Computer Sciences Commons^™

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Code Cyber: A Curated Collection Of Cybersecurity Career Learning And Preparation Resources, Kazi Tasin, Ethan Pruzhansky, Jason Lin, Tanvir Rahman, Patrick J. Slattery

Publications and Research

Since we are living in a digital age, the need to protect ourselves and those who are vulnerable to cyber-attacks is paramount to prevent cyber attacks that steal information such as banking accounts and important sensitive information.

Our research team extensively investigated the five aspects of cybersecurity such as identity, protection, detection, and response. By conducting various interviews with cybersecurity professionals, we gathered information about these five aspects for example security intelligence or security operations and response, (thread hunting, response orchestration) identity access management, (identity management, and data protection), and risks (risk perspective). Our main goal is to look into …

Hypergaming For Cyber: Strategy For Gaming A Wicked Problem, Joshua A. Sipper

Military Cyber Affairs

Cyber as a domain and battlespace coincides with the defined attributes of a “wicked problem” with complexity and inter-domain interactions to spare. Since its elevation to domain status, cyber has continued to defy many attempts to explain its reach, importance, and fundamental definition. Corresponding to these intricacies, cyber also presents many interlaced attributes with other information related capabilities (IRCs), namely electromagnetic warfare (EW), information operations (IO), and intelligence, surveillance, and reconnaissance (ISR), within an information warfare (IW) construct that serves to add to its multifaceted nature. In this cyber analysis, the concept of hypergaming will be defined and discussed in …

Efficacy Of Incident Response Certification In The Workforce, Samuel Jarocki

Masters Theses & Doctoral Dissertations

Numerous cybersecurity certifications are available both commercially and via institutes of higher learning. Hiring managers, recruiters, and personnel accountable for new hires need to make informed decisions when selecting personnel to fill positions. An incident responder or security analyst's role requires near real-time decision-making, pervasive knowledge of the environments they are protecting, and functional situational awareness. This concurrent mixed methods paper studies whether current commercial certifications offered in the cybersecurity realm, particularly incident response, provide useful indicators for a viable hiring candidate.

Managers and non-managers alike do prefer hiring candidates with an incident response certification. Both groups affirmatively believe commercial …

Study Of The Feasibility Of A Virtual Environment For Home User Cybersecurity, Sean Powell

OUR Journal: ODU Undergraduate Research Journal

This research focuses on the average home computer user’s ability to download, install and manage a virtual machine software program. The findings of this research is to be used as a foundation to the possibility of using a virtual machine software program as another form of defense for the home user’s computer. Virtual machines already have various uses, some in the cybersecurity field; this possibility could add another useful application for the software program. This research is conducted by monitoring volunteers’ ability to download, install, set up, and perform basic instructions on the virtual environment. It was from the volunteers’ …

A Domain Specific Language For Digital Forensics And Incident Response Analysis, Christopher D. Stelly

University of New Orleans Theses and Dissertations

One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mechanisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools.

The lack of a formal means of specification for digital forensic operations results in three major problems. Specifically, there is a critical lack of:

a) standardized and automated means to scientifically verify accuracy of digital forensic tools; …

An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh

Electronic Theses and Dissertations

Research into the international agreements that increase cooperation over cybersecurity challenges is severely lacking. This is a necessary next step for bridging diplomatic challenges over cybersecurity. This work aspires to be push the bounds of research into these agreements and offer a tool that future researchers can rely on. For this research I created, and made publicly available, the International Cybersecurity Cooperation Dataset (ICCD), which contains over 350 international cybersecurity agreements and pertinent metadata. Each agreement is marked per which subtopics within cybersecurity related agreements it covers. These typologies are:

• Discussion and Dialogue

• Research

• Confidence Building Measures

• Incident Response

• Crime …

  ---

  Go to article

Who's In And Who's Out?: What's Important In The Cyber World?, Tony M. Kelly

HON499 projects

The aim of this paper is to offer an introduction to the exploding field of cybersecurity by asking what are the most important concepts or topics that a new member of the field of cybersecurity should know. This paper explores this question from three perspectives: from the realm of business and how the cyber world is intertwined with modern commerce, including common weaknesses and recommendations, from the academic arena examining how cybersecurity is taught and how it should be taught in a classroom or laboratory environment, and lastly, from the author’s personal experience with the cyber world. Included information includes …

Ultrasonic Data Steganography, Alexander Orosz Edwards

KSU Journey Honors College Capstones and Theses

What started off as a question on the possibly of data transmission via sound above the level of human hearing evolved into a project exploring the possibility of ultrasonic data infiltration and exfiltration in an information security context. It is well known that sound can be used to transmit data as this can be seen in many old technologies, most notably and simply DTMF tones for phone networks. But what if the sound used to transmit signals was in in the ultrasonic range? It would go generally unnoticed to anyone not looking for it with tools such as a spectrum …

An Analysis Of The Relationship Between Security Information Technology Enhancements And Computer Security Breaches And Incidents, Linda Betz

CCE Theses and Dissertations

Financial services institutions maintain large amounts of data that include both intellectual property and personally identifiable information for employees and customers. Due to the potential damage to individuals, government regulators hold institutions accountable for ensuring that personal data are protected and require reporting of data security breaches. No company wants a data breach, but finding a security incident or breach early in the attack cycle may decrease the damage or data loss a company experiences. In multiple high profile data breaches reported in major news stories over the past few years, there is a pattern of the adversary being inside …

The Cyber Simulation Terrain: Towards An Open Source Cyber Effects Simulation Ontology, Kent O'Sullivan, Benjamin Turnbull

Australian Information Warfare and Security Conference

Cyber resilience is characterised by an ability to understand and adapt to changing network conditions, including cyber attacks. Cyber resilience may be characterised by an effects-based approach to missions or processes. One of the fundamental preconditions underpinning cyber resilience is an accurate representation of current network and machine states and what missions they are supporting. This research outlines the need for an ontological network representation, drawing on existing literature and implementations in the domain. This work then introduces an open-source ontological representation for modelling cyber assets for the purposes of Computer Network Defence. This representation encompasses computers, network connectivity, users, …

Cyber Power Restrained: How Strategic Culture Inhibits The Integration Of Cyber Weapons By The United States Military, David Matthew Bisson

Senior Projects Spring 2014

This article seeks to reconcile the support status of cyber power in the United States military with the seriousness of the cyber threat confronting the nation. It rejects the argument that cyber weapons are not useful and are not traditional “weapons” by drawing parallels between cyber power and military force in the physical domains, as well as revealing how some of the most prominent issues in cybersecurity are political and not technological in nature. The article proposes strategic culture as an alternative explanation for U.S. cyber power’s current status. By studying the case studies of American air and space power, …

Getting Ahead Of The Threat: Aviation And Cyber Security, Emilio Iasiello

Emilio Iasiello

No abstract provided.

Cyber Attack: A Dull Tool To Sharpen Foreign Policy, Emilio Iasiello

Emilio Iasiello

This paper examines how cyber attacks, if indeed conducted by nation states, have been unsuccessful in supporting states' foreign policy objectives. By analyzing three prominent case studies, I show that as a result of geopolitical tensions, cyber attacks were implemented to further nation state objectives in support of foreign policy considerations and failed to achieve their respective outcomes despite successful deployment against their intended targets. The three case studies, hypothetical scenarios because attribution has not been confirmed, include: (1) the October 2012 distributed denial of service attacks targeting the U.S. banking sector; (2) the 2012 Stuxnet attack against Iran; and …