Digital Commons Network^™

Surmounting Challenges In Aggregating Results From Static Analysis Tools, Dr. Ann Marie Reinhold, Brittany Boles, A. Redempta Manzi Muneza, Thomas Mcelroy, Dr. Clemente Izurieta

Military Cyber Affairs

Aggregation poses a significant challenge for software practitioners because it requires a comprehensive and nuanced understanding of raw data from diverse sources. Suites of static-analysis tools (SATs) are commonly used to assess organizational security but simultaneously introduce significant challenges. Challenges include unique results, scales, configuration environments for each SAT execution, and incompatible formats between SAT outputs. Here, we document our experiences addressing these issues. We highlight the problem of relying on a single vendor's SAT version and offer a solution for aggregating findings across multiple SATs, aiming to enhance software security practices and deter threats early with robust defensive operations.

Generative Machine Learning For Cyber Security, James Halvorsen, Dr. Assefaw Gebremedhin

Military Cyber Affairs

Automated approaches to cyber security based on machine learning will be necessary to combat the next generation of cyber-attacks. Current machine learning tools, however, are difficult to develop and deploy due to issues such as data availability and high false positive rates. Generative models can help solve data-related issues by creating high quality synthetic data for training and testing. Furthermore, some generative architectures are multipurpose, and when used for tasks such as intrusion detection, can outperform existing classifier models. This paper demonstrates how the future of cyber security stands to benefit from continued research on generative models.

Combining Frameworks To Improve Military Health System Quality And Cybersecurity, Dr. Maureen L. Schafer, Dr. Joseph H. Schafer

Military Cyber Affairs

Existing conceptual frameworks and commercially available technology could be considered to rapidly operationalize the use of Quality Measures (QM) within military health systems (Costantino et al. 2020). Purchased healthcare as well as digital healthcare services have paved the way for data collection from multiple information systems thus offering stakeholders actionable intelligence to both guide and measure healthcare outcomes. However, the collection of data secondary to Smart Devices, disparate information systems, cloud services, and the Internet of Medical Things (IOMT) is a complication for security experts that also affect clients, stakeholders, organizations, and businesses delivering patient care. We have combined three …

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Hypergaming For Cyber: Strategy For Gaming A Wicked Problem, Joshua A. Sipper

Military Cyber Affairs

Cyber as a domain and battlespace coincides with the defined attributes of a “wicked problem” with complexity and inter-domain interactions to spare. Since its elevation to domain status, cyber has continued to defy many attempts to explain its reach, importance, and fundamental definition. Corresponding to these intricacies, cyber also presents many interlaced attributes with other information related capabilities (IRCs), namely electromagnetic warfare (EW), information operations (IO), and intelligence, surveillance, and reconnaissance (ISR), within an information warfare (IW) construct that serves to add to its multifaceted nature. In this cyber analysis, the concept of hypergaming will be defined and discussed in …

“Lasso The Moon? Is It Possible? What About Hack The Moon? Today’S International Framework For Activities On The Moon”, Diane M. Janosek, Armando Seay, Josa P. Natera

Military Cyber Affairs

The global interest in the moon and outer space continues to skyrocket. The current U.S. commercial investment in space is $350 billion annually, and it is expected to grow to $1 Trillion or more by 2040. The U.S. military investment in space defense and research likewise continues to grow, with the total investment amount remaining classified. With the frequent activity in space, as well as concerns about attacks to US space assets to and from space, the U.S, created the United States Space Command and its Space Force. With private space travel, nanosatellites, lunar exploration, and the proliferation of space …

The Iwar Range + 21 Years: Cyber Defense Education In 2022, Joseph H. Schafer, Chris Morrell, Ray Blaine

Military Cyber Affairs

Twenty-one years ago, The IWAR Range paper published by CCSC described nascent information assurance (now cybersecurity[1]) education programs and the inspiration and details for constructing cyber ranges and facilitating cyber exercises. This paper updates the previously published work by highlighting the dramatic evolution of the cyber curricula, exercise networks and ranges, influences, and environments over the past twenty years.

[1] In 2014, DoD adopted “cybersecurity” instead of “information assurance.” [34:1]

Evaluating Machine Learning Classifiers For Defensive Cyber Operations, Michael D. Rich, Robert F. Mills, Thomas E. Dube, Steven K. Rogers

Military Cyber Affairs

Today’s defensive cyber sensors are dominated by signature-based analytical methods that require continuous maintenance and lack the ability to detect unknown threats. Anomaly detection offers the ability to detect unknown threats, but despite over 15 years of active research, the operationalization of anomaly detection and machine learning for Defensive Cyber Operations (DCO) is lagging. This article provides an introduction to machine learning concepts with a focus on the unique challenges to using machine learning for DCO. Traditional machine learning evaluation methods are challenged in favor of a value-focused evaluation method that incorporates evaluator-specific weights for classifier and sensitivity threshold selection …

Military Cyber Professionals Have An Important Part To Play In The Obama-Trump Transition, Michael V. Hayden

Military Cyber Affairs

Over the course of decades in service, I have experienced multiple presidential transitions. Each new Commander in Chief updates policies, personnel, and priorities…especially when the transition involves a new political party. In this respect, the current transition from the Obama to the Trump administration is no different. While this periodic exercise of our democracy may seem disruptive to some, it is a true opportunity for military cyber professionals to help shape our future national security posture.

Data To Decisions For Cyberspace Operations, Steve Stone

Military Cyber Affairs

In 2011, the United States (U.S.) Department of Defense (DOD) named cyberspace a new operational domain. The U.S. Cyber Command and the Military Services are working to make the cyberspace environment a suitable place for achieving national objectives and enabling military command and control (C2). To effectively conduct cyberspace operations, DOD requires data and analysis of the Mission, Network, and Adversary. However, the DOD’s current data processing and analysis capabilities do not meet mission needs within critical operational timelines. This paper presents a summary of the data processing and analytics necessary to effectively conduct cyberspace operations.