Engineering Commons^™

Improving Ethics Surrounding Collegiate-Level Hacking Education: Recommended Implementation Plan & Affiliation With Peer-Led Initiatives, Shannon Morgan, Dr. Sanjay Goel

Military Cyber Affairs

Cybersecurity has become a pertinent concern, as novel technological innovations create opportunities for threat actors to exfiltrate sensitive data. To meet the demand for professionals in the workforce, universities have ramped up their academic offerings to provide a broad range of cyber-related programs (e.g., cybersecurity, informatics, information technology, digital forensics, computer science, & engineering). As the tactics, techniques, and procedures (TTPs) of hackers evolve, the knowledge and skillset required to be an effective cybersecurity professional have escalated accordingly. Therefore, it is critical to train cyber students both technically and theoretically to actively combat cyber criminals and protect the confidentiality, integrity, …

Adoption Of Cybersecurity Policies By Local Governments 2020, Donald F. Norris Phd, Laura K. Mateczun Jd

Journal of Cybersecurity Education, Research and Practice

This paper should be of interest to the readers of this journal because it addresses a subject that has received little scholarly attention; namely, local government cybersecurity. The U.S. has over 90,000 units of local government, of which almost 39,000 are “general purpose” units (i.e., municipalities, counties, towns and townships). On average, these governments do not practice cybersecurity effectively (Norris, et al., 2019 and 2020). One possible reason is that they do not adopt and/or implement highly recommended cybersecurity policies. In this paper, we examine local government adoption or lack of adoption of cybersecurity policies using data from three surveys. …

Security-Enhanced Serial Communications, John White, Alexander Beall, Joseph Maurio, Dane Fichter, Dr. Matthew Davis, Dr. Zachary Birnbaum

Military Cyber Affairs

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and …

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Defensive Industrial Policy: Cybersecurity Interventions To Reduce Intellectual Property Theft, Dr. Chad Dacus, Dr. Carl (Cj) Horn

Military Cyber Affairs

Through cyber-enabled industrial espionage, China has appropriated what Keith Alexander, the former Director of the National Security Agency, dubbed “the largest transfer of wealth in history.” Although China disavows intellectual property (IP) theft by its citizens and has set self-sustained research and development as an important goal, it is unrealistic to believe IP theft will slow down meaningfully without changing China’s decision calculus. China and the United States have twice agreed, in principle, to respect one another’s IP rights. However, these agreements have lacked any real enforcement mechanism, so the United States must do more to ensure its IP is …

Ransomware Incident Preparations With Ethical Considerations And Command System Framework Proposal, Stanley Mierzwa, James Drylie, Dennis Bogdan

Center for Cybersecurity

Concerns with cyber-attacks in the form of ransomware are on the mind of many executives and leadership staff in all industries. Inaction is not an option, and approaching the topic with real, honest, and hard discussions will be valuable ahead of such a possible devastating experience. This research note aims to bring thoughtfulness to the topics of ethics in the role of cybersecurity when dealing with ransomware events. Additionally, a proposed set of non-technical recovery preparation tasks are outlined to help organizations bring about cohesiveness and planning for dealing with the real potential of a ransomware event. Constraints from many …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Addressing Security And Privacy Issues By Analyzing Vulnerabilities In Iot Applications, Francsico Javier Candelario Burgoa

Open Access Theses & Dissertations

The Internet of Things (IoT) environment has been expanding rapidly for the past few years into several areas of our lives, from factories, to stores and even into our own homes. All these new devices in our homes make our day-to-day lives easier and more comfortable with less effort on our part, converting our simple houses into smart homes. This increase in inter-connectivity brings multiple benefits including the improvement in energy efficiency in our homes, however it also brings with it some potential dangers since more points of connection mean more potential vulnerabilities in our grid. These vulnerabilities bring security …

Another Brick In The Wall: An Exploratory Analysis Of Digital Forensics Programs In The United States, Syria Mccullough, Stella Abudu, Ebere Onwubuariri, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

We present a comprehensive review of digital forensics programs offered by universities across the United States (U.S.). While numerous studies on digital forensics standards and curriculum exist, few, if any, have examined digital forensics courses offered across the nation. Since digital forensics courses vary from university to university, online course catalogs for academic institutions were evaluated to curate a dataset. Universities were selected based on online searches, similar to those that would be made by prospective students. Ninety-seven (n = 97) degree programs in the U.S. were evaluated. Overall, results showed that advanced technical courses are missing from curricula. We …

Cross Domain Iw Threats To Sof Maritime Missions: Implications For U.S. Sof, Gary C. Kessler, Diane M. Zorri

Publications

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable.

Authentication Schemes' Impact On Working Memory, Janine D. Mator

Psychology Theses & Dissertations

Authentication is the process by which a computing system validates a user’s identity. Although this process is necessary for system security, users view authentication as a frequent disruption to their primary tasks. During this disruption, primary task information must be actively maintained in working memory. As a result, primary task information stored in working memory is at risk of being lost or corrupted while users authenticate. For over two decades, researchers have focused on developing more memorable passwords by replacing alphanumeric text with visual graphics (Biddle et al., 2012). However, very little attention has been given to the impact authentication …

Disruptive Technologies With Applications In Airline & Marine And Defense Industries, Randall K. Nichols, Hans C. Mumm, Wayne Lonstein, Suzanne Sincavage, Candice M. Carter, John-Paul Hood, Randall Mai, Mark Jackson, Bart Shields

NPP eBooks

Disruptive Technologies With Applications in Airline, Marine, Defense Industries is our fifth textbook in a series covering the world of Unmanned Vehicle Systems Applications & Operations On Air, Sea, and Land. The authors have expanded their purview beyond UAS / CUAS / UUV systems that we have written extensively about in our previous four textbooks. Our new title shows our concern for the emergence of Disruptive Technologies and how they apply to the Airline, Marine and Defense industries. Emerging technologies are technologies whose development, practical applications, or both are still largely unrealized, such that they are figuratively emerging into prominence …

Bibliometric Survey On Zero-Knowledge Proof For Authentication, Adwait Pathak, Tejas Patil, Shubham Pawar, Piyush Raut, Smita Khairnar, Dr. Shilpa Gite

Library Philosophy and Practice (e-journal)

Background: Zero Knowledge Proof is a persuasive cryptographic protocol employed to provide data security by keeping the user's identity, using the services anonymously. Zero Knowledge Proof can be the preferred option to use in multiple circumstances. Instead of using the public key cryptographic protocols, the zero-knowledge proof usage does not expose or leak confidential data or information during the transmission. Zero Knowledge Proof protocols are comparatively lightweight; this results in making it efficient in terms of memory. Zero Knowledge Proof applications can reside in authentication, identity management, cryptocurrency transactions, and many more. Traditional authentication schemes are vulnerable to attacks …

The Soft Skills Business Demands Of The Chief Information Security Officer, Richard Smit, Jeroen Van Yperen Hagedoorn, Patric Versteeg, Pascal Ravesteijn

Journal of International Technology and Information Management

While many researchers have investigated soft skills for different roles related to business, engineering, healthcare and others, the soft skills needed by the chief information security officer (CISO) in a leadership position are not studied in-depth. This paper describes a first study aimed at filling this gap.

In this multimethod research, both the business leaders perspective as well as an analysis of CISO job ads is studied. The methodology used to capture the business leaders perspective is via a Delphi study and the jobs adds are studied using a quantitative content analysis.

With an increasing threat to information security for …

Icts For Surveillance And Suppression: The Case Of The Indian Emergency 1975-1977, Ramesh Subramanian

Journal of International Technology and Information Management

Information and Communications technologies (ICT) pervade society. The Internet, wireless communication, and social media are ubiquitous in and indispensable in society today. As they continue to grow and mushroom, there are new and increased calls from various segments of the society such as technologists, activists, sociologists, and legal experts, who issue warnings on the more nefarious and undesirable uses of ICTs, especially by governments. In fact, government control and surveillance using ICTs is not a new phenomenon. By looking at history, we are able to see several instances when ICTs have been used by governments to control, surveil, and infringe …

Current Trends In Suas; Implications For U.S. Special Operations Forces., Philip Craiger, Diane M. Zorri Ph.D.

J. Philip Craiger, Ph.D.

Unmanned Aircraft Systems In The Cyber Domain, Randall K. Nichols, Hans C. Mumm, Wayne D. Lonstein, Julie J.C.H. Ryan, Candice Carter, John-Paul Hood

NPP eBooks

Unmanned Aircraft Systems are an integral part of the US national critical infrastructure. The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. This textbook will fully immerse and engage the reader / student in the cyber-security considerations of this rapidly emerging technology that we know as unmanned aircraft systems (UAS). The first edition topics covered National Airspace (NAS) policy issues, information security (INFOSEC), UAS vulnerabilities in key systems (Sense and Avoid / SCADA), navigation and collision avoidance systems, stealth design, intelligence, surveillance and reconnaissance (ISR) platforms; …

Mitigating Colluding Attacks In Online Social Networks And Crowdsourcing Platforms, Georges Arsene K. Kamhoua

FIU Electronic Theses and Dissertations

Online Social Networks (OSNs) have created new ways for people to communicate, and for companies to engage their customers -- with these new avenues for communication come new vulnerabilities that can be exploited by attackers. This dissertation aims to investigate two attack models: Identity Clone Attacks (ICA) and Reconnaissance Attacks (RA). During an ICA, attackers impersonate users in a network and attempt to infiltrate social circles and extract confidential information. In an RA, attackers gather information on a target's resources, employees, and relationships with other entities over public venues such as OSNs and company websites. This was made easier for …

A Comprehensive Cybersecurity Defense Framework For Large Organizations, Willarvis Smith

CCE Theses and Dissertations

There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient. …

Survey Results On Adults And Cybersecurity Education, Frank Breitinger, Joseph Ricci, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link in the security chain. Therefore, this survey focused on analyzing the interest for adults for ‘cyber threat education seminars’, e.g., how to project themselves and their loved ones. Specifically, we asked questions to understand a possible audience, willingness for paying / time commitment, or fields of interest as well as background and previous training experience. The survey was conducted in late 2016 and taken by 233 participants. The results show that many are worried about cyber threats and about their children exploring …

Employing A User-Centered Design Process For Cybersecurity Awareness In The Power Grid, Jean C. Scholtz, Lyndsey Franklin, Aditya Ashok, Katya Leblanc, Christopher Bonebrake, Eric Andersen, Michael Cassiadoro

Journal of Human Performance in Extreme Environments

In this paper, we discuss the process we are using in the design and implementation of a tool to improve the situation awareness of cyberattacks in the power grid. We provide details of the steps we have taken to date and describe the steps that still need to be accomplished. The focus of this work is to provide situation awareness of the power grid to staff from different, non-overlapping roles in an electrical transmission organization in order to facilitate an understanding of a possible occurrence of a cyberattack. Our approach follows a user-centered design process and includes determining the types …

Cyber Security And Risk Society: Estonian Discourse On Cyber Risk And Security Strategy, Lauren Kook

Copyright, Fair Use, Scholarly Communication, etc.

The main aim of this thesis is to call for a new analysis of cyber security which departs from the traditional security theory. I argue that the cyber domain is inherently different in nature, in that it is lacking in traditional boundaries and is reflexive in nature. Policy-makers are aware of these characteristics, and in turn this awareness changes the way that national cyber security strategy is handled and understood. These changes cannot be adequately understood through traditional understanding of security, as they often are, without missing significant details. Rather, examining these changes through the lens of Ulrich Beck’s risk …

The Future Of Nuclear Security: A Medical Physicist’S Perspective, Katharine E. Thomson

International Journal of Nuclear Security

Planning for the future of nuclear security is a vital and complex task, requiring cooperation and contribution from many disciplines and industries. This diversity of expertise should include the medical sector, which faces many of the same challenges as the nuclear industry: controlling access to dangerous material, creating a strong security culture, cooperating with the wider world and engaging the public.

Medical physicists, of which the author is one, oversee all aspects of small-scale radiation use. This paper discusses three key areas increasingly important to both medical and nuclear uses of radioactive materials: public engagement, prevention of nuclear and radiological …

Breadcrumbs: Privacy As A Privilege, Prachi Bhardwaj

Capstones

Breadcrumbs: Privacy as a Privilege Abstract

By: Prachi Bhardwaj

In 2017, the world saw more data breaches than in any year prior. The count was more than the all-time high record in 2016, which was 40 percent more than the year before that.

That’s because consumer data is incredibly valuable today. In the last three decades, data storage has gone from being stored physically to being stored almost entirely digitally, which means consumer data is more accessible and applicable to business strategies. As a result, companies are gathering data in ways previously unknown to the average consumer, and hackers are …

Framing The Question, "Who Governs The Internet?", Robert J. Domanski

Publications and Research

There remains a widespread perception among both the public and elements of academia that the Internet is “ungovernable”. However, this idea, as well as the notion that the Internet has become some type of cyber-libertarian utopia, is wholly inaccurate. Governments may certainly encounter tremendous difficulty in attempting to regulate the Internet, but numerous types of authority have nevertheless become pervasive. So who, then, governs the Internet? This book will contend that the Internet is, in fact, being governed, that it is being governed by specific and identifiable networks of policy actors, and that an argument can be made as to …

Cyber Espionage Or Cyber War?: International Law, Domestic Law, And Self-Protective Measures, Christopher S. Yoo

All Faculty Scholarship

Scholars have spent considerable effort determining how the law of war (particularly jus ad bellum and jus in bello) applies to cyber conflicts, epitomized by the Tallinn Manual on the International Law Applicable to Cyber Warfare. Many prominent cyber operations fall outside the law of war, including the surveillance programs that Edward Snowden has alleged were conducted by the National Security Agency, the distributed denial of service attacks launched against Estonia and Georgia in 2007 and 2008, the 2008 Stuxnet virus designed to hinder the Iranian nuclear program, and the unrestricted cyber warfare described in the 1999 book by …

Cybersecurity: Growing Like Topsy!, Ibpp Editor

International Bulletin of Political Psychology

This article discusses cybersecurity in an intelligence context – what it is, what it does to us, and the sudden (and somewhat unplanned) increase in financial support for the area.