Wade Huntley,Timothy Shives

DOI: https://doi.org/10.34190/eccws.23.1.2500

2024-06-27

Abstract:The study of cyber strategy and its implications for international security has become increasingly crucial, necessitating an examination of the unique challenges posed by the dynamic and stealthy nature of the cyber domain. This paper addresses whether offensive or defensive strategies prevail in cyberspace, especially in light of evolving technological landscapes and debates over cyber threats. By applying offense-defense theory from international relations, the research explores the nuanced relationship between offensive and defensive operations in cyberspace. Despite prevalent views favoring offense dominance, recent skepticism questions the severity of cyber threats and suggests a possible overemphasis on offensive operations. This paper systematically examines the core concepts, findings, and operational variables of offense-defense theory, providing clarity to the conceptual debates surrounding cyber conflict. Recognizing the unique characteristics of the cyber domain, it urges a careful consideration of biases that may distort judgments about offense dominance. The evolving nature of cyberspace and its potential for redesign introduces caution and underscores the need for a nuanced understanding of the offense-defense balance. The preliminary assessment concludes that the question of whether offense or defense "dominates" in cyberspace is overly simplistic. Given the intricate interactions of cyber capabilities, other coercive means available to states, and the dynamic evolution of cyber technology, this question can only be answered within specific contextual and chronological boundaries. Within such conditions, the state of the offense-defense balance is crucial to tactical and operational decision-making. At the strategic policymaking level, the more coherent question is how cyber technologies are shifting the balance of advantages between offense and defense in the overall military posture of states. In essence, this paper provides valuable insights into the ongoing discourse on cyber strategy, theoretical frameworks, and nuanced analyses to inform policy and strategic decision-making in the face of evolving cyber threats.

Luis Simón

DOI: https://doi.org/10.1080/01402390.2016.1163260

2016-04-15

Journal of Strategic Studies

Abstract:Over the last two decades, a number of countries (most notably China, Russia and Iran) have been developing so-called anti-access and area denial (A2/AD) capabilities, such as ballistic and cruise missiles, offensive cyber-weapons, electronic warfare, etc. The development of A2/AD capabilities by non-Western countries undermines the foundations of US power projection and global military-technological supremacy. In order to overcome, or at least mitigate, the impending A2/AD challenge, the US Department of Defense (DoD) began to roll out its so-called ‘third’ offset strategy in late 2014. The strategy aims to bring about innovative operational concepts and technologies and spur new doctrinal and organisational debates. This article assesses which of the operational concepts and capabilities informing current US discussions on offset may be relevant in the context of the A2/AD challenges Europeans face on their eastern ‘flank‘ and in their ‘extended southern neighbourhood‘, and which may not. Europeans must grapple with the same conceptual puzzle as the US: how to strike the right balance between defeating A2/AD capabilities and hedging against them, i.e. through alternative strategies that are less dependent on unhindered access and resort to asymmetric forms of warfare. However, they must take into account the geographical features of their eastern flank and extended southern neighbourhood, the level of technological maturity of their challengers, and their own military-technological prowess and political limitations. This suggests a somewhat different approach to offsetting A2/AD than that adopted by the US.

political science,international relations

Michael D. Adams,Seth D. Hitefield,Bruce Hoy,Michael C. Fowler,T. Charles Clancy

DOI: https://doi.org/10.48550/arXiv.1311.0257

2013-11-01

Cryptography and Security

Abstract:A significant limitation of current cyber security research and techniques is its reactive and applied nature. This leads to a continuous 'cyber cycle' of attackers scanning networks, developing exploits and attacking systems, with defenders detecting attacks, analyzing exploits and patching systems. This reactive nature leaves sensitive systems highly vulnerable to attack due to un-patched systems and undetected exploits. Some current research attempts to address this major limitation by introducing systems that implement moving target defense. However, these ideas are typically based on the intuition that a moving target defense will make it much harder for attackers to find and scan vulnerable systems, and not on theoretical mathematical foundations. The continuing lack of fundamental science and principles for developing more secure systems has drawn increased interest into establishing a 'science of cyber security'. This paper introduces the concept of using cybernetics, an interdisciplinary approach of control theory, systems theory, information theory and game theory applied to regulatory systems, as a foundational approach for developing cyber security principles. It explores potential applications of cybernetics to cyber security from a defensive perspective, while suggesting the potential use for offensive applications. Additionally, this paper introduces the fundamental principles for building non-stationary systems, which is a more general solution than moving target defenses. Lastly, the paper discusses related works concerning the limitations of moving target defense and one implementation based on non-stationary principles.

Sandeep Pisharody,Jonathan Bernays,Vijay Gadepally,Michael Jones,Jeremy Kepner,Chad Meiners,Peter Michaleas,Adam Tse,Doug Stetson

DOI: https://doi.org/10.48550/arXiv.2110.01495

2021-10-04

Cryptography and Security

Abstract:With the recognition of cyberspace as an operating domain, concerted effort is now being placed on addressing it in the whole-of-domain manner found in land, sea, undersea, air, and space domains. Among the first steps in this effort is applying the standard supporting concepts of security, defense, and deterrence to the cyber domain. This paper presents an architecture that helps realize forward defense in cyberspace, wherein adversarial actions are repulsed as close to the origin as possible. However, substantial work remains in making the architecture an operational reality including furthering fundamental research cyber science, conducting design trade-off analysis, and developing appropriate public policy frameworks.

Quanyan Zhu

2024-04-05

Abstract:Cyber resilience is a complementary concept to cybersecurity, focusing on the preparation, response, and recovery from cyber threats that are challenging to prevent. Organizations increasingly face such threats in an evolving cyber threat landscape. Understanding and establishing foundations for cyber resilience provide a quantitative and systematic approach to cyber risk assessment, mitigation policy evaluation, and risk-informed defense design. A systems-scientific view toward cyber risks provides holistic and system-level solutions. This chapter starts with a systemic view toward cyber risks and presents the confluence of game theory, control theory, and learning theories, which are three major pillars for the design of cyber resilience mechanisms to counteract increasingly sophisticated and evolving threats in our networks and organizations. Game and control theoretic methods provide a set of modeling frameworks to capture the strategic and dynamic interactions between defenders and attackers. Control and learning frameworks together provide a feedback-driven mechanism that enables autonomous and adaptive responses to threats. Game and learning frameworks offer a data-driven approach to proactively reason about adversarial behaviors and resilient strategies. The confluence of the three lays the theoretical foundations for the analysis and design of cyber resilience. This chapter presents various theoretical paradigms, including dynamic asymmetric games, moving horizon control, conjectural learning, and meta-learning, as recent advances at the intersection. This chapter concludes with future directions and discussions of the role of neurosymbolic learning and the synergy between foundation models and game models in cyber resilience.

Systems and Control,Cryptography and Security,Computer Science and Game Theory

Igor Linkov,Alexander Kott

DOI: https://doi.org/10.48550/arXiv.1806.02852

2018-06-08

Abstract:Given the rapid evolution of threats to cyber systems, new management approaches are needed that address risk across all interdependent domains (i.e., physical, information, cognitive, and social) of cyber systems. Further, the traditional approach of hardening of cyber systems against identified threats has proven to be impossible. Therefore, in the same way that biological systems develop immunity as a way to respond to infections and other attacks, so too must cyber systems adapt to ever-changing threats that continue to attack vital system functions, and to bounce back from the effects of the attacks. Here, we explain the basic concepts of resilience in the context of systems, discuss related properties, and make business case of cyber resilience. We also offer a brief summary of ways to assess cyber resilience of a system, and approaches to improving cyber resilience.

Cryptography and Security

Stef Schinagl,Abbas Shahim,Svetlana Khapova

DOI: https://doi.org/10.1016/j.cose.2022.102903

2022-11-01

Abstract:Due to increasing numbers of cyberattacks, security is one of the leading challenges to contemporary organizations. As contradictory demands (e.g., tensions in digital organizations) intensify, organizations increasingly find it difficult to implement digital security governance (DSG) as part of their regular organizational change activities. Based on data from forty-two interviews with Dutch CISOs and CIOs of large organizations that are active in various sectors, we identify three key paradoxical tensions that affect DSG implementation. We found that in a digital context, paradoxical tensions are pressurized and become out of balance. Disbalance among tensions exposes friction that hinders the implementation of DSG mechanisms. Finally, we present a conceptual model that sets direction for ambidextrous digital security. Understanding how to engage with tensions in an ambidextrous way determines the success of DSG implementations in today's complex digital environments.

computer science, information systems

Michel Dacorogna,Marie Kratz

2023-02-05

Abstract:Not a day goes by without news about a cyber attack. Fear spreads out and lots of wrong ideas circulate. This survey aims at showing how all these uncertainties about cyber can be transformed into manageable risk. After reviewing the main characteristics of cyber risk, we consider the three layers of cyber space: hardware, software and psycho-cognitive layer. We ask ourselves how is this risk different from others, how modelling has been tackled and needs to evolve, and what are the multi-facetted aspects of cyber risk management. This wide exploration pictures a science in the making and points out the questions to be solved for building a resilient society.

Cryptography and Security

Paul Théron,Alexander Kott

DOI: https://doi.org/10.48550/arXiv.1912.01959

2019-11-26

Abstract:In the coming years, the future of military combat will include, on one hand, artificial intelligence-optimized complex command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) and networks and, on the other hand, autonomous intelligent Things fighting autonomous intelligent Things at a fast pace. Under this perspective, enemy forces will seek to disable or disturb our autonomous Things and our complex infrastructures and systems. Autonomy, scale and complexity in our defense systems will trigger new cyber-attack strategies, and autonomous intelligent malware (AIM) will be part of the picture. Should these cyber-attacks succeed while human operators remain unaware or unable to react fast enough due to the speed, scale or complexity of the mission, systems or attacks, missions would fail, our networks and C4ISR would be heavily disrupted, and command and control would be disabled. New cyber-defense doctrines and technologies are therefore required. Autonomous cyber defense (ACyD) is a new field of research and technology driven by the defense sector in anticipation of such threats to future military infrastructures, systems and operations. It will be implemented via swarms of autonomous intelligent cyber-defense agents (AICAs) that will fight AIM within our networks and systems. This paper presents this cyber-defense technology of the future, the current state of the art in this field and its main challenges. First, we review the rationale of the ACyD concept and its associated AICA technology. Then, we present the current research results from NATO's IST-152 Research Task Group on the AICA Reference Architecture. We then develop the 12 main technological challenges that must be resolved in the coming years, besides ethical and political issues.

Cryptography and Security

Yu Zheng,Zheng Li,Xiaolong Xu,Qingzhan Zhao

DOI: https://doi.org/10.1016/j.dcan.2021.07.006

IF: 6.348

2021-07-01

Digital Communications and Networks

Abstract:Driven by the rapid development of the Internet of Things, cloud computing and other emerging technologies, the connotation of cyber space is constantly expanding and becoming the fifth dimension of human activities. However, security problems in cyber space are becoming serious, and traditional defense measures (e.g., firewall, intrusion detection systems and security audit) often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with higher and higher degree of coordination and intelligence. By constructing and implementing the diverse strategy of dynamic transformation, the configuration characteristics of systems are constantly changing and the probability of vulnerability exposure is increasing. Therefore, the difficulty and cost of attack are increasing, which provides new ideas for reversing the asymmetric situation of defense and attack in cyber space. Nonetheless, there are few related works that systematically introduce dynamic defense mechanisms for cyber security. The related concepts and development strategies of dynamic defense are rarely analyzed and summarized. To bridge this gap, we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security. Specifically, we firstly introduce basic concepts and define dynamic defense in cyber security. Next, we review the architectures, enabling techniques and methods for moving target defense and mimic defense. This is followed with taxonomically summarizing the implementation and evaluation of dynamic defense. Finally, we discuss some open challenges and opportunities on dynamic defense in cyber security.

Dimitri Kusnezov,Wendell B. Jones

DOI: https://doi.org/10.48550/arXiv.1707.06668

2017-07-20

Physics and Society

Abstract:Regulatory frameworks are a common tool in governance to incent and coerce behaviors supporting national or strategic stability. This includes domestic regulations and international agreements. Though regulation is always a challenge, the domain of fast evolving threats, like cyber, are proving much more difficult to control. Many discussions are underway searching for approaches that can provide national security in these domains. We use game theoretic learning models to explore the question of strategic stability with respect to the democratization of certain technologies (such as cyber). We suggest that such many-player games could inherently be chaotic with no corresponding (Nash) equilibria. In the absence of such equilibria, traditional approaches, as measures to achieve levels of overall security, may not be suitable approaches to support strategic stability in these domains. Altogether new paradigms may be needed for these issues. At the very least, regulatory regimes that fail to address the basic nature of the technology domains should not be pursued as a default solution, regardless of success in other domains. In addition, the very chaotic nature of these domains may hold the promise of novel approaches to regulation.

Muhammad Fakhrul Safitra,Muharman Lubis,Hanif Fakhrurroja

DOI: https://doi.org/10.3390/su151813369

IF: 3.9

2023-09-07

Sustainability

Abstract:Amidst the rapid advancements in the digital landscape, the convergence of digitization and cyber threats presents new challenges for organizational security. This article presents a comprehensive framework that aims to shape the future of cyber security. This framework responds to the complexities of modern cyber threats and provides guidance to organizations to enhance their resilience. The primary focus lies in the integration of capabilities with resilience. By combining these elements into cyber security practices, organizations can improve their ability to predict, mitigate, respond to, and recover from cyber disasters. This article emphasizes the importance of organizational leadership, accountability, and innovation in achieving cyber resilience. As cyber threat challenges continue to evolve, this framework offers strategic guidance to address the intricate dynamics between digitization and cyber security, moving towards a safer and more robust digital environment in the future.

environmental sciences,environmental studies,green & sustainable science & technology

Jiehua Zhong,Xi Wang,Tao Zhang

DOI: https://doi.org/10.53759/7669/jmc202404015

2024-01-05

Journal of Machine and Computing

Abstract:Cybersecurity is a big issue for major multinational corporations in today's lightning-fast digital world. Risk management and Network Security Governance (NSG) are complex, and this paper discusses the challenges and strategies needed to protect digital assets in a more vulnerable cyber environment. Cyber threats are constantly changing, technological integration is complex, and regulatory compliance is severe, all of which make it more challenging to maintain robust network security. NSG requires strong security rules and standards, which this conversation must address. The ever-changing threat environment demands that these regulations be open, accurate, and flexible. Risk management identifying, assessing, and mitigating threats—is essential to regulatory compliance and organizational reputation, according to the article. Risk mitigation methods like proactive, investigative, and remedial approaches are examined, along with cybersecurity advancements like Artificial Intelligence (AI) and Machine Learning (ML). In solving network security issues, the text emphasizes continuous learning, collaboration, and information sharing. Network Security Governance and Risk Management (NSGRM) is complex and dynamic, and this study covers its challenges and strategies.

Gian Piero Siroli

DOI: https://doi.org/10.1080/03932729.2018.1453583

2018-04-03

The International Spectator

Abstract:The convergence of telecommunication and computer technologies that has evolved in the field of information and communication technologies (ICT) in the last two decades has had very important effects on new war technologies and the ongoing process of battlefield digitisation. The Stuxnet worm, uncovered in 2010 and responsible for the sabotaging of a uranium enrichment infrastructure in Iran, is a clear example of a digital weapon. The incident shows what is meant by cyber war and what the particular features of this new warfare dimension are compared to the conventional domains of land, sea, air and space, with relevance both at the operational and strategic levels. But cyberspace also extends to the semantic level, within the complimentary field of information warfare involving the content of messages flowing through the Internet for the purposes of propaganda, information, disinformation, consensus building, etc. The overall cyber warfare domain needs to be put into perspective internationally as many countries are developing strong cyber capabilities and an ‘arms race’ is already taking place, showing that these technologies can potentially be used to undermine international stability and security. What is needed is a public debate on the topic and its impact on global stability, and some kind of regulation or international agreement on this new warfare domain, including an approach involving confidence building measures (CBMs).

Emily Kesler

2024-05-17

Abstract:Classical cybersecurity is often perceived as a rigid science discipline filled with computer scientists and mathematicians. However, due to the rapid pace of technology development and integration, new criminal enterprises, new defense tactics, and the understanding of the human element, cybersecurity is quickly beginning to encompass more than just computers. Cybersecurity experts must broaden their perspectives beyond traditional disciplinary boundaries to provide the best protection possible. They must start to practice transdisciplinary cybersecurity. Taking influence from the Stakeholder Theory in business ethics, this paper presents a framework to encourage transdisciplinary thinking and assist experts in tackling the new challenges of the modern day. The framework uses the simple Think, Plan, Do approach to enable experts to develop their transdisciplinary thinking. The framework is intended to be used as an evaluation tool for existing cybersecurity practices or postures, as a development tool to engage with other disciplines to foster learning and create new methods, and as a guidance tool to encourage new ways of thinking about, perceiving, and executing cybersecurity practices. For each of those intended uses, a use case is presented as an example to showcase how the framework might be used. The ultimate goal of this paper is not the framework but transdisciplinary thinking. By using the tool presented here and developing their own transdisciplinary thinking, cybersecurity experts can be better prepared to face cybersecurity's unique and complex challenges.

Cryptography and Security

Susan von Struensee

DOI: https://doi.org/10.2139/ssrn.4148838

2022-01-01

SSRN Electronic Journal

Abstract:Foreign investment in U.S. companies benefits the economy, but poses risks to national security. Critical emerging and foundational technologies are especially attractive to foreign exploitation. Given the unique opportunities and challenges posed by emerging technologies, the National Counterintelligence and Security Center has prioritized its industry outreach efforts in U.S. technology sectors where the stakes are potentially greatest for U.S. economic and national security.The Office of the Director of National Intelligence reported in 2021 that new technological developments will increasingly emerge from peer adversaries, and, despite an upside to democratization of techonology, there is, nonetheless, a disruptive and destabilizing aspect, economically, militarily, and socially. From a national security perspective, advances in technologies such as quantum computing, biotechnology, artificial intelligence, automation, and manufacturing warrant extra scrutiny to anticipate the trajectories of emerging technologies and understand their implications for security. The 2022 Annual Threat Assessment of the U.S. Intelligence Community reported that multiple trends are shaping the technology landscape of the next decades. The increasing convergence of disparate disciplines and the rise of global competition to generate and lock in advantage create a global diffusion of emerging technologies, accelerated timelines for development and maturation of technologies, and blurred lines between commercial and military endeavors, particularly in fields such as artificial intelligence (AI), biotechnologies, robotics, automation, and smart materials and manufacturing.

Lampis Alevizos,Lalit Bhakuni,Stefan Jaschke

DOI: https://doi.org/10.48550/arxiv.2405.07358

2024-05-12

Cryptography and Security

Abstract:This paper introduces a value-driven cybersecurity innovation framework for the transportation and infrastructure sectors, as opposed to the traditional market-centric approaches that have dominated the field. Recontextualizing innovation categories into sustaining, incremental, disruptive, and transformative, we aim to foster a culture of self-innovation within organizations, enabling a strategic focus on cybersecurity measures that directly contribute to business value and strategic goals. This approach enhances operational effectiveness and efficiency of cyber defences primarily, while also aligns cybersecurity initiatives with mission-critical objectives. We detail a practical method for evaluating the business value of cybersecurity innovations and present a pragmatic approach for organizations to funnel innovative ideas in a structured and repeatable manner. The framework is designed to reinforce cybersecurity capabilities against an evolving cyber threat landscape while maintaining infrastructural integrity. Shifting the focus from general market appeal to sector-specific needs, our framework provides cybersecurity leaders with the strategic cyber-foresight necessary for prioritizing impactful initiatives, thereby making cybersecurity a core business enabler rather than a burden.

Michael R. Grimaila,Adedeji Badiru

DOI: https://doi.org/10.1007/s12351-010-0102-2

IF: 2.7

2011-01-23

Operational Research

Abstract:The increased reliance on information technology systems and communications networks in support of the core organizational processes creates an environment where significant, and potentially catastrophic, losses can result from a loss or corruption of a critical information resource. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. In this paper, we present the application of a simulation-based hybrid analytic dynamic forecasting methodology that combines the techniques of analytic hierarchy process, factor analysis, and spanning tree to the problem of selecting among a set contingency measures following events which place the organizational mission at risk. The methodology makes use of qualitative subjective assessments by subject matter experts at multiple levels of the organization and uses historical event occurrences (when available) to provide the decision maker with a ongoing recommendation of the best contingency measures to employ to assure the organizational mission objectives. The method is novel because it augments the decision maker’s experiential knowledge with a probabilistic forecast of the best contingency measure to take in response to events based upon subject matter expert knowledge, historical evidence, and the real-time status critical resources. The methodology provides a structured approach to mitigate operational risk in complex environments and decreases the time required to make decisions under conditions of uncertainty.

operations research & management science

Gregor Svindland,Alexander Voß

2024-10-25

Abstract:We introduce a decision-making framework tailored for the management of systemic risk in networks. This framework is constructed upon three fundamental components: (1) a set of acceptable network configurations, (2) a set of interventions aimed at risk mitigation, and (3) a cost function quantifying the expenses associated with these interventions. While our discussion primarily revolves around the management of systemic cyber risks in digital networks, we concurrently draw parallels to risk management of other complex systems where analogous approaches may be adequate.

Risk Management,Cryptography and Security,Discrete Mathematics,Networking and Internet Architecture,Systems and Control

Wing Fung Chong,Runhuan Feng,Hins Hu,Linfeng Zhang

2023-10-23

Abstract:Cyber risk is an omnipresent risk in the increasingly digitized world that is known to be difficult to manage. This paper proposes a two-pillar cyber risk management framework to address such difficulty. The first pillar, cyber risk assessment, blends the frequency-severity model in insurance with the cascade model in cybersecurity, to capture the unique feature of cyber risk. The second pillar, cyber capital management, provides informative decision-making on a balanced cyber risk management strategy, which includes cybersecurity investments, insurance coverage, and reserves. This framework is demonstrated by a case study based on a historical cyber incident dataset, which shows that a comprehensive cost-benefit analysis is necessary for a budget-constrained company with competing objectives for cyber risk management. Sensitivity analysis also illustrates that the best strategy depends on various factors, such as the amount of cybersecurity investments and the effectiveness of cybersecurity controls.

Risk Management,Cryptography and Security,Optimization and Control