature vector according to the result. Among them, the effective feature vector is whose degree of distinctiveness exceeds the set threshold. The purpose of this paper is to select out the effective features from the extracted original feature set. In this way, it can reduce the dimensionality of the features so as to reduce the space-time overhead of subsequent detection. The experimental results show that the proposed algorithm is feasible and it has some advantages over other selection algorithms.

Function and activity classification in network traffic data: existing methods, their weaknesses, and a path forward

NASA Astrophysics Data System (ADS)

Levchuk, Georgiy

2016-05-01

The cyber spaces are increasingly becoming the battlefields between friendly and adversary forces, with normal users caught in the middle. Accordingly, planners of enterprise defensive policies and offensive cyber missions alike have an essential goal to minimize the impact of their own actions and adversaries' attacks on normal operations of the commercial and government networks. To do this, the cyber analysis need accurate "cyber battle maps", where the functions, roles, and activities of individual and groups of devices and users are accurately identified. Most of the research in cyber exploitation has focused on the identification of attacks, attackers, and their devices. Many tools exist for device profiling, malware identification, user attribution, and attack analysis. However, most of the tools are intrusive, sensitive to data obfuscation, or provide anomaly flagging and not able to correctly classify the semantics and causes of network activities. In this paper, we review existing solutions that can identify functional and social roles of entities in cyberspace, discuss their weaknesses, and propose an approach for developing functional and social layers of cyber battle maps.

Protecting drinking water utilities from cyberthreats

DOE PAGES

Clark, Robert M.; Panguluri, Srinivas; Nelson, Trent D.; ...

2017-02-01

Cyber-security challenges have the potential for becoming one of the defining issues of our time. Cyber-attacks have become an ever-increasing threat and the United States (US) Federal Bureau of Investigation (FBI) now ranks cyber-crime as one of its most important law enforcement activities. In addition to the general problems associated with cyber-crime, critical infrastructure (CI) related to energy production, manufacturing, water supply and other systems have come under attack. For example, drinking water utilities are increasingly incorporating computer technology into their routine operations and are therefore increasingly vulnerable to cyber- threats. Systems control and data acquisition (SCADA) systems used tomore » manage automated physical processes essential to water treatment and distribution systems have become standard in medium to large drinking water utilities and in many small water systems. However, even with the application of standard information technology cybersecurity best practices these types of systems have proven to be vulnerable to cyber-attacks. In 2015, the US Department of Homeland Security (DHS) responded to 25 cybersecurity incidents in the Water Sector and to 46 incidents in the Energy Sector. Comparatively, between 2014 and 2015, the reported number of Water Sector incidents actually increased by 78.6% (from 14 to 25). The DHS is in a collaborative partnership with the US Environmental Protection Agency to ensure cybersecurity in the Water Sector. As a result of this partnership a number of guidance documents and techniques have been developed to counter cyber-attacks and minimize cyber vulnerability. These approaches are documented along with a summary of common vulnerabilities. However, a new approach which has great promise in protecting drinking water systems against hacking and cyber-attacks, based on the concept of unidirectional gateways, is presented and discussed.« less

Protecting drinking water utilities from cyberthreats

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clark, Robert M.; Panguluri, Srinivas; Nelson, Trent D.

Cyber-security challenges have the potential for becoming one of the defining issues of our time. Cyber-attacks have become an ever-increasing threat and the United States (US) Federal Bureau of Investigation (FBI) now ranks cyber-crime as one of its most important law enforcement activities. In addition to the general problems associated with cyber-crime, critical infrastructure (CI) related to energy production, manufacturing, water supply and other systems have come under attack. For example, drinking water utilities are increasingly incorporating computer technology into their routine operations and are therefore increasingly vulnerable to cyber- threats. Systems control and data acquisition (SCADA) systems used tomore » manage automated physical processes essential to water treatment and distribution systems have become standard in medium to large drinking water utilities and in many small water systems. However, even with the application of standard information technology cybersecurity best practices these types of systems have proven to be vulnerable to cyber-attacks. In 2015, the US Department of Homeland Security (DHS) responded to 25 cybersecurity incidents in the Water Sector and to 46 incidents in the Energy Sector. Comparatively, between 2014 and 2015, the reported number of Water Sector incidents actually increased by 78.6% (from 14 to 25). The DHS is in a collaborative partnership with the US Environmental Protection Agency to ensure cybersecurity in the Water Sector. As a result of this partnership a number of guidance documents and techniques have been developed to counter cyber-attacks and minimize cyber vulnerability. These approaches are documented along with a summary of common vulnerabilities. However, a new approach which has great promise in protecting drinking water systems against hacking and cyber-attacks, based on the concept of unidirectional gateways, is presented and discussed.« less

Stuxnet, Schmitt Analysis, and the Cyber Use-of-Force Debate

DTIC Science & Technology

2012-01-01

demonstration during exercise Bold Alligator 2012 U . S . N av y (J os hu a J. W ah l) 46 JFQ / issue 67, 4 th quarter 2012 ndupress .ndu.edu...language; and Article 51’ s “armed attack ” threshold for self-defense actions. 18 Schmitt, “Computer Network Attack and the Use of Force,” 920. 19...sponsored cyber coercion. More importantly, the prospect of cyber attacks causing physical damage was largely theoretical.4 Beginning Stuxnet, Schmitt

DOE Office of Scientific and Technical Information (OSTI.GOV)

Borges, Raymond Charles; Beaver, Justin M; Buckner, Mark A

Power system disturbances are inherently complex and can be attributed to a wide range of sources, including both natural and man-made events. Currently, the power system operators are heavily relied on to make decisions regarding the causes of experienced disturbances and the appropriate course of action as a response. In the case of cyber-attacks against a power system, human judgment is less certain since there is an overt attempt to disguise the attack and deceive the operators as to the true state of the system. To enable the human decision maker, we explore the viability of machine learning as amore » means for discriminating types of power system disturbances, and focus specifically on detecting cyber-attacks where deception is a core tenet of the event. We evaluate various machine learning methods as disturbance discriminators and discuss the practical implications for deploying machine learning systems as an enhancement to existing power system architectures.« less

A Testbed Environment for Buildings-to-Grid Cyber Resilience Research and Development

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sridhar, Siddharth; Ashok, Aditya; Mylrea, Michael E.

The Smart Grid is characterized by the proliferation of advanced digital controllers at all levels of its operational hierarchy from generation to end consumption. Such controllers within modern residential and commercial buildings enable grid operators to exercise fine-grained control over energy consumption through several emerging Buildings-to-Grid (B2G) applications. Though this capability promises significant benefits in terms of operational economics and improved reliability, cybersecurity weaknesses in the supporting infrastructure could be exploited to cause a detrimental effect and this necessitates focused research efforts on two fronts. First, the understanding of how cyber attacks in the B2G space could impact grid reliabilitymore » and to what extent. Second, the development and validation of cyber-physical application-specific countermeasures that are complementary to traditional infrastructure cybersecurity mechanisms for enhanced cyber attack detection and mitigation. The PNNL B2G testbed is currently being developed to address these core research needs. Specifically, the B2G testbed combines high-fidelity buildings+grid simulators, industry-grade building automation and Supervisory Control and Data Acquisition (SCADA) systems in an integrated, realistic, and reconfigurable environment capable of supporting attack-impact-detection-mitigation experimentation. In this paper, we articulate the need for research testbeds to model various B2G applications broadly by looking at the end-to-end operational hierarchy of the Smart Grid. Finally, the paper not only describes the architecture of the B2G testbed in detail, but also addresses the broad spectrum of B2G resilience research it is capable of supporting based on the smart grid operational hierarchy identified earlier.« less

First-Strike Advantage: The United States’ Counter to China’s Preemptive Integrated Network Electronic Warfare Strategy

DTIC Science & Technology

2013-06-01

Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage,” 9. 57 Lolita C. Baldor, “Chinese Cyber Attacks On U.S. Continue...the Secretary of Defense, 2009. Baldor, Lolita C. “Chinese Cyber Attacks on U.S. Continue Totally Unabated, Leon Panetta.” Huffington Post (2012

Analysis of Traffic Signals on a Software-Defined Network for Detection and Classification of a Man-in-the-Middle Attack

DTIC Science & Technology

2017-09-01

unique characteristics of reported anomalies in the collected traffic signals to build a classification framework. Other cyber events, such as a...Furthermore, we identify unique characteristics of reported anomalies in the collected traffic signals to build a classification framework. Other cyber...2]. The applications build flow rules using network topology information provided by the control plane [1]. Since the control plane is able to

International Cyber Incident Repository System: Information Sharing on a Global Scale

DOE Office of Scientific and Technical Information (OSTI.GOV)

Joyce, Amanda L.; Evans, PhD, Nathaniel; Tanzman, Edward A.

According to the 2016 Internet Security Threat Report, the largest number of cyber attacks were recorded last year (2015), reaching a total of 430 million incidents throughout the world. As the number of cyber incidents increases, the need for information and intelligence sharing increases, as well. This fairly large increase in cyber incidents is driving the need for an international cyber incident data reporting system. The goal of the cyber incident reporting system is to make available shared and collected information about cyber events among participating international parties. In its 2014 report, Insurance Industry Working Session Readout Report-Insurance for CyberRelatedmore » Critical Infrastructure Loss: Key Issues, on the outcomes of a working session on cyber insurance, the U.S. Department of Homeland Security observed that “many participants cited the need for a secure method through which organizations could pool and share cyber incident information” and noted that one underwriter emphasized the importance of internationally harmonized data taxonomies. This cyber incident data reporting system could benefit all nations that take part in reporting incidents to provide a more common operating picture. In addition, this reporting system could allow for trending and anticipated attacks and could potentially benefit participating members by enabling them to get in front of potential attacks. The purpose of this paper is to identify options for consideration for such a system in fostering cooperative cyber defense.« less

An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chu, Tsong L.

The Stuxnet attack at the Natanz facility is an example of a targeted and successful cyber attack on a nuclear facility. Snowden's release of National Security Agency documents demonstrated the consequences of the insider threat. More recently, the United States tried to attack North Korea but failed, South Korea was attempting to attack North Korea, and both applied Stuxnet-like approaches. These sophisticated targeted attacks differ from web-site hacking events that are reported almost daily in the news mainly because targeted attacks require detailed design and operation information of the systems attacked and/or are often carried out by insiders. For instance,more » in order to minimize disruption of facilities around the world, Stuxnet remained idle until it recognized the specific configuration of the Natanz facility, demonstrating that the attackers possessed extremely detailed information about the facility. Such targeted cyber attacks could become a national-level military weapon and be used in coercion of hostile countries.« less

The psychological effects of cyber terrorism.

PubMed

Gross, Michael L; Canetti, Daphna; Vashdi, Dana R

2016-01-01

When ordinary citizens think of cyber threats, most are probably worried about their passwords and banking details, not a terrorist attack. The thought of a shooting in a mall or a bombing at an airport is probably more frightening than a cyber breach. Yet terrorists aim for mental as well as physical destruction, and our research has found that, depending on who the attackers and the victims are, the psychological effects of cyber threats can rival those of traditional terrorism.

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2014 CFR

2014-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2012 CFR

2012-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2013 CFR

2013-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

Towards A Taxonomy Of Attacks Against Energy Control Systems

NASA Astrophysics Data System (ADS)

Fleury, Terry; Khurana, Himanshu; Welch, Von

Control systems in the energy sector (e.g., supervisory control and data acquisition (SCADA) systems) involve a hierarchy of sensing, monitoring and control devices connected to centralized control stations or centers. The incorporation of commercial off-the-shelf technologies in energy control systems makes them vulnerable to cyber attacks. A taxonomy of cyber attacks against control systems can assist the energy sector in managing the cyber threat. This paper takes the first step towards a taxonomy by presenting a comprehensive model of attacks, vulnerabilities and damage related to control systems. The model is populated based on a survey of the technical literature from industry, academia and national laboratories.

The psychological effects of cyber terrorism

PubMed Central

Gross, Michael L.; Canetti, Daphna; Vashdi, Dana R.

2016-01-01

When ordinary citizens think of cyber threats, most are probably worried about their passwords and banking details, not a terrorist attack. The thought of a shooting in a mall or a bombing at an airport is probably more frightening than a cyber breach. Yet terrorists aim for mental as well as physical destruction, and our research has found that, depending on who the attackers and the victims are, the psychological effects of cyber threats can rival those of traditional terrorism. PMID:28366962

Fraud in Academic Publishing: Researchers Under Cyber-Attacks.

PubMed

Dadkhah, Mehdi; Borchardt, Glenn; Maliszewski, Tomasz

2017-01-01

Day by day, researchers receive new suspicious e-mails in their inboxes. Many of them do not have sufficient information about these types of e-mails, and may become victims of cyber-attacks. In this short communication, we review current cyber threats in academic publishing and try to present general guidelines for authors. Copyright © 2016 Elsevier Inc. All rights reserved.

Impact of Protection Motivation Theory and General Deterrence Theory on the Behavioral Intention to Implement and Misuse Active Cyber Defense

ERIC Educational Resources Information Center

White, Jautau Kelton

2017-01-01

Current cybersecurity measures have become a major concern for commercial organizations in the United States. As the cyber-attack landscape expands and the skills and knowledge of the cyber-attacker become broader, the current measures that are taken and the laws structured around them are making it increasingly difficult for commercial…

Cyber Friendly Fire: Research Challenges for Security Informatics

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly fire (FF). We define cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintention-ally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, maintaining situation awareness (SA) is paramount to avoiding cyber FF incidents. Cyber SA concerns knowledge of a system’s topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components thatmore » comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and offensive countermeasures that may be applied to thwart network attacks. Mitigation strategies to combat cyber FF— including both training concepts and suggestions for decision aids and visualization approaches—are discussed.« less

Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics

DTIC Science & Technology

2012-05-22

cyber at- tack. Recently, high -prole successful attacks have been detected against the International Mon- etary Fund, Citibank, Lockheed Martin, Google...RSA Security, Sony, and Oak Ridge National Laboratory[13]. These and other attacks have heightened securing networks as a high priority for many...of high -severity vulnerabilities found by network vulnerability scanners (e.g., [40]) and the numbers or percentages of hosts that are are not

Energy Sector Security through a System for Intelligent, Learning Network Configuration Monitoring and Management (“Essence”)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miller, Craig; Larmouth, Robert

The project was conceived and executed with the overarching objective to provide cost effective tools to cooperative utilities that enabled them to quickly detect, characterize and take remediative action against cyber attacks.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sadi, Mohammad A. H.; Dasgupta, Dipankar; Ali, Mohammad Hassan

The important backbone of the smart grid is the cyber/information infrastructure, which is primarily used to communicate with different grid components. A smart grid is a complex cyber physical system containing a numerous and variety number of sources, devices, controllers and loads. Therefore, the smart grid is vulnerable to grid related disturbances. For such dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and Opnet based co-simulated platform to carry out a cyber-intrusion in cyber network for modern power systems and the smart grid. The IEEE 30 bus power system model is used tomore » demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack. Different disturbance situations in the considered test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.« less

A Probabilistic Risk Mitigation Model for Cyber-Attacks to PMU Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mousavian, Seyedamirabbas; Valenzuela, Jorge; Wang, Jianhui

The power grid is becoming more dependent on information and communication technologies. Complex networks of advanced sensors such as phasor measurement units (PMUs) are used to collect real time data to improve the observability of the power system. Recent studies have shown that the power grid has significant cyber vulnerabilities which could increase when PMUs are used extensively. Therefore, recognizing and responding to vulnerabilities are critical to the security of the power grid. This paper proposes a risk mitigation model for optimal response to cyber-attacks to PMU networks. We model the optimal response action as a mixed integer linear programmingmore » (MILP) problem to prevent propagation of the cyber-attacks and maintain the observability of the power system.« less

Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.

Securing cyber-systems on a continual basis against a multitude of adverse events is a challenging undertaking. Game-theoretic approaches, that model actions of strategic decision-makers, are increasingly being applied to address cybersecurity resource allocation challenges. Such game-based models account for multiple player actions and represent cyber attacker payoffs mostly as point utility estimates. Since a cyber-attacker’s payoff generation mechanism is largely unknown, appropriate representation and propagation of uncertainty is a critical task. In this paper we expand on prior work and focus on operationalizing the probabilistic uncertainty quantification framework, for a notional cyber system, through: 1) representation of uncertain attacker andmore » system-related modeling variables as probability distributions and mathematical intervals, and 2) exploration of uncertainty propagation techniques including two-phase Monte Carlo sampling and probability bounds analysis.« less

Simple mathematical law benchmarks human confrontations.

PubMed

Johnson, Neil F; Medina, Pablo; Zhao, Guannan; Messinger, Daniel S; Horgan, John; Gill, Paul; Bohorquez, Juan Camilo; Mattson, Whitney; Gangi, Devon; Qi, Hong; Manrique, Pedro; Velasquez, Nicolas; Morgenstern, Ana; Restrepo, Elvira; Johnson, Nicholas; Spagat, Michael; Zarama, Roberto

2013-12-10

Many high-profile societal problems involve an individual or group repeatedly attacking another - from child-parent disputes, sexual violence against women, civil unrest, violent conflicts and acts of terror, to current cyber-attacks on national infrastructure and ultrafast cyber-trades attacking stockholders. There is an urgent need to quantify the likely severity and timing of such future acts, shed light on likely perpetrators, and identify intervention strategies. Here we present a combined analysis of multiple datasets across all these domains which account for >100,000 events, and show that a simple mathematical law can benchmark them all. We derive this benchmark and interpret it, using a minimal mechanistic model grounded by state-of-the-art fieldwork. Our findings provide quantitative predictions concerning future attacks; a tool to help detect common perpetrators and abnormal behaviors; insight into the trajectory of a 'lone wolf'; identification of a critical threshold for spreading a message or idea among perpetrators; an intervention strategy to erode the most lethal clusters; and more broadly, a quantitative starting point for cross-disciplinary theorizing about human aggression at the individual and group level, in both real and online worlds.

Simple mathematical law benchmarks human confrontations

NASA Astrophysics Data System (ADS)

Johnson, Neil F.; Medina, Pablo; Zhao, Guannan; Messinger, Daniel S.; Horgan, John; Gill, Paul; Bohorquez, Juan Camilo; Mattson, Whitney; Gangi, Devon; Qi, Hong; Manrique, Pedro; Velasquez, Nicolas; Morgenstern, Ana; Restrepo, Elvira; Johnson, Nicholas; Spagat, Michael; Zarama, Roberto

2013-12-01

Many high-profile societal problems involve an individual or group repeatedly attacking another - from child-parent disputes, sexual violence against women, civil unrest, violent conflicts and acts of terror, to current cyber-attacks on national infrastructure and ultrafast cyber-trades attacking stockholders. There is an urgent need to quantify the likely severity and timing of such future acts, shed light on likely perpetrators, and identify intervention strategies. Here we present a combined analysis of multiple datasets across all these domains which account for >100,000 events, and show that a simple mathematical law can benchmark them all. We derive this benchmark and interpret it, using a minimal mechanistic model grounded by state-of-the-art fieldwork. Our findings provide quantitative predictions concerning future attacks; a tool to help detect common perpetrators and abnormal behaviors; insight into the trajectory of a `lone wolf' identification of a critical threshold for spreading a message or idea among perpetrators; an intervention strategy to erode the most lethal clusters; and more broadly, a quantitative starting point for cross-disciplinary theorizing about human aggression at the individual and group level, in both real and online worlds.

Impact of Alleged Russian Cyber Attacks

DTIC Science & Technology

2009-05-01

security. 15. SUBJECT TERMS Cyber Security, Cyber Warfare , Estonia, Georgia, Russian Federation Cyber Strategy, Convention on Cybercrime, NATO Center...Federation ......................................................................................... 33  X.  The Future of Russian Cyber Warfare ................................................................... 39...Issue 15.09); Binoy Kampmark, Cyber Warfare Between Estonia And Russia, (Contemporary Review: Autumn, 2003), p 288-293; Jaak Aaviksoo, Address by the

Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signalsmore » are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.« less

Computer Network Attack: An Operational Tool?

DTIC Science & Technology

2003-01-17

Spectrum of Conflict, Cyber Warfare , Preemptive Strike, Effects Based Targeting. 15. Abstract: Computer Network Attack (CNA) is defined as...great deal of attention as the world’s capabilities in cyber - warfare grow. 11 Although addressing the wide ranging legal aspects of CNA is beyond the...the notion of cyber - warfare has not yet developed to the point that international norms have been established.15 These norms will be developed in

Cyber Attacks, Attribution, and Deterrence: Three Case Studies

DTIC Science & Technology

2015-05-23

threat informs his decision about the appropriate deterrent counter-threats. There tend to be three camps in general: Minimalists , Moderates, and...Alarmists. Minimalists do not require much explanation because they are the authors who believe that cyber does not pose any significant threat...Armageddon.”32 Amongst the minimalists are Lawrence Freedman and Thomas Rid. Freedman grants discussion of cyber attacks a scant two pages in his seven

Programmable Logic Controller Modification Attacks for use in Detection Analysis

DTIC Science & Technology

2014-03-27

and J. Lowe, “The Myths and Facts Behind Cyber Security Risks for Industrial Control Systems ,” in Proceedings of the VDE Kongress, vol. 116, 2004. [13...Feb 2014 Date 20 Feb 2014 Date 20 Feb 2014 Date AFIT-ENG-14-M-66 Abstract Unprotected Supervisory Control and Data Acquisition (SCADA) systems offer...control and monitor physical industrial processes. Although attacks targeting SCADA systems have increased, there has been little work exploring the

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE PAGES

Perkins, Casey; Muller, George

2015-10-08

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Perkins, Casey; Muller, George

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onyeji, Ijeoma; Bazilian, Morgan; Bronk, Chris

Both the number and security implications of sophisticated cyber attacks on companies providing critical energy infrastructures are increasing. As power networks and, to a certain extent, oil and gas infrastructure both upstream and downstream, are becoming increasingly integrated with information communication technology systems, they are growing more susceptible to cyber attacks.

Identification and Ranking of Critical Assets within an Electrical Grid under Threat of Cyber Attack

NASA Astrophysics Data System (ADS)

Boyer, Blake R.

This paper examines the ranking of critical assets within an electrical grid under threat of cyber attack.1 Critical to this analysis is the assumption of zero hour exploits namely, the threat of an immediate attack as soon as a vulnerability is discovered. Modeling shows that over time load fluctuations as well as other system variations will change the importance of each asset in the delivery of bulk power. As opposed to classic stability studies where risk can be shown to be greatest during high load periods, the zero hour exploit-cyber-risk assumes that vulnerabilities will be attacked as soon as they are discovered. The probability of attacks is made uniform over time to include any and all possible attacks. Examining the impact of an attack and how the grid reacts immediately following an attack will identify and determine the criticality of each asset. This work endeavors to fulfill the NERC Critical Infrastructure Protection Requirements CIP-001-1 through CIP-009-2, cyber security requirements for the reliable supply of bulk power to customers throughout North America. 1Critical assets will here refer to facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System, NERC Glossary of Terms Used in Reliability Standards, 2009

TANDI: threat assessment of network data and information

NASA Astrophysics Data System (ADS)

Holsopple, Jared; Yang, Shanchieh Jay; Sudit, Moises

2006-04-01

Current practice for combating cyber attacks typically use Intrusion Detection Sensors (IDSs) to passively detect and block multi-stage attacks. This work leverages Level-2 fusion that correlates IDS alerts belonging to the same attacker, and proposes a threat assessment algorithm to predict potential future attacker actions. The algorithm, TANDI, reduces the problem complexity by separating the models of the attacker's capability and opportunity, and fuse the two to determine the attacker's intent. Unlike traditional Bayesian-based approaches, which require assigning a large number of edge probabilities, the proposed Level-3 fusion procedure uses only 4 parameters. TANDI has been implemented and tested with randomly created attack sequences. The results demonstrate that TANDI predicts future attack actions accurately as long as the attack is not part of a coordinated attack and contains no insider threats. In the presence of abnormal attack events, TANDI will alarm the network analyst for further analysis. The attempt to evaluate a threat assessment algorithm via simulation is the first in the literature, and shall open up a new avenue in the area of high level fusion.

A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Choudhury, Sutanay; Holder, Larry; Chin, George

2015-02-02

Cyber security is one of the most significant technical challenges in current times. Detecting adversarial activities, prevention of theft of intellectual properties and customer data is a high priority for corporations and government agencies around the world. Cyber defenders need to analyze massive-scale, high-resolution network flows to identify, categorize, and mitigate attacks involving net- works spanning institutional and national boundaries. Many of the cyber attacks can be described as subgraph patterns, with promi- nent examples being insider infiltrations (path queries), denial of service (parallel paths) and malicious spreads (tree queries). This motivates us to explore subgraph matching on streaming graphsmore » in a continuous setting. The novelty of our work lies in using the subgraph distributional statistics collected from the streaming graph to determine the query processing strategy. We introduce a “Lazy Search" algorithm where the search strategy is decided on a vertex-to-vertex basis depending on the likelihood of a match in the vertex neighborhood. We also propose a metric named “Relative Selectivity" that is used to se- lect between different query processing strategies. Our experiments performed on real online news, network traffic stream and a syn- thetic social network benchmark demonstrate 10-100x speedups over selectivity agnostic approaches.« less

A Selectivity based approach to Continuous Pattern Detection in Streaming Graphs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Choudhury, Sutanay; Holder, Larry; Chin, George

2015-05-27

Cyber security is one of the most significant technical challenges in current times. Detecting adversarial activities, prevention of theft of intellectual properties and customer data is a high priority for corporations and government agencies around the world. Cyber defenders need to analyze massive-scale, high-resolution network flows to identify, categorize, and mitigate attacks involving networks spanning institutional and national boundaries. Many of the cyber attacks can be described as subgraph patterns, with prominent examples being insider infiltrations (path queries), denial of service (parallel paths) and malicious spreads (tree queries). This motivates us to explore subgraph matching on streaming graphs in amore » continuous setting. The novelty of our work lies in using the subgraph distributional statistics collected from the streaming graph to determine the query processing strategy. We introduce a ``Lazy Search" algorithm where the search strategy is decided on a vertex-to-vertex basis depending on the likelihood of a match in the vertex neighborhood. We also propose a metric named ``Relative Selectivity" that is used to select between different query processing strategies. Our experiments performed on real online news, network traffic stream and a synthetic social network benchmark demonstrate 10-100x speedups over non-incremental, selectivity agnostic approaches.« less

Cyber Incidents Involving Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert J. Turk

2005-10-01

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Managementmore » Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).« less

Identifying and tracking attacks on networks: C3I displays and related technologies

NASA Astrophysics Data System (ADS)

Manes, Gavin W.; Dawkins, J.; Shenoi, Sujeet; Hale, John C.

2003-09-01

Converged network security is extremely challenging for several reasons; expanded system and technology perimeters, unexpected feature interaction, and complex interfaces all conspire to provide hackers with greater opportunities for compromising large networks. Preventive security services and architectures are essential, but in and of themselves do not eliminate all threat of compromise. Attack management systems mitigate this residual risk by facilitating incident detection, analysis and response. There are a wealth of attack detection and response tools for IP networks, but a dearth of such tools for wireless and public telephone networks. Moreover, methodologies and formalisms have yet to be identified that can yield a common model for vulnerabilities and attacks in converged networks. A comprehensive attack management system must coordinate detection tools for converged networks, derive fully-integrated attack and network models, perform vulnerability and multi-stage attack analysis, support large-scale attack visualization, and orchestrate strategic responses to cyber attacks that cross network boundaries. We present an architecture that embodies these principles for attack management. The attack management system described engages a suite of detection tools for various networking domains, feeding real-time attack data to a comprehensive modeling, analysis and visualization subsystem. The resulting early warning system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

Detecting Peer-to-Peer Botnets in SCADA Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yang, Huan; Cheng, Liang; Chuah, Mooi Choo

Supervisory Control and Data Acquisition (SCADA) systems monitor and control critical infrastructure such as the smart grid. As SCADA systems become increasingly interconnected and adopt more and more cyber-enabled components, the risks of cyber attacks become a major concern. Due to their decentralized organization, peer-to-peer (P2P) botnets are resilient to many existing takedown measures and can be exploited as an effective way to launch cyber attacks on SCADA systems. However, little work has been done to detect P2P botnets in SCADA systems, which carry traffic flows with characteristics significantly different from the Internet. In this paper, we design a P2P-botnetmore » detection method for SCADA systems, leveraging built-in traffic monitoring capabilities of SCADA networking devices. The proposed method consists of two stages. In the first stage, we design a simple feature test to filter out non-P2P hosts, which significantly reduces the data volume for P2P-botnet identification. In the second stage, we jointly consider flow-based and connectivity-based features that effectively set apart bots from benign hosts. We propose to use unsupervised learning for P2P-botnet identification, which not only identifies known P2P botnets but also captures newly emerged ones. Our simulation results show that the proposed system achieves high detection rates with very few false positives. Furthermore, our evaluation shows that the proposed method can detect hosts running P2P SCADA applications that are infected by P2P bots.« less

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

VTAC: virtual terrain assisted impact assessment for cyber attacks

NASA Astrophysics Data System (ADS)

Argauer, Brian J.; Yang, Shanchieh J.

2008-03-01

Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their 'impact' to services and users of the network. A network is modeled as 'virtual terrain' where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC).

Cyber War Game in Temporal Networks

DTIC Science & Technology

2016-02-09

Boston, Massachusetts 02115, United States of America * jianxi.gao@gmail.com Abstract In a cyber war game where a network is fully distributed and... game with minimum effort. Given the system goal states of attackers and defenders, we study what strategies attackers or defenders can take to reach

Cyber for the Middleweight Fighter: Recommendations for Cyberspace Capabilities for the United States Marine Corps

DTIC Science & Technology

2013-02-14

L acts to “provided resources for national and joint kinetic attack requirements.”24 Additionally, the Marine Corps Force Structure Review Group...for unusual system activity and searching for signs of known malware, unlike what is depicted in movies such as Hackers, where opposing cyber...never admitted involvement but the attacks originated in Russia. The FBI code name for the inquiry was Moonlight Maze. 29. Jeffrey Carr, Inside Cyber

Command and Control, Cyber, Communications, Intelligence, Surveillance and Reconnaissance (CRISR) and Cyber Tactical Measures

DTIC Science & Technology

2016-09-01

between U.S. bases and the theater of operations. • Cyber Attack capabilities designed to disrupt U.S. command and control systems and critical...operational area. Key area-denial capabilities include: • Air forces and air defense systems, both fixed and mobile, designed to deny local U.S. air...Precision-guided rockets, artillery, missiles, and mortars (G-RAMM) designed to attack surface targets, including landing forces, with much greater accuracy

Characterization of attacks on public telephone networks

NASA Astrophysics Data System (ADS)

Lorenz, Gary V.; Manes, Gavin W.; Hale, John C.; Marks, Donald; Davis, Kenneth; Shenoi, Sujeet

2001-02-01

The U.S. Public Telephone Network (PTN) is a massively connected distributed information systems, much like the Internet. PTN signaling, transmission and operations functions must be protected from physical and cyber attacks to ensure the reliable delivery of telecommunications services. The increasing convergence of PTNs with wireless communications systems, computer networks and the Internet itself poses serious threats to our nation's telecommunications infrastructure. Legacy technologies and advanced services encumber well-known and as of yet undiscovered vulnerabilities that render them susceptible to cyber attacks. This paper presents a taxonomy of cyber attacks on PTNs in converged environments that synthesizes exploits in computer and communications network domains. The taxonomy provides an opportunity for the systematic exploration of mitigative and preventive strategies, as well as for the identification and classification of emerging threats.

Cyber-Terrorism and Cyber-Crime: There Is a Difference

DTIC Science & Technology

The terms cyber -terrorism and cyber -crime have many varying definitions depending on who is defining them. For example, individuals with expertise in...considerations and, when investigating a cyber -attack, procedural considerations. By examining the strengths and weaknesses of several definitions offered by...national security, law enforcement, industry, law, and scholars, this research constructs a list of parameters to consider when formulating definitions for cyber -terrorism and cyber -crime.

Cyber Power: Attack and Defense Lessons from Land, Sea, and Air Power

DTIC Science & Technology

2011-06-01

over defense for a long time to come. The logical conclusion is that effective electronic and cyber defense are impossible. However, in...air attack with sufficient accuracy and warning time to mount an effective defense. 3 The 1...considering the suddenness of the attack, it is unlikely that the enemy would have time enough to parry the blow effectively either in the air or from the

Establishing a Cyber Warrior Force

DTIC Science & Technology

2004-09-01

Cyber Warfare is widely touted to be the next generation of warfare. As America’s reliance on automated systems and information technology increases...so too does the potential vulnerability to cyber attack. Nation and non-nation states are developing the capability to wage cyber warfare . Historically

Cyber Operations and Cyber Terrorism, Handbook Number 1.02

DTIC Science & Technology

2005-08-15

Quinn, “Teen Hackers Plead Guilty to Stunning Pentagon Attacks,” Reuters, 31 July 1998, 1; available from http://www.geocities.com/ Area51 ...Hackers Plead Guilty to Stunning Pentagon Attacks.” Reuters, 31 July 1998, 1. Available from http://www.geocities.com/ Area51 /Shadowlands/6583

Department of Defense Information Enterprise: Strategic Plan 2010-2012

DTIC Science & Technology

2010-04-01

migrate from circuit-based technology to a converged (voice, video , and data) IP network and UC services environment. Ensure the optimal...Kevin Coleman, “Cyber Attacks on Supply Chain Systems,” Defense Tech, April 15, 2009 8 Lolita C. Baldor, “Federal Web Sites Knocked Out by Cyber Attack

Cyber Attacks and the Legal Justification for an Armed Response

DTIC Science & Technology

2017-05-25

conflict between military forces of any origin.ൟ The definition above applies only to Title 18, Chapter 113B “ Terrorism ,” and is not applicable...beyond the context of terrorism . Applying this definition to cyber attacks outside the context of terrorism will not provide legal justification for

Quantifying Improbability: An Analysis of the Lloyd’s of London Business Blackout Cyber Attack Scenario

DTIC Science & Technology

Scenarios that describe cyber attacks on the electric grid consistently predict significant disruptions to the economy and citizens quality of life...phenomena that deserve further investigation, such as the importance of some individual power plants in influencing the adversarys probability of

How is cyber threat evolving and what do organisations need to consider?

PubMed

Borrett, Martin; Carter, Roger; Wespi, Andreas

Organisations and members of the public are becoming accustomed to the increasing velocity, frequency and variety of cyber-attacks that they have been facing over the last few years. In response to this challenge, it is important to explore what can be done to offer commercial and private users a reliable and functioning environment. This paper discusses how cyber threats might evolve in the future and seeks to explore these threats more fully. Attention is paid to the changing nature of cyber-attackers and their motivations and what this means for organisations. Finally, useful and actionable steps are provided, which practitioners can use to understand how they can start to address the future challenges of cyber security.

Department of Homeland Security

MedlinePlus

... Release Joint Technical Alerts on Malicious North Korean Cyber Activity Today, DHS and FBI released a pair ... María Provide Feedback to DHS Protect Myself from Cyber Attacks Report Cyber Incidents Prepare My Family for ...

Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

NASA Technical Reports Server (NTRS)

Roy, Sandip; Sridhar, Banavar

2016-01-01

Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure, and indeed security solutions are being implemented in the current system. While these security solutions are important, they only provide a piecemeal solution. Particular computers or communication channels are protected from particular attacks, without a holistic view of the air transportation infrastructure. On the other hand, the above-listed incidents highlight that a holistic approach is needed, for several reasons. First, the air transportation infrastructure is a large scale cyber-physical system with multiple stakeholders and diverse legacy assets. It is impractical to protect every cyber- asset from known and unknown disruptions, and instead a strategic view of security is needed. Second, disruptions to the cyber- system can incur complex propagative impacts across the air transportation network, including its physical and human assets. Also, these implications of cyber- events are exacerbated or modulated by other disruptions and operational specifics, e.g. severe weather, operator fatigue or error, etc. These characteristics motivate a holistic and strategic perspective on protecting the air transportation infrastructure from cyber- events. The analysis of cyber- threats to the air traffic system is also inextricably tied to the integration of new autonomy into the airspace. The replacement of human operators with cyber functions leaves the network open to new cyber threats, which must be modeled and managed. Paradoxically, the mitigation of cyber events in the airspace will also likely require additional autonomy, given the fast time scale and myriad pathways of cyber-attacks which must be managed. The assessment of new vulnerabilities upon integration of new autonomy is also a key motivation for a holistic perspective on cyber threats.

Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies.

PubMed

Paté-Cornell, M-Elisabeth; Kuypers, Marshall; Smith, Matthew; Keller, Philip

2018-02-01

Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system-based for high-consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward-looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high-consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. © 2017 Society for Risk Analysis.

Good Things in Small Packages: Micro Worlds and Cyber Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

David I Gertman

2013-11-01

Cyber events, as perpetrated by terrorists and nation states, have become commonplace as evidenced in national and international news media. Cyber attacks affect day-to-day activities of end users through exploitation of social networks, businesses such as banking and stock exchanges, and government entities including Departments of Defense. They are becoming more frequent and sophisticated. Currently, efforts are directed to understanding the methods employed by attackers and towards dissecting the planning and activities of the perpetrator, including review of psychosocial factors.

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment

PubMed Central

King, Zoe M.; Henshel, Diane S.; Flora, Liberty; Cains, Mariana G.; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual’s intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users. PMID:29459838

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment.

PubMed

King, Zoe M; Henshel, Diane S; Flora, Liberty; Cains, Mariana G; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual's intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users.

Simple mathematical law benchmarks human confrontations

PubMed Central

Johnson, Neil F.; Medina, Pablo; Zhao, Guannan; Messinger, Daniel S.; Horgan, John; Gill, Paul; Bohorquez, Juan Camilo; Mattson, Whitney; Gangi, Devon; Qi, Hong; Manrique, Pedro; Velasquez, Nicolas; Morgenstern, Ana; Restrepo, Elvira; Johnson, Nicholas; Spagat, Michael; Zarama, Roberto

2013-01-01

Many high-profile societal problems involve an individual or group repeatedly attacking another – from child-parent disputes, sexual violence against women, civil unrest, violent conflicts and acts of terror, to current cyber-attacks on national infrastructure and ultrafast cyber-trades attacking stockholders. There is an urgent need to quantify the likely severity and timing of such future acts, shed light on likely perpetrators, and identify intervention strategies. Here we present a combined analysis of multiple datasets across all these domains which account for >100,000 events, and show that a simple mathematical law can benchmark them all. We derive this benchmark and interpret it, using a minimal mechanistic model grounded by state-of-the-art fieldwork. Our findings provide quantitative predictions concerning future attacks; a tool to help detect common perpetrators and abnormal behaviors; insight into the trajectory of a ‘lone wolf'; identification of a critical threshold for spreading a message or idea among perpetrators; an intervention strategy to erode the most lethal clusters; and more broadly, a quantitative starting point for cross-disciplinary theorizing about human aggression at the individual and group level, in both real and online worlds. PMID:24322528

Using Reputation Based Trust to Overcome Malfunctions and Malicious Failures in Electric Power Protection Systems

DTIC Science & Technology

2011-09-01

concert with a physical attack. Additionally, the importance of preventive measures implemented by a social human network to counteract a cyber attack...integrity of the data stored on specific computers. This coordinated cyber attack would have been successful if not for the trusted social network...established by Mr. Hillar Aarelaid, head of the Estonian computer 6 emergency response team (CERT). This social network consisted of Mr. Hillar Aarelaid

Assessing the Risk of Catastrophic Cyber Attack: Lessons from the Electromagnetic Pulse Commission

DTIC Science & Technology

2015-04-15

need to address whether it would do so? Fourth, the question of consequences must include not only the direct effects of any attack but also potential...inform cyber consequence assessments. Sixth, EMP effects are difficult to characterize but ultimately are knowable at the device level. The effects ...that the approach the EMP Commission used to assess the likelihood and consequences of EMP attacks could provide useful lessons for analysts grappling

On detection and visualization techniques for cyber security situation awareness

NASA Astrophysics Data System (ADS)

Yu, Wei; Wei, Shixiao; Shen, Dan; Blowers, Misty; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe; Zhang, Hanlin; Lu, Chao

2013-05-01

Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chu, Tsong-Lun; Varuttamaseni, Athi; Baek, Joo-Seok

This paper provides an approach for developing potential attacks on I and C systems of NPPs and assessing their consequences. An important concept is that the NPPs were not designed to cope with Stuxnet-type of attacks (and any other cyber attacks). That is, the plants were only designed for design basis accidents. The safety margins and redundancies built in the design are all based on design basis accidents. They may be helpful in mitigating cyberattacks, but may not be adequate.

Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Halappanavar, Mahantesh; Tipireddy, Ramakrishna

Representation and propagation of uncertainty in cyber attacker payoffs is a key aspect of security games. Past research has primarily focused on representing the defender’s beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and intervals. Within cyber-settings, continuous probability distributions may still be appropriate for addressing statistical (aleatory) uncertainties where the defender may assume that the attacker’s payoffs differ over time. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information aboutmore » the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as probability boxes with intervals. In this study, we explore the mathematical treatment of such mixed payoff uncertainties.« less

Mitigating Higher Ed Cyber Attacks

ERIC Educational Resources Information Center

Rogers, Gary; Ashford, Tina

2015-01-01

In this presentation we will discuss the many and varied cyber attacks that have recently occurred in the higher ed community. We will discuss the perpetrators, the victims, the impact and how these institutions have evolved to meet this threat. Mitigation techniques and defense strategies will be covered as will a discussion of effective security…

Nodes and Codes: The Reality of Cyber Warfare

DTIC Science & Technology

2012-05-17

Nodes and Codes explores the reality of cyber warfare through the story of Stuxnet, a string of weaponized code that reached through a domain...nodes. Stuxnet served as a proof-of-concept for cyber weapons and provided a comparative laboratory to study the reality of cyber warfare from the...military powers most often associated with advanced, offensive cyber attack capabilities. The reality of cyber warfare holds significant operational

Toward a theoretical framework for trustworthy cyber sensing

NASA Astrophysics Data System (ADS)

Xu, Shouhuai

2010-04-01

Cyberspace is an indispensable part of the economy and society, but has been "polluted" with many compromised computers that can be abused to launch further attacks against the others. Since it is likely that there always are compromised computers, it is important to be aware of the (dynamic) cyber security-related situation, which is however challenging because cyberspace is an extremely large-scale complex system. Our project aims to investigate a theoretical framework for trustworthy cyber sensing. With the perspective of treating cyberspace as a large-scale complex system, the core question we aim to address is: What would be a competent theoretical (mathematical and algorithmic) framework for designing, analyzing, deploying, managing, and adapting cyber sensor systems so as to provide trustworthy information or input to the higher layer of cyber situation-awareness management, even in the presence of sophisticated malicious attacks against the cyber sensor systems?

Security Informatics Research Challenges for Mitigating Cyber Friendly Fire

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carroll, Thomas E.; Greitzer, Frank L.; Roberts, Adam D.

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly re (FF). We dene cyber FF as intentional o*ensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission e*ectiveness of friendly or neutral forces. We describe examples of cyber FF and discuss how it ts within a general conceptual framework for cyber security failures. Because it involves human failure, cyber FF may be considered to belong to a sub-class of cyber security failures characterized as unintentional insider threats. Cyber FF is closelymore » related to combat friendly re in that maintaining situation awareness (SA) is paramount to avoiding unintended consequences. Cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and o*ensive countermeasures that may be applied to thwart network attacks. We describe a test bed designed to support empirical research on factors a*ecting cyber FF. Finally, we discuss mitigation strategies to combat cyber FF, including both training concepts and suggestions for decision aids and visualization approaches.« less

Cyber secure systems approach for NPP digital control systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCreary, T. J.; Hsu, A.

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant andmore » distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Purvine, Emilie AH; Johnson, John R.; Lo, Chaomei

Most cyber network attacks begin with an adversary gain- ing a foothold within the network and proceed with lateral movement until a desired goal is achieved. The mechanism by which lateral movement occurs varies but the basic signa- ture of hopping between hosts by exploiting vulnerabilities is the same. Because of the nature of the vulnerabilities typ- ically exploited, lateral movement is very difficult to detect and defend against. In this paper we define a dynamic reach- ability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolvemore » over time. We use this reacha- bility graph to develop dynamic machine-level and network- level impact scores. Lateral movement mitigation strategies which make use of our impact scores are also discussed, and we detail an example using a freely available data set.« less

Academic Information Security Researchers: Hackers or Specialists?

PubMed

Dadkhah, Mehdi; Lagzian, Mohammad; Borchardt, Glenn

2018-04-01

In this opinion piece, we present a synopsis of our findings from the last 2 years concerning cyber-attacks on web-based academia. We also present some of problems that we have faced and try to resolve any misunderstandings about our work. We are academic information security specialists, not hackers. Finally, we present a brief overview of our methods for detecting cyber fraud in an attempt to present general guidelines for researchers who would like to continue our work. We believe that our work is necessary for protecting the integrity of scholarly publishing against emerging cybercrime.

Command and Control of the Department of Defense in Cyberspace

DTIC Science & Technology

2011-03-24

superiority are also unclassified and constantly probed by intruders and cyber criminals .5 To secure and defend our nation from cyber attacks and conduct...USCYBERCOM to use both offensive and defensive cyber weapons and the tools necessary to hunt down cyber criminals based on rule of law and the legal

The Cyber Defense Review. Volume 1, Number 1, Spring 2016

DTIC Science & Technology

2016-04-20

in the Land and Cyber Domains Lieutenant General Edward C. Cardon The U.S. Navy’s Evolving Cyber/ Cybersecurity Story Rear Admiral Nancy Norton...Olav Lysne Cyber Situational Awareness Maj. Gen. Earl D. Matthews, USAF, Ret Dr. Harold J. Arata III Mr. Brian L. Hale Is There a Cybersecurity ...Kallberg The Decision to Attack: Military and Intelligence Cyber Decision-Making by Dr. Aaron F. Brantly The Cyber Defense Review

On Cyber Warfare Command and Control Systems

DTIC Science & Technology

2004-06-01

longer adequate to rely solely on the now traditional defense-in-depth strategy. We must recognize that we are engaged in a form of warfare, cyber warfare , and... warfare . This causes security devices to be used ineffectively and responses to be untimely. Cyber warfare then becomes a one-sided battle where the... cyber warfare strategy and tactics requires a cyber warfare command and control system. Responses to cyber attacks do not require offensive measures

Science & Technology Review January/February 2010

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bearinger, J P

2009-11-30

This month's issue has the following articles: (1) Innovative Materials Rise to the Radiation Challenge - Commentary by Bruce Warner; (2) The Hunt for Better Radiation Detection - New materials will help radiation detectors pick up weak signals and accurately identify illicit radioactive sources; (3) Time-Critical Technology Identifies Deadly Bloodborne Pathogens - A portable device can simultaneously distinguish up to five bloodborne pathogens in just minutes; (4) Defending Computer Networks against Attack - A Laboratory effort takes a new approach to detecting increasingly sophisticated cyber attacks; and (5) Imaging Cargo's Inner Secrets - Livermore-University of California collaborators are modeling amore » new radiographic technique for identifying nuclear materials concealed inside cargo containers.« less

Cyberspace Superiority: Dominating the Digital Frontier

DTIC Science & Technology

2014-01-01

2009/07/137_48261.html. 9 Lolita Baldor, “White House among targets of cyber attack: Other targets included NSA, Homeland Security and State...attackers appeared not to get the results for 10 Lolita Baldor, "White House among targets of cyber...Communications Commission (KCC) order service providers to deny access to 30,000 13 Lolita Baldor, "US

Resilient control of cyber-physical systems against intelligent attacker: a hierarchal stackelberg game approach

NASA Astrophysics Data System (ADS)

Yuan, Yuan; Sun, Fuchun; Liu, Huaping

2016-07-01

This paper is concerned with the resilient control under denial-of-service attack launched by the intelligent attacker. The resilient control system is modelled as a multi-stage hierarchical game with a corresponding hierarchy of decisions made at cyber and physical layer, respectively. Specifically, the interaction in the cyber layer between different security agents is modelled as a static infinite Stackelberg game, while in the underlying physical layer the full-information H∞ minimax control with package drops is modelled as a different Stackelberg game. Both games are solved sequentially, which is consistent with the actual situations. Finally, the proposed method is applied to the load frequency control of the power system, which demonstrates its effectiveness.

Cyber Warfare: Protecting Military Systems

DTIC Science & Technology

2000-01-01

Software is a key component in nearly every critical system used by the Department of Defense. Attacking the software in a system- cyber warfare - is a...revolutionary method of pursuing war. This article describes various cyber warfare approaches and suggests methods to counter them.

Intrusion Detection in Control Systems using Sequence Characteristics

NASA Astrophysics Data System (ADS)

Kiuchi, Mai; Onoda, Takashi

Intrusion detection is considered effective in control systems. Sequences of the control application behavior observed in the communication, such as the order of the control device to be controlled, are important in control systems. However, most intrusion detection systems do not effectively reflect sequences in the application layer into the detection rules. In our previous work, we considered utilizing sequences for intrusion detection in control systems, and demonstrated the usefulness of sequences for intrusion detection. However, manually writing the detection rules for a large system can be difficult, so using machine learning methods becomes feasible. Also, in the case of control systems, there have been very few observed cyber attacks, so we have very little knowledge of the attack data that should be used to train the intrusion detection system. In this paper, we use an approach that combines CRF (Conditional Random Field) considering the sequence of the system, thus able to reflect the characteristics of control system sequences into the intrusion detection system, and also does not need the knowledge of attack data to construct the detection rules.

Developing the Cyber Victimization Experiences and Cyberbullying Behaviors Scales.

PubMed

Betts, Lucy R; Spenser, Karin A

2017-01-01

The reported prevalence rates of cyber victimization experiences and cyberbullying behaviors vary. Part of this variation is likely due to the diverse definitions and operationalizations of the constructs adopted in previous research and the lack of psychometrically robust measures. Through 2 studies, the authors developed (Study 1) and evaluated (Study 2) the cyber victimization experiences and cyberbullying behaviors scales. Participants in Study 1 were 393 (122 boys, 171 girls) and in Study 2 were 345 (153 boys, 192 girls) 11-15-year-olds who completed measures of cyber victimization experiences, cyberbullying behaviors, face-to-face victimization experiences, face-to-face bullying behaviors, and social desirability. The 3-factor cyber victimization experiences scale comprised threat, shared images, and personal attack. The 3-factor cyberbullying behaviors scale comprised sharing images, gossip, and personal attack. Both scales demonstrated acceptable internal consistency and convergent validity.

A Targeted Attack For Enhancing Resiliency of Intelligent Intrusion Detection Modules in Energy Cyber Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Youssef, Tarek; El Hariri, Mohammad; Habib, Hani

Abstract— Secure high-speed communication is required to ensure proper operation of complex power grid systems and prevent malicious tampering activities. In this paper, artificial neural networks with temporal dependency are introduced for false data identification and mitigation for broadcasted IEC 61850 SMV messages. The fast responses of such intelligent modules in intrusion detection make them suitable for time- critical applications, such as protection. However, care must be taken in selecting the appropriate intelligence model and decision criteria. As such, this paper presents a customizable malware script to sniff and manipulate SMV messages and demonstrates the ability of the malware tomore » trigger false positives in the neural network’s response. The malware developed is intended to be as a vaccine to harden the intrusion detection system against data manipulation attacks by enhancing the neural network’s ability to learn and adapt to these attacks.« less

Final LDRD Report: Using Linkography of Cyber Attack Patterns to Inform Honeytoken Placement.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mitchell, Robert; Jarocki, John Charles; Fisher, Andrew N

The war to establish cyber supremacy continues, and the literature is crowded with strictly technical cyber security measures. We present the results of a three year LDRD project using Linkography, a methodology new to the field of cyber security, we establish the foundation neces- sary to track and profile the microbehavior of humans attacking cyber systems. We also propose ways to leverage this understanding to influence and deceive these attackers. We studied the sci- ence of linkography, applied it to the cyber security domain, implemented a software package to manage linkographs, generated the preprocessing blocks necessary to ingest raw data,more » produced machine learning models, created ontology refinement algorithms and prototyped a web applica- tion for researchers and practitioners to apply linkography. Machine learning produced some of our key results: We trained and validated multinomial classifiers with a real world data set and predicted the attacker's next category of action with 86 to 98% accuracy; dimension reduction techniques indicated that the linkography-based features were among the most powerful. We also discovered ontology refinement algorithms that advanced the state of the art in linkography in general and cyber security in particular. We conclude that linkography is a viable tool for cyber security; we look forward to expanding our work to other data sources and using our prediction results to enable adversary deception techniques. Acknowledgements Thanks to Phil Bennett, Michael Bernard, Jeffrey Bigg, Marshall Daniels, Tyler Dean, David Dug- gan, Carson Kent, Josh Maine, Marci McBride, Nick Peterson, Katie Rodhouse, Asael Sorenson, Roger Suppona, Scott Watson and David Zage. We acknowledge support for this work by the LDRD Program at Sandia National Laboratories. Sandia National Laboratories is a multi-mission laboratory operated by Sandia Corporation for the United States Department of Energy's National Nuclear Security Administration under Contract DE-AC04-94AL85000. This page intentionally left blank.« less

Construction of a Cyber Attack Model for Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert

The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missedmore » if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.« less

75 FR 35508 - Draft Regulatory Guide: Issuance, Availability

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-22

... Systems and Networks,'' requires licensees to develop cyber-security plans and programs to protect critical digital assets, including digital safety systems, from malicious cyber attacks. Regulatory Guide 5.71, ``Cyber Security Programs for Nuclear Facilities,'' provides guidance to meet the requirements of...

Collaborative Defense of Transmission and Distribution Protection and Control Devices Against Cyber Attacks (CODEF) DE-OE0000674. ABB Inc. Final Scientific/Technical Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nuqui, Reynaldo

This report summarizes the activities conducted under the DOE-OE funded project DEOE0000674, where ABB Inc. (ABB), in collaboration with University of Illinois at Urbana-Champaign (UIUC), Bonneville Power Administration (BPA), and Ameren-Illinois (Ameren-IL) pursued the development of a system of collaborative defense of electrical substation’s intelligent electronic devices against cyber-attacks (CODEF). An electrical substation with CODEF features will be more capable of mitigating cyber-attacks especially those that seek to control switching devices. It leverages the security extensions of IEC 61850 to empower existing devices to collaborate in identifying and blocking malicious intents to trip circuit breakers, mis-coordinate devices settings, even thoughmore » the commands and the measurements comply with correct syntax. The CODEF functions utilize the physics of electromagnetic systems, electric power engineering principles, and computer science to bring more in depth cyber defense closer to the protected substation devices.« less

Towards A Theory of Autonomous Reconstitution of Compromised Cyber-Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ramuhalli, Pradeep; Halappanavar, Mahantesh; Coble, Jamie B.

The ability to maintain mission-critical operations in cyber-systems in the face of disruptions is critical. Faults in cyber systems can come from accidental sources (e.g., natural failure of a component) or deliberate sources (e.g., an intelligent adversary). Natural and intentional manipulation of data, computing, or coordination are the most impactful ways that an attacker can prevent an infrastructure from realizing its mission goals. Under these conditions, the ability to reconstitute critical infrastructure becomes important. Specifically, the question is: Given an intelligent adversary, how can cyber systems respond to keep critical infrastructure operational? In cyber systems, the distributed nature of themore » system poses serious difficulties in maintaining operations, in part due to the fact that a centralized command and control apparatus is unlikely to provide a robust framework for resilience. Resilience in cyber-systems, in general, has several components, and requires the ability to anticipate and withstand attacks or faults, as well as recover from faults and evolve the system to improve future resilience. The recovery effort (and any subsequent evolution) may require significant reconfiguration of the system (at all levels – hardware, software, services, permissions, etc.) if the system is to be made resilient to further attack or faults. This is especially important in the case of ongoing attacks, where reconfiguration decisions must be taken with care to avoid further compromising the system while maintaining continuity of operations. Collectively, we will label this recovery and evolution process as “reconstitution”. Currently, reconstitution is performed manually, generally after-the-fact, and usually consists of either standing up redundant systems, check-points (rolling back the configuration to a “clean” state), or re-creating the system using “gold-standard” copies. For enterprise systems, such reconstitution may be performed either directly on hardware, or using virtual machines. A significant challenge within this context is the ability to verify that the reconstitution is performed in a manner that renders the cyber-system resilient to ongoing and future attacks or faults. Fundamentally, the need is to determine optimal configuration of the cyber system when a fault is determined to be present. While existing theories for fault tolerance (for example, Byzantine fault tolerance) can guarantee resilience under certain conditions, in practice, these theories can break down in the face of an intelligent adversary. Further, it is difficult, in a dynamically evolving environment, to determine whether the necessary conditions for resilience have been met, resulting in difficulties in achieving resilient operation. In addition, existing theories do not sufficiently take into account the cost for attack and defense (the adversary is generally assumed to have infinite resources and time), hierarchy of importance (all network resources are assumed to be equally important), and the dynamic nature of some attacks (i.e., as the attack evolves, can resilience be maintained?). Alternative approaches to resilience based on a centralized command and control structure suffer from a single-point-failure. This paper presents preliminary research towards concepts for effective autonomous reconstitution of compromised cyber systems. We describe a mathematical framework as a first step towards a theoretical basis for autonomous reconstitution in dynamic cyber-system environments. We then propose formulating autonomous reconstitution as an optimization problem and describe some of the challenges associated with this formulation. This is followed by a brief discussion on potential solutions to these challenges.« less

Comparison between genetic algorithm and self organizing map to detect botnet network traffic

NASA Astrophysics Data System (ADS)

Yugandhara Prabhakar, Shinde; Parganiha, Pratishtha; Madhu Viswanatham, V.; Nirmala, M.

2017-11-01

In Cyber Security world the botnet attacks are increasing. To detect botnet is a challenging task. Botnet is a group of computers connected in a coordinated fashion to do malicious activities. Many techniques have been developed and used to detect and prevent botnet traffic and the attacks. In this paper, a comparative study is done on Genetic Algorithm (GA) and Self Organizing Map (SOM) to detect the botnet network traffic. Both are soft computing techniques and used in this paper as data analytics system. GA is based on natural evolution process and SOM is an Artificial Neural Network type, uses unsupervised learning techniques. SOM uses neurons and classifies the data according to the neurons. Sample of KDD99 dataset is used as input to GA and SOM.

An analytic approach to cyber adversarial dynamics

NASA Astrophysics Data System (ADS)

Sweeney, Patrick; Cybenko, George

2012-06-01

To date, cyber security investment by both the government and commercial sectors has been largely driven by the myopic best response of players to the actions of their adversaries and their perception of the adversarial environment. However, current work in applying traditional game theory to cyber operations typically assumes that games exist with prescribed moves, strategies, and payos. This paper presents an analytic approach to characterizing the more realistic cyber adversarial metagame that we believe is being played. Examples show that understanding the dynamic metagame provides opportunities to exploit an adversary's anticipated attack strategy. A dynamic version of a graph-based attack-defend game is introduced, and a simulation shows how an optimal strategy can be selected for success in the dynamic environment.

Developing information-space Confidence Building Measures (CBMs) between India and Pakistan

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yamin, Tughral

The Internet has changed the world in ways hitherto unknown. The international financial system, air, land and maritime transport systems are all digitally linked. Similarly most militaries are fully or partially networked. This has not only sped up the decision making processes at all levels, it has also rendered these systems vulnerable to cyber-attacks. Cyber-warfare is now recognized as the most potent form of non-kinetic war fighting. In order to prevent large scale network-attacks, cyber-powers are simultaneously spending a lot of time, money and effort to erect redundant cyber-defenses and enhancing their offensive cyber capabilities. Difficulties in creating a stablemore » environment in information-space stem from differing national perceptions regarding the freedom of the Internet, application of international law and problems associated with attribution. This paper discusses a range of Confidence Building Measures that can be created between India and Pakistan in information-space to control malicious cyber behavior and avert an inadvertent war.« less

A performance study of unmanned aerial vehicle-based sensor networks under cyber attack

NASA Astrophysics Data System (ADS)

Puchaty, Ethan M.

In UAV-based sensor networks, an emerging area of interest is the performance of these networks under cyber attack. This study seeks to evaluate the performance trade-offs from a System-of-Systems (SoS) perspective between various UAV communications architecture options in the context two missions: tracking ballistic missiles and tracking insurgents. An agent-based discrete event simulation is used to model a sensor communication network consisting of UAVs, military communications satellites, ground relay stations, and a mission control center. Network susceptibility to cyber attack is modeled with probabilistic failures and induced data variability, with performance metrics focusing on information availability, latency, and trustworthiness. Results demonstrated that using UAVs as routers increased network availability with a minimal latency penalty and communications satellite networks were best for long distance operations. Redundancy in the number of links between communication nodes helped mitigate cyber-caused link failures and add robustness in cases of induced data variability by an adversary. However, when failures were not independent, redundancy and UAV routing were detrimental in some cases to network performance. Sensitivity studies indicated that long cyber-caused downtimes and increasing failure dependencies resulted in build-ups of failures and caused significant degradations in network performance.

On a simulation study of cyber attacks on vehicle-to-infrastructure communication (V2I) in Intelligent Transportation System (ITS)

NASA Astrophysics Data System (ADS)

Ekedebe, Nnanna; Yu, Wei; Song, Houbing; Lu, Chao

2015-05-01

An intelligent transportation system (ITS) is one typical cyber-physical system (CPS) that aims to provide efficient, effective, reliable, and safe driving experiences with minimal congestion and effective traffic flow management. In order to achieve these goals, various ITS technologies need to work synergistically. Nonetheless, ITS's reliance on wireless connectivity makes it vulnerable to cyber threats. Thus, it is critical to understand the impact of cyber threats on ITS. In this paper, using real-world transportation dataset, we evaluated the consequences of cyber threats - attacks against service availability by jamming the communication channel of ITS. In this way, we can have a better understanding of the importance of ensuring adequate security respecting safety and life-critical ITS applications before full and expensive real-world deployments. Our experimental data shows that cyber threats against service availability could adversely affect traffic efficiency and safety performances evidenced by exacerbated travel time, fuel consumed, and other evaluated performance metrics as the communication network is compromised. Finally, we discuss a framework to make ITS secure and more resilient against cyber threats.

Timing of cyber conflict.

PubMed

Axelrod, Robert; Iliev, Rumen

2014-01-28

Nations are accumulating cyber resources in the form of stockpiles of zero-day exploits as well as other novel methods of engaging in future cyber conflict against selected targets. This paper analyzes the optimal timing for the use of such cyber resources. A simple mathematical model is offered to clarify how the timing of such a choice can depend on the stakes involved in the present situation, as well as the characteristics of the resource for exploitation. The model deals with the question of when the resource should be used given that its use today may well prevent it from being available for use later. The analysis provides concepts, theory, applications, and distinctions to promote the understanding strategy aspects of cyber conflict. Case studies include the Stuxnet attack on Iran's nuclear program, the Iranian cyber attack on the energy firm Saudi Aramco, the persistent cyber espionage carried out by the Chinese military, and an analogous case of economic coercion by China in a dispute with Japan. The effects of the rapidly expanding market for zero-day exploits are also analyzed. The goal of the paper is to promote the understanding of this domain of cyber conflict to mitigate the harm it can do, and harness the capabilities it can provide.

Towards the cyber security paradigm of ehealth: Resilience and design aspects

NASA Astrophysics Data System (ADS)

Rajamäki, Jyri; Pirinen, Rauno

2017-06-01

Digital technologies have significantly changed the role of healthcare clients in seeking and receiving medical help, as well as brought up more cooperative policy issues in healthcare cross-border services. Citizens continue to take a more co-creative role in decisions about their own healthcare, and new technologies can enable and facilitate this emergent trend. In this study, healthcare services have been intended as a critical societal sector and therefore healthcare systems are focused on as critical infrastructures that ought to be protected from all types of fears, including cyber security threats and attacks. Despite continual progress in the systemic risk management of cyber domain, it is clear that anticipation and prevention of all possible types of attack and malfunction are not achievable for current or future cyber infrastructures. This study focuses on the investigation of a cyber security paradigm, adaptive systems and sense of resilience in a healthcare critical information infrastructure.

Recommendations for Model Driven Paradigms for Integrated Approaches to Cyber Defense

DTIC Science & Technology

2017-03-06

analogy (e.g., Susceptible, Infected, Recovered [SIR]) • Abstract wargaming: game -theoretic model of cyber conflict without modeling the underlying...malware. 3.7 Abstract Wargaming Here, a game -theoretic process is modeled with moves and effects inspired by cyber conflict but without modeling the...underlying processes of cyber attack and defense. Examples in literature include the following: • Cho J-H, Gao J. Cyber war game in temporal networks

Structural Causes and Cyber Effects: A Response to Our Critics

DTIC Science & Technology

2015-01-01

the incident, saying “North Korea’s attack on [Sony] reaf- firms that cyber threats pose one of the gravest national security dangers to the United...around the world to strengthen cyber - security , promote norms of acceptable state behavior, uphold freedom of expression, and ensure that the Internet... cyber working group that made progress toward “interna- tional cyberspace rules, and measures to boost dialogue and cooperation on cyber security .”15

Autonomous bio-chemical decontaminator (ABCD) against weapons of mass destruction

NASA Astrophysics Data System (ADS)

Hyacinthe, Berg P.

2006-05-01

The proliferation of weapons of mass destruction (WMD) and the use of such elements pose an eminent asymmetric threat with disastrous consequences to the national security of any nation. In particular, the use of biochemical warfare agents against civilians and unprotected troops in international conflicts or by terrorists against civilians is considered as a very peculiar threat. Accordingly, taking a quarantine-before-inhalation approach to biochemical warfare, the author introduces the notion of autonomous biochemical decontamination against WMD. In the unfortunate event of a biochemical attack, the apparatus proposed herein is intended to automatically detect, identify, and more importantly neutralize a biochemical threat. Along with warnings concerning a cyber-WMD nexus, various sections cover discussions on human senses and computer sensors, corroborating evidence related to detection and neutralization of chemical toxins, and cyber-assisted olfaction in stand alone, peer-to-peer, and network settings. In essence, the apparatus can be used in aviation and mass transit security to initiate mass decontamination by dispersing a decontaminant aerosol or to protect the public water supply against a potential bioterrorist attack. Future effort may involve a system-on-chip (SoC) embodiment of this apparatus that allows a safer environment for the emerging phenomenon of cyber-assisted olfaction and morph cell phones into ubiquitous sensors/decontaminators. Although this paper covers mechanisms and protocols to avail a neutralizing substance, further research will need to explore the substance's various pharmacological profiles and potential side effects.

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

Cyber-Attack Methods, Why They Work on Us, and What to Do

NASA Technical Reports Server (NTRS)

Byrne, DJ

2015-01-01

Basic cyber-attack methods are well documented, and even automated with user-friendly GUIs (Graphical User Interfaces). Entire suites of attack tools are legal, conveniently packaged, and freely downloadable to anyone; more polished versions are sold with vendor support. Our team ran some of these against a selected set of projects within our organization to understand what the attacks do so that we can design and validate defenses against them. Some existing defenses were effective against the attacks, some less so. On average, every machine had twelve easily identifiable vulnerabilities, two of them "critical". Roughly 5% of passwords in use were easily crack-able. We identified a clear set of recommendations for each project, and some common patterns that emerged among them all.

Applying the Scientific Method of Cybersecurity Research

DOE Office of Scientific and Technical Information (OSTI.GOV)

Tardiff, Mark F.; Bonheyo, George T.; Cort, Katherine A.

The cyber environment has rapidly evolved from a curiosity to an essential component of the contemporary world. As the cyber environment has expanded and become more complex, so have the nature of adversaries and styles of attacks. Today, cyber incidents are an expected part of life. As a result, cybersecurity research emerged to address adversarial attacks interfering with or preventing normal cyber activities. Historical response to cybersecurity attacks is heavily skewed to tactical responses with an emphasis on rapid recovery. While threat mitigation is important and can be time critical, a knowledge gap exists with respect to developing the sciencemore » of cybersecurity. Such a science will enable the development and testing of theories that lead to understanding the broad sweep of cyber threats and the ability to assess trade-offs in sustaining network missions while mitigating attacks. The Asymmetric Resilient Cybersecurity Initiative at Pacific Northwest National Laboratory is a multi-year, multi-million dollar investment to develop approaches for shifting the advantage to the defender and sustaining the operability of systems under attack. The initiative established a Science Council to focus attention on the research process for cybersecurity. The Council shares science practices, critiques research plans, and aids in documenting and reporting reproducible research results. The Council members represent ecology, economics, statistics, physics, computational chemistry, microbiology and genetics, and geochemistry. This paper reports the initial work of the Science Council to implement the scientific method in cybersecurity research. The second section describes the scientific method. The third section in this paper discusses scientific practices for cybersecurity research. Section four describes initial impacts of applying the science practices to cybersecurity research.« less

Leaks in the National Information Infrastructure Dam: Who Should Protect It?

DTIC Science & Technology

2004-04-01

have paid off cyber criminals who threatened to attack their computer systems and destroy their data unless a ‘ransom’ was paid. These cyber...sharing information with law enforcement and appropriate industry groups will we be able to identify and prosecute cyber criminals , identify new

Cyberspace: Time to Reassess, Reorganize, and Resource for Evolving Threats

DTIC Science & Technology

2012-03-15

reflecting on what types of cyber activities have the potential to change the strategic landscape. Arguably an attack by cyber criminals on the...their ability to hire or develop hacker talent.18 Nation states can use cyber criminals as a proxy to commit crimes against other nations in an

Business continuity strategies for cyber defence: battling time and information overload.

PubMed

Streufert, John

2010-11-01

Can the same numbers and letters which are the life blood of modern business and government computer systems be harnessed to protect computers from attack against known information security risks? For the past seven years, Foreign Service officers and technicians of the US Government have sought to maintain diplomatic operations in the face of rising cyber attacks and test the hypothesis that an ounce of prevention is worth a pound of cure. As eight out of ten attacks leverage known computer security vulnerabilities or configuration setting weaknesses, a pound of cure would seem to be easy to come by. Yet modern security tools present an unusually consequential threat to business continuity - too much rather than too little information on cyber problems is presented, harking back to a phenomenon cited by social scientists in the 1960s called 'information overload'. Experience indicates that the longer the most serious cyber problems go untreated, the wider the attack surface adversaries can find. One technique used at the Department of State, called 'risk scoring', resulted in an 89 per cent overall reduction in measured risk over 12 months for the Department of State's servers and personal computers. Later refinements of risk scoring enabled technicians to correct unique security threats with unprecedented speed. This paper explores how the use of metrics, special care in presenting information to technicians and executives alike, as well as tactical use of organisational incentives can result in stronger cyber defences protecting modern organisations.

Adaptive cyber-attack modeling system

NASA Astrophysics Data System (ADS)

Gonsalves, Paul G.; Dougherty, Edward T.

2006-05-01

The pervasiveness of software and networked information systems is evident across a broad spectrum of business and government sectors. Such reliance provides an ample opportunity not only for the nefarious exploits of lone wolf computer hackers, but for more systematic software attacks from organized entities. Much effort and focus has been placed on preventing and ameliorating network and OS attacks, a concomitant emphasis is required to address protection of mission critical software. Typical software protection technique and methodology evaluation and verification and validation (V&V) involves the use of a team of subject matter experts (SMEs) to mimic potential attackers or hackers. This manpower intensive, time-consuming, and potentially cost-prohibitive approach is not amenable to performing the necessary multiple non-subjective analyses required to support quantifying software protection levels. To facilitate the evaluation and V&V of software protection solutions, we have designed and developed a prototype adaptive cyber attack modeling system. Our approach integrates an off-line mechanism for rapid construction of Bayesian belief network (BN) attack models with an on-line model instantiation, adaptation and knowledge acquisition scheme. Off-line model construction is supported via a knowledge elicitation approach for identifying key domain requirements and a process for translating these requirements into a library of BN-based cyber-attack models. On-line attack modeling and knowledge acquisition is supported via BN evidence propagation and model parameter learning.

Cyber-Informed Engineering: The Need for a New Risk Informed and Design Methodology

DOE Office of Scientific and Technical Information (OSTI.GOV)

Price, Joseph Daniel; Anderson, Robert Stephen

Current engineering and risk management methodologies do not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Current methodologies focus on equipment failures or human error as initiating events for a hazard, while cyber attacks use the functionality of a trusted system to perform operations outside of the intended design and without the operator’s knowledge. These threats can by-pass or manipulate traditionally engineered safety barriers and present false information, invalidating the fundamental basis of a safety analysis. Cyber threats must be fundamentally analyzed from a completely new perspective where neither equipment nor human operationmore » can be fully trusted. A new risk analysis and design methodology needs to be developed to address this rapidly evolving threatscape.« less

On a simulation study for reliable and secured smart grid communications

NASA Astrophysics Data System (ADS)

Mallapuram, Sriharsha; Moulema, Paul; Yu, Wei

2015-05-01

Demand response is one of key smart grid applications that aims to reduce power generation at peak hours and maintain a balance between supply and demand. With the support of communication networks, energy consumers can become active actors in the energy management process by adjusting or rescheduling their electricity usage during peak hours based on utilities pricing incentives. Nonetheless, the integration of communication networks expose the smart grid to cyber-attacks. In this paper, we developed a smart grid simulation test-bed and designed evaluation scenarios. By leveraging the capabilities of Matlab and ns-3 simulation tools, we conducted a simulation study to evaluate the impact of cyber-attacks on demand response application. Our data shows that cyber-attacks could seriously disrupt smart grid operations, thus confirming the need of secure and resilient communication networks for supporting smart grid operations.

2008 Defense Industrial Base Critical Infrastructure Protection Conference (DIB-CBIP)

DTIC Science & Technology

2008-04-09

a cloak -and- dagger thing. It’s about computer architecture and the soundness of electronic systems." Joel Brenner, ODNI Counterintelligence Office...to support advanced network exploitation and launch attacks on the informational and physical elements of our cyber infrastructure. In order to...entities and is vulnerable to attacks and manipulation. Operations in the cyber domain have the ability to impact operations in other war-fighting

Anti-social networking: crowdsourcing and the cyber defence of national critical infrastructures.

PubMed

Johnson, Chris W

2014-01-01

We identify four roles that social networking plays in the 'attribution problem', which obscures whether or not cyber-attacks were state-sponsored. First, social networks motivate individuals to participate in Distributed Denial of Service attacks by providing malware and identifying potential targets. Second, attackers use an individual's social network to focus attacks, through spear phishing. Recipients are more likely to open infected attachments when they come from a trusted source. Third, social networking infrastructures create disposable architectures to coordinate attacks through command and control servers. The ubiquitous nature of these architectures makes it difficult to determine who owns and operates the servers. Finally, governments recruit anti-social criminal networks to launch attacks on third-party infrastructures using botnets. The closing sections identify a roadmap to increase resilience against the 'dark side' of social networking.

A Survey of Security Tools for the Industrial Control System Environment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Carl M.; McCarty, Michael V.

This report details the results of a survey conducted by Idaho National Laboratory (INL) to identify existing tools which could be used to prevent, detect, mitigate, or investigate a cyber-attack in an industrial control system (ICS) environment. This report compiles a list of potentially applicable tools and shows the coverage of the tools in an ICS architecture.

Designing and Operating Through Compromise: Architectural Analysis of CKMS for the Advanced Metering Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duren, Mike; Aldridge, Hal; Abercrombie, Robert K

2013-01-01

Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution andmore » management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.« less

Defending the New Domain: Cyberspace

DTIC Science & Technology

2011-03-21

and time consuming, the FBI has proven technology, techniques, and procedures to hunt down and capture cyber criminals , despite the anonymity of the...help stop cyber crime and make it harder for cyber criminals to commit crime on the internet. MILITARY The U.S. military relies on DoD...one country and attacking another. Cyber criminals are using servers and proxies in one country to execute their criminal activities in another

75 FR 65618 - Commission Information Collection Activities (FERC-725B); Comment Request; Extension

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-26

... requirements to safeguard critical cyber assets.\\4\\ These standards help protect the nation's Bulk-Power System against potential disruptions from cyber attacks.\\5\\ \\3\\ CIP-002-1, CIP-003-1, CIP-004-1, CIP-005-1, CIP... Cyber Asset Identification. Security Management Controls. Personnel and Training. Electronic Security...

Constructing a Cyber Preparedness Framework (CPF): The Lockheed Martin Case Study

ERIC Educational Resources Information Center

Beyer, Dawn M.

2014-01-01

The protection of sensitive data and technologies is critical in preserving United States (U.S.) national security and minimizing economic losses. However, during a cyber attack, the operational capability to constrain the exfiltrations of sensitive data and technologies may not be available. A cyber preparedness methodology (CPM) can improve…

Timing of cyber conflict

PubMed Central

Axelrod, Robert; Iliev, Rumen

2014-01-01

Nations are accumulating cyber resources in the form of stockpiles of zero-day exploits as well as other novel methods of engaging in future cyber conflict against selected targets. This paper analyzes the optimal timing for the use of such cyber resources. A simple mathematical model is offered to clarify how the timing of such a choice can depend on the stakes involved in the present situation, as well as the characteristics of the resource for exploitation. The model deals with the question of when the resource should be used given that its use today may well prevent it from being available for use later. The analysis provides concepts, theory, applications, and distinctions to promote the understanding strategy aspects of cyber conflict. Case studies include the Stuxnet attack on Iran’s nuclear program, the Iranian cyber attack on the energy firm Saudi Aramco, the persistent cyber espionage carried out by the Chinese military, and an analogous case of economic coercion by China in a dispute with Japan. The effects of the rapidly expanding market for zero-day exploits are also analyzed. The goal of the paper is to promote the understanding of this domain of cyber conflict to mitigate the harm it can do, and harness the capabilities it can provide. PMID:24474752

Situational Awareness of Network System Roles (SANSR)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Huffer, Kelly M; Reed, Joel W

In a large enterprise it is difficult for cyber security analysts to know what services and roles every machine on the network is performing (e.g., file server, domain name server, email server). Using network flow data, already collected by most enterprises, we developed a proof-of-concept tool that discovers the roles of a system using both clustering and categorization techniques. The tool's role information would allow cyber analysts to detect consequential changes in the network, initiate incident response plans, and optimize their security posture. The results of this proof-of-concept tool proved to be quite accurate on three real data sets. Wemore » will present the algorithms used in the tool, describe the results of preliminary testing, provide visualizations of the results, and discuss areas for future work. Without this kind of situational awareness, cyber analysts cannot quickly diagnose an attack or prioritize remedial actions.« less

INL@Work Cyber Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chaffin, May

May Chaffin is one of many Idaho National Laboratory researchers who are helping secure the nation's critical infrastructure from cyber attacks.Lots more content like this is available at INL's facebook page http://www.facebook.com/idahonationallaboratory.

76 FR 76021 - Critical Infrastructure Protection Month, 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-06

..., we must also address the growing threat cyber attacks present to our transportation networks... action against cyber threats. To ensure the safety of our most vital operations, we are working to give...

Hypergame theory applied to cyber attack and defense

NASA Astrophysics Data System (ADS)

House, James Thomas; Cybenko, George

2010-04-01

This work concerns cyber attack and defense in the context of game theory--specifically hypergame theory. Hypergame theory extends classical game theory with the ability to deal with differences in players' expertise, differences in their understanding of game rules, misperceptions, and so forth. Each of these different sub-scenarios, or subgames, is associated with a probability--representing the likelihood that the given subgame is truly "in play" at a given moment. In order to form an optimal attack or defense policy, these probabilities must be learned if they're not known a-priori. We present hidden Markov model and maximum entropy approaches for accurately learning these probabilities through multiple iterations of both normal and modified game play. We also give a widely-applicable approach for the analysis of cases where an opponent is aware that he is being studied, and intentionally plays to spoil the process of learning and thereby obfuscate his attributes. These are considered in the context of a generic, abstract cyber attack example. We demonstrate that machine learning efficacy can be heavily dependent on the goals and styles of participant behavior. To this end detailed simulation results under various combinations of attacker and defender behaviors are presented and analyzed.

Challenges in the Protection of US Critical Infrastructure in the Cyber Realm

DTIC Science & Technology

2014-05-22

their nature and motivation and the need to differentiate attacks in case of individual attributions ( criminal , espionage, and hacktivist attack vs ...also difficult to distinguish between acts of war and criminal acts. For example, it is natural for the military to be ambiguous as to whether an...must be addressed. The resultant cyber security issues challenge everyone. This prompts the question, what is the nature of the US military

An approach to detecting deliberately introduced defects and micro-defects in 3D printed objects

NASA Astrophysics Data System (ADS)

Straub, Jeremy

2017-05-01

In prior work, Zeltmann, et al. demonstrated the negative impact that can be created by defects of various sizes in 3D printed objects. These defects may make the object unsuitable for its application or even present a hazard, if the object is being used for a safety-critical application. With the uses of 3D printing proliferating and consumer access to printers increasing, the desire of a nefarious individual or group to subvert the desired printing quality and safety attributes of a printer or printed object must be considered. Several different approaches to subversion may exist. Attackers may physically impair the functionality of the printer or launch a cyber-attack. Detecting introduced defects, from either attack, is critical to maintaining public trust in 3D printed objects and the technology. This paper presents an alternate approach. It applies a quality assurance technology based on visible light sensing to this challenge and assesses its capability for detecting introduced defects of multiple sizes.

Cyber Warfare as a Form of Conflict: Evaluation of Models of Cyber Conflict as a Prototype to Conceptual Analysis

ERIC Educational Resources Information Center

Liles, Samuel P.

2012-01-01

In April 2007, what has been incorrectly called the first cyber war and since then referred more correctly as a cyber riot, an attack on the domain name systems and the various servers of Estonia occurred. It was perpetrated by ethnic Russians living in Estonia who were incensed by the movement of a bronze war memorial for Russian soldiers to a…

Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

ERIC Educational Resources Information Center

Shim, Woohyun

2010-01-01

An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

Google and the "Twisted Cyber Spy" Affair: US-Chinese Communication in an Age of Globalization

ERIC Educational Resources Information Center

Hartnett, Stephen John

2011-01-01

The "twisted cyber spy" affair began in 2010, when Google was attacked by Chinese cyber-warriors charged with stealing Google's intellectual property, planting viruses in its computers, and hacking the accounts of Chinese human rights activists. In the ensuing international embroglio, the US mainstream press, corporate leaders, and White…

Cyber Terrorism: A Study of the Extent of Coverage in Computer Security Textbooks

ERIC Educational Resources Information Center

Prichard, Janet J.; MacDonald, Laurie E.

2004-01-01

On September 11th, 2001 the United States experienced the largest terrorist attack in its history. This event caused many government agencies to review their security practices and procedures. It also has raised awareness of other avenues that terrorists might pursue to achieve their goals, including cyber terrorism. Cyber terrorism can be…

78 FR 66603 - Critical Infrastructure Security and Resilience Month, 2013

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-05

... shore up our defenses against physical and cyber incidents. In tandem with my Executive Order on... hazards including terrorism and natural disasters, as well as cyber attacks. We must ensure that the...

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

SERC 2014-2018 Technical Plan

DTIC Science & Technology

2013-10-25

assurance-case analysis that are not only more powerful in anomaly detection , but also leading to stronger possibilities for positive assurance and to...PAGES 50 19a. NAME OF RESPONSIBLE PERSON a. REPORT unclassified b. ABSTRACT unclassified c . THIS PAGE unclassified Standard Form 298 (Rev. 8...base for responding to cyber-attacks; and ( c ) combine techniques developed for automatic control systems in a manner that will both enable defense

Security Engineering Pilot

DTIC Science & Technology

2013-02-28

needed to detect and isolate the compromised component • Prevent a cyber attack exploit from reading enough information to form a coherent data set...Analysis Signal Copy Selected Sub-Bands • Gimbaled, Stabilized EO/IR Camera Ball • High Precision GPS & INS (eventual swarm capable inter-UAV coherent ... LIDAR , HSI, Chem-Bio • Multi-Platform Distributed Sensor Experiments (eg, MIMO) • Autonomous & Collaborative Multi-Platform Control • Space for

Cyber-Informed Engineering

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Robert S.; Benjamin, Jacob; Wright, Virginia L.

A continuing challenge for engineers who utilize digital systems is to understand the impact of cyber-attacks across the entire product and program lifecycle. This is a challenge due to the evolving nature of cyber threats that may impact the design, development, deployment, and operational phases of all systems. Cyber Informed Engineering is the process by which engineers are made aware of both how to use their engineering knowledge to positively impact the cyber security in the processes by which they architect and design components and the services and security of the components themselves.

No-hardware-signature cybersecurity-crypto-module: a resilient cyber defense agent

NASA Astrophysics Data System (ADS)

Zaghloul, A. R. M.; Zaghloul, Y. A.

2014-06-01

We present an optical cybersecurity-crypto-module as a resilient cyber defense agent. It has no hardware signature since it is bitstream reconfigurable, where single hardware architecture functions as any selected device of all possible ones of the same number of inputs. For a two-input digital device, a 4-digit bitstream of 0s and 1s determines which device, of a total of 16 devices, the hardware performs as. Accordingly, the hardware itself is not physically reconfigured, but its performance is. Such a defense agent allows the attack to take place, rendering it harmless. On the other hand, if the system is already infected with malware sending out information, the defense agent allows the information to go out, rendering it meaningless. The hardware architecture is immune to side attacks since such an attack would reveal information on the attack itself and not on the hardware. This cyber defense agent can be used to secure a point-to-point, point-to-multipoint, a whole network, and/or a single entity in the cyberspace. Therefore, ensuring trust between cyber resources. It can provide secure communication in an insecure network. We provide the hardware design and explain how it works. Scalability of the design is briefly discussed. (Protected by United States Patents No.: US 8,004,734; US 8,325,404; and other National Patents worldwide.)

Agent-Centric Approach for Cybersecurity Decision-Support with Partial Observability

DOE Office of Scientific and Technical Information (OSTI.GOV)

Tipireddy, Ramakrishna; Chatterjee, Samrat; Paulson, Patrick R.

Generating automated cyber resilience policies for real-world settings is a challenging research problem that must account for uncertainties in system state over time and dynamics between attackers and defenders. In addition to understanding attacker and defender motives and tools, and identifying “relevant” system and attack data, it is also critical to develop rigorous mathematical formulations representing the defender’s decision-support problem under uncertainty. Game-theoretic approaches involving cyber resource allocation optimization with Markov decision processes (MDP) have been previously proposed in the literature. Moreover, advancements in reinforcement learning approaches have motivated the development of partially observable stochastic games (POSGs) in various multi-agentmore » problem domains with partial information. Recent advances in cyber-system state space modeling have also generated interest in potential applicability of POSGs for cybersecurity. However, as is the case in strategic card games such as poker, research challenges using game-theoretic approaches for practical cyber defense applications include: 1) solving for equilibrium and designing efficient algorithms for large-scale, general problems; 2) establishing mathematical guarantees that equilibrium exists; 3) handling possible existence of multiple equilibria; and 4) exploitation of opponent weaknesses. Inspired by advances in solving strategic card games while acknowledging practical challenges associated with the use of game-theoretic approaches in cyber settings, this paper proposes an agent-centric approach for cybersecurity decision-support with partial system state observability.« less

Cyber-Physical Correlations for Infrastructure Resilience: A Game-Theoretic Approach

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S; He, Fei; Ma, Chris Y. T.

In several critical infrastructures, the cyber and physical parts are correlated so that disruptions to one affect the other and hence the whole system. These correlations may be exploited to strategically launch components attacks, and hence must be accounted for ensuring the infrastructure resilience, specified by its survival probability. We characterize the cyber-physical interactions at two levels: (i) the failure correlation function specifies the conditional survival probability of cyber sub-infrastructure given the physical sub-infrastructure as a function of their marginal probabilities, and (ii) the individual survival probabilities of both sub-infrastructures are characterized by first-order differential conditions. We formulate a resiliencemore » problem for infrastructures composed of discrete components as a game between the provider and attacker, wherein their utility functions consist of an infrastructure survival probability term and a cost term expressed in terms of the number of components attacked and reinforced. We derive Nash Equilibrium conditions and sensitivity functions that highlight the dependence of infrastructure resilience on the cost term, correlation function and sub-infrastructure survival probabilities. These results generalize earlier ones based on linear failure correlation functions and independent component failures. We apply the results to models of cloud computing infrastructures and energy grids.« less

An assessment of the cyber security legislation and its impact on the United States electrical sector

NASA Astrophysics Data System (ADS)

Born, Joshua

The purpose of this research was to examine the cyber-security posture for the United States' electrical grid, which comprises a major component of critical infrastructure for the country. The United States electrical sector is so vast, that the Department of Homeland Security (DHS) estimates, it contains more than 6,413 power plants (this includes 3,273 traditional electric utilities and 1,738 nonutility power producers) with approximately 1,075 gigawatts of energy produced on a daily basis. A targeted cyber-security attack against the electric grid would likely have catastrophic results and could even serve as a precursor to a physical attack against the United States. A recent report by the consulting firm Black and Veatch found that one of the top five greatest concerns for United States electric utilities is the risk that cybersecurity poses to their industry and yet, only one-third state they are currently prepared to meet the increasingly likely threat. The report goes on to state, "only 32% of electric utilities surveyed had integrated security systems with the proper segmentation, monitoring and redundancies needed for cyber threat protection. Another 48 % said they did not" Recent estimates indicate that a large-scale cyber-attack against this sector could cost the United States economy as much as a trillion dollars within a weeks' time. Legislative efforts in the past have primarily been focused on creating mandates that encourage public and private partnership, which have been not been adopted as quickly as desired. With 85 % of all electric utilities being privately owned, it is key that the public and private sector partner in order to mitigate risks and respond as a cohesive unit in the event of a major attack. Keywords: Cybersecurity, Professor Riddell, cyber security, energy, intelligence, outlook, electrical, compliance, legislation, partnerships, critical infrastructure.

SURVIVABILITY THROUGH OPTIMIZING RESILIENT MECHANISMS (STORM)

DTIC Science & Technology

2017-04-01

STATEMENT Approved for Public Release; Distribution Unlimited. PA# 88ABW-2017-0894 Date Cleared: 07 Mar 2017 13. SUPPLEMENTARY NOTES 14. ABSTRACT Game ...quantitatively about cyber-attacks. Game theory is the branch of applied mathematics that formalizes strategic interaction among intelligent rational agents...mechanism based on game theory. This work has applied game theory to numerous cyber security problems: cloud security, cyber threat information sharing

R&D100 Finalist: Neuromorphic Cyber Microscope

DOE Office of Scientific and Technical Information (OSTI.GOV)

Follett, David; Naegle, John; Suppona, Roger

The Neuromorphic Cyber Microscope provides security analysts with unprecedented visibility of their network, computer and storage assets. This processor is the world's first practical implementation of neuromorphic technology to a major computer science mission. Working with Lewis Rhodes Labs, engineers at Sandia National Laboratories have created a device that is orders of magnitude faster at analyzing data to identify cyber-attacks.

Resilience of Cyber Systems with Over- and Underregulation.

PubMed

Gisladottir, Viktoria; Ganin, Alexander A; Keisler, Jeffrey M; Kepner, Jeremy; Linkov, Igor

2017-09-01

Recent cyber attacks provide evidence of increased threats to our critical systems and infrastructure. A common reaction to a new threat is to harden the system by adding new rules and regulations. As federal and state governments request new procedures to follow, each of their organizations implements their own cyber defense strategies. This unintentionally increases time and effort that employees spend on training and policy implementation and decreases the time and latitude to perform critical job functions, thus raising overall levels of stress. People's performance under stress, coupled with an overabundance of information, results in even more vulnerabilities for adversaries to exploit. In this article, we embed a simple regulatory model that accounts for cybersecurity human factors and an organization's regulatory environment in a model of a corporate cyber network under attack. The resulting model demonstrates the effect of under- and overregulation on an organization's resilience with respect to insider threats. Currently, there is a tendency to use ad-hoc approaches to account for human factors rather than to incorporate them into cyber resilience modeling. It is clear that using a systematic approach utilizing behavioral science, which already exists in cyber resilience assessment, would provide a more holistic view for decisionmakers. © 2016 Society for Risk Analysis.

Proactive malware detection

NASA Astrophysics Data System (ADS)

Gloster, Jonathan; Diep, Michael; Dredden, David; Mix, Matthew; Olsen, Mark; Price, Brian; Steil, Betty

2014-06-01

Small-to-medium sized businesses lack resources to deploy and manage high-end advanced solutions to deter sophisticated threats from well-funded adversaries, but evidence shows that these types of businesses are becoming key targets. As malicious code and network attacks become more sophisticated, classic signature-based virus and malware detection methods are less effective. To augment the current malware methods of detection, we developed a proactive approach to detect emerging malware threats using open source tools and intelligence to discover patterns and behaviors of malicious attacks and adversaries. Technical and analytical skills are combined to track adversarial behavior, methods and techniques. We established a controlled (separated domain) network to identify, monitor, and track malware behavior to increase understanding of the methods and techniques used by cyber adversaries. We created a suite of tools that observe the network and system performance looking for anomalies that may be caused by malware. The toolset collects information from open-source tools and provides meaningful indicators that the system was under or has been attacked. When malware is discovered, we analyzed and reverse engineered it to determine how it could be detected and prevented. Results have shown that with minimum resources, cost effective capabilities can be developed to detect abnormal behavior that may indicate malicious software.

3 CFR 8760 - Proclamation 8760 of November 30, 2011. Critical Infrastructure Protection Month, 2011

Code of Federal Regulations, 2012 CFR

2012-01-01

..., we must also address the growing threat cyber attacks present to our transportation networks... action against cyber threats. To ensure the safety of our most vital operations, we are working to give...

Multi-Centrality Graph Spectral Decompositions and Their Application to Cyber Intrusion Detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, Pin-Yu; Choudhury, Sutanay; Hero, Alfred

Many modern datasets can be represented as graphs and hence spectral decompositions such as graph principal component analysis (PCA) can be useful. Distinct from previous graph decomposition approaches based on subspace projection of a single topological feature, e.g., the centered graph adjacency matrix (graph Laplacian), we propose spectral decomposition approaches to graph PCA and graph dictionary learning that integrate multiple features, including graph walk statistics, centrality measures and graph distances to reference nodes. In this paper we propose a new PCA method for single graph analysis, called multi-centrality graph PCA (MC-GPCA), and a new dictionary learning method for ensembles ofmore » graphs, called multi-centrality graph dictionary learning (MC-GDL), both based on spectral decomposition of multi-centrality matrices. As an application to cyber intrusion detection, MC-GPCA can be an effective indicator of anomalous connectivity pattern and MC-GDL can provide discriminative basis for attack classification.« less

Cyber risk and privacy liability: a click in the right direction?

PubMed

McDonough, William J

2007-01-01

Cyber risk and privacy exposure exert an impact upon virtually every aspect of a healthcare organization (HCO)--assets, clinical operations, finances and reputation. Exposure is enterprise-wide and includes risk to both physical and non-physical assets in increasing degrees. The consequences of a cyber attack or privacy breach could be operationally and financially catastrophic, so an HCO's move toward an enterprise-wide approach at identifying and minimizing risk, cyber and privacy liability should be on the radar screen for risk managers and leadership.

Expanding the Department of Defense’s Role in Cyber Civil Support

DTIC Science & Technology

2011-06-17

vulnerability of this very crucial domain. They include the Y2K problem, the Estonia cyber-attacks in 2007, and the role of cyber in the Russian-Georgia...cyber security vulnerabilities associated with critical infrastructure. The Year 2000 Challenge The Year 2000 ( Y2K ) problem was the result of...and microprocessors failed to make the correct transition from 1999 to 2000.19 One of the most critical concerns with Y2K was the potential cascading

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Index of cyber integrity

NASA Astrophysics Data System (ADS)

Anderson, Gustave

2014-05-01

Unfortunately, there is no metric, nor set of metrics, that are both general enough to encompass all possible types of applications yet specific enough to capture the application and attack specific details. As a result we are left with ad-hoc methods for generating evaluations of the security of our systems. Current state of the art methods for evaluating the security of systems include penetration testing and cyber evaluation tests. For these evaluations, security professionals simulate an attack from malicious outsiders and malicious insiders. These evaluations are very productive and are able to discover potential vulnerabilities resulting from improper system configuration, hardware and software flaws, or operational weaknesses. We therefore propose the index of cyber integrity (ICI), which is modeled after the index of biological integrity (IBI) to provide a holistic measure of the health of a system under test in a cyber-environment. The ICI provides a broad base measure through a collection of application and system specific metrics. In this paper, following the example of the IBI, we demonstrate how a multi-metric index may be used as a holistic measure of the health of a system under test in a cyber-environment.

3 CFR 9047 - Proclamation 9047 of October 31, 2013. Critical Infrastructure Security and Resilience Month, 2013

Code of Federal Regulations, 2014 CFR

2014-01-01

... defenses against physical and cyber incidents. In tandem with my Executive Order on cybersecurity, this... natural disasters, as well as cyber attacks. We must ensure that the Federal Government works with all...

A comprehensive Network Security Risk Model for process control networks.

PubMed

Henry, Matthew H; Haimes, Yacov Y

2009-02-01

The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

NASA Astrophysics Data System (ADS)

Navare, Jyoti; Gemikonakli, Orhan

Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

Data to DecisionsTerminate, Tolerate, Transfer, or Treat

DTIC Science & Technology

2016-07-25

and patching, a risk-based cyber - security decision model that enables a pre- dictive capability to respond to impending cyber -attacks is needed...States. This sensitive data includes business proprietary information on key programs of record and infrastructure, including government documents at...leverage nationally. The Institute for Defense Analyses (IDA) assisted the DoD CIO in formalizing a proof of concept for cyber initiatives and

Operationalizing Army Cyber

DTIC Science & Technology

2013-03-01

killed just under 3,000 people and cost the U.S. economy somewhere between three and five trillion dollars. The Japanese attacked with a state... economy , and military readiness. The challenge is to design an Army Cyber force that can support the United States Cyber Command (USCYBERCOM) national...still keeps the intelligence and signal functions separate in most units today from battalion to echelon above Corps ( EAC ). There are many past reasons

Risk assessment by dynamic representation of vulnerability, exploitation, and impact

NASA Astrophysics Data System (ADS)

Cam, Hasan

2015-05-01

Assessing and quantifying cyber risk accurately in real-time is essential to providing security and mission assurance in any system and network. This paper presents a modeling and dynamic analysis approach to assessing cyber risk of a network in real-time by representing dynamically its vulnerabilities, exploitations, and impact using integrated Bayesian network and Markov models. Given the set of vulnerabilities detected by a vulnerability scanner in a network, this paper addresses how its risk can be assessed by estimating in real-time the exploit likelihood and impact of vulnerability exploitation on the network, based on real-time observations and measurements over the network. The dynamic representation of the network in terms of its vulnerabilities, sensor measurements, and observations is constructed dynamically using the integrated Bayesian network and Markov models. The transition rates of outgoing and incoming links of states in hidden Markov models are used in determining exploit likelihood and impact of attacks, whereas emission rates help quantify the attack states of vulnerabilities. Simulation results show the quantification and evolving risk scores over time for individual and aggregated vulnerabilities of a network.

DCT-based cyber defense techniques

NASA Astrophysics Data System (ADS)

Amsalem, Yaron; Puzanov, Anton; Bedinerman, Anton; Kutcher, Maxim; Hadar, Ofer

2015-09-01

With the increasing popularity of video streaming services and multimedia sharing via social networks, there is a need to protect the multimedia from malicious use. An attacker may use steganography and watermarking techniques to embed malicious content, in order to attack the end user. Most of the attack algorithms are robust to basic image processing techniques such as filtering, compression, noise addition, etc. Hence, in this article two novel, real-time, defense techniques are proposed: Smart threshold and anomaly correction. Both techniques operate at the DCT domain, and are applicable for JPEG images and H.264 I-Frames. The defense performance was evaluated against a highly robust attack, and the perceptual quality degradation was measured by the well-known PSNR and SSIM quality assessment metrics. A set of defense techniques is suggested for improving the defense efficiency. For the most aggressive attack configuration, the combination of all the defense techniques results in 80% protection against cyber-attacks with PSNR of 25.74 db.

Legality in Cyberspace: An Adversary View

DTIC Science & Technology

2014-03-01

Internet, one might assume that Russia would represent an implacably hostile environment for cyber criminals . Yet the Russian Federation has become one...figures. The reason, while unspoken, is largely understood. Russian cyber criminals are free . . . provided the tar- 19 get of [their] attacks are

Insecurity of Wireless Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Weber, John Mark; Yoo, Seong-Moo

Wireless is a powerful core technology enabling our global digital infrastructure. Wi-Fi networks are susceptible to attacks on Wired Equivalency Privacy, Wi-Fi Protected Access (WPA), and WPA2. These attack signatures can be profiled into a system that defends against such attacks on the basis of their inherent characteristics. Wi-Fi is the standard protocol for wireless networks used extensively in US critical infrastructures. Since the Wired Equivalency Privacy (WEP) security protocol was broken, the Wi-Fi Protected Access (WPA) protocol has been considered the secure alternative compatible with hardware developed for WEP. However, in November 2008, researchers developed an attack on WPA,more » allowing forgery of Address Resolution Protocol (ARP) packets. Subsequent enhancements have enabled ARP poisoning, cryptosystem denial of service, and man-in-the-middle attacks. Open source systems and methods (OSSM) have long been used to secure networks against such attacks. This article reviews OSSMs and the results of experimental attacks on WPA. These experiments re-created current attacks in a laboratory setting, recording both wired and wireless traffic. The article discusses methods of intrusion detection and prevention in the context of cyber physical protection of critical Internet infrastructure. The basis for this research is a specialized (and undoubtedly incomplete) taxonomy of Wi-Fi attacks and their adaptations to existing countermeasures and protocol revisions. Ultimately, this article aims to provide a clearer picture of how and why wireless protection protocols and encryption must achieve a more scientific basis for detecting and preventing such attacks.« less

Warfighting in Cyberspace

DTIC Science & Technology

2007-01-01

warfare ). Although the defensive elements of IO and cyber warfare are important, to narrow the scope of our thesis, the remainder of the argu- ment...adversary decisions away from taking action against our will. Now, let us contrast IO doctrine with what we propose for cyber warfare . The focus of... cyber warfare is on using cyberspace (by operating within or through it) to attack personnel, facilities, or equipment with the intent of degrading

Federated Access to Cyber Observables for Detection of Targeted Attacks

DTIC Science & Technology

2014-10-01

each manages. The DQNs also utilize an intelligent information ex- traction capability for automatically suggesting mappings from text found in audit ...Harmelen, and others, “OWL web ontology language overview,” W3C Recomm., vol. 10, no. 2004–03, p. 10, 2004. [4] D. Miller and B. Pearson , Security...Online]. Available: http://www.disa.mil/Services/Information- Assurance /HBS/HBSS. [21] S. Zanikolas and R. Sakellariou, “A taxonomy of grid

Internet Attack Traceback: Cross-Validation and Pebble-Trace

DTIC Science & Technology

2013-02-28

stolen-cyber-attack. [3] Hacked: Data breach costly for Ohio State, victims of compromised info http://www.thelantern.com/campus/hacked- data ... breach -costly-for-ohio-state-victims-of-compromised-info-1.1831311. [4] S. C. Lee and C. Shields, “Tracing the Source of Network Attack: A Technical

Will electrical cyber-physical interdependent networks undergo first-order transition under random attacks?

NASA Astrophysics Data System (ADS)

Ji, Xingpei; Wang, Bo; Liu, Dichen; Dong, Zhaoyang; Chen, Guo; Zhu, Zhenshan; Zhu, Xuedong; Wang, Xunting

2016-10-01

Whether the realistic electrical cyber-physical interdependent networks will undergo first-order transition under random failures still remains a question. To reflect the reality of Chinese electrical cyber-physical system, the "partial one-to-one correspondence" interdependent networks model is proposed and the connectivity vulnerabilities of three realistic electrical cyber-physical interdependent networks are analyzed. The simulation results show that due to the service demands of power system the topologies of power grid and its cyber network are highly inter-similar which can effectively avoid the first-order transition. By comparing the vulnerability curves between electrical cyber-physical interdependent networks and its single-layer network, we find that complex network theory is still useful in the vulnerability analysis of electrical cyber-physical interdependent networks.

A cognitive and economic decision theory for examining cyber defense strategies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bier, Asmeret Brooke

Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participantsmore » interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.« less

Cyber Friendly Fire

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

Cyber friendly fire (FF) is a new concept that has been brought to the attention of Department of Defense (DoD) stakeholders through two workshops that were planned and conducted by the Air Force Research Laboratory (AFRL) and research conducted for AFRL by the Pacific Northwest National Laboratory. With this previous work in mind, we offer a definition of cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, a fundamentalmore » need in avoiding cyber FF is to maintain situation awareness (SA). We suggest that cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system (and that populate the nodes), the nature of the activities or work performed, and the available defensive (and offensive) countermeasures that may be applied to thwart network attacks. A training implication is to raise awareness and understanding of these critical knowledge units; an approach to decision aids and/or visualizations is to focus on supporting these critical knowledge units. To study cyber FF, we developed an unclassified security test range comprising a combination of virtual and physical devices that present a closed network for testing, simulation, and evaluation. This network offers services found on a production network without the associated costs of a real production network. Containing enough detail to appear realistic, this virtual and physical environment can be customized to represent different configurations. For our purposes, the test range was configured to appear as an Internet-connected Managed Service Provider (MSP) offering specialized web applications to the general public. The network is essentially divided into a production component that hosts the web and network services, and a user component that hosts thirty employee workstations and other end devices. The organization's network is separated from the Internet by a Cisco ASA network security device that both firewalls and detects intrusions. Business sensitive information is stored in various servers. This includes data comprising thousands of internal documents, such as finance and technical designs, email messages for the organization's employees including the CEO, CFO, and CIO, the organization's source code, and Personally Identifiable client data. Release of any of this information to unauthorized parties would have a significant, detrimental impact on the organization's reputation, which would harm earnings. The valuable information stored in these servers pose obvious points of interest for an adversary. We constructed several scenarios around this environment to support studies in cyber SA and cyber FF that may be run in the test range. We describe mitigation strategies to combat cyber FF including both training concepts and suggestions for decision aids and visualization approaches. Finally, we discuss possible future research directions.« less

Toward Cyber Omniscience: Deterring Cyber Attacks by Hostile Individuals in 2035

DTIC Science & Technology

2010-02-17

omniscience is a characteristic most often ascribed to God. Although omniscience is not considered humanly attainable, this essay has intentionally, but...New York, NY: Penguin Books, 2005. Library of Congress. ―Amazing Grace.‖ Lyrics and history of John Newton‘s Christian hymn. http

Cyber-Argus: Modeling C2 Impacts of Cyber Attacks

DTIC Science & Technology

2014-06-01

19th ICCRTS - # 096 Page 10 of 24 ( BPMN ). However, any process modeling language with the ability to capture the information described above could...AND TECHNOLOGY ORGANIZATION. RTO-TR-MSG-048 - Coalition Battle Management Language (C-BML). February 2012. [41] ALLWEYER, T. BPMN 2.0: Introduction

DOE Office of Scientific and Technical Information (OSTI.GOV)

None, None

Smart grids are susceptible to cyber-attack as a result of new communication, control and computation techniques employed in the grid. In this paper, we characterize and analyze the resiliency of smart grid communication architecture, specifically an RF mesh based architecture, under cyber attacks. We analyze the resiliency of the communication architecture by studying the performance of high-level smart grid functions such as metering, and demand response which depend on communication. Disrupting the operation of these functions impacts the operational resiliency of the smart grid. Our analysis shows that it takes an attacker only a small fraction of meters to compromisemore » the communication resiliency of the smart grid. We discuss the implications of our result to critical smart grid functions and to the overall security of the smart grid.« less

Gamification for Measuring Cyber Security Situational Awareness

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Best, Daniel M.; Manz, David O.

Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge could lead to better preparation of cyber defenders in both military and civilian settings. This paper describes how one regional competition, the PRCCDC, a participant in the national CCDC program, conducted proof of concept experimentation to collect data during the annual competition for later analysis. The intent is to create an ongoing research agenda that expands on this current work and incorporatesmore » augmented cognition and gamification methods for measuring cybersecurity situational awareness under the stress of cyber attack.« less

In Pursuit of an Aptitude Test for Potential Cyberspace Warriors

DTIC Science & Technology

2007-03-01

may well be training their soldiers in the art of cyber warfare to attack our infrastructure and defend their own. It seems like a no-brainer that...communications. Certainly this is an area that could be exploited in cyber warfare . Another subject with little reference was regarding linguistic...Journal, 40(3), 769-780. Parks, R. C., & duggan, D. P. (2001). Principles of cyber - warfare . Proceeding of the 2001 IEEE Workshop on Information

CyberTerrorism: Cyber Prevention vs Cyber Recovery

DTIC Science & Technology

2007-12-01

appropriate available security measures (i.e. appropriate level of spy ware, IDS, and antivirus protection software installed) are unaffected by worm attacks...a worm is a form of a virus designed to copy itself by utilizing e-mail or other software applications. The main goal of using this technique is...to permeate the network or portions of the Internet with malicious code that will affect the performance of certain software applications or will

Strategic aspects of cyberattack, attribution, and blame.

PubMed

Edwards, Benjamin; Furnas, Alexander; Forrest, Stephanie; Axelrod, Robert

2017-03-14

Cyber conflict is now a common and potentially dangerous occurrence. The target typically faces a strategic choice based on its ability to attribute the attack to a specific perpetrator and whether it has a viable punishment at its disposal. We present a game-theoretic model, in which the best strategic choice for the victim depends on the vulnerability of the attacker, the knowledge level of the victim, payoffs for different outcomes, and the beliefs of each player about their opponent. The resulting blame game allows analysis of four policy-relevant questions: the conditions under which peace (i.e., no attacks) is stable, when attacks should be tolerated, the consequences of asymmetric technical attribution capabilities, and when a mischievous third party or an accident can undermine peace. Numerous historical examples illustrate how the theory applies to cases of cyber or kinetic conflict involving the United States, Russia, China, Japan, North Korea, Estonia, Israel, Iran, and Syria.

Strategic aspects of cyberattack, attribution, and blame

PubMed Central

Edwards, Benjamin; Furnas, Alexander; Forrest, Stephanie

2017-01-01

Cyber conflict is now a common and potentially dangerous occurrence. The target typically faces a strategic choice based on its ability to attribute the attack to a specific perpetrator and whether it has a viable punishment at its disposal. We present a game-theoretic model, in which the best strategic choice for the victim depends on the vulnerability of the attacker, the knowledge level of the victim, payoffs for different outcomes, and the beliefs of each player about their opponent. The resulting blame game allows analysis of four policy-relevant questions: the conditions under which peace (i.e., no attacks) is stable, when attacks should be tolerated, the consequences of asymmetric technical attribution capabilities, and when a mischievous third party or an accident can undermine peace. Numerous historical examples illustrate how the theory applies to cases of cyber or kinetic conflict involving the United States, Russia, China, Japan, North Korea, Estonia, Israel, Iran, and Syria. PMID:28242700

Protecting Accelerator Control Systems in the Face of Sophisticated Cyber Attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hartman, Steven M

2012-01-01

Cyber security for industrial control systems has received significant attention in the past two years. The news coverage of the Stuxnet attack, believed to be targeted at the control system for a uranium enrichment plant, brought the issue to the attention of news media and policy makers. This has led to increased scrutiny of control systems for critical infrastructure such as power generation and distribution, and industrial systems such as chemical plants and petroleum refineries. The past two years have also seen targeted network attacks aimed at corporate and government entities including US Department of Energy National Laboratories. Both ofmore » these developments have potential repercussions for the control systems of particle accelerators. The need to balance risks from potential attacks with the operational needs of an accelerator present a unique challenge for the system architecture and access model.« less

Operational advantages of using Cyber Electronic Warfare (CEW) in the battlefield

NASA Astrophysics Data System (ADS)

Yasar, Nurgul; Yasar, Fatih M.; Topcu, Yucel

2012-06-01

While cyberspace is emerging as a new battlefield, conventional Electronic Warfare (EW) methods and applications are likely to change. Cyber Electronic Warfare (CEW) concept which merges cyberspace capabilities with traditional EW methods, is a new and enhanced form of the electronic attack. In this study, cyberspace domain of the battlefield is emphazised and the feasibility of integrating Cyber Warfare (CW) concept into EW measures is researched. The SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis method is used to state the operational advantages of using CEW concept in the battlefield. The operational advantages of CEW are assessed by means of its effects on adversary air defense systems, communication networks and information systems. Outstanding technological and operational difficulties are pointed out as well. As a result, a comparison of CEW concept and conventional EW applications is presented. It is concluded that, utilization of CEW concept is feasible at the battlefield and it may yield important operational advantages. Even though the computers of developed military systems are less complex than normal computers, they are not subjected to cyber threats since they are closed systems. This concept intends to show that these closed systems are also open to the cyber threats. As a result of the SWOT analysis, CEW concept provides Air Forces to be used in cyber operations effectively. On the other hand, since its Collateral Damage Criteria (CDC) is low, the usage of cyber electronic attack systems seems to grow up.

HackAttack: Game-Theoretic Analysis of Realistic Cyber Conflicts

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ferragut, Erik M; Brady, Andrew C; Brady, Ethan J

Game theory is appropriate for studying cyber conflict because it allows for an intelligent and goal-driven adversary. Applications of game theory have led to a number of results regarding optimal attack and defense strategies. However, the overwhelming majority of applications explore overly simplistic games, often ones in which each participant s actions are visible to every other participant. These simplifications strip away the fundamental properties of real cyber conflicts: probabilistic alerting, hidden actions, unknown opponent capabilities. In this paper, we demonstrate that it is possible to analyze a more realistic game, one in which different resources have different weaknesses, playersmore » have different exploits, and moves occur in secrecy, but they can be detected. Certainly, more advanced and complex games are possible, but the game presented here is more realistic than any other game we know of in the scientific literature. While optimal strategies can be found for simpler games using calculus, case-by-case analysis, or, for stochastic games, Q-learning, our more complex game is more naturally analyzed using the same methods used to study other complex games, such as checkers and chess. We define a simple evaluation function and employ multi-step searches to create strategies. We show that such scenarios can be analyzed, and find that in cases of extreme uncertainty, it is often better to ignore one s opponent s possible moves. Furthermore, we show that a simple evaluation function in a complex game can lead to interesting and nuanced strategies.« less

Minimizing Expected Maximum Risk from Cyber-Attacks with Probabilistic Attack Success

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bhuiyan, Tanveer H.; Nandi, Apurba; Medal, Hugh

The goal of our work is to enhance network security by generating partial cut-sets, which are a subset of edges that remove paths from initially vulnerable nodes (initial security conditions) to goal nodes (critical assets), on an attack graph given costs for cutting an edge and a limited overall budget.

Cross-Layer Damage Assessment for Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Liu, Peng; Jia, Xiaoqi; Zhang, Shengzhi; Xiong, Xi; Jhi, Yoon-Chan; Bai, Kun; Li, Jason

Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.

PeerShield: determining control and resilience criticality of collaborative cyber assets in networks

NASA Astrophysics Data System (ADS)

Cam, Hasan

2012-06-01

As attackers get more coordinated and advanced in cyber attacks, cyber assets are required to have much more resilience, control effectiveness, and collaboration in networks. Such a requirement makes it essential to take a comprehensive and objective approach for measuring the individual and relative performances of cyber security assets in network nodes. To this end, this paper presents four techniques as to how the relative importance of cyber assets can be measured more comprehensively and objectively by considering together the main variables of risk assessment (e.g., threats, vulnerabilities), multiple attributes (e.g., resilience, control, and influence), network connectivity and controllability among collaborative cyber assets in networks. In the first technique, a Bayesian network is used to include the random variables for control, recovery, and resilience attributes of nodes, in addition to the random variables of threats, vulnerabilities, and risk. The second technique shows how graph matching and coloring can be utilized to form collaborative pairs of nodes to shield together against threats and vulnerabilities. The third technique ranks the security assets of nodes by incorporating multiple weights and thresholds of attributes into a decision-making algorithm. In the fourth technique, the hierarchically well-separated tree is enhanced to first identify critical nodes of a network with respect to their attributes and network connectivity, and then selecting some nodes as driver nodes for network controllability.

78 FR 50077 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Pipeline...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... maps, security plans, etc.); and Actual or suspected cyber-attacks that could impact pipeline... suspected attacks on pipeline systems, facilities, or assets; Bomb threats or weapons of mass destruction...

How Cyberattacks Terrorize: Cortisol and Personal Insecurity Jump in the Wake of Cyberattacks.

PubMed

Canetti, Daphna; Gross, Michael; Waismel-Manor, Israel; Levanon, Asaf; Cohen, Hagit

2017-02-01

Do cyberattacks fuel the politics of threat? By what mechanism does it do so? To address these questions, we employ a technological and physiological experiment (2 × 2) involving a simulated cyberattack. Participants were randomly assigned to "cyberattack" (treatment) or "no attack" (control) conditions. We find that cyber-attacks make people more likely to express threat perceptions; we suggest salivary cortisol, a measure of stress, as the mechanism bridging cyber and the politics of threat. Contrary to existing evidence, salivary cortisol is the mechanism that translates simulated exposure to cyberattacks into political threat perceptions.

Analyzing Resiliency of the Smart Grid Communication Architectures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anas AlMajali, Anas; Viswanathan, Arun; Neuman, Clifford

Smart grids are susceptible to cyber-attack as a result of new communication, control and computation techniques employed in the grid. In this paper, we characterize and analyze the resiliency of smart grid communication architecture, specifically an RF mesh based architecture, under cyber attacks. We analyze the resiliency of the communication architecture by studying the performance of high-level smart grid functions such as metering, and demand response which depend on communication. Disrupting the operation of these functions impacts the operational resiliency of the smart grid. Our analysis shows that it takes an attacker only a small fraction of meters to compromisemore » the communication resiliency of the smart grid. We discuss the implications of our result to critical smart grid functions and to the overall security of the smart grid.« less

NATO’s Preparedness for Cyberwar

DTIC Science & Technology

2016-09-01

ARTS IN SECURITY STUDIES EUROPE AND EURASIA from the NAVAL POSTGRADUATE SCHOOL September 2016 Approved by: David Yost, Ph.D...CYBER CASE STUDIES : CYBER ATTACKS AGAINST NATO ALLIES AND PARTNERS .................................................................................33...to thank Dr. Wade Huntley for first stimulating my interest in the academic study of NATO’s cyberwarfare capabilities and readiness. In addition, I

Defending against Browser Based Data Exfiltration Attacks

ERIC Educational Resources Information Center

Sood, Aditya

2013-01-01

The global nature of Internet has revolutionized cultural and commercial interactions while at the same time it has provided opportunities for cyber criminals. Crimeware services now exist that have transformed the nature of cyber crime by making it more automated and robust. Furthermore, these crimeware services are sold as a part of a growing…

Consequence-driven cyber-informed engineering (CCE)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Freeman, Sarah G.; St Michel, Curtis; Smith, Robert

The Idaho National Lab (INL) is leading a high-impact, national security-level initiative to reprioritize the way the nation looks at high-consequence risk within the industrial control systems (ICS) environment of the country’s most critical infrastructure and other national assets. The Consequence-driven Cyber-informed Engineering (CCE) effort provides both private and public organizations with the steps required to examine their own environments for high-impact events/risks; identify implementation of key devices and components that facilitate that risk; illuminate specific, plausible cyber attack paths to manipulate these devices; and develop concrete mitigations, protections, and tripwires to address the high-consequence risk. The ultimate goal ofmore » the CCE effort is to help organizations take the steps necessary to thwart cyber attacks from even top-tier, highly resourced adversaries that would result in a catastrophic physical effect. CCE participants are encouraged to work collaboratively with each other and with key U.S. Government (USG) contributors to establish a coalition, maximizing the positive effect of lessons-learned and further contributing to the protection of critical infrastructure and other national assets.« less

Multi-Gigabit Free-Space Optical Data Communication and Network System

DTIC Science & Technology

2016-04-01

IR), Ultraviolet ( UV ), Laser Transceiver, Adaptive Beam Tracking, Electronic Attack (EA), Cyber Attack, Multipoint-to-Multipoint Network, Adaptive...FileName.pptx Free Space Optical Datalink Timeline Phase 1 Point-to-point demonstration 2012 Future Adaptive optic & Quantum Cascade Laser

Cyber security issues in online games

NASA Astrophysics Data System (ADS)

Zhao, Chen

2018-04-01

With the rapid development of the Internet, online gaming has become a way of entertainment for many young people in the modern era. However, in recent years, cyber security issues in online games have emerged in an endless stream, which have also caused great attention of many game operators. Common cyber security problems in the game include information disclosure and cyber-attacks. These problems will directly or indirectly cause economic losses to gamers. Many gaming companies are enhancing the stability and security of their network or gaming systems in order to enhance the gaming user experience. This article has carried out the research of the cyber security issues in online games by introducing the background and some common cyber security threats, and by proposing the latent solution. Finally, it speculates the future research direction of the cyber security issues of online games in the hope of providing feasible solution and useful information for game operators.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Beaver, Justin M; Borges, Raymond Charles; Buckner, Mark A

Critical infrastructure Supervisory Control and Data Acquisition (SCADA) systems were designed to operate on closed, proprietary networks where a malicious insider posed the greatest threat potential. The centralization of control and the movement towards open systems and standards has improved the efficiency of industrial control, but has also exposed legacy SCADA systems to security threats that they were not designed to mitigate. This work explores the viability of machine learning methods in detecting the new threat scenarios of command and data injection. Similar to network intrusion detection systems in the cyber security domain, the command and control communications in amore » critical infrastructure setting are monitored, and vetted against examples of benign and malicious command traffic, in order to identify potential attack events. Multiple learning methods are evaluated using a dataset of Remote Terminal Unit communications, which included both normal operations and instances of command and data injection attack scenarios.« less

Detecting Cyber Attacks On Nuclear Power Plants

NASA Astrophysics Data System (ADS)

Rrushi, Julian; Campbell, Roy

This paper proposes an unconventional anomaly detection approach that provides digital instrumentation and control (I&C) systems in a nuclear power plant (NPP) with the capability to probabilistically discern between legitimate protocol frames and attack frames. The stochastic activity network (SAN) formalism is used to model the fusion of protocol activity in each digital I&C system and the operation of physical components of an NPP. SAN models are employed to analyze links between protocol frames as streams of bytes, their semantics in terms of NPP operations, control data as stored in the memory of I&C systems, the operations of I&C systems on NPP components, and NPP processes. Reward rates and impulse rewards are defined in the SAN models based on the activity-marking reward structure to estimate NPP operation profiles. These profiles are then used to probabilistically estimate the legitimacy of the semantics and payloads of protocol frames received by I&C systems.

Towards a Multiscale Approach to Cybersecurity Modeling

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hogan, Emilie A.; Hui, Peter SY; Choudhury, Sutanay

2013-11-12

We propose a multiscale approach to modeling cyber networks, with the goal of capturing a view of the network and overall situational awareness with respect to a few key properties--- connectivity, distance, and centrality--- for a system under an active attack. We focus on theoretical and algorithmic foundations of multiscale graphs, coming from an algorithmic perspective, with the goal of modeling cyber system defense as a specific use case scenario. We first define a notion of \\emph{multiscale} graphs, in contrast with their well-studied single-scale counterparts. We develop multiscale analogs of paths and distance metrics. As a simple, motivating example ofmore » a common metric, we present a multiscale analog of the all-pairs shortest-path problem, along with a multiscale analog of a well-known algorithm which solves it. From a cyber defense perspective, this metric might be used to model the distance from an attacker's position in the network to a sensitive machine. In addition, we investigate probabilistic models of connectivity. These models exploit the hierarchy to quantify the likelihood that sensitive targets might be reachable from compromised nodes. We believe that our novel multiscale approach to modeling cyber-physical systems will advance several aspects of cyber defense, specifically allowing for a more efficient and agile approach to defending these systems.« less

Cyber-Physical System Security of Smart Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dagle, Jeffery E.

2012-01-31

Abstract—This panel presentation will provide perspectives of cyber-physical system security of smart grids. As smart grid technologies are deployed, the interconnected nature of these systems is becoming more prevalent and more complex, and the cyber component of this cyber-physical system is increasing in importance. Studying system behavior in the face of failures (e.g., cyber attacks) allows a characterization of the systems’ response to failure scenarios, loss of communications, and other changes in system environment (such as the need for emergent updates and rapid reconfiguration). The impact of such failures on the availability of the system can be assessed and mitigationmore » strategies considered. Scenarios associated with confidentiality, integrity, and availability are considered. The cyber security implications associated with the American Recovery and Reinvestment Act of 2009 in the United States are discussed.« less

Secure Fusion Estimation for Bandwidth Constrained Cyber-Physical Systems Under Replay Attacks.

PubMed

Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li; Bo Chen; Ho, Daniel W C; Guoqiang Hu; Li Yu; Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li

2018-06-01

State estimation plays an essential role in the monitoring and supervision of cyber-physical systems (CPSs), and its importance has made the security and estimation performance a major concern. In this case, multisensor information fusion estimation (MIFE) provides an attractive alternative to study secure estimation problems because MIFE can potentially improve estimation accuracy and enhance reliability and robustness against attacks. From the perspective of the defender, the secure distributed Kalman fusion estimation problem is investigated in this paper for a class of CPSs under replay attacks, where each local estimate obtained by the sink node is transmitted to a remote fusion center through bandwidth constrained communication channels. A new mathematical model with compensation strategy is proposed to characterize the replay attacks and bandwidth constrains, and then a recursive distributed Kalman fusion estimator (DKFE) is designed in the linear minimum variance sense. According to different communication frameworks, two classes of data compression and compensation algorithms are developed such that the DKFEs can achieve the desired performance. Several attack-dependent and bandwidth-dependent conditions are derived such that the DKFEs are secure under replay attacks. An illustrative example is given to demonstrate the effectiveness of the proposed methods.

Go Ahead of Malware’s Infections and Controls: Towards New Techniques for Proactive Cyber Defense

DTIC Science & Technology

2016-12-08

in SDN (such as topology poisoning attacks and data-to-control plan saturation attacks) and developed new defense for SDN (such as TopoGuard and... Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures As part of our research on discovering new vulnerabilities...future network- ing paradigm. We demonstrate that this new attacks can effectively poison the network topology information, then further successfully

A Mathematical Framework for the Analysis of Cyber-Resilient Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Melin, Alexander M; Ferragut, Erik M; Laska, Jason A

2013-01-01

The increasingly recognized vulnerability of industrial control systems to cyber-attacks has inspired a considerable amount of research into techniques for cyber-resilient control systems. The majority of this effort involves the application of well known information security (IT) techniques to control system networks. While these efforts are important to protect the control systems that operate critical infrastructure, they are never perfectly effective. Little research has focused on the design of closed-loop dynamics that are resilient to cyber-attack. The majority of control system protection measures are concerned with how to prevent unauthorized access and protect data integrity. We believe that the abilitymore » to analyze how an attacker can effect the closed loop dynamics of a control system configuration once they have access is just as important to the overall security of a control system. To begin to analyze this problem, consistent mathematical definitions of concepts within resilient control need to be established so that a mathematical analysis of the vulnerabilities and resiliencies of a particular control system design methodology and configuration can be made. In this paper, we propose rigorous definitions for state awareness, operational normalcy, and resiliency as they relate to control systems. We will also discuss some mathematical consequences that arise from the proposed definitions. The goal is to begin to develop a mathematical framework and testable conditions for resiliency that can be used to build a sound theoretical foundation for resilient control research.« less

An Artificially Intelligent Physical Model-Checking Approach to Detect Switching-Related Attacks on Power Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

El Hariri, Mohamad; Faddel, Samy; Mohammed, Osama

Decentralized and hierarchical microgrid control strategies have lain the groundwork for shaping the future smart grid. Such control approaches require the cooperation between microgrid operators in control centers, intelligent microcontrollers, and remote terminal units via secure and reliable communication networks. In order to enhance the security and complement the work of network intrusion detection systems, this paper presents an artificially intelligent physical model-checking that detects tampered-with circuit breaker switching control commands whether, due to a cyber-attack or human error. In this technique, distributed agents, which are monitoring sectionalized areas of a given microgrid, will be trained and continuously adapted tomore » verify that incoming control commands do not violate the physical system operational standards and do not put the microgrid in an insecure state. The potential of this approach has been tested by deploying agents that monitor circuit breakers status commands on a 14-bus IEEE benchmark system. The results showed the accuracy of the proposed framework in characterizing the power system and successfully detecting malicious and/or erroneous control commands.« less

Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack.

PubMed

Mallinder, Jason; Drabwell, Peter

Cyber threats are growing and evolving at an unprecedented rate.Consequently, it is becoming vitally important that organisations share information internally and externally before, during and after incidents they encounter so that lessons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive information or because it may be vague or incomplete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business continuity plan should address to plan effectively for information sharing in the event of a cyber incident.

Emulytics for Cyber-Enabled Physical Attack Scenarios: Interim LDRD Report of Year One Results.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clem, John; Urias, Vincent; Atkins, William Dee

Sandia National Laboratories has funded the research and development of a new capability to interactively explore the effects of cyber exploits on the performance of physical protection systems. This informal, interim report of progress summarizes the project’s basis and year one (of two) accomplishments. It includes descriptions of confirmed cyber exploits against a representative testbed protection system and details the development of an emulytics capability to support live, virtual, and constructive experiments. This work will support stakeholders to better engineer, operate, and maintain reliable protection systems.

Possibilities of identifying cyber attack in noisy space of n-dimensional abstract system

NASA Astrophysics Data System (ADS)

Jašek, Roman; Dvořák, Jiří; Janková, Martina; Sedláček, Michal

2016-06-01

This article briefly mentions some selected options of current concept for identifying cyber attacks from the perspective of the new cyberspace of real system. In the cyberspace, there is defined n-dimensional abstract system containing elements of the spatial arrangement of partial system elements such as micro-environment of cyber systems surrounded by other suitably arranged corresponding noise space. This space is also gradually supplemented by a new image of dynamic processes in a discreet environment, and corresponding again to n-dimensional expression of time space defining existence and also the prediction for expected cyber attacksin the noise space. Noises are seen here as useful and necessary for modern information and communication technologies (e.g. in processes of applied cryptography in ICT) and then the so-called useless noises designed for initial (necessary) filtering of this highly aggressive environment and in future expectedly offensive background in cyber war (e.g. the destruction of unmanned means of an electromagnetic pulse, or for destruction of new safety barriers created on principles of electrostatic field or on other principles of modern physics, etc.). The key to these new options is the expression of abstract systems based on the models of microelements of cyber systems and their hierarchical concept in structure of n-dimensional system in given cyberspace. The aim of this article is to highlight the possible systemic expression of cyberspace of abstract system and possible identification in time-spatial expression of real environment (on microelements of cyber systems and their surroundings with noise characteristics and time dimension in dynamic of microelements' own time and externaltime defined by real environment). The article was based on a partial task of faculty specific research.

A preliminary cyber-physical security assessment of the Robot Operating System (ROS)

NASA Astrophysics Data System (ADS)

McClean, Jarrod; Stull, Christopher; Farrar, Charles; Mascareñas, David

2013-05-01

Over the course of the last few years, the Robot Operating System (ROS) has become a highly popular software framework for robotics research. ROS has a very active developer community and is widely used for robotics research in both academia and government labs. The prevalence and modularity of ROS cause many people to ask the question: "What prevents ROS from being used in commercial or government applications?" One of the main problems that is preventing this increased use of ROS in these applications is the question of characterizing its security (or lack thereof). In the summer of 2012, a crowd sourced cyber-physical security contest was launched at the cyber security conference DEF CON 20 to begin the process of characterizing the security of ROS. A small-scale, car-like robot was configured as a cyber-physical security "honeypot" running ROS. DEFFCON-20 attendees were invited to find exploits and vulnerabilities in the robot while network traffic was collected. The results of this experiment provided some interesting insights and opened up many security questions pertaining to deployed robotic systems. The Federal Aviation Administration is tasked with opening up the civil airspace to commercial drones by September 2015 and driverless cars are already legal for research purposes in a number of states. Given the integration of these robotic devices into our daily lives, the authors pose the following question: "What security exploits can a motivated person with little-to-no experience in cyber security execute, given the wide availability of free cyber security penetration testing tools such as Metasploit?" This research focuses on applying common, low-cost, low-overhead, cyber-attacks on a robot featuring ROS. This work documents the effectiveness of those attacks.

The Need for Cyber-Informed Engineering Expertise for Nuclear Research Reactors

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Robert Stephen

Engineering disciplines may not currently understand or fully embrace cyber security aspects as they apply towards analysis, design, operation, and maintenance of nuclear research reactors. Research reactors include a wide range of diverse co-located facilities and designs necessary to meet specific operational research objectives. Because of the nature of research reactors (reduced thermal energy and fission product inventory), hazards and risks may not have received the same scrutiny as normally associated with power reactors. Similarly, security may not have been emphasized either. However, the lack of sound cybersecurity defenses may lead to both safety and security impacts. Risk management methodologiesmore » may not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Although most research reactors are old and may not have the same digital footprint as newer facilities, any digital instrument and control function must be considered as a potential attack platform that can lead to sabotage or theft of nuclear material, especially for some research reactors that store highly enriched uranium. This paper will provide a discussion about the need for cyber-informed engineering practices that include the entire engineering lifecycle. Cyber-informed engineering as referenced in this paper is the inclusion of cybersecurity aspects into the engineering process. A discussion will consider several attributes of this process evaluating the long-term goal of developing additional cyber safety basis analysis and trust principles. With a culture of free information sharing exchanges, and potentially a lack of security expertise, new risk analysis and design methodologies need to be developed to address this rapidly evolving (cyber) threatscape.« less

Possibilities of identifying cyber attack in noisy space of n-dimensional abstract system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jašek, Roman; Dvořák, Jiří; Janková, Martina

This article briefly mentions some selected options of current concept for identifying cyber attacks from the perspective of the new cyberspace of real system. In the cyberspace, there is defined n-dimensional abstract system containing elements of the spatial arrangement of partial system elements such as micro-environment of cyber systems surrounded by other suitably arranged corresponding noise space. This space is also gradually supplemented by a new image of dynamic processes in a discreet environment, and corresponding again to n-dimensional expression of time space defining existence and also the prediction for expected cyber attacksin the noise space. Noises are seen heremore » as useful and necessary for modern information and communication technologies (e.g. in processes of applied cryptography in ICT) and then the so-called useless noises designed for initial (necessary) filtering of this highly aggressive environment and in future expectedly offensive background in cyber war (e.g. the destruction of unmanned means of an electromagnetic pulse, or for destruction of new safety barriers created on principles of electrostatic field or on other principles of modern physics, etc.). The key to these new options is the expression of abstract systems based on the models of microelements of cyber systems and their hierarchical concept in structure of n-dimensional system in given cyberspace. The aim of this article is to highlight the possible systemic expression of cyberspace of abstract system and possible identification in time-spatial expression of real environment (on microelements of cyber systems and their surroundings with noise characteristics and time dimension in dynamic of microelements’ own time and externaltime defined by real environment). The article was based on a partial task of faculty specific research.« less

Cyber Situation Awareness through Instance-Based Learning: Modeling the Security Analyst in a Cyber-Attack Scenario

DTIC Science & Technology

2012-01-01

Chocolate Avenue Hershey PA 17033 Tel: 717-533-8845 Fax: 717-533-8661 E-mail: cust@igi-global.com Web site: http://www.igi-global.com Copyright © 2011...Lawrence Erlbaum Associates. Anderson, J. R., & Lebiere, C. (2003). The New- ell test for a theory of mind. The Behavioral and Brain Sciences, 26(5

Strategic Leadership Challenges with the Joint Information Environment

DTIC Science & Technology

2013-03-01

Approved for Public Release. Distribution is Unlimited. 13. SUPPLEMENTARY NOTES Word Count: 6,852 14. ABSTRACT In the face of growing cyber...USCYBERCOM Classification: Unclassified In the face of growing cyber attacks against Department of Defense (DoD...million computers, and 250,000 mobile devices (i.e. Blackberry ). All of this IT capability represented an investment of $37 Billion in the Fiscal Year

Fighting Through a Logistics Cyber Attack

DTIC Science & Technology

2015-06-19

Chariot 800 - 1350 Gunpowder 1915 Machine Gun 1915 Tanks 1915 Aircraft 1935 Radar 1945 Nuclear Weapons 1960 Satellites 1989 GPS 2009 Cyber Weapon...primarily remained in the scientific and academic communities for the next 22 years ( Griffiths , 2002). The Internet as we recognize it today... Griffiths (2002), defines the Web as an abstract space information containing hyperlinked documents and other resources, identified by their Uniformed

CYBER DETERRENCE

DTIC Science & Technology

2016-02-11

directed.36 Protected systems operating on secure networks will weigh into the adversaries calculus of risk and cost of their actions versus this... calculus deterring them from attack. Our extended defense with forts and lookouts searching outside the perimeter providing current intelligence of any...Last accessed 30 January 2016). 51 Phil Stewart , U.S. Defense Chief says pre-emptive action possible over cyber threat, Oct 11, 2012, http

Cyber security risk assessment for SCADA and DCS networks.

PubMed

Ralston, P A S; Graham, J H; Hieb, J L

2007-10-01

The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

Three Essays on Information Security Policies

ERIC Educational Resources Information Center

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

Workshop Report: The Future of ROK Navy-US Navy Cooperation

DTIC Science & Technology

2007-10-01

vulnerability also increases. Cyber attacks to paralyze information and communication systems through hacking , virus attacks on computers, and jamming...Pacific Fleet (N5) 250 Makalpa Dr. Pearl Harbor, HI 96860-7000 Ms. Ariane L. Whitemore Chief of Staff, Strategic Planning and Policy HQ USPACOM/ J5 COS

Defense on the Move: Ant-Based Cyber Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Haack, Jereme N.; McKinnon, Archibald D.

Many common cyber defenses (like firewalls and IDS) are as static as trench warfare allowing the attacker freedom to probe them at will. The concept of Moving Target Defense (MTD) adds dynamism to the defender side, but puts the systems to be defended themselves in motion, potentially at great cost to the defender. An alternative approach is a mobile resilient defense that removes attackers’ ability to rely on prior experience without requiring motion in the protected infrastructure itself. The defensive technology absorbs most of the cost of motion, is resilient to attack, and is unpredictable to attackers. The Ant-Based Cybermore » Defense (ABCD) is a mobile resilient defense providing a set of roaming, bio-inspired, digital-ant agents working with stationary agents in a hierarchy headed by a human supervisor. The ABCD approach provides a resilient, extensible, and flexible defense that can scale to large, multi-enterprise infrastructures like the smart electric grid.« less

Towards a Research Agenda for Cyber Friendly Fire

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Clements, Samuel L.; Carroll, Thomas E.

Historical assessments of combat fratricide reveal principal contributing factors in the effects of stress, degradation of skills due to continuous operations or sleep deprivation, poor situation awareness, and lack of training and discipline in offensive/defense response selection. While these problems are typically addressed in R&D focusing on traditional ground-based combat, there is also an emerging need for improving situation awareness and decision making on defensive/offensive response options in the cyber defense arena, where a mistaken response to an actual or perceived cyber attack could lead to destruction or compromise of friendly cyber assets. The purpose of this report is tomore » examine cognitive factors that may affect cyber situation awareness and describe possible research needs to reduce the likelihood and effects of "friendly cyber fire" on cyber defenses, information infrastructures, and data. The approach is to examine concepts and methods that have been described in research applied to the more traditional problem of mitigating the occurrence of combat identification and fratricide. Application domains of interest include cyber security defense against external or internal (insider) threats.« less

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

Cyber Hygiene for Control System Security

DOE PAGES

Oliver, David

2015-10-08

There are many resources from government and private industry available to assist organizations in reducing their attack surface and enhancing their security posture. Furthermore, standards are being written and improved upon to make the practice of securing a network more manageable. And while the specifics of network security are complex, most system vulnerabilities can be mitigated using fairly simple cyber hygiene techniques like those offered above.

Awaiting Cyber 9/11

DTIC Science & Technology

2013-01-01

tremendously dangerous and sophisticated virus that successfully attacked a SCADA system is now available for free on the Internet, where one can find...security for the public and private sectors. To develop this capability, the Nation needs to undergo a paradigm shift on how it views the cyber... for communications and trade were extraordinarily important for the security and prosperity of Britain. Today, the security and prosperity of the

Nuclear Lessons for Cyber Security

DTIC Science & Technology

2011-01-01

major kinetic violence. In the physical world, governments have a near monopoly on large - scale use of force, the defender has an intimate knowledge of...with this transformative technology. Until now, the issue of cyber security has largely been the domain of computer experts and specialists. When the...with increasing economic returns to scale and political practices that make jurisdictional control difficult. Attacks from the informational realm

Strategic Studies Quarterly. Volume 5, Number 4, Winter 2011

DTIC Science & Technology

2011-12-01

attack, and its destructive capacity intrinsically poses existential threats to nation- states (not to mention their populations). This is not true...nuclear technology. Unlike nuclear, cyber does not pose an existential threat. As Martin Libicki points out, destruction or disconnection of cyber...the Cuban missile crisis, existential deterrence worked, and a few Soviet bombs created deterrence despite an over- whelming American superiority in

77 FR 23396 - Revisions to the Requirements for Authority To Manufacture and Distribute Postage Evidencing Systems

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-19

... POSTAL SERVICE 39 CFR Part 501 Revisions to the Requirements for Authority To Manufacture and Distribute Postage Evidencing Systems AGENCY: Postal Service TM . ACTION: Final rule. SUMMARY: This rule... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

What Happens When the Supply Chain Breaks? Implications for the Army Supply Chain Under Attack

DTIC Science & Technology

2003-05-22

Supply Chain Integration office with Secretariat level leadership to facilitate DoD Component implementation of supply chain management practices...rather than cyber attack. Tim Belcher, Chief Technology Officer for Riptech, a computer security firm said “It was always assumed that a small group of

A Novel Centrality Measure for Network-wide Cyber Vulnerability Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sathanur, Arun V.; Haglin, David J.

In this work we propose a novel formulation that models the attack and compromise on a cyber network as a combination of two parts - direct compromise of a host and the compromise occurring through the spread of the attack on the network from a compromised host. The model parameters for the nodes are a concise representation of the host profiles that can include the risky behaviors of the associated human users while the model parameters for the edges are based on the existence of vulnerabilities between each pair of connected hosts. The edge models relate to the summary representationsmore » of the corresponding attack-graphs. This results in a formulation based on Random Walk with Restart (RWR) and the resulting centrality metric can be solved for in an efficient manner through the use of sparse linear solvers. Thus the formulation goes beyond mere topological considerations in centrality computations by summarizing the host profiles and the attack graphs into the model parameters. The computational efficiency of the method also allows us to also quantify the uncertainty in the centrality measure through Monte Carlo analysis.« less

Generalized information fusion and visualization using spatial voting and data modeling

NASA Astrophysics Data System (ADS)

Jaenisch, Holger M.; Handley, James W.

2013-05-01

We present a novel and innovative information fusion and visualization framework for multi-source intelligence (multiINT) data using Spatial Voting (SV) and Data Modeling. We describe how different sources of information can be converted into numerical form for further processing downstream, followed by a short description of how this information can be fused using the SV grid. As an illustrative example, we show the modeling of cyberspace as cyber layers for the purpose of tracking cyber personas. Finally we describe a path ahead for creating interactive agile networks through defender customized Cyber-cubes for network configuration and attack visualization.

ATIP Report: Cyber Security Research in China

DTIC Science & Technology

2015-06-05

vulnerabilities. ATIP Document ID: 150605AR CYBER SECURITY RESEARCH IN CHINA 17 Le GUAN et al. at SKLOIS of IIE, CAS proposed a solution named “ Mimosa ...that protects RSA private keys against the above software-based and physical memory attacks. When the Mimosa service is in idle, private keys are...encrypted and reside in memory as ciphertext. During the cryptographic computing, Mimosa uses hardware transactional memory (HTM) to ensure that (a

Cyber Infrastructure Protection. Volume 2

DTIC Science & Technology

2013-05-01

danger of contamination across these systems has grown. Second, cyber attacks have become less eco- nomically or politically neutral than in previous... food for thought on how this norm has shaped our ongoing collective treatment of it going forward. Through the enactment of FOIA in 1966, the push to... Malaysia and other parts of Southeast Asia, where there are fewer legal risks for the buyers, sellers, and operators.35 THEORIZING THE STRUCTURAL

Cyberwar and B.H. Liddell Hart’s Indirect Approach

DTIC Science & Technology

2016-06-10

outbreak of WWII, and in the years immediately thereafter, British Government leaders and several academics branded LH a snake oil salesman and accused him...industries at $6 billion to $20 billion, with a big part owning to oil industry losses.” Cyber attacks against the oil industry are compelling because this...Strike Fighter. The article noted that 144 It is likely that cyber espionage targeting the oil

Cyber Security Research Frameworks For Coevolutionary Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rush, George D.; Tauritz, Daniel Remy

Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger,more » more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.« less

Security Analysis of Smart Grid Cyber Physical Infrastructures Using Modeling and Game Theoretic Simulation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T.

Cyber physical computing infrastructures typically consist of a number of sites are interconnected. Its operation critically depends both on cyber components and physical components. Both types of components are subject to attacks of different kinds and frequencies, which must be accounted for the initial provisioning and subsequent operation of the infrastructure via information security analysis. Information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, andmore » information assets. We concentrated our analysis on the electric sector failure scenarios and impact analyses by the NESCOR Working Group Study, From the Section 5 electric sector representative failure scenarios; we extracted the four generic failure scenarios and grouped them into three specific threat categories (confidentiality, integrity, and availability) to the system. These specific failure scenarios serve as a demonstration of our simulation. The analysis using our ABGT simulation demonstrates how to model the electric sector functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the cyber physical infrastructure network with respect to CIA.« less

RPD-based Hypothesis Reasoning for Cyber Situation Awareness

NASA Astrophysics Data System (ADS)

Yen, John; McNeese, Michael; Mullen, Tracy; Hall, David; Fan, Xiaocong; Liu, Peng

Intelligence workers such as analysts, commanders, and soldiers often need a hypothesis reasoning framework to gain improved situation awareness of the highly dynamic cyber space. The development of such a framework requires the integration of interdisciplinary techniques, including supports for distributed cognition (human-in-the-loop hypothesis generation), supports for team collaboration (identification of information for hypothesis evaluation), and supports for resource-constrained information collection (hypotheses competing for information collection resources). We here describe a cognitively-inspired framework that is built upon Klein’s recognition-primed decision model and integrates the three components of Endsley’s situation awareness model. The framework naturally connects the logic world of tools for cyber situation awareness with the mental world of human analysts, enabling the perception, comprehension, and prediction of cyber situations for better prevention, survival, and response to cyber attacks by adapting missions at the operational, tactical, and strategic levels.

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture

DOEpatents

Muller, George; Perkins, Casey J.; Lancaster, Mary J.; MacDonald, Douglas G.; Clements, Samuel L.; Hutton, William J.; Patrick, Scott W.; Key, Bradley Robert

2015-07-28

Computer-implemented security evaluation methods, security evaluation systems, and articles of manufacture are described. According to one aspect, a computer-implemented security evaluation method includes accessing information regarding a physical architecture and a cyber architecture of a facility, building a model of the facility comprising a plurality of physical areas of the physical architecture, a plurality of cyber areas of the cyber architecture, and a plurality of pathways between the physical areas and the cyber areas, identifying a target within the facility, executing the model a plurality of times to simulate a plurality of attacks against the target by an adversary traversing at least one of the areas in the physical domain and at least one of the areas in the cyber domain, and using results of the executing, providing information regarding a security risk of the facility with respect to the target.

Attack or Defend? Leveraging Information and Balancing Risk in Cyberspace

DTIC Science & Technology

2010-06-01

anonymity of speakers. 23. Tony Capaccio, “Cyber Attacks from China Show Computers Insecure, Pen- tagon Says,” 6 August 2008, <www.bloomberg.com/apps/news...smallwarsjournal.com/blog/2008/01/changing-the-organizational-cu-1/> (18 August 2008). 27. Elizabeth Robbins , “Muddy Boots IO: The Rise of Soldier Blogs,” Military

Development and Demonstration of a Security Core Component

DOE Office of Scientific and Technical Information (OSTI.GOV)

Turke, Andy

In recent years, the convergence of a number of trends has resulted in Cyber Security becoming a much greater concern for electric utilities. A short list of these trends includes: · Industrial Control Systems (ICSs) have evolved from depending on proprietary hardware and operating software toward using standard off-the-shelf hardware and operating software. This has meant that these ICSs can no longer depend on “security through obscurity. · Similarly, these same systems have evolved toward using standard communications protocols, further reducing their ability to rely upon obscurity. · The rise of the Internet and the accompanying demand for more datamore » about virtually everything has resulted in formerly isolated ICSs becoming at least partially accessible via Internet-connected networks. · “Cyber crime” has become commonplace, whether it be for industrial espionage, reconnaissance for a possible cyber attack, theft, or because some individual or group “has something to prove.” Electric utility system operators are experts at running the power grid. The reality is, especially at small and mid-sized utilities, these SCADA operators will by default be “on the front line” if and when a cyber attack occurs against their systems. These people are not computer software, networking, or cyber security experts, so they are ill-equipped to deal with a cyber security incident. Cyber Security Manager (CSM) was conceived, designed, and built so that it can be configured to know what a utility’s SCADA/EMS/DMS system looks like under normal conditions. To do this, CSM monitors log messages from any device that uses the syslog standard. It can also monitor a variety of statistics from the computers that make up the SCADA/EMS/DMS: outputs from host-based security tools, intrusion detection systems, SCADA alarms, and real-time SCADA values – even results from a SIEM (Security Information and Event Management) system. When the system deviates from “normal,” CSM can alert the operator in language that they understand that an incident may be occurring, provide actionable intelligence, and informing them what actions to take. These alarms may be viewed on CSM’s built-in user interface, sent to a SCADA alarm list, or communicated via email, phone, pager, or SMS message. In recognition of the fact that “real world” training for cyber security events is impractical, CSM has a built-in Operator Training Simulator capability. This can be used stand alone to create simulated event scenarios for training purposes. It may also be used in conjunction with the recipient’s SCADA/EMS/DMS Operator Training Simulator. In addition to providing cyber security situational awareness for electric utility operators, CSM also provides tools for analysts and support personnel; in fact, the majority of user interface displays are designed for use in analyzing current and past security events. CSM keeps security-related information in long-term storage, as well as writing any decisions it makes to a (syslog) log for use forensic or other post-event analysis.« less

Improvements of cyberspace and effects to the battlefield

NASA Astrophysics Data System (ADS)

Gedıklı, Münir

2014-06-01

Wars previously being executed at land and sea have also become applicable in air and space due to the advancements of aircraft and satellite systems. Rapid improvements in information technologies have triggered the concept of cyberspace which is considered as the fifth dimension of war. While transferring information quickly from physical area to electronic/digital area, cyberspace has caused to emerge a lot of threats and methods like cyber-attack, cyber-crime, cyber war which are spreading too rapidly. Individuals, institutions and establishments have begun to take their own cyber security precautions to cope with these threats. This study gives information about the concepts and advances on cyberspace in order to raise comprehensive awareness. The study also focuses on the effects of these improvements in the battlefield, and analyzes them.

Analyzing Cyber-Physical Threats on Robotic Platforms.

PubMed

Ahmad Yousef, Khalil M; AlMajali, Anas; Ghalyon, Salah Abu; Dweik, Waleed; Mohd, Bassam J

2018-05-21

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBot TM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Analyzing Cyber-Physical Threats on Robotic Platforms †

PubMed Central

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. PMID:29883403

Industrial Control Systems/SCADA systems risk assessment in the energy sector

NASA Astrophysics Data System (ADS)

Falodun, Babatunde

The energy sector is one of the most critical components of our national infrastructure. It not only provides the electrical power and petroleum required to run day-to-day operations and mechanisms in society, it's also an important element that directly impacts the economy with regard to growth and stability. Industrial Control Systems (ICS) /Supervisory Control and Data Acquisition Systems (SCADA) are computerized mechanisms, they are both software and hardware that are used to control real time processes and operations in power plants and oil production facilities. A significant attack on these control systems that leads to widespread disruption of energy could result in catastrophic consequences for any major city and even the nation. This research paper explores cyber threats and vulnerabilities faced by ICS/SCADA systems in the energy sector and also highlights possible outcomes of a successful breach. Furthermore, the research underscores mitigation strategies that could be used to prevent and respond to an attack. Keywords: Cybersecurity, SCADA, Cyber Attacks, Threats, Vulnerabilities, Risk Assessment, Dr. Albert Orbinati.

Testing simple deceptive honeypot tools

NASA Astrophysics Data System (ADS)

Yahyaoui, Aymen; Rowe, Neil C.

2015-05-01

Deception can be a useful defensive technique against cyber-attacks; it has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers to confuse attackers and exhaust their time and resources. This work tested the effectiveness of two free honeypot tools in real networks by varying their location and virtualization, and the effects of adding more deception to them. We tested a Web honeypot tool, Glastopf and an SSH honeypot tool Kippo. We deployed the Web honeypot in both a residential network and our organization's network and as both real and virtual machines; the organization honeypot attracted more attackers starting in the third week. Results also showed that the virtual honeypots received attacks from more unique IP addresses. They also showed that adding deception to the Web honeypot, in the form of additional linked Web pages and interactive features, generated more interest by attackers. For the purpose of comparison, we used examined log files of a legitimate Web-site www.cmand.org. The traffic distributions for the Web honeypot and the legitimate Web site showed similarities (with much malicious traffic from Brazil), but the SSH honeypot was different (with much malicious traffic from China). Contrary to previous experiments where traffic to static honeypots decreased quickly, our honeypots received increasing traffic over a period of three months. It appears that both honeypot tools are useful for providing intelligence about cyber-attack methods, and that additional deception is helpful.

Is NATO Ready for a Cyberwar

DTIC Science & Technology

2016-12-01

MONITORING AGENCY NAME(S) AND ADDRESS(ES) N /A 10. SPONSORING / MONITORING AGENCY REPORT NUMBER 11. SUPPLEMENTARY NOTES The views expressed in this...counterintelligence, 43 Vitaly Naida stated, “We consider that there is only one country in the world that would benefit from these attacks, and...59 1. Cyber Defense Policy Updates Caton (2016) notes that “[a] n initial NATO Cyber Defence Policy was adopted at the 2008 NATO NAC Summit in

Automating Information Assurance for Cyber Situational Awareness within a Smart Cloud System of Systems

DTIC Science & Technology

2014-03-01

Humanitarian Assistance and Disaster Relief HTML HyperText Markup Language IA Information Assurance IAI Israel Aerospace Industries IASA Information ...decision maker at the Command and Control “mini cloud” was of upmost interest . This discussion not only confirmed the need to have information ...2) monitoring for specific cyber attacks on a specified system, (3) alerting information of interest to an operator, and finally (4) allowing the

Russia’s Proposal for a European Security Treaty: Motives and Implications

DTIC Science & Technology

2010-09-01

their relations in the spirit of friendship and cooperation in conformity with international law.”17 The preamble states that the parties would be...ways. For example, thirty-five years ago, few could imagine that cyber security would become a significant trans-national threat. The bottom line is...supply cutoffs, cyber attacks, and export bans, which have significantly affected European neighbors. Furthermore, Moscow itself violates Article 1 of

Method of optimum channel switching in equipment of infocommunication network in conditions of cyber attacks to their telecommunication infrastructure.

NASA Astrophysics Data System (ADS)

Kochedykov, S. S.; Noev, A. N.; Dushkin, A. V.; Gubin, I. A.

2018-05-01

On the basis of the mathematical graph theory, the method of optimum switching of infocommunication networks in the conditions of cyber attacks is developed. The idea of representation of a set of possible ways on the graph in the form of the multilevel tree ordered by rules of algebra of a logic theory is the cornerstone of a method. As a criterion of optimization, the maximum of network transmission capacity to which assessment Ford- Falkerson's theorem is applied is used. The method is realized in the form of a numerical algorithm, which can be used not only for design, but also for operational management of infocommunication networks in conditions of violation of the functioning of their switching centers.

Learning consensus in adversarial environments

NASA Astrophysics Data System (ADS)

Vamvoudakis, Kyriakos G.; García Carrillo, Luis R.; Hespanha, João. P.

2013-05-01

This work presents a game theory-based consensus problem for leaderless multi-agent systems in the presence of adversarial inputs that are introducing disturbance to the dynamics. Given the presence of enemy components and the possibility of malicious cyber attacks compromising the security of networked teams, a position agreement must be reached by the networked mobile team based on environmental changes. The problem is addressed under a distributed decision making framework that is robust to possible cyber attacks, which has an advantage over centralized decision making in the sense that a decision maker is not required to access information from all the other decision makers. The proposed framework derives three tuning laws for every agent; one associated with the cost, one associated with the controller, and one with the adversarial input.

Moving Target Techniques: Leveraging Uncertainty for Cyber Defense

DTIC Science & Technology

2015-08-24

vulnerability (a flaw or bug that an attacker can exploit to penetrate or disrupt a system) to successfully compromise systems. Defenders, however...device drivers, numerous software applications, and hardware components. Within the cyberspace, this imbalance between a simple, one- bug attack...parsing code itself could have security-relevant software bugs . Dynamic  Network   Techniques in the dynamic network domain change the properties

Deterring Malicious Behavior in Cyberspace

DTIC Science & Technology

2015-01-01

Malicious Behavior in Cyberspace Strategic Studies Quarterly ♦ Spring 2015 [ 79 ] 8. Chris Pepper, ed., Defending against Denial of Service Attacks...Jackson Higgins , “Chinese Cyberespionage Tool Updated for Traditional Cyber- crime,” Dark Reading, 27 November 2012, http://www.darkreading.com/attacks...content /uploads/sites/43/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf. 13. Kelly Jackson Higgins , “ ‘NetTraveler’ Cyberespionage Campaign

Cyber War Game in Temporal Networks

PubMed Central

Cho, Jin-Hee; Gao, Jianxi

2016-01-01

In a cyber war game where a network is fully distributed and characterized by resource constraints and high dynamics, attackers or defenders often face a situation that may require optimal strategies to win the game with minimum effort. Given the system goal states of attackers and defenders, we study what strategies attackers or defenders can take to reach their respective system goal state (i.e., winning system state) with minimum resource consumption. However, due to the dynamics of a network caused by a node’s mobility, failure or its resource depletion over time or action(s), this optimization problem becomes NP-complete. We propose two heuristic strategies in a greedy manner based on a node’s two characteristics: resource level and influence based on k-hop reachability. We analyze complexity and optimality of each algorithm compared to optimal solutions for a small-scale static network. Further, we conduct a comprehensive experimental study for a large-scale temporal network to investigate best strategies, given a different environmental setting of network temporality and density. We demonstrate the performance of each strategy under various scenarios of attacker/defender strategies in terms of win probability, resource consumption, and system vulnerability. PMID:26859840

Statistical Models for Predicting Threat Detection From Human Behavior.

PubMed

Kelley, Timothy; Amon, Mary J; Bertenthal, Bennett I

2018-01-01

Users must regularly distinguish between secure and insecure cyber platforms in order to preserve their privacy and safety. Mouse tracking is an accessible, high-resolution measure that can be leveraged to understand the dynamics of perception, categorization, and decision-making in threat detection. Researchers have begun to utilize measures like mouse tracking in cyber security research, including in the study of risky online behavior. However, it remains an empirical question to what extent real-time information about user behavior is predictive of user outcomes and demonstrates added value compared to traditional self-report questionnaires. Participants navigated through six simulated websites, which resembled either secure "non-spoof" or insecure "spoof" versions of popular websites. Websites also varied in terms of authentication level (i.e., extended validation, standard validation, or partial encryption). Spoof websites had modified Uniform Resource Locator (URL) and authentication level. Participants chose to "login" to or "back" out of each website based on perceived website security. Mouse tracking information was recorded throughout the task, along with task performance. After completing the website identification task, participants completed a questionnaire assessing their security knowledge and degree of familiarity with the websites simulated during the experiment. Despite being primed to the possibility of website phishing attacks, participants generally showed a bias for logging in to websites versus backing out of potentially dangerous sites. Along these lines, participant ability to identify spoof websites was around the level of chance. Hierarchical Bayesian logistic models were used to compare the accuracy of two-factor (i.e., website security and encryption level), survey-based (i.e., security knowledge and website familiarity), and real-time measures (i.e., mouse tracking) in predicting risky online behavior during phishing attacks. Participant accuracy in identifying spoof and non-spoof websites was best captured using a model that included real-time indicators of decision-making behavior, as compared to two-factor and survey-based models. Findings validate three widely applicable measures of user behavior derived from mouse tracking recordings, which can be utilized in cyber security and user intervention research. Survey data alone are not as strong at predicting risky Internet behavior as models that incorporate real-time measures of user behavior, such as mouse tracking.

Simulation of cyber attacks with applications in homeland defense training

NASA Astrophysics Data System (ADS)

Brown, Bill; Cutts, Andrew; McGrath, Dennis; Nicol, David M.; Smith, Timothy P.; Tofel, Brett

2003-09-01

We describe a tool to help exercise and train IT managers who make decisions about IP networks in the midst of cyber calamity. Our tool is interactive, centered around a network simulation. It includes various modes of communications one would use to make informed decisions. Our tool is capable of simulating networks with hundreds of components and dozens of players. Test indicate that it could support an exercise an order of magnitude larger and more complex.

Weathering the Cyber Storm: The Military’s Resiliency to Cyber Attacks in Future Warfare

DTIC Science & Technology

2012-06-01

observation. While the ability to collect intelligence is important, it falls under a different rubric than warfare itself. 20 Another term worth...the use of antivirus programs, firewalls, and security policies. These measures also fall under the rubric of information assurance, or “measures that...specifying how it is to be accomplished.” of genetic diversity. 13 A complaint after Operation Iraqi Freedom (OIF) was that soldiers had to

The Rise of China: Redefining War in the 21st Century

DTIC Science & Technology

2012-03-22

Hegemony, Africa, Cold War, Cyber Attack, Deficit 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18. NUMBER OF PAGES 19a. NAME OF...FORMAT: Strategy Research Project DATE: 22 March 2012 WORD COUNT: 5,825 PAGES: 30 KEY TERMS: Debt, Security, Hegemony, Africa, Cold War, Cyber ...significantly increasing economic aid. But it’s hard to buy affection; such ‘ friendship ’ does not stand the test of difficult times.”42 The United

Warfighter Effectiveness Research Center Biannual Newsletter. Volume 1, Issue 2, June 2015

DTIC Science & Technology

2015-06-01

academies involving NSA cyber attacks on their net- works. This exercise afforded a realistic, intense cyber operation for our research team to...If so, please contact Capt Aaron Celaya at aa- ron.celaya@usafa.edu or 719-333-WERC. WERC Cognitive Neuroscience Lab Supports National... Neuroscience Lab – headed by Assistant Professors Chris D’Lau- ro, Ph.D. and LCDR Brian Johnson, Ph.D. – has taken the lead on researching concus

A game-theoretic method for cross-layer stochastic resilient control design in CPS

NASA Astrophysics Data System (ADS)

Shen, Jiajun; Feng, Dongqin

2018-03-01

In this paper, the cross-layer security problem of cyber-physical system (CPS) is investigated from the game-theoretic perspective. Physical dynamics of plant is captured by stochastic differential game with cyber-physical influence being considered. The sufficient and necessary condition for the existence of state-feedback equilibrium strategies is given. The attack-defence cyber interactions are formulated by a Stackelberg game intertwined with stochastic differential game in physical layer. The condition such that the Stackelberg equilibrium being unique and the corresponding analytical solutions are both provided. An algorithm is proposed for obtaining hierarchical security strategy by solving coupled games, which ensures the operational normalcy and cyber security of CPS subject to uncertain disturbance and unexpected cyberattacks. Simulation results are given to show the effectiveness and performance of the proposed algorithm.

An Ontology for Identifying Cyber Intrusion Induced Faults in Process Control Systems

NASA Astrophysics Data System (ADS)

Hieb, Jeffrey; Graham, James; Guan, Jian

This paper presents an ontological framework that permits formal representations of process control systems, including elements of the process being controlled and the control system itself. A fault diagnosis algorithm based on the ontological model is also presented. The algorithm can identify traditional process elements as well as control system elements (e.g., IP network and SCADA protocol) as fault sources. When these elements are identified as a likely fault source, the possibility exists that the process fault is induced by a cyber intrusion. A laboratory-scale distillation column is used to illustrate the model and the algorithm. Coupled with a well-defined statistical process model, this fault diagnosis approach provides cyber security enhanced fault diagnosis information to plant operators and can help identify that a cyber attack is underway before a major process failure is experienced.

Analyzing Cyber Security Threats on Cyber-Physical Systems Using Model-Based Systems Engineering

NASA Technical Reports Server (NTRS)

Kerzhner, Aleksandr; Pomerantz, Marc; Tan, Kymie; Campuzano, Brian; Dinkel, Kevin; Pecharich, Jeremy; Nguyen, Viet; Steele, Robert; Johnson, Bryan

2015-01-01

The spectre of cyber attacks on aerospace systems can no longer be ignored given that many of the components and vulnerabilities that have been successfully exploited by the adversary on other infrastructures are the same as those deployed and used within the aerospace environment. An important consideration with respect to the mission/safety critical infrastructure supporting space operations is that an appropriate defensive response to an attack invariably involves the need for high precision and accuracy, because an incorrect response can trigger unacceptable losses involving lives and/or significant financial damage. A highly precise defensive response, considering the typical complexity of aerospace environments, requires a detailed and well-founded understanding of the underlying system where the goal of the defensive response is to preserve critical mission objectives in the presence of adversarial activity. In this paper, a structured approach for modeling aerospace systems is described. The approach includes physical elements, network topology, software applications, system functions, and usage scenarios. We leverage Model-Based Systems Engineering methodology by utilizing the Object Management Group's Systems Modeling Language to represent the system being analyzed and also utilize model transformations to change relevant aspects of the model into specialized analyses. A novel visualization approach is utilized to visualize the entire model as a three-dimensional graph, allowing easier interaction with subject matter experts. The model provides a unifying structure for analyzing the impact of a particular attack or a particular type of attack. Two different example analysis types are demonstrated in this paper: a graph-based propagation analysis based on edge labels, and a graph-based propagation analysis based on node labels.

Cyber-intrusion Auto-response and Policy Management System (CAPMS)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lusk, Steve; Lawrence, David; Suvana, Prakash

The Cyber-intrusion Auto-response and Policy Management System (CAPMS) project was funded by a grant from the US Department of Energy (DOE) Cybersecurity for Energy Delivery Systems (CEDS) program with contributions from two partner electric utilities: Southern California Edison (SCE) and Duke Energy. The goal of the project was to demonstrate protecting smart grid assets from a cyber attack in a way that “does not impede critical energy delivery functions.” This report summarizes project goals and activities for the CAPMS project and explores what did and did not work as expected. It concludes with an assessment of possible benefits and valuemore » of the system for the future.« less

Proactive routing mutation against stealthy Distributed Denial of Service attacks: metrics, modeling, and analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duan, Qi; Al-Shaer, Ehab; Chatterjee, Samrat

The Infrastructure Distributed Denial of Service (IDDoS) attacks continue to be one of the most devastating challenges facing cyber systems. The new generation of IDDoS attacks exploit the inherent weakness of cyber infrastructure including deterministic nature of routes, skew distribution of flows, and Internet ossification to discover the network critical links and launch highly stealthy flooding attacks that are not observable at the victim end. In this paper, first, we propose a new metric to quantitatively measure the potential susceptibility of any arbitrary target server or domain to stealthy IDDoS attacks, and es- timate the impact of such susceptibility onmore » enterprises. Second, we develop a proactive route mutation technique to minimize the susceptibility to these attacks by dynamically changing the flow paths periodically to invalidate the adversary knowledge about the network and avoid targeted critical links. Our proposed approach actively changes these network paths while satisfying security and qualify of service requirements. We present an integrated approach of proactive route mutation that combines both infrastructure-based mutation that is based on reconfiguration of switches and routers, and middle-box approach that uses an overlay of end-point proxies to construct a virtual network path free of critical links to reach a destination. We implemented the proactive path mutation technique on a Software Defined Network using the OpendDaylight controller to demonstrate a feasible deployment of this approach. Our evaluation validates the correctness, effectiveness, and scalability of the proposed approaches.« less

Moving Target Techniques: Leveraging Uncertainty for CyberDefense

DTIC Science & Technology

2015-12-15

cyberattacks is a continual struggle for system managers. Attackers often need only find one vulnerability (a flaw or bug that an attacker can exploit...additional parsing code itself could have security-relevant software bugs . Dynamic  Network   Techniques in the dynamic network domain change the...evaluation of MT techniques can benefit from a variety of evaluation approaches, including abstract analysis, modeling and simulation, test bed

Worldwide Threat Assessment of the US Intelligence Community

DTIC Science & Technology

2014-01-29

data-deletion and system- damaging attacks.  In early 2013, the US financial sector faced wide-scale network denial-of-service attacks that...South Sudan Nigeria Central African Republic Democratic Republic of the Congo Lord’s Resistance Army 19 19 19 19 19 20 20 21 21 East Asia...operations, financial activities, and personnel recruitment. Cyber criminal organizations are as ubiquitous as they are problematic on digital

Modeling the Effects of Cyber Operations on Kinetic Battles

DTIC Science & Technology

2014-06-01

Nakashima, 2013). Equally dangerous are attacks targeting the national economy . In 2012, distributed denial of service (DDoS) attacks were carried out...enable our freedom of action in cyberspace. (USCYBERCOM Concept of Operations, v 1.0, 21 Sep 2010) Global Information Grid ( GIG ): The globally...managing information on demand to warfighters, policy makers, and support personnel. The GIG includes owned and leased communications and computing

Defense Strategies for Asymmetric Networked Systems with Discrete Components.

PubMed

Rao, Nageswara S V; Ma, Chris Y T; Hausken, Kjell; He, Fei; Yau, David K Y; Zhuang, Jun

2018-05-03

We consider infrastructures consisting of a network of systems, each composed of discrete components. The network provides the vital connectivity between the systems and hence plays a critical, asymmetric role in the infrastructure operations. The individual components of the systems can be attacked by cyber and physical means and can be appropriately reinforced to withstand these attacks. We formulate the problem of ensuring the infrastructure performance as a game between an attacker and a provider, who choose the numbers of the components of the systems and network to attack and reinforce, respectively. The costs and benefits of attacks and reinforcements are characterized using the sum-form, product-form and composite utility functions, each composed of a survival probability term and a component cost term. We present a two-level characterization of the correlations within the infrastructure: (i) the aggregate failure correlation function specifies the infrastructure failure probability given the failure of an individual system or network, and (ii) the survival probabilities of the systems and network satisfy first-order differential conditions that capture the component-level correlations using multiplier functions. We derive Nash equilibrium conditions that provide expressions for individual system survival probabilities and also the expected infrastructure capacity specified by the total number of operational components. We apply these results to derive and analyze defense strategies for distributed cloud computing infrastructures using cyber-physical models.

Defense Strategies for Asymmetric Networked Systems with Discrete Components

PubMed Central

Rao, Nageswara S. V.; Ma, Chris Y. T.; Hausken, Kjell; He, Fei; Yau, David K. Y.

2018-01-01

We consider infrastructures consisting of a network of systems, each composed of discrete components. The network provides the vital connectivity between the systems and hence plays a critical, asymmetric role in the infrastructure operations. The individual components of the systems can be attacked by cyber and physical means and can be appropriately reinforced to withstand these attacks. We formulate the problem of ensuring the infrastructure performance as a game between an attacker and a provider, who choose the numbers of the components of the systems and network to attack and reinforce, respectively. The costs and benefits of attacks and reinforcements are characterized using the sum-form, product-form and composite utility functions, each composed of a survival probability term and a component cost term. We present a two-level characterization of the correlations within the infrastructure: (i) the aggregate failure correlation function specifies the infrastructure failure probability given the failure of an individual system or network, and (ii) the survival probabilities of the systems and network satisfy first-order differential conditions that capture the component-level correlations using multiplier functions. We derive Nash equilibrium conditions that provide expressions for individual system survival probabilities and also the expected infrastructure capacity specified by the total number of operational components. We apply these results to derive and analyze defense strategies for distributed cloud computing infrastructures using cyber-physical models. PMID:29751588

Network systems security analysis

NASA Astrophysics Data System (ADS)

Yilmaz, Ä.°smail

2015-05-01

Network Systems Security Analysis has utmost importance in today's world. Many companies, like banks which give priority to data management, test their own data security systems with "Penetration Tests" by time to time. In this context, companies must also test their own network/server systems and take precautions, as the data security draws attention. Based on this idea, the study cyber-attacks are researched throughoutly and Penetration Test technics are examined. With these information on, classification is made for the cyber-attacks and later network systems' security is tested systematically. After the testing period, all data is reported and filed for future reference. Consequently, it is found out that human beings are the weakest circle of the chain and simple mistakes may unintentionally cause huge problems. Thus, it is clear that some precautions must be taken to avoid such threats like updating the security software.

A Graph Analytic Metric for Mitigating Advanced Persistent Threat

DOE Office of Scientific and Technical Information (OSTI.GOV)

Johnson, John R.; Hogan, Emilie A.

2013-06-04

This paper introduces a novel graph analytic metric that can be used to measure the potential vulnerability of a cyber network to specific types of attacks that use lateral movement and privilege escalation such as the well known Pass The Hash, (PTH). The metric is computed from an oriented subgraph of the underlying cyber network induced by selecting only those edges for which a given property holds between the two vertices of the edge. The metric with respect to a select node on the subgraph is defined as the likelihood that the select node is reachable from another arbitrary nodemore » in the graph. This metric can be calculated dynamically from the authorization and auditing layers during the network security authorization phase and will potentially enable predictive deterrence against attacks such as PTH.« less

Attribution, Delayed Attribution and Covert Cyber-Attack: Under what Conditions should the United States Publicly Acknowledge Responsibility for Cyber Operations?

DTIC Science & Technology

2014-03-01

The IPv4 address space is exhausted and as a solution to IP scarcity, CG-NAT extends the useful life of the model by providing multiple users in a...FUNDING NUMBERS 6. AUTHOR(S) Wylie McDade 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS (ES) Naval Postgraduate School Monterey, CA 93943...5000 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING /MONITORING AGENCY NAME(S) AND ADDRESS (ES) N/A 10. SPONSORING/MONITORING

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

Medical Differential Diagnosis (MDD) as the Architectural Framework for a Knowledge Model: A Vulnerability Detection and Threat Identification Methodology for Cyber-Crime and Cyber-Terrorism

ERIC Educational Resources Information Center

Conley-Ware, Lakita D.

2010-01-01

This research addresses a real world cyberspace problem, where currently no cross industry standard methodology exists. The goal is to develop a model for identification and detection of vulnerabilities and threats of cyber-crime or cyber-terrorism where cyber-technology is the vehicle to commit the criminal or terrorist act (CVCT). This goal was…

Cyberbullying Among Greek High School Adolescents.

PubMed

Gkiomisi, Athanasia; Gkrizioti, Maria; Gkiomisi, Athina; Anastasilakis, Dimitrios A; Kardaras, Panagiotis

2017-05-01

To investigate the presence of cyberbullying among Greek students and the efficacy of proposed preventive interventions. Three types of high schools (private, experimental and public) with different politics on on-line aggression were enrolled. All students of the aforementioned schools were asked to complete an anonymous questionnaire. Around 62 % of the high school students experienced cyberbullying by electronic means, especially by cell phone, mostly the public school students (p 0.008). The bully was a stranger in more than 40 % of the cases. Over 60 % of the victims had not seeked help but dealt with the attack on their own. Only 20 % of the victims manifested sleep or eating disorders, physical/ psychological symptoms or changes in their social life as a consequence of the cyber-attack. Cyberbullying is a usual phenomenon among high school students. The bully is frequently unacquainted to the victim. Most of the victims are not physically or psychologically affected by the cyber-attack and do not share the event with anyone. There was a slight difference in the response of the students to cyberbullying among the different school politics of on-line aggression.

Game Theory for Proactive Dynamic Defense and Attack Mitigation in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Letchford, Joshua

While there has been a great deal of security research focused on preventing attacks, there has been less work on how one should balance security and resilience investments. In this work we developed and evaluated models that captured both explicit defenses and other mitigations that reduce the impact of attacks. We examined these issues both in more broadly applicable general Stackelberg models and in more specific network and power grid settings. Finally, we compared these solutions to existing work in terms of both solution quality and computational overhead.

Secure Multiparty Computation for Cooperative Cyber Risk Assessment

DTIC Science & Technology

2016-11-01

the scope of data available; the more attacks that are represented in the dataset the easier it will be to determine which vulnerabilities are most...assessments by pooling their data, as a dataset that covers the infrastructure of multiple institutions would allow each of them to account for...attacks that others had experienced [4]. Sharing information to produce a broad dataset would greatly improve the ability of each organization involved to

Extended Deterrence and Allied Assurance: Key Concepts and Current Challenges for U.S. Policy

DTIC Science & Technology

2013-09-01

include adversary nuclear forces and stockpiles) in the pre- satellite era required a strategy using large numbers of bombers, large numbers of...radar and sensor capabilities related to TMD, activities Canberra considered important to “bolstering 59 the [U.S.-Australia] alliance.” 146 In...external attack; with potential adversaries developing anti- satellite 90 capabilities, and conducting cyber incursions and attacks against U.S. and

ART OF THE POSSIBLE: SECURING AIR FORCE SPACE COMMAND MISSION SYSTEMS FOR THE WARFIGHTER

DTIC Science & Technology

2016-10-23

Initiation (Adversarial)…….…17 Table 2. Assessment Scale-Likelihood of Threat Event Occurrence ( Non -Adversarial).17 Table 3. Assessment Scale...action to thwart the attacks from adversarial nation states and non -state actors alike. While there are numerous cybersecurity concerns, or non ...compliant cybersecurity controls across all weapon systems, not all non -compliant controls contribute equally to the cyber-attack surface and overall

The Cyber Security Crisis

ScienceCinema

Spafford, Eugene

2018-05-11

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight into causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'

78 FR 9951 - Excepted Service

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-12

...) Not to exceed 3000 positions that require unique cyber security skills and knowledge to perform cyber..., distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture...

Cyber Security: Big Data Think II Working Group Meeting

NASA Technical Reports Server (NTRS)

Hinke, Thomas; Shaw, Derek

2015-01-01

This presentation focuses on approaches that could be used by a data computation center to identify attacks and ensure malicious code and backdoors are identified if planted in system. The goal is to identify actionable security information from the mountain of data that flows into and out of an organization. The approaches are applicable to big data computational center and some must also use big data techniques to extract the actionable security information from the mountain of data that flows into and out of a data computational center. The briefing covers the detection of malicious delivery sites and techniques for reducing the mountain of data so that intrusion detection information can be useful, and not hidden in a plethora of false alerts. It also looks at the identification of possible unauthorized data exfiltration.

75 FR 9622 - Southern Nuclear Operating Company, Inc.; Vogtle Electric Generating Plant, Units 1 and 2; Exemption

Federal Register 2010, 2011, 2012, 2013, 2014

2010-03-03

... requirements similar to those previously imposed by Commission orders issued after the terrorist attacks of... Security Plan, Training and Qualification Plan, Safeguards Contingency Plan, and Cyber Security Plan...

Effects of Motivation: Rewarding Hackers for Undetected Attacks Cause Analysts to Perform Poorly.

PubMed

Maqbool, Zahid; Makhijani, Nidhi; Pammi, V S Chandrasekhar; Dutt, Varun

2017-05-01

The aim of this study was to determine how monetary motivations influence decision making of humans performing as security analysts and hackers in a cybersecurity game. Cyberattacks are increasing at an alarming rate. As cyberattacks often cause damage to existing cyber infrastructures, it is important to understand how monetary rewards may influence decision making of hackers and analysts in the cyber world. Currently, only limited attention has been given to this area. In an experiment, participants were randomly assigned to three between-subjects conditions ( n = 26 for each condition): equal payoff, where the magnitude of monetary rewards for hackers and defenders was the same; rewarding hacker, where the magnitude of monetary reward for hacker's successful attack was 10 times the reward for analyst's successful defense; and rewarding analyst, where the magnitude of monetary reward for analyst's successful defense was 10 times the reward for hacker's successful attack. In all conditions, half of the participants were human hackers playing against Nash analysts and half were human analysts playing against Nash hackers. Results revealed that monetary rewards for human hackers and analysts caused a decrease in attack and defend actions compared with the baseline. Furthermore, rewarding human hackers for undetected attacks made analysts deviate significantly from their optimal behavior. If hackers are rewarded for their undetected attack actions, then this causes analysts to deviate from optimal defend proportions. Thus, analysts need to be trained not become overenthusiastic in defending networks. Applications of our results are to networks where the influence of monetary rewards may cause information theft and system damage.

Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

PubMed

Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

2017-05-01

This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense

NASA Astrophysics Data System (ADS)

Spafford, Eugene H.

The number and sophistication of cyberattacks continues to increase, but no national policy is in place to confront them. Critical systems need to be built on secure foundations, rather than the cheapest general-purpose platform. A program that combines education in cyber security, increasing resources for law enforcement, development of reliable systems for critical applications, and expanding research support in multiple areas of security and reliability is essential to combat risks that are far beyond the nuisances of spam email and viruses, and involve widespread espionage, theft, and attacks on essential services.

How to Improve the ROK and U.S. Military Alliance Against North Korea’s Threats to Cyberspace: Lessons From NATO’s Defense Cooperation

DTIC Science & Technology

2017-12-01

For instance, when Unit 121 created a supercomputer for decryption and encryption efforts by combining imported high -end qualified computers, Kim...developed and undeveloped countries, but the cyber-attacks by North Korea can double the effect by inflaming psychological fears when combined with other...lessons that the ROK and U.S. alliance can glean from NATO’s cyber cooperation. To maintain the balance of power with the ROK, North Korea has

Defensive Cyber Battle Damage Assessment Through Attack Methodology Modeling

DTIC Science & Technology

2011-03-25

ASL Creation ............................................................... 68 3.3.4. Evidence Evaluation and EML Creation...90 4.2.3. COA Analysis and ASL Creation ............................................................... 92 4.2.4. Evidence Evaluation and EML ...Evidence Evaluation and EML Creation. .................................................... 70 18. DCBDA Forensic Analysis

Sony’s Nightmare before Christmas: The 2014 North Korean Cyber Attack on Sony and Lessons for US Government Actions in Cyberspace

DTIC Science & Technology

2018-02-01

4,  2014), http://www.businessinsider.com/ experts-the-sony-hack-looks-a-lot-like-previous-attacks-on- south-korea-2014-12. 39 Kim Zetter, “Logic Bomb ...Set Off South Korea Cyberattack,” Wired (March 21, 2013), https://www.wired.com/2013/03/logic- bomb -south-korea-attack/. 40 Brian Krebs, “The Case...Agency (March  21,  2013), http://english.yonhapnews.co.kr/ national/2013/03/21/55/0302000000AEN20130321003552315F. HTML. 47 Kim Zetter, “Logic Bomb

The Cyber Security Crisis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Spafford, Eugene

2006-05-10

Despite considerable activity and attention, the overall state of information security continues to get worse. Attacks are increasing, fraud and theft are rising, and losses may exceed $100 billion per year worldwide. Many factors contribute to this, including misplaced incentives for industry, a lack of attention by government, ineffective law enforcement, and an uninformed image of who the perpetrators really are. As a result, many of the intended attempts at solutions are of limited (if any) overall effectiveness. This presentation will illustrate some key aspects of the cyber security problem and its magnitude, as well as provide some insight intomore » causes and enabling factors. The talk will conclude with some observations on how the computing community can help improve the situation, as well as some suggestions for 'cyber self-defense.'« less

Statistical Models for Predicting Threat Detection From Human Behavior

PubMed Central

Kelley, Timothy; Amon, Mary J.; Bertenthal, Bennett I.

2018-01-01

Users must regularly distinguish between secure and insecure cyber platforms in order to preserve their privacy and safety. Mouse tracking is an accessible, high-resolution measure that can be leveraged to understand the dynamics of perception, categorization, and decision-making in threat detection. Researchers have begun to utilize measures like mouse tracking in cyber security research, including in the study of risky online behavior. However, it remains an empirical question to what extent real-time information about user behavior is predictive of user outcomes and demonstrates added value compared to traditional self-report questionnaires. Participants navigated through six simulated websites, which resembled either secure “non-spoof” or insecure “spoof” versions of popular websites. Websites also varied in terms of authentication level (i.e., extended validation, standard validation, or partial encryption). Spoof websites had modified Uniform Resource Locator (URL) and authentication level. Participants chose to “login” to or “back” out of each website based on perceived website security. Mouse tracking information was recorded throughout the task, along with task performance. After completing the website identification task, participants completed a questionnaire assessing their security knowledge and degree of familiarity with the websites simulated during the experiment. Despite being primed to the possibility of website phishing attacks, participants generally showed a bias for logging in to websites versus backing out of potentially dangerous sites. Along these lines, participant ability to identify spoof websites was around the level of chance. Hierarchical Bayesian logistic models were used to compare the accuracy of two-factor (i.e., website security and encryption level), survey-based (i.e., security knowledge and website familiarity), and real-time measures (i.e., mouse tracking) in predicting risky online behavior during phishing attacks. Participant accuracy in identifying spoof and non-spoof websites was best captured using a model that included real-time indicators of decision-making behavior, as compared to two-factor and survey-based models. Findings validate three widely applicable measures of user behavior derived from mouse tracking recordings, which can be utilized in cyber security and user intervention research. Survey data alone are not as strong at predicting risky Internet behavior as models that incorporate real-time measures of user behavior, such as mouse tracking. PMID:29713296

Cyberterrorism: is the U.S. healthcare system safe?

PubMed

Harries, David; Yellowlees, Peter M

2013-01-01

The Internet has brought with it many benefits; key among them has been its ability to allow the expansion of communication and transfer of all kinds of information throughout the U.S. healthcare system. As a consequence, healthcare has become increasingly dependent on the activities carried out in that environment. It is this very dependence that increases the likelihood of individuals or organizations conducting activities through the Internet that will cause physical and/or psychological harm. These activities have become known by the term "cyberterrorism." In the healthcare landscape this can appear in a variety of forms, such as bringing down a hospital computer system or publicly revealing private medical records. Whatever shape it takes, the general effects are the same: patient care is compromised, and trust in the health system is diminished. Fortunately no significant cyber attack has been successfully launched against a U.S. healthcare organization to date. However, there is evidence to suggest that cyber threats are increasing and that much of the U.S. healthcare system is ill equipped to deal with them. Securing cyberspace is not an easy proposition as the threats are constantly changing, and recognizing that cyberterrorism should be part of a broader information technology risk management strategy, there are several"best practices" that can be adopted by healthcare organizations to protect themselves against cyber attacks.

Including Internet insurance as part of a hospital computer network security plan.

PubMed

Riccardi, Ken

2002-01-01

Cyber attacks on a hospital's computer network is a new crime to be reckoned with. Should your hospital consider internet insurance? The author explains this new phenomenon and presents a risk assessment for determining network vulnerabilities.

Cyberspace Superiority: A Conceptual Model

DTIC Science & Technology

2013-12-01

must also note that the cyberspace superiority discussed here has to do with conflicts between nation-states. Although “hacktivists” and cyber ... criminals utilize some of the same tools and techniques as nation-state attackers, they have fundamentally different objectives, and their operations are

A Statistical Framework for Analyzing Cyber Threats

DTIC Science & Technology

defender cares most about the attacks against certain ports or services). The grey-box statistical framework formulates a new methodology of Cybersecurity ...the design of prediction models. Our research showed that the grey-box framework is effective in predicting cybersecurity situational awareness.

Synchrophasor Data Correction under GPS Spoofing Attack: A State Estimation Based Approach

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fan, Xiaoyuan; Du, Liang; Duan, Dongliang

GPS spoofing attack (GSA) has been shown to be one of the most imminent threats to almost all cyber-physical systems incorporated with the civilian GPS signal. Specifically, for our current agenda of the modernization of the power grid, this may greatly jeopardize the benefits provided by the pervasively installed phasor measurement units (PMU). In this study, we consider the case where synchrophasor data from PMUs are compromised due to the presence of a single GSA, and show that it can be corrected by signal processing techniques. In particular, we introduce a statistical model for synchrophasorbased power system state estimation (SE),more » and then derive the spoofing-matched algorithms for synchrophasor data correction against GPS spoofing attack. Different testing scenarios in IEEE 14-, 30-, 57-, 118-bus systems are simulated to show the proposed algorithms’ performance on GSA detection and state estimation. Numerical results demonstrate that our proposed algorithms can consistently locate and correct the spoofed synchrophasor data with good accuracy as long as the system observability is satisfied. Finally, the accuracy of state estimation is significantly improved compared with the traditional weighted least square method and approaches the performance under the Genie-aided method.« less

Synchrophasor Data Correction under GPS Spoofing Attack: A State Estimation Based Approach

DOE PAGES

Fan, Xiaoyuan; Du, Liang; Duan, Dongliang

2017-02-01

GPS spoofing attack (GSA) has been shown to be one of the most imminent threats to almost all cyber-physical systems incorporated with the civilian GPS signal. Specifically, for our current agenda of the modernization of the power grid, this may greatly jeopardize the benefits provided by the pervasively installed phasor measurement units (PMU). In this study, we consider the case where synchrophasor data from PMUs are compromised due to the presence of a single GSA, and show that it can be corrected by signal processing techniques. In particular, we introduce a statistical model for synchrophasorbased power system state estimation (SE),more » and then derive the spoofing-matched algorithms for synchrophasor data correction against GPS spoofing attack. Different testing scenarios in IEEE 14-, 30-, 57-, 118-bus systems are simulated to show the proposed algorithms’ performance on GSA detection and state estimation. Numerical results demonstrate that our proposed algorithms can consistently locate and correct the spoofed synchrophasor data with good accuracy as long as the system observability is satisfied. Finally, the accuracy of state estimation is significantly improved compared with the traditional weighted least square method and approaches the performance under the Genie-aided method.« less

Support to Civil Authorities: Protecting the Homeland Newsletter, Number 10-52, July 2010

DTIC Science & Technology

2010-07-01

terrorists from getting into position to attack.2 The United States has approximately 7,612 miles of land boundaries and 19,924 miles of coastline in...subversive acts. The nation’s newest borders, which are neither land nor sea, may be the most vulnerable to transnational threats. Cyber borders...attack, the Federal Aviation Administration, for the first time in U.S. history, shut down the nation’s airspace, ordering all airborne planes to land

Competitive Cyber-Insurance and Internet Security

NASA Astrophysics Data System (ADS)

Shetty, Nikhil; Schwartz, Galina; Felegyhazi, Mark; Walrand, Jean

This paper investigates how competitive cyber-insurers affect network security and welfare of the networked society. In our model, a user's probability to incur damage (from being attacked) depends on both his security and the network security, with the latter taken by individual users as given. First, we consider cyberinsurers who cannot observe (and thus, affect) individual user security. This asymmetric information causes moral hazard. Then, for most parameters, no equilibrium exists: the insurance market is missing. Even if an equilibrium exists, the insurance contract covers only a minor fraction of the damage; network security worsens relative to the no-insurance equilibrium. Second, we consider insurers with perfect information about their users' security. Here, user security is perfectly enforceable (zero cost); each insurance contract stipulates the required user security. The unique equilibrium contract covers the entire user damage. Still, for most parameters, network security worsens relative to the no-insurance equilibrium. Although cyber-insurance improves user welfare, in general, competitive cyber-insurers fail to improve network security.

Assessment of current cybersecurity practices in the public domain : cyber indications and warnings domain.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hamlet, Jason R.; Keliiaa, Curtis M.

This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes thatmore » may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.« less

Security of Electronic Voting in the United States

DOE PAGES

King, Charity; Thompson, Michael

2016-10-20

In the midst of numerous high-profile cyber-attacks, the US is considering whether to categorize the US electronic voting system as “critical infrastructure”, to be protected and invested in much the same way as the US power grid or waterways.

MINIMIZING THE VULNERABILITY OF WATER SUPPLIES TO NATURAL AND TERRORIST THREATS

EPA Science Inventory

There is increasing concern that drinking water utilities may be vulnerable to attacks by terrorists. In the US the President's Commission on Critical Infrastructure Protection has concluded the US drinking water utilities are vulnerable to physical, cyber and biological terroris...

A framework for analyzing the impact of data integrity/quality on electricity market operations

NASA Astrophysics Data System (ADS)

Choi, Dae Hyun

This dissertation examines the impact of data integrity/quality in the supervisory control and data acquisition (SCADA) system on real-time locational marginal price (LMP) in electricity market operations. Measurement noise and/or manipulated sensor errors in a SCADA system may mislead system operators about real-time conditions in a power system, which, in turn, may impact the price signals in real-time power markets. This dissertation serves as a first attempt to analytically investigate the impact of bad/malicious data on electric power market operations. In future power system operations, which will probably involve many more sensors, the impact of sensor data integrity/quality on grid operations will become increasingly important. The first part of this dissertation studies from a market participant's perspective a new class of malicious data attacks on state estimation, which subsequently influences the result of the newly emerging look-ahead dispatch models in the real-time power market. In comparison with prior work of cyber-attack on static dispatch where no inter-temporal ramping constraint is considered, we propose a novel attack strategy, named ramp-induced data (RID) attack, with which the attacker can manipulate the limits of ramp constraints of generators in look-ahead dispatch. It is demonstrated that the proposed attack can lead to financial profits via malicious capacity withholding of selected generators, while being undetected by the existing bad data detection algorithm embedded in today's state estimation software. In the second part, we investigate from a system operator's perspective the sensitivity of locational marginal price (LMP) with respect to data corruption-induced state estimation error in real-time power market. Two data corruption scenarios are considered, in which corrupted continuous data (e.g., the power injection/flow and voltage magnitude) falsify power flow estimate whereas corrupted discrete data (e.g., the on/off status of a circuit breaker) do network topology estimate, thus leading to the distortion of LMP. We present an analytical framework to quantify real-time LMP sensitivity subject to continuous and discrete data corruption via state estimation. The proposed framework offers system operators an analytical tool to identify economically sensitive buses and transmission lines to data corruption as well as find sensors that impact LMP changes significantly. This dissertation serves as a first step towards rigorous understanding of the fundamental coupling among cyber, physical and economical layers of operations in future smart grid.

Real-Time SCADA Cyber Protection Using Compression Techniques

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lyle G. Roybal; Gordon H Rueff

2013-11-01

The Department of Energy’s Office of Electricity Delivery and Energy Reliability (DOE-OE) has a critical mission to secure the energy infrastructure from cyber attack. Through DOE-OE’s Cybersecurity for Energy Delivery Systems (CEDS) program, the Idaho National Laboratory (INL) has developed a method to detect malicious traffic on Supervisory, Control, and Data Acquisition (SCADA) network using a data compression technique. SCADA network traffic is often repetitive with only minor differences between packets. Research performed at the INL showed that SCADA network traffic has traits desirable for using compression analysis to identify abnormal network traffic. An open source implementation of a Lempel-Ziv-Welchmore » (LZW) lossless data compression algorithm was used to compress and analyze surrogate SCADA traffic. Infected SCADA traffic was found to have statistically significant differences in compression when compared against normal SCADA traffic at the packet level. The initial analyses and results are clearly able to identify malicious network traffic from normal traffic at the packet level with a very high confidence level across multiple ports and traffic streams. Statistical differentiation between infected and normal traffic level was possible using a modified data compression technique at the 99% probability level for all data analyzed. However, the conditions tested were rather limited in scope and need to be expanded into more realistic simulations of hacking events using techniques and approaches that are better representative of a real-world attack on a SCADA system. Nonetheless, the use of compression techniques to identify malicious traffic on SCADA networks in real time appears to have significant merit for infrastructure protection.« less

The European cooperative approach to securing critical information infrastructure.

PubMed

Purser, Steve

2011-10-01

This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.

Action Recommendation for Cyber Resilience

DOE Office of Scientific and Technical Information (OSTI.GOV)

Choudhury, Sutanay; Rodriguez, Luke R.; Curtis, Darren S.

2015-09-01

This paper presents an unifying graph-based model for representing the infrastructure, behavior and missions of an enterprise. We describe how the model can be used to achieve resiliency against a wide class of failures and attacks. We introduce an algorithm for recommending resilience establishing actions based on dynamic updates to the models. Without loss of generality, we show the effectiveness of the algorithm for preserving latency based quality of service (QoS). Our models and the recommendation algorithms are implemented in a software framework that we seek to release as an open source framework for simulating resilient cyber systems.

CYBER SUPPLY CHAIN SECURITY: CAN THE BACKDOOR BE CLOSED WITH TRUSTED DESIGN, MANUFACTURING AND SUPPLY

DTIC Science & Technology

2016-08-01

components from making it into DoD systems. The benefits of trusted design and manufacturing would likely cost more, but would confidently minimize DoD...compromise products too high for an attacker. If the costs and effort needed are greater than the benefit to conduct an attack, malicious actors are...simplicity may be a better approach. While there are potential benefits to built-in hardware and software security, there may be just as many

Increasing Effectiveness of U.S. Counterintelligence: Domestic and International Micro-Restructuring Initiatives to Mitigate Cyberespionage

DTIC Science & Technology

2012-06-01

keys: Data Breach at the Pentagon’s Largest Supplier,” ITNEWS (30 May 2011). 116 Christopher Drew and John Markoff, “ Data Breach at Security Firm...117 Drew and Markoff, “ Data Breach at Security Firm Linked to Attack on Lockheed Martin.” 118 Hjortdal, “China’s Use of Cyber...John Markoff. “ Data Breach at Security Firm Linked to Attack on Lockheed Martin.” The New York Times, 27 May 2011. http://www.nytimes.com/2011/05/28

Cyber Forensics Ontology for Cyber Criminal Investigation

NASA Astrophysics Data System (ADS)

Park, Heum; Cho, Sunho; Kwon, Hyuk-Chul

We developed Cyber Forensics Ontology for the criminal investigation in cyber space. Cyber crime is classified into cyber terror and general cyber crime, and those two classes are connected with each other. The investigation of cyber terror requires high technology, system environment and experts, and general cyber crime is connected with general crime by evidence from digital data and cyber space. Accordingly, it is difficult to determine relational crime types and collect evidence. Therefore, we considered the classifications of cyber crime, the collection of evidence in cyber space and the application of laws to cyber crime. In order to efficiently investigate cyber crime, it is necessary to integrate those concepts for each cyber crime-case. Thus, we constructed a cyber forensics domain ontology for criminal investigation in cyber space, according to the categories of cyber crime, laws, evidence and information of criminals. This ontology can be used in the process of investigating of cyber crime-cases, and for data mining of cyber crime; classification, clustering, association and detection of crime types, crime cases, evidences and criminals.

The Megabyte Will Always Get Through

DTIC Science & Technology

2012-05-17

Curry , the commander of the Army Air Forces Tactical School, wanted the school at Maxwell Field to be a “clearing house where tactical ideas can flow...intelligence, spy satellites, drone aircraft, and manned bombers, could identify the target. This cyber attack once more demonstrated “the

Multiple hypothesis tracking for the cyber domain

NASA Astrophysics Data System (ADS)

Schwoegler, Stefan; Blackman, Sam; Holsopple, Jared; Hirsch, Michael J.

2011-09-01

This paper discusses how methods used for conventional multiple hypothesis tracking (MHT) can be extended to domain-agnostic tracking of entities from non-kinematic constraints such as those imposed by cyber attacks in a potentially dense false alarm background. MHT is widely recognized as the premier method to avoid corrupting tracks with spurious data in the kinematic domain but it has not been extensively applied to other problem domains. The traditional approach is to tightly couple track maintenance (prediction, gating, filtering, probabilistic pruning, and target confirmation) with hypothesis management (clustering, incompatibility maintenance, hypothesis formation, and Nassociation pruning). However, by separating the domain specific track maintenance portion from the domain agnostic hypothesis management piece, we can begin to apply the wealth of knowledge gained from ground and air tracking solutions to the cyber (and other) domains. These realizations led to the creation of Raytheon's Multiple Hypothesis Extensible Tracking Architecture (MHETA). In this paper, we showcase MHETA for the cyber domain, plugging in a well established method, CUBRC's INFormation Engine for Real-time Decision making, (INFERD), for the association portion of the MHT. The result is a CyberMHT. We demonstrate the power of MHETA-INFERD using simulated data. Using metrics from both the tracking and cyber domains, we show that while no tracker is perfect, by applying MHETA-INFERD, advanced nonkinematic tracks can be captured in an automated way, perform better than non-MHT approaches, and decrease analyst response time to cyber threats.

Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection.

PubMed

Al-Jarrah, Omar Y; Alhussein, Omar; Yoo, Paul D; Muhaidat, Sami; Taha, Kamal; Kim, Kwangjo

2016-08-01

Botnets, which consist of remotely controlled compromised machines called bots, provide a distributed platform for several threats against cyber world entities and enterprises. Intrusion detection system (IDS) provides an efficient countermeasure against botnets. It continually monitors and analyzes network traffic for potential vulnerabilities and possible existence of active attacks. A payload-inspection-based IDS (PI-IDS) identifies active intrusion attempts by inspecting transmission control protocol and user datagram protocol packet's payload and comparing it with previously seen attacks signatures. However, the PI-IDS abilities to detect intrusions might be incapacitated by packet encryption. Traffic-based IDS (T-IDS) alleviates the shortcomings of PI-IDS, as it does not inspect packet payload; however, it analyzes packet header to identify intrusions. As the network's traffic grows rapidly, not only the detection-rate is critical, but also the efficiency and the scalability of IDS become more significant. In this paper, we propose a state-of-the-art T-IDS built on a novel randomized data partitioned learning model (RDPLM), relying on a compact network feature set and feature selection techniques, simplified subspacing and a multiple randomized meta-learning technique. The proposed model has achieved 99.984% accuracy and 21.38 s training time on a well-known benchmark botnet dataset. Experiment results demonstrate that the proposed methodology outperforms other well-known machine-learning models used in the same detection task, namely, sequential minimal optimization, deep neural network, C4.5, reduced error pruning tree, and randomTree.

Using Machine Learning in Adversarial Environments.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Warren Leon Davis

Intrusion/anomaly detection systems are among the first lines of cyber defense. Commonly, they either use signatures or machine learning (ML) to identify threats, but fail to account for sophisticated attackers trying to circumvent them. We propose to embed machine learning within a game theoretic framework that performs adversarial modeling, develops methods for optimizing operational response based on ML, and integrates the resulting optimization codebase into the existing ML infrastructure developed by the Hybrid LDRD. Our approach addresses three key shortcomings of ML in adversarial settings: 1) resulting classifiers are typically deterministic and, therefore, easy to reverse engineer; 2) ML approachesmore » only address the prediction problem, but do not prescribe how one should operationalize predictions, nor account for operational costs and constraints; and 3) ML approaches do not model attackers’ response and can be circumvented by sophisticated adversaries. The principal novelty of our approach is to construct an optimization framework that blends ML, operational considerations, and a model predicting attackers reaction, with the goal of computing optimal moving target defense. One important challenge is to construct a realistic model of an adversary that is tractable, yet realistic. We aim to advance the science of attacker modeling by considering game-theoretic methods, and by engaging experimental subjects with red teaming experience in trying to actively circumvent an intrusion detection system, and learning a predictive model of such circumvention activities. In addition, we will generate metrics to test that a particular model of an adversary is consistent with available data.« less

Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

DOE Office of Scientific and Technical Information (OSTI.GOV)

Czejdo, Bogdan; Ferragut, Erik M; Goodall, John R

2012-01-01

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describemore » the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.« less

Government Certification and Accreditation: Make a Choice

ERIC Educational Resources Information Center

Miles, Tracy L.

2009-01-01

One of the most significant challenges faced by government officials today is securing information systems to make them more resilient to attack from increasingly complex challenges from cyber-criminals, state-sponsored groups, and other threats. Over the years, the federal government has developed and implemented Certification and Accreditation…

Relationship between Corporate Governance and Information Security Governance Effectiveness in United States Corporations

ERIC Educational Resources Information Center

Davis, Robert E.

2017-01-01

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing…

Theoretical and Experimental Investigation of Opinion Dynamics in Small Social Networks

DTIC Science & Technology

2016-07-01

Sciences, Social Informatics and Telecommunications Engineering 2013 96 M. Gabbay described. Section 4 illustrates the application of the methodology...group of cyber terrorists has already gained access to multiple computers. The attack will attempt to disrupt and destroy a large oil refinery; at

Education and the Degree of Data Security

ERIC Educational Resources Information Center

Spears, Phillip Dewitt

2013-01-01

New technology development has researchers inundated with a plethora of data security issues linked to cyber attacks and hackers' ability to transmogrify their techniques. The present research focused on the information technology managing officers' (ITMOs') level of education, size of organization, organization's industry, and effect they have on…

Defense strategies for cloud computing multi-site server infrastructures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S.; Ma, Chris Y. T.; He, Fei

We consider cloud computing server infrastructures for big data applications, which consist of multiple server sites connected over a wide-area network. The sites house a number of servers, network elements and local-area connections, and the wide-area network plays a critical, asymmetric role of providing vital connectivity between them. We model this infrastructure as a system of systems, wherein the sites and wide-area network are represented by their cyber and physical components. These components can be disabled by cyber and physical attacks, and also can be protected against them using component reinforcements. The effects of attacks propagate within the systems, andmore » also beyond them via the wide-area network.We characterize these effects using correlations at two levels using: (a) aggregate failure correlation function that specifies the infrastructure failure probability given the failure of an individual site or network, and (b) first-order differential conditions on system survival probabilities that characterize the component-level correlations within individual systems. We formulate a game between an attacker and a provider using utility functions composed of survival probability and cost terms. At Nash Equilibrium, we derive expressions for the expected capacity of the infrastructure given by the number of operational servers connected to the network for sum-form, product-form and composite utility functions.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Alfonso Valdes

This report summarizes Detection and Analysis of Threats to the Energy Sector (DATES), a project sponsored by the United States Department of Energy and performed by a team led by SRI International, with collaboration from Sandia National Laboratories, ArcSight, Inc., and Invensys Process Systems. DATES sought to advance the state of the practice in intrusion detection and situational awareness with respect to cyber attacks in energy systems. This was achieved through adaptation of detection algorithms for process systems as well as development of novel anomaly detection techniques suited for such systems into a detection suite. These detection components, together withmore » third-party commercial security systems, were interfaced with the commercial Security Information Event Management (SIEM) solution from ArcSight. The efficacy of the integrated solution was demonstrated on two testbeds, one based on a Distributed Control System (DCS) from Invensys, and the other based on the Virtual Control System Environment (VCSE) from Sandia. These achievements advance the DOE Cybersecurity Roadmap [DOE2006] goals in the area of security monitoring. The project ran from October 2007 until March 2010, with the final six months focused on experimentation. In the validation phase, team members from SRI and Sandia coupled the two test environments and carried out a number of distributed and cross-site attacks against various points in one or both testbeds. Alert messages from the distributed, heterogeneous detection components were correlated using the ArcSight SIEM platform, providing within-site and cross-site views of the attacks. In particular, the team demonstrated detection and visualization of network zone traversal and denial-of-service attacks. These capabilities were presented to the DistribuTech Conference and Exhibition in March 2010. The project was hampered by interruption of funding due to continuing resolution issues and agreement on cost share for four months in 2008. This resulted in delays in finalizing agreements with commercial partners, and in particular the Invensys testbed was not installed until December 2008 (as opposed to the March 2008 plan). The project resulted in a number of conference presentations and publications, and was well received when presented at industry forums. In spite of some interest on the part of the utility sector, we were unfortunately not able to engage a utility for a full-scale pilot deployment.« less

Limiting Exposure to Medical Malpractice Claims and Defamatory Cyber Postings via Patient Contracts

PubMed Central

Segal, Jeffrey J.

2008-01-01

The documents patients sign on admission to a medical practice can constitute a legal contract. Medical practices around the country are attempting to use these documents as a prospective defense against medical malpractice claims. Protective contractual provisions are often attacked on grounds that they are legally void as a result of unconscionability. Widespread use of arbitration clauses have been met with mixed success. Arbitration clauses that limit damages available in medical negligence cases have been stricken in some states as having provisions that impose excessive entry costs on a patient starting the arbitration process. Other provisions relating to prequalification requirements for expert witnesses are now being used with increasing frequency. Clauses have even been placed in patient contracts that address cyber postings of adverse claims against physicians. Prospective patient contracts may be an effective means to limit exposure to medical malpractice lawsuits and to minimize defamatory cyber postings. PMID:19057975

Complex Failure Forewarning System - DHS Conference Proceedings

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Hively, Lee M; Prowell, Stacy J

2011-01-01

As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from disruption or failure of these networks has also increased. Securing the nation s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. A failure is inclusive of random events, design flaws, and instabilities caused by cyber (and/or physical) attack. One such domain, aging bridges, is used to explain the Complex Structure Failure Forewarning System. We discuss the workings ofmore » such a system in the context of the necessary sensors, command and control and data collection as well as the cyber security efforts that would support this system. Their application and the implications of this computing architecture are also discussed, with respect to our nation s aging infrastructure.« less

Forewarning of Failure in Complex Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Hively, Lee M; Prowell, Stacy J

2011-01-01

As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from disruption or failure of these networks has also increased. Securing the nation s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. A failure is inclusive of random events, design flaws, and instabilities caused by cyber (and/or physical) attack. One such domain is failure in critical equipment. A second is aging bridges. We discuss the workings of such amore » system in the context of the necessary sensors, command and control and data collection as well as the cyber security efforts that would support this system. Their application and the implications of this computing architecture are also discussed, with respect to our nation s aging infrastructure.« less

Limiting exposure to medical malpractice claims and defamatory cyber postings via patient contracts.

PubMed

Sacopulos, Michael; Segal, Jeffrey J

2009-02-01

The documents patients sign on admission to a medical practice can constitute a legal contract. Medical practices around the country are attempting to use these documents as a prospective defense against medical malpractice claims. Protective contractual provisions are often attacked on grounds that they are legally void as a result of unconscionability. Widespread use of arbitration clauses have been met with mixed success. Arbitration clauses that limit damages available in medical negligence cases have been stricken in some states as having provisions that impose excessive entry costs on a patient starting the arbitration process. Other provisions relating to prequalification requirements for expert witnesses are now being used with increasing frequency. Clauses have even been placed in patient contracts that address cyber postings of adverse claims against physicians. Prospective patient contracts may be an effective means to limit exposure to medical malpractice lawsuits and to minimize defamatory cyber postings.

A Survey on Cyber Security awareness among college students in Tamil Nadu

NASA Astrophysics Data System (ADS)

Senthilkumar, K.; Easwaramoorthy, Sathishkumar

2017-11-01

The aim of the study is to analyse the awareness of cyber security on college students in Tamil Nadu by focusing various security threats in the internet. In recent years cybercrime is an enormous challenge in all areas including national security, public safety and personal privacy. To prevent from a victim of cybercrime everyone must know about their own security and safety measures to protect by themselves. A well-structured questionnaire survey method will be applied to analyse the college student’s awareness in the area of cyber security. This survey will be going to conducted in major cities of Tamil Nadu by focusing various security threats like email, virus, phishing, fake advertisement, popup windows and other attacks in the internet. This survey examines the college students’ awareness and the level of awareness about the security issues and some suggestions are set forth to overcome these issues.

Civil Military Cooperation for Counterterrorism Operations within the United States

DTIC Science & Technology

2013-03-01

as well as the subsequent attempts to contaminate Americans with anthrax , dramatically exposed the nation’s vulnerabilities to domestic terrorism and...terrorism, natural disasters, large-scale cyber-attacks, and pandemics .”23 One of the primary concerns for the U.S. is the dangerous type of weapons that

Cyberwarfare on the Electricity Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Murarka, N.; Ramesh, V.C.

2000-03-20

The report analyzes the possibility of cyberwarfare on the electricity infrastructure. The ongoing deregulation of the electricity industry makes the power grid all the more vulnerable to cyber attacks. The report models the power system information system components, models potential threats and protective measures. It therefore offers a framework for infrastructure protection.

Superstorm Sandy: Implications For Designing A PostCyber Attack Power Restoration System

DTIC Science & Technology

2016-03-31

for such progress. Phillip Allison, “ Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems: Building Security into Your Industrial...TechSvcs/Multi-stateFleetResponseWorkshopReport-02-21-13.pdf. Allison, Phillip. “ Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

Protecting the Oblivious

ERIC Educational Resources Information Center

Ramaswami, Rama

2008-01-01

When it comes to dealing with cyber attacks, there's no silver bullet. Ironically, however, college educators are already accustomed to wielding what may be the best weapon of all--education. Assaulted by the myriad species of spam, worms, Trojan horses, spyware, viruses, and other diseases that so easily infect and sometimes devastate campus…

A 5TH GENERATION FIGHTER FOR BELGIUM:LUXURY OR NECESSITY

DTIC Science & Technology

2016-02-16

violence to assert power. Overall, 3 we see threats, old and new, from piracy to terrorism to cyber-attacks. Based on these increased threats, NATO...share information seamlessly and contribute to a Common Operating Picture ( COP ). This construct will balance speed with accuracy to deliver the

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2010 CFR

2010-01-01

... (iii) A land vehicle bomb assault, which may be coordinated with an external assault; and (iv) A waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack...-carried equipment; and (ii) An internal threat; and (iii) A land vehicle bomb assault, which may be...

Energy Systems Integration News | Energy Systems Integration Facility |

Science.gov Websites

data analytics and forecasting methods to identify correlations between electricity consumption threats, or cyber and physical attacks-our nation's electricity grid must evolve. As part of the Grid other national labs, and several industry partners-to advance resilient electricity distribution systems

To amend the Federal Power Act to provide additional authorities to adequately protect the critical electric infrastructure against cyber attack, and for other purposes.

THOMAS, 111th Congress

Rep. Thompson, Bennie G. [D-MS-2

2009-04-30

House - 05/26/2009 Referred to the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Assessing the Effect of Honeypots on Cyber-Attackers

DTIC Science & Technology

2006-12-01

provide a process for modeling threats and decision cycles. The third to fifth sections provide the history and overview of honeypots and anti-honeypot...XP Professional with SP2 Data Capture (SUSE Linux 10) Primary Goal Store Snort Data Storage PostgreSQL 8.1.1 Fake Self-contained Honeynet (SUSE

DOE Office of Scientific and Technical Information (OSTI.GOV)

Billings, Jay J.; Bonior, Jason D.; Evans, Philip G.

Securely transferring timing information in the electrical grid is a critical component of securing the nation's infrastructure from cyber attacks. One solution to this problem is to use quantum information to securely transfer the timing information across sites. This software provides such an infrastructure using a standard Java webserver that pulls the quantum information from associated hardware.

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

On localization attacks against cloud infrastructure

NASA Astrophysics Data System (ADS)

Ge, Linqiang; Yu, Wei; Sistani, Mohammad Ali

2013-05-01

One of the key characteristics of cloud computing is the device and location independence that enables the user to access systems regardless of their location. Because cloud computing is heavily based on sharing resource, it is vulnerable to cyber attacks. In this paper, we investigate a localization attack that enables the adversary to leverage central processing unit (CPU) resources to localize the physical location of server used by victims. By increasing and reducing CPU usage through the malicious virtual machine (VM), the response time from the victim VM will increase and decrease correspondingly. In this way, by embedding the probing signal into the CPU usage and correlating the same pattern in the response time from the victim VM, the adversary can find the location of victim VM. To determine attack accuracy, we investigate features in both the time and frequency domains. We conduct both theoretical and experimental study to demonstrate the effectiveness of such an attack.

Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jim Alves-Foss

2011-08-01

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL providesmore » a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.« less

Centralized Offense, Decentralized Defense: Command and Control of Cyberspace

DTIC Science & Technology

2012-06-01

security hazard .”13 Cyber attack, which had already begun to be accepted as highly strategic in nature, was thought best placed in the hands of...distances was broadly limited to that of the fastest existing means of transportation.”11 Historically, that meant by horse, maybe a carrier pigeon , or the

Effective Management of Information Security and Privacy

ERIC Educational Resources Information Center

Anderson, Alicia

2006-01-01

No university seems immune to cyber attacks. For many universities, such events have served as wake-up calls to develop a comprehensive information security and privacy strategy. This is no simple task, however. It involves balancing a culture of openness with a need for security and privacy. Security and privacy are not the same, and the…

Dynamic Training Environments of the Future

DTIC Science & Technology

2008-03-13

for cyber attacks, espionage, & command and control  MMORPG used to generate revenue through the sale of in-game items for real-world currency...The video game is the new media in cyberspace, it can be used by us and it will be used against us The MMORPG is the emergence of a new society Types

Dynamic Attack Tree Tool for Risk Assessments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Black, Karl

2012-03-13

DATT enables interactive visualization, qualitative analysis and recording of cyber and other forms of risk. It facilitates dynamic risk-based approaches (as opposed to static compliance-based) to security and risk management in general. DATT allows decision makers to consistently prioritize risk mitigation strategies and quickly see where attention is most needed across the enterprise.

The Effect of a Workload-Preview on Task-Prioritization and Task-Performance

ERIC Educational Resources Information Center

Minotra, Dev

2012-01-01

With increased volume and sophistication of cyber attacks in recent years, maintaining situation awareness and effective task-prioritization strategy is critical to the task of cybersecurity analysts. However, high levels of mental-workload associated with the task of cybersecurity analyst's limits their ability to prioritize tasks.…

The Role of North American Aerospace Defense Command (NORAD) In Military Cyber Attack Warning

DTIC Science & Technology

2015-09-01

WARNING MISSIONS .....................................5  1.  Early North American Air Defense Warning ...................................5  2...BLANK xi LIST OF FIGURES Figure 1.   North American Distant Early Warning (DEW) Site. .......................................6  Figure 2.   Original... Early Warning (AEW) Aircraft .........................................11  Figure 7.   Headquarters NORAD and USNORTHCOM

Towards an Iterated Game Model with Multiple Adversaries in Smart-World Systems.

PubMed

He, Xiaofei; Yang, Xinyu; Yu, Wei; Lin, Jie; Yang, Qingyu

2018-02-24

Diverse and varied cyber-attacks challenge the operation of the smart-world system that is supported by Internet-of-Things (IoT) (smart cities, smart grid, smart transportation, etc.) and must be carefully and thoughtfully addressed before widespread adoption of the smart-world system can be fully realized. Although a number of research efforts have been devoted to defending against these threats, a majority of existing schemes focus on the development of a specific defensive strategy to deal with specific, often singular threats. In this paper, we address the issue of coalitional attacks, which can be launched by multiple adversaries cooperatively against the smart-world system such as smart cities. Particularly, we propose a game-theory based model to capture the interaction among multiple adversaries, and quantify the capacity of the defender based on the extended Iterated Public Goods Game (IPGG) model. In the formalized game model, in each round of the attack, a participant can either cooperate by participating in the coalitional attack, or defect by standing aside. In our work, we consider the generic defensive strategy that has a probability to detect the coalitional attack. When the coalitional attack is detected, all participating adversaries are penalized. The expected payoff of each participant is derived through the equalizer strategy that provides participants with competitive benefits. The multiple adversaries with the collusive strategy are also considered. Via a combination of theoretical analysis and experimentation, our results show that no matter which strategies the adversaries choose (random strategy, win-stay-lose-shift strategy, or even the adaptive equalizer strategy), our formalized game model is capable of enabling the defender to greatly reduce the maximum value of the expected average payoff to the adversaries via provisioning sufficient defensive resources, which is reflected by setting a proper penalty factor against the adversaries. In addition, we extend our game model and analyze the extortion strategy, which can enable one participant to obtain more payoff by extorting his/her opponents. The evaluation results show that the defender can combat this strategy by encouraging competition among the adversaries, and significantly suppress the total payoff of the adversaries via setting the proper penalty factor.

Towards an Iterated Game Model with Multiple Adversaries in Smart-World Systems †

PubMed Central

Yang, Xinyu; Yu, Wei; Lin, Jie; Yang, Qingyu

2018-01-01

Diverse and varied cyber-attacks challenge the operation of the smart-world system that is supported by Internet-of-Things (IoT) (smart cities, smart grid, smart transportation, etc.) and must be carefully and thoughtfully addressed before widespread adoption of the smart-world system can be fully realized. Although a number of research efforts have been devoted to defending against these threats, a majority of existing schemes focus on the development of a specific defensive strategy to deal with specific, often singular threats. In this paper, we address the issue of coalitional attacks, which can be launched by multiple adversaries cooperatively against the smart-world system such as smart cities. Particularly, we propose a game-theory based model to capture the interaction among multiple adversaries, and quantify the capacity of the defender based on the extended Iterated Public Goods Game (IPGG) model. In the formalized game model, in each round of the attack, a participant can either cooperate by participating in the coalitional attack, or defect by standing aside. In our work, we consider the generic defensive strategy that has a probability to detect the coalitional attack. When the coalitional attack is detected, all participating adversaries are penalized. The expected payoff of each participant is derived through the equalizer strategy that provides participants with competitive benefits. The multiple adversaries with the collusive strategy are also considered. Via a combination of theoretical analysis and experimentation, our results show that no matter which strategies the adversaries choose (random strategy, win-stay-lose-shift strategy, or even the adaptive equalizer strategy), our formalized game model is capable of enabling the defender to greatly reduce the maximum value of the expected average payoff to the adversaries via provisioning sufficient defensive resources, which is reflected by setting a proper penalty factor against the adversaries. In addition, we extend our game model and analyze the extortion strategy, which can enable one participant to obtain more payoff by extorting his/her opponents. The evaluation results show that the defender can combat this strategy by encouraging competition among the adversaries, and significantly suppress the total payoff of the adversaries via setting the proper penalty factor. PMID:29495291

SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gordon Rueff; Lyle Roybal; Denis Vollmer

2013-01-01

There is a significant need to protect the nation’s energy infrastructures from malicious actors using cyber methods. Supervisory, Control, and Data Acquisition (SCADA) systems may be vulnerable due to the insufficient security implemented during the design and deployment of these control systems. This is particularly true in older legacy SCADA systems that are still commonly in use. The purpose of INL’s research on the SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) project was to determine if and how data compression techniques could be used to identify and protect SCADA systems from cyber attacks. Initially, the concept was centered on howmore » to train a compression algorithm to recognize normal control system traffic versus hostile network traffic. Because large portions of the TCP/IP message traffic (called packets) are repetitive, the concept of using compression techniques to differentiate “non-normal” traffic was proposed. In this manner, malicious SCADA traffic could be identified at the packet level prior to completing its payload. Previous research has shown that SCADA network traffic has traits desirable for compression analysis. This work investigated three different approaches to identify malicious SCADA network traffic using compression techniques. The preliminary analyses and results presented herein are clearly able to differentiate normal from malicious network traffic at the packet level at a very high confidence level for the conditions tested. Additionally, the master dictionary approach used in this research appears to initially provide a meaningful way to categorize and compare packets within a communication channel.« less

Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Saha, Sudip; Vullinati, Anil K.; Halappanavar, Mahantesh

We investigate efficient security control methods for protecting against vulnerabilities in networked systems. A large number of interdependent vulnerabilities typically exist in the computing nodes of a cyber-system; as vulnerabilities get exploited, starting from low level ones, they open up the doors to more critical vulnerabilities. These cannot be understood just by a topological analysis of the network, and we use the attack graph abstraction of Dewri et al. to study these problems. In contrast to earlier approaches based on heuristics and evolutionary algorithms, we study rigorous methods for quantifying the inherent vulnerability and hardening cost for the system. Wemore » develop algorithms with provable approximation guarantees, and evaluate them for real and synthetic attack graphs.« less

INL Control System Situational Awareness Technology Final Report 2013

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gordon Rueff; Bryce Wheeler; Todd Vollmer

The Situational Awareness project is a comprehensive undertaking of Idaho National Laboratory (INL) in an effort to produce technologies capable of defending the country’s energy sector infrastructure from cyber attack. INL has addressed this challenge through research and development of an interoperable suite of tools that safeguard critical energy sector infrastructure. The technologies in this project include the Sophia Tool, Mesh Mapper (MM) Tool, Intelligent Cyber Sensor (ICS) Tool, and Data Fusion Tool (DFT). Each is designed to function effectively on its own, or they can be integrated in a variety of customized configurations based on the end user’s riskmore » profile and security needs.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Okhravi, Hamed; Sheldon, Frederick T.; Haines, Joshua

Data diodes provide protection of critical cyber assets by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to understand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we study data diodes, their functionalities and limitations. We then propose two critical infrastructure systems that can benefit from the additional protection offered by data diodes: process control networks and net-centric cyber decision support systems. We review the security requirements of these systems, describe the architectures,more » and study the trade-offs. Finally, the architectures are evaluated against different attack patterns.« less

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills,more » and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between those threats and the defensive capabilities of control systems can be analyzed. The results of the gap analysis drive changes in the cyber security of critical infrastructure networks to close the gap between current exploits and existing defenses. The analysis also provides defenders with an idea of how threat technology is evolving and how defenses will need to be modified to address these emerging trends.« less

Evaluation of a Cyber Security System for Hospital Network.

PubMed

Faysel, Mohammad A

2015-01-01

Most of the cyber security systems use simulated data in evaluating their detection capabilities. The proposed cyber security system utilizes real hospital network connections. It uses a probabilistic data mining algorithm to detect anomalous events and takes appropriate response in real-time. On an evaluation using real-world hospital network data consisting of incoming network connections collected for a 24-hour period, the proposed system detected 15 unusual connections which were undetected by a commercial intrusion prevention system for the same network connections. Evaluation of the proposed system shows a potential to secure protected patient health information on a hospital network.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL ismore » tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.« less

Information Technology Certification Training Implementation: Exploratory Case Study of Air Force and Civilian Leaders Experiences

ERIC Educational Resources Information Center

Munn, Jamie E.

2017-01-01

Military leaders, both active duty and General Schedule (GS), must understand cyber warfare with its environmental connections and rapid evolution while finding ways to develop strategies that may lessen threats and attacks to government infrastructure. The Department of Defense (DoD) sought training and certification programs from the civilian…

Economic Analysis of Cyber Security

DTIC Science & Technology

2006-07-01

vulnerability databases and track the number of incidents reported by U.S. organizations. Many of these are private organizations, such as the security...VULNERABILITY AND ATTACK ESTIMATES Numerous organizations compile vulnerability databases and patch information, and track the number of reported incidents... database / security focus Databases of vulnerabilities identifying the software versions that are susceptible, including information on the method of

Air and Space Power Journal-Spring 2016

DTIC Science & Technology

2016-01-01

control the human domain. Hypothetically, if an opponent attacks or manipulates the use of radio frequencies within the EMS, through cyber or other means...to US home- land systems via a radio frequency signal almost instantaneously. Furthermore, these information packets can be pre-positioned and lay...Remarkable Life of Apollo 14 Astronaut Stuart Roosa . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Willie G

Can the Analytical Hierarchy Process Model Be Effectively Applied in the Prioritization of Information Assurance Defense In-Depth Measures? --A Quantitative Study

ERIC Educational Resources Information Center

Alexander, Rodney T.

2017-01-01

Organizational computing devices are increasingly becoming targets of cyber-attacks, and organizations have become dependent on the safety and security of their computer networks and their organizational computing devices. Business and government often use defense in-depth information assurance measures such as firewalls, intrusion detection…

Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems: Guidance for Where to Focus Mitigation Efforts

DTIC Science & Technology

2015-01-01

York: Oxford University Press, 2013, pp. 196–201. 11 See, for example: Verizon RISK Team, 2013 Data Breach Investigations Report, Verizon, 2013; David...doctrine/new_pubs/jp1_02.pdf Verizon RISK Team, 2013 Data Breach Investigations Report, Verizon, 2013. As of December 29, 2013: http

Critical Infrastructure Protection: EMP Impacts on the U.S. Electric Grid

NASA Astrophysics Data System (ADS)

Boston, Edwin J., Jr.

The purpose of this research is to identify the United States electric grid infrastructure systems vulnerabilities to electromagnetic pulse attacks and the cyber-based impacts of those vulnerabilities to the electric grid. Additionally, the research identifies multiple defensive strategies designed to harden the electric grid against electromagnetic pulse attack that include prevention, mitigation and recovery postures. Research results confirm the importance of the electric grid to the United States critical infrastructures system and that an electromagnetic pulse attack against the electric grid could result in electric grid degradation, critical infrastructure(s) damage and the potential for societal collapse. The conclusions of this research indicate that while an electromagnetic pulse attack against the United States electric grid could have catastrophic impacts on American society, there are currently many defensive strategies under consideration designed to prevent, mitigate and or recover from an electromagnetic pulse attack. However, additional research is essential to further identify future target hardening opportunities, efficient implementation strategies and funding resources.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.

This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despitemore » much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.« less

A developmental approach to learning causal models for cyber security

NASA Astrophysics Data System (ADS)

Mugan, Jonathan

2013-05-01

To keep pace with our adversaries, we must expand the scope of machine learning and reasoning to address the breadth of possible attacks. One approach is to employ an algorithm to learn a set of causal models that describes the entire cyber network and each host end node. Such a learning algorithm would run continuously on the system and monitor activity in real time. With a set of causal models, the algorithm could anticipate novel attacks, take actions to thwart them, and predict the second-order effects flood of information, and the algorithm would have to determine which streams of that flood were relevant in which situations. This paper will present the results of efforts toward the application of a developmental learning algorithm to the problem of cyber security. The algorithm is modeled on the principles of human developmental learning and is designed to allow an agent to learn about the computer system in which it resides through active exploration. Children are flexible learners who acquire knowledge by actively exploring their environment and making predictions about what they will find,1, 2 and our algorithm is inspired by the work of the developmental psychologist Jean Piaget.3 Piaget described how children construct knowledge in stages and learn new concepts on top of those they already know. Developmental learning allows our algorithm to focus on subsets of the environment that are most helpful for learning given its current knowledge. In experiments, the algorithm was able to learn the conditions for file exfiltration and use that knowledge to protect sensitive files.

Mean-Field-Game Model for Botnet Defense in Cyber-Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kolokoltsov, V. N., E-mail: v.kolokoltsov@warwick.ac.uk; Bensoussan, A.

We initiate the analysis of the response of computer owners to various offers of defence systems against a cyber-hacker (for instance, a botnet attack), as a stochastic game of a large number of interacting agents. We introduce a simple mean-field game that models their behavior. It takes into account both the random process of the propagation of the infection (controlled by the botner herder) and the decision making process of customers. Its stationary version turns out to be exactly solvable (but not at all trivial) under an additional natural assumption that the execution time of the decisions of the customersmore » (say, switch on or out the defence system) is much faster that the infection rates.« less

Cyber security evaluation of II&C technologies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thomas, Ken

The Light Water Reactor Sustainability (LWRS) Program is a research and development program sponsored by the Department of Energy, which is conducted in close collaboration with industry to provide the technical foundations for licensing and managing the long-term, safe and economical operation of current nuclear power plants The LWRS Program serves to help the US nuclear industry adopt new technologies and engineering solutions that facilitate the continued safe operation of the plants and extension of the current operating licenses. Within the LWRS Program, the Advanced Instrumentation, Information, and Control (II&C) Systems Technologies Pathway conducts targeted research and development (R&D) tomore » address aging and reliability concerns with the legacy instrumentation and control and related information systems of the U.S. operating light water reactor (LWR) fleet. The II&C Pathway is conducted by Idaho National Laboratory (INL). Cyber security is a common concern among nuclear utilities and other nuclear industry stakeholders regarding the digital technologies that are being developed under this program. This concern extends to the point of calling into question whether these types of technologies could ever be deployed in nuclear plants given the possibility that the information in them can be compromised and the technologies themselves can potentially be exploited to serve as attack vectors for adversaries. To this end, a cyber security evaluation has been conducted of these technologies to determine whether they constitute a threat beyond what the nuclear plants already manage within their regulatory-required cyber security programs. Specifically, the evaluation is based on NEI 08-09, which is the industry’s template for cyber security programs and evaluations, accepted by the Nuclear Regulatory Commission (NRC) as responsive to the requirements of the nuclear power plant cyber security regulation found in 10 CFR 73.54. The evaluation was conducted by a cyber security team with expertise in nuclear utility cyber security programs and experience in conducting these evaluations. The evaluation has determined that, for the most part, cyber security will not be a limiting factor in the application of these technologies to nuclear power plant applications.« less

Detection, Localization, and Tracking of Unauthorized UAS and Jammers

NASA Technical Reports Server (NTRS)

Guvenc, Ismail; Ozdemir, Ozgur; Yapici, Yavuz; Mehrpouyan, Hani; Matolak, David

2017-01-01

Small unmanned aircraft systems (UASs) are expected to take major roles in future smart cities, for example, by delivering goods and merchandise, potentially serving as mobile hot spots for broadband wireless access, and maintaining surveillance and security. Although they can be used for the betterment of the society, they can also be used by malicious entities to conduct physical and cyber attacks to infrastructure, private/public property, and people. Even for legitimate use-cases of small UASs, air traffic management (ATM) for UASs becomes of critical importance for maintaining safe and collusion-free operation. Therefore, various ways to detect, track, and interdict potentially unauthorized drones carries critical importance for surveillance and ATM applications. In this paper, we will review techniques that rely on ambient radio frequency signals (emitted from UASs), radars, acoustic sensors, and computer vision techniques for detection of malicious UASs. We will present some early experimental and simulation results on radar-based range estimation of UASs, and receding horizon tracking of UASs. Subsequently, we will overview common techniques that are considered for interdiction of UASs.

Global Mapping of Cyber Attacks

DTIC Science & Technology

2014-01-01

from any 10 particular vendor is wrong. Moreover, researchers often use anti-virus labels as ground-truth for evaluating new approaches [5, 17, 36...lnstrusions and Defenses (RAID), September 2007. [SJ U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, behavior -based...International Development and Confiict Management International crisis behavior project http: I /www. cidcm. umd.edu/icb/. Last accessed: December 2011

The Legal Limitations on Defending the National Information Infrastructure Against a Cyber Attack

DTIC Science & Technology

1999-05-27

has a wider significance .... Kelsen has asserted that ’use of force’ in Article 2, paragraph 4, of the Charter includes both the use of arms and a...or United Nations practice that it bears the meaning suggested by Kelsen . Indeed, in view of the predominant view of aggression and the use of force

Communication Breakdown: DHS Operations During a Cyber Attack

DTIC Science & Technology

2010-12-01

is estimated to average 1 hour per response, including the time for reviewing instruction, searching existing data sources, gathering and...maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of...Presidential Directive, Malware, National Exercise, Quadrennial Homeland Security Review , Trusted Internet Connections, Zero-Day Exploits 16. PRICE CODE 17

Operational Exercise Integration Recommendations for DoD Cyber Ranges

DTIC Science & Technology

2015-08-05

be the precision and recall of a security information and event management (SIEM) system ’s notifications of unauthorized access to that directory...network traffic, port scanning Deplete Resources TCP flooding, memory leak exploitation Injection Cross-site scripting attacks, SQL injection Deceptive...requirements for personnel development; tactics, techniques, and procedures (TTPs) devel- opment; and mission rehearsals . While unique in their own

USMC ISR: Preparing for the A2AD Threat

DTIC Science & Technology

2014-06-13

millimeter waves, high - power microwaves, lasers or electromagnetic pulses (Brimley 2013, 15). Replacing modern day munitions, directed- energy ...space and cyber capabilities” (JCS, 26). The precept further states the need to protect access to the electromagnetic spectrum. Given the high cost...is the “division of electronic warfare involving the use of electromagnetic , directed energy , or antiradiation weapons to attack personnel, facilities

Regulating Nation-State Cyber Attacks in Counterterrorism Operations

DTIC Science & Technology

2010-06-01

24 e. The 1973 United Nations Convention to Prevent and Punish Acts of Terrorism in the Form of Crimes Against...International Convention for the Suppression of Acts of Nuclear Terrorism ......................28 n. The 1998 Rome Statute and the Crime of Aggression...Intelligence Agency, https://www.cia.gov/news-information/ speeches -testimony/2000/cyberthreats_022300.html. 3 Peter Brookes, “The Cyberspy Threat

Secure VM for Monitoring Industrial Process Controllers

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dasgupta, Dipankar; Ali, Mohammad Hassan; Abercrombie, Robert K

2011-01-01

In this paper, we examine the biological immune system as an autonomic system for self-protection, which has evolved over millions of years probably through extensive redesigning, testing, tuning and optimization process. The powerful information processing capabilities of the immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive nature provide rich metaphors for its artificial counterpart. Our study focuses on building an autonomic defense system, using some immunological metaphors for information gathering, analyzing, decision making and launching threat and attack responses. In order to detection Stuxnet like malware, we propose to include a secure VM (or dedicatedmore » host) to the SCADA Network to monitor behavior and all software updates. This on-going research effort is not to mimic the nature but to explore and learn valuable lessons useful for self-adaptive cyber defense systems.« less

Data Mining in Cyber Operations

DTIC Science & Technology

2014-07-01

information processing units intended to mimic the network of neurons in the human brain for performing pattern recognition  Self- organizing maps (SOM...patterns are mined from in order to influence the learning model . An exploratory attack does not alter the training process , but rather uses other...New Jersey: Prentice Hall. 21) Kohonen, T. (1982). Self- organized formation of topologically correct feature maps. Biological Cybernetics , 43, 59–69

When The Shooting Stops: Recovery From Active Shooter Events For K-12 Schools

DTIC Science & Technology

2017-12-01

ems -insider/articles/2014/02/a-new-response.html. 2 Ashby, Cornelia, and William O. Jenkins Jr. Emergency Management: Most School Districts Have...of Emergency Medical Services, March 18, 2014, http://www.jems.com/ ems -insider/ articles/2014/02/a-new-response.html. xviii THIS PAGE...Gang violence  Bomb threats  Domestic violence and abuse  Cyber attacks  Suicide 72

Cyber Gray Space Deterrence

DTIC Science & Technology

2017-12-21

the South China Sea or Eastern Ukraine, but they may cause more damage to U.S. economic and national security interests. Administration officials...cyberattacks to undermine U.S. economic and military security. Reports and strategies have been worried over but then ignored, and draft legislation...would not, for instance, be a great innovation for the United States to threaten economic sanctions against a state attacking through cyberspace. Thus

Russian Political, Economic, and Security Issues and U.S. Interests

DTIC Science & Technology

2008-03-04

global energy company. Khodorkovski criticized some of Putin’s actions , financed anti-Putin political parties, and hinted that he might enter politics...Yeltsin’s decline. Lukashenko unconstitutionally removed the parliamentary opposition in 1996 and strongly opposes market reform in Belarus, making...government in Tallinn, and called upon the EU to protest Estonia’s actions . This was accompanied by extensive cyber attacks against Estonian government and

Russian Political, Economic, and Security Issues and U.S. Interests

DTIC Science & Technology

2008-07-28

energy company. Khodorkovski criticized some of Putin’s actions , financed anti-Putin political parties, and hinted that he might enter politics in...have hoped for a leading role in a unified state during Yeltsin’s decline. Lukashenko unconstitutionally removed the parliamentary opposition in 1996...Estonia’s actions . This was accompanied by extensive cyber attacks against Estonian government and commercial websites. The Russian state railway

Engaging Cyber Communities

DTIC Science & Technology

2010-04-01

technology centric operations such as computer network attack and computer network defense. 3 This leads to the question of whether the US military is... information and infrastructure. For the purpose of military operations, CNO are divided into CNA, CND, and computer network exploitation (CNE) enabling...of a CNA if they take undesirable action,” 21 and from a defensive stance in CND, “providing information about non-military threat to computers in

Developing Simulated Cyber Attack Scenarios Against Virtualized Adversary Networks

DTIC Science & Technology

2017-03-01

MAST is a custom software framework originally designed to facilitate the training of network administrators on live networks using SimWare. The MAST...or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington headquarters Services ...scenario development and testing in a virtual test environment. Commercial and custom software tools that provide the ability to conduct network

Deploying Crowd-Sourced Formal Verification Systems in a DoD Network

DTIC Science & Technology

2013-09-01

INTENTIONALLY LEFT BLANK 1 I. INTRODUCTION A. INTRODUCTION In 2014 cyber attacks on critical infrastructure are expected to increase...CSFV systems on the Internet‒‒possibly using cloud infrastructure (Dean, 2013). By using Amazon Compute Cloud (EC2) systems, DARPA will use ordinary...through standard access methods. Those clients could be mobile phones, laptops, netbooks, tablet computers or personal digital assistants (PDAs) (Smoot

Stability Operations: Policy and Doctrine Awaiting Implementation

DTIC Science & Technology

2013-03-01

periods move through offense and defense (or reverse ) sequentially while stability is presented throughout the rotation. This causes stability to...The author’s personal experience in Afghanistan and having studied the complex nature of stability operations suggests the reverse is true. June...climate change, Euro/EU collapse, a democratic or collapsed China, a reformed Iran, nuclear war or WMD/cyber-attack, solar geomagnetic storms, U.S

An Analysis of IT Governance Practices in the Federal Government: Protecting U.S. Critical Infrastructure from Cyber Terrorist Attacks

ERIC Educational Resources Information Center

Johnson, R. LeWayne

2012-01-01

Much of the governing process in the United States (U.S.) today depends on a reliable and well protected public information technology (IT) infrastructure. The Department of Homeland Security (DHS) is tasked with the responsibility of protecting the country's IT infrastructure. Critics contend that the DHS has failed to address planning and…

Providing security for automated process control systems at hydropower engineering facilities

NASA Astrophysics Data System (ADS)

Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

2016-12-01

This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

Vortex-Induced Vibrations of a Flexibly-Mounted Cyber-Physical Rectangular Plate

NASA Astrophysics Data System (ADS)

Onoue, Kyohei; Strom, Benjamin; Song, Arnold; Breuer, Kenneth

2013-11-01

We have developed a cyber-physical system to explore the vortex-induced vibration (VIV) behavior of a flat plate mounted on a virtual spring damper support. The plate is allowed to oscillate about its mid-chord and the measured angular position, velocity, and torque are used as inputs to a feedback control system that provides a restoring torque and can simulate a wide range of structural dynamic behavior. A series of experiments were carried out using different sized plates, and over a range of freestream velocities, equilibrium angles of attack, and simulated stiffness and damping. We observe a synchronization phenomenon over a wide range of parameter space, wherein the plate oscillates at moderate to large amplitude with a frequency dictated by the natural structural frequency of the system. Additionally, the existence of bistable states is reflected in the hysteretic response of the system. The cyber-physical damping extracts energy from the flow and the efficiency of this harvesting mechanism is characterized over a range of dimensionless stiffness and damping parameters. This research is funded by the Air Force Office of Scientific Research (AFOSR).

Model Based Verification of Cyber Range Event Environments

DTIC Science & Technology

2015-12-10

Model Based Verification of Cyber Range Event Environments Suresh K. Damodaran MIT Lincoln Laboratory 244 Wood St., Lexington, MA, USA...apply model based verification to cyber range event environment configurations, allowing for the early detection of errors in event environment...Environment Representation (CCER) ontology. We also provide an overview of a methodology to specify verification rules and the corresponding error

Resilient and Robust High Performance Computing Platforms for Scientific Computing Integrity

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jin, Yier

As technology advances, computer systems are subject to increasingly sophisticated cyber-attacks that compromise both their security and integrity. High performance computing platforms used in commercial and scientific applications involving sensitive, or even classified data, are frequently targeted by powerful adversaries. This situation is made worse by a lack of fundamental security solutions that both perform efficiently and are effective at preventing threats. Current security solutions fail to address the threat landscape and ensure the integrity of sensitive data. As challenges rise, both private and public sectors will require robust technologies to protect its computing infrastructure. The research outcomes from thismore » project try to address all these challenges. For example, we present LAZARUS, a novel technique to harden kernel Address Space Layout Randomization (KASLR) against paging-based side-channel attacks. In particular, our scheme allows for fine-grained protection of the virtual memory mappings that implement the randomization. We demonstrate the effectiveness of our approach by hardening a recent Linux kernel with LAZARUS, mitigating all of the previously presented side-channel attacks on KASLR. Our extensive evaluation shows that LAZARUS incurs only 0.943% overhead for standard benchmarks, and is therefore highly practical. We also introduced HA2lloc, a hardware-assisted allocator that is capable of leveraging an extended memory management unit to detect memory errors in the heap. We also perform testing using HA2lloc in a simulation environment and find that the approach is capable of preventing common memory vulnerabilities.« less

Norwegian "Digital Border Defense" and Competence for the Unforeseen: A Grounded Theory Approach.

PubMed

Boe, Ole; Torgersen, Glenn-Egil

2018-01-01

Strategic Competence Leadership (SCL) is a tool meant to ensure that the Norwegian Armed Forces Cyber Defence (NAFCD) has the necessary expertise to cope with current and future unforeseen events. This is necessary in order to develop a better digital border defense against digital threats from different state or non-state actors. Unforeseen cyber incidents include for instance "zero-days" attacks and similar severe threats. The goal of the SCL in the NAFCD is the development of a reliable "Cyber Resilience." In the present study, we examine how the concept of SCL is understood and carried out on the different leadership and managerial levels in the NAFCD. Our research problem was how well prepared the NAFCD is for SCL and competence development for future competence needs, especially in relation to unforeseen events? Semi-structured interviews and document analyses of governance documents were used in the present study. The Strategic Didactic Model for the Unforeseen was used to construct nine research questions that were then given to the participants. The nine questions were sorted under three categories: organizational structures, competence development and needs, and plans, handling and communication. Fourteen leaders at different levels in the NAFCD participated in the study. Our main finding was that high-level ( n = 4) and low-level ( n = 10) participants differed in their views on SCL. As for unforeseen events, both levels shared the opinion that the NAFCD can cope with a low level of didactical degrees of the unforeseen (the degree to which the management has the competence to facilitate for adequate exercises for the different hierarchical levels in the organization, i.e., sudden unknown cyber-attacks). However, no common understanding of the term SCL was found among the participants. Interaction was interpreted to be very important to the participants, and they used professional networks to a high degree. In addition, unofficial lines of communication were very frequently used in relation to human resource exchange and development. By creating a common understanding within the NAFCD regarding the concept of SCL, it will be possible to improve the Norwegian digital border defense against unforeseen events.

Norwegian “Digital Border Defense” and Competence for the Unforeseen: A Grounded Theory Approach

PubMed Central

Boe, Ole; Torgersen, Glenn-Egil

2018-01-01

Strategic Competence Leadership (SCL) is a tool meant to ensure that the Norwegian Armed Forces Cyber Defence (NAFCD) has the necessary expertise to cope with current and future unforeseen events. This is necessary in order to develop a better digital border defense against digital threats from different state or non-state actors. Unforeseen cyber incidents include for instance “zero-days” attacks and similar severe threats. The goal of the SCL in the NAFCD is the development of a reliable “Cyber Resilience.” In the present study, we examine how the concept of SCL is understood and carried out on the different leadership and managerial levels in the NAFCD. Our research problem was how well prepared the NAFCD is for SCL and competence development for future competence needs, especially in relation to unforeseen events? Semi-structured interviews and document analyses of governance documents were used in the present study. The Strategic Didactic Model for the Unforeseen was used to construct nine research questions that were then given to the participants. The nine questions were sorted under three categories: organizational structures, competence development and needs, and plans, handling and communication. Fourteen leaders at different levels in the NAFCD participated in the study. Our main finding was that high-level (n = 4) and low-level (n = 10) participants differed in their views on SCL. As for unforeseen events, both levels shared the opinion that the NAFCD can cope with a low level of didactical degrees of the unforeseen (the degree to which the management has the competence to facilitate for adequate exercises for the different hierarchical levels in the organization, i.e., sudden unknown cyber-attacks). However, no common understanding of the term SCL was found among the participants. Interaction was interpreted to be very important to the participants, and they used professional networks to a high degree. In addition, unofficial lines of communication were very frequently used in relation to human resource exchange and development. By creating a common understanding within the NAFCD regarding the concept of SCL, it will be possible to improve the Norwegian digital border defense against unforeseen events. PMID:29725314