Social and Behavioral Sciences Commons^™

Improving Ethics Surrounding Collegiate-Level Hacking Education: Recommended Implementation Plan & Affiliation With Peer-Led Initiatives, Shannon Morgan, Dr. Sanjay Goel

Military Cyber Affairs

Cybersecurity has become a pertinent concern, as novel technological innovations create opportunities for threat actors to exfiltrate sensitive data. To meet the demand for professionals in the workforce, universities have ramped up their academic offerings to provide a broad range of cyber-related programs (e.g., cybersecurity, informatics, information technology, digital forensics, computer science, & engineering). As the tactics, techniques, and procedures (TTPs) of hackers evolve, the knowledge and skillset required to be an effective cybersecurity professional have escalated accordingly. Therefore, it is critical to train cyber students both technically and theoretically to actively combat cyber criminals and protect the confidentiality, integrity, …

Using Digital Twins To Protect Biomanufacturing From Cyberattacks, Brenden Fraser-Hevlin, Alec W. Schuler, B. Arda Gozen, Bernard J. Van Wie

Military Cyber Affairs

Understanding of the intersection of cyber vulnerabilities and bioprocess regulation is critical with the rise of artificial intelligence and machine learning in manufacturing. We detail a case study in which we model cyberattacks on network-mediated signals from a novel bioreactor, where it is important to control medium feed rates to maintain cell proliferation. We use a digital twin counterpart reactor to compare glucose and oxygen sensor signals from the bioreactor to predictions from a kinetic growth model, allowing discernment of faulty sensors from hacked signals. Our results demonstrate a successful biomanufacturing cyberattack detection system based on fundamental process control principles.

Characterizing Advanced Persistent Threats Through The Lens Of Cyber Attack Flows, Logan Zeien, Caleb Chang, Ltc Ekzhin Ear, Dr. Shouhuai Xu

Military Cyber Affairs

Effective cyber defense must build upon a deep understanding of real-world cyberattacks to guide the design and deployment of appropriate defensive measures against current and future attacks. In this abridged paper (of which the full paper is available online), we present important concepts for understanding Advanced Persistent Threats (APTs), our methodology to characterize APTs through the lens of attack flows, and a detailed case study of APT28 that demonstrates our method’s viability to draw useful insights. This paper makes three technical contributions. First, we propose a novel method of constructing attack flows to describe APTs. This abstraction allows technical audiences, …

Commercial Enablers Of China’S Cyber-Intelligence And Information Operations, Ethan Mansour, Victor Mukora

Military Cyber Affairs

In a globally commercialized information environment, China uses evolving commercial enabler networks to position and project its goals. They do this through cyber, intelligence, and information operations. This paper breaks down the types of commercial enablers and how they are used operationally. It will also address the CCP's strategy to gather and influence foreign and domestic populations throughout cyberspace. Finally, we conclude with recommendations for mitigating the influence of PRC commercial enablers.

Security-Enhanced Serial Communications, John White, Alexander Beall, Joseph Maurio, Dane Fichter, Dr. Matthew Davis, Dr. Zachary Birnbaum

Military Cyber Affairs

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and …

Enhancing The Battleverse: The People’S Liberation Army’S Digital Twin Strategy, Joshua Baughman

Military Cyber Affairs

No abstract provided.

Operationalizing Deterrence By Denial In The Cyber Domain, Gentry Lane

Military Cyber Affairs

No abstract provided.

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Swipe Right Into A Disciplinary Hearing: How The Use Of Dating Apps Could Earn An Attorney More Than A Bad First Date, Zachary S. Aman

Catholic University Journal of Law and Technology

The Model Rules of Professional Conduct seek to police the conduct of attorneys. Each jurisdiction adopts its own rules of professional conduct to apply to the attorneys licensed within it. Notably, the model rules prohibit any sexual relationship between the attorney and client unless that relationship precedes the attorney-client relationship. Traditionally, defining a "sexual relationship" was simple, particularly if the attorney and client engaged in sexual intercourse. The introduction of dating apps, however, has blurred the line.

This article outlines the inherent risks of attorneys using dating apps at a time when most newly-licensed attorneys make up the majority of …

Disorderly Content, Ari Waldman

Washington Law Review

Content moderation plays an increasingly important role in the creation and dissemination of expression, thought, and knowledge. And yet, throughout the social media ecosystem, nonnormative and LGBTQ+ sexual expression is disproportionately taken down, restricted, and banned. The current sociolegal literature, which focuses on content moderation as a whole and sees echoes of formal law in the evolution of its values and mechanics, insufficiently captures the ways in which those principles and practices are not only discriminatory, but also resemble structures of power that have long been used to police queer sexual behavior in public spaces.

This Article contributes to the …

Defensive Industrial Policy: Cybersecurity Interventions To Reduce Intellectual Property Theft, Dr. Chad Dacus, Dr. Carl (Cj) Horn

Military Cyber Affairs

Through cyber-enabled industrial espionage, China has appropriated what Keith Alexander, the former Director of the National Security Agency, dubbed “the largest transfer of wealth in history.” Although China disavows intellectual property (IP) theft by its citizens and has set self-sustained research and development as an important goal, it is unrealistic to believe IP theft will slow down meaningfully without changing China’s decision calculus. China and the United States have twice agreed, in principle, to respect one another’s IP rights. However, these agreements have lacked any real enforcement mechanism, so the United States must do more to ensure its IP is …

Enter The Battleverse: China's Metaverse War, Josh Baughman

Military Cyber Affairs

No abstract provided.

Technical Behaviours Of Child Sexual Exploitation Material Offenders, Chad Steel, Emily Newman, Suzanne O'Rourke, Ethel Quayle

Journal of Digital Forensics, Security and Law

An exploration of the technological behaviours of previously convicted child sexual exploitation material (CSEM) offenders provides a foundation for future applied research into deterrence, investigation, and treatment efforts. This study evaluates the technology choices and transitions of individuals previously convicted of CSEM offenses. Based on their inclusion in two sex offender registries, anonymous survey results (n=78) were collected from English-speaking adults within the United States. CSEM offenders chose technologies based on both utility and perceived risk; peer-to-peer and web-browsers were the most common gateway technologies and showed substantial sustained usage; a substantial minority of users never stored CSEM and only …

The Application Of The Right To Be Forgotten In The Machine Learning Context: From The Perspective Of European Laws, Zeyu Zhao

Catholic University Journal of Law and Technology

The right to be forgotten has been evolving for decades along with the progress of different statutes and cases and, finally, independently enacted by the General Data Protection Regulation, making it widely applied across Europe. However, the related provisions in the regulation fail to enable machine learning systems to realistically forget the personal information which is stored and processed therein.

This failure is not only because existing European rules do not stipulate standard codes of conduct and corresponding responsibilities for the parties involved, but they also cannot accommodate themselves to the new environment of machine learning, where specific information can …

A Proportionality-Based Framework For Government Regulation Of Digital Tracing Apps In Times Of Emergency, Sharon Bassan

Dickinson Law Review (2017-Present)

Times of emergency present an inherent conflict between the public interest and the preservation of individual rights. Such times require granting emergency powers to the government on behalf of the public interest and relaxing safeguards against government actions that infringe rights. The lack of theoretical framework to assess governmental decisions in times of emergency leads to a polarized and politicized discourse about potential policies, and often, to public distrust and lack of compliance.

Such a discourse was evident regarding Digital Tracing Apps (“DTAs”), which are apps installed on cellular phones to alert users that they were exposed to people who …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Deepfakes, Shallowfakes, And The Need For A Private Right Of Action, Eric Kocsis

Dickinson Law Review (2017-Present)

For nearly as long as there have been photographs and videos, people have been editing and manipulating them to make them appear to be something they are not. Usually edited or manipulated photographs are relatively easy to detect, but those days are numbered. Technology has no morality; as it advances, so do the ways it can be misused. The lack of morality is no clearer than with deepfake technology.

People create deepfakes by inputting data sets, most often pictures or videos into a computer. A series of neural networks attempt to mimic the original data set until they are nearly …

Social Media User Relationship Framework (Smurf), Anne David, Sarah Morris, Gareth Appleby-Thomas

Journal of Digital Forensics, Security and Law

The use of social media has spread through many aspects of society, allowing millions of individuals, corporate as well as government entities to leverage the opportunities it affords. These opportunities often end up being exploited by a small percentage of the user community who use it for objectionable or unlawful activities; for example, trolling, cyber bullying, grooming, luring. In some cases, these unlawful activities result in investigations where swift retrieval of critical evidence required in order to save a life.

This paper presents a proof of concept (PoC) framework for social media user attribution. The framework aims to provide digital …

Towards Increasing Trust In Expert Evidence Derived From Malware Forensic Tools, Ian M. Kennedy, Blaine Price, Arosha Bandara

Journal of Digital Forensics, Security and Law

Following a series of high profile miscarriages of justice in the UK linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008. The main objective of this role is to improve the standard of practitioner competences and forensic procedures. One of the key strategies deployed to achieve this is the push to incorporate a greater level of scientific conduct in the various fields of forensic practice. Currently there is no statutory requirement for practitioners to become accredited to continue working with the Criminal Justice System of England and Wales. However, the Forensic Science Regulator …

Fixing Social Media: Toward A Democratic Digital Commons, Michael Kwet

Markets, Globalization & Development Review

In the past few years, big Social Media networks like Facebook, Twitter, and YouTube have received intense scrutiny from the intellectual classes. This article critiques the dominant strain of criticism, the neo-Brandeisian School of antitrust, for its narrow focus on “regulated competition” as an appropriate means to “fix social media”. This essay calls for a socialist alternative: a democratic social media commons based on free and open source technology, decentralization, and democratic socialist legal solutions. It reviews how existing solutions like the Fediverse and LibreSocial work, and how they may provide answers for a better way forward.

A Two-Stage Model For Social Network Investigations In Digital Forensics, Anne David, Sarah Morris, Gareth Appleby-Thomas

Journal of Digital Forensics, Security and Law

This paper proposes a two-stage model for identifying and contextualizing features from artefacts created as a result of social networking activity. This technique can be useful in digital investigations and is based on understanding and the deconstruction of the processes that take place prior to, during and after user activity; this includes corroborating artefacts. Digital Investigations are becoming more complex due to factors such as, the volume of data to be examined; different data formats; a wide range of sources for digital evidence; the volatility of data and the limitations of some of the standard digital forensic tools. This paper …

Backing Up Into Advocacy: The Case Of Smartphone Driver Distraction, Robert Rosenberger

The Journal of Sociotechnical Critique

For the last decade, I’ve been studying the topic of the driving impairment of smartphones. While this began as an exclusively academic project, it has increasingly compelled public engagement. One example of this came in an opinion piece I wrote in 2018 in response to a new traffic law. I take the opportunity here to fill out the academic backstory of this particular op-ed, reflect on how this larger project has evolved to include an unanticipated public-facing edge, and abstract some lessons about public writing.

From Protecting To Performing Privacy, Garfield Benjamin

The Journal of Sociotechnical Critique

Privacy is increasingly important in an age of facial recognition technologies, mass data collection, and algorithmic decision-making. Yet it persists as a contested term, a behavioural paradox, and often fails users in practice. This article critiques current methods of thinking privacy in protectionist terms, building on Deleuze's conception of the society of control, through its problematic relation to freedom, property and power. Instead, a new mode of understanding privacy in terms of performativity is provided, drawing on Butler and Sedgwick as well as Cohen and Nissenbaum. This new form of privacy is based on identity, consent and collective action, a …

Next Generation Of Evidence Collecting: The Need For Digital Forensics In Criminal Justice Education, Scott H. Belshaw

Journal of Cybersecurity Education, Research and Practice

Digital forensics poses significant challenges to law enforcement as the information found in a computer system is often present at most crime scenes in the form of computer data and cell phones. Digital evidence contained on common devices, such as cell phones and laptops, includes information that can be pertinent to the investigation of crimes. Law enforcement is increasingly identifying the need to be able to process their evidence internally warranting the exploration of the need for digital forensics training as part of a broader study of criminal justice for future law enforcement practitioners. This paper uses telephone surveys of …

Can Accessibility Liberate The "Lost Ark" Of Scholarly Work?: University Library Institutional Repositories Are "Places Of Public Accommodation”, 52 Uic J. Marshall L. Rev. 327 (2019), Raizel Liebler, Gregory Cunningham

UIC Law Review

For any body of knowledge – an ark of power or a corpus of scholarship – to be studied and used by people, it needs to be accessible to those seeking information. Universities, through their libraries, now aim to make more of the scholarship produced available for free to all through institutional repositories. However, the goal of being truly open for an institutional repository is more than the traditional definition of open access. It also means openness in a more general sense. Creating a scholarship-based online space also needs to take into consideration potential barriers for people with disabilities. This …

Russia Today, Cyberterrorists Tomorrow: U.S. Failure To Prepare Democracy For Cyberspace, Jonathan F. Lancelot

Journal of Digital Forensics, Security and Law

This paper is designed to expose vulnerabilities within the US electoral system, the use of cyberspace to exploit weaknesses within the information assurance strategies of the democratic and republican party organizations, and deficiencies within the social media communications and voting machine exploits. A brief history of discriminatory practices in voting rights and voting access will be set as the foundation for the argument that the system is vulnerable in the cyber age, and the need for reform at the local, state and national levels will be emphasized. The possibility of a foreign nation-state influencing the outcome of an election by …

A Bit Like Cash: Understanding Cash-For-Bitcoin Transactions Through Individual Vendors, Stephanie J. Robberson, Mark R. Mccoy

Journal of Digital Forensics, Security and Law

As technology improves and economies become more globalized, the concept of currency has evolved. Bitcoin, a cryptographic digital currency, has been embraced as a secure and convenient type of money. Due to its security and privacy for the user, Bitcoin is a good tool for conducting criminal trades. The Financial Crimes Enforcement Network (FinCEN) has regulations in place to make identification information of Bitcoin purchasers accessible to law enforcement, but enforcing these rules with cash-for-Bitcoin traders is difficult. This study surveyed cash-for-Bitcoin vendors in Oklahoma, Texas, Arkansas, Missouri, Kansas, Colorado, and New Mexico to determine personal demographic information, knowledge of …

Yelp’S Review Filtering Algorithm, Yao Yao, Ivelin Angelov, Jack Rasmus-Vorrath, Mooyoung Lee, Daniel W. Engels

SMU Data Science Review

In this paper, we present an analysis of features influencing Yelp's proprietary review filtering algorithm. Classifying or misclassifying reviews as recommended or non-recommended affects average ratings, consumer decisions, and ultimately, business revenue. Our analysis involves systematically sampling and scraping Yelp restaurant reviews. Features are extracted from review metadata and engineered from metrics and scores generated using text classifiers and sentiment analysis. The coefficients of a multivariate logistic regression model were interpreted as quantifications of the relative importance of features in classifying reviews as recommended or non-recommended. The model classified review recommendations with an accuracy of 78%. We found that reviews …

Digital Forensic Readiness In Organizations: Issues And Challenges, Nickson Menza Karie, Simon Maina Karume Dr.

Journal of Digital Forensics, Security and Law

With the evolution in digital technologies, organizations have been forced to change the way they plan, develop, and enact their information technology strategies. This is because modern digital technologies do not only present new opportunities to business organizations but also a different set of issues and challenges that need to be resolved. With the rising threats of cybercrimes, for example, which have been accelerated by the emergence of new digital technologies, many organizations as well as law enforcement agencies globally are now erecting proactive measures as a way to increase their ability to respond to security incidents as well as …

Data Protection In Nigeria: Addressing The Multifarious Challenges Of A Deficient Legal System, Roland Akindele

Journal of International Technology and Information Management

This paper provides an overview of the current state of privacy and data protection policies and regulations in Nigeria. The paper contends that the extant legal regime in Nigeria is patently inadequate to effectively protect individuals against abuse resulting from the processing of their personal data. The view is based on the critical analysis of the current legal regime in Nigeria vis-à-vis the review of some vital data privacy issues. The paper makes some recommendations for the reform of the law.