Physical Sciences and Mathematics Commons^™

Cross Domain Iw Threats To Sof Maritime Missions: Implications For U.S. Sof, Gary C. Kessler, Diane M. Zorri

Publications

As cyber vulnerabilities proliferate with the expansion of connected devices, wherein security is often forsaken for ease of use, Special Operations Forces (SOF) cannot escape the obvious, massive risk that they are assuming by incorporating emerging technologies into their toolkits. This is especially true in the maritime sector where SOF operates nearshore in littoral zones. As SOF—in support to the U.S. Navy— increasingly operate in these contested maritime environments, they will gradually encounter more hostile actors looking to exploit digital vulnerabilities. As such, this monograph comes at a perfect time as the world becomes more interconnected but also more vulnerable.

Cyber Supply Chain Risk Management: Implications For The Sof Future Operating Environment, J. Philip Craiger, Laurie Lindamood-Craiger, Diane M. Zorri

Publications

The emerging Cyber Supply Chain Risk Management (C-SCRM) concept assists at all levels of the supply chain in managing and mitigating risks, and the authors define C-SCRM as the process of identifying, assessing, and mitigating the risks associated with the distributed and interconnected nature of information and operational technology products and service supply chains. As Special Operations Forces increasingly rely on sophisticated hardware and software products, this quick, well-researched monograph provides a detailed accounting of C-SCRM associated laws, regulations, instructions, tools, and strategies meant to mitigate vulnerabilities and risks—and how we might best manage the evolving and ever-changing array of …

Cyber Insurance Effects On Cyber Hygiene: Does The Homeostatic Effect Apply?, Wendi M. Kappers, Aaron Glassman, Michael S. Wills

Publications

A theoretical framework and research strategy is proposed to gain insight into perceptions and decisions as to how SMBs make decisions regarding cybersecurity hygiene measures, which could lead to betterinformed decisions regarding insurance as part of an ISA program, as well as have a bearing on policy structures and pricing for such insurance. This is because the definition of “cybersecurity hygiene habits”(CHH) as a task appears to vary within the industry and makes the practice hard to measure and evaluate. Research suggests that there may be a poorly understood connection between CHHs undertaken by organizations and their perceptions and/or adoption …

From Degree To Chief Information Security Officer (Ciso): A Framework For Consideration, Wendi M. Kappers, Martha Nanette Harrell,

Publications

Educational entities are establishing program degree content designed to ensure cybersecurity and information security assurance skills are adequate and efficient for preparing students to be successful in this very important field. Many Master’s level programs include courses that address these skills in an attempt to provide a well-rounded program of study. However, undergraduates who are in the practitioner’s world have other alternatives to gain these skills. These individuals can gain various certifications, such as the Certified Information Systems Security Professional (CISSP) or the Certified Information Security Manager (CISM). Due to a perceived gap between academics and field knowledge, it appears …

Design Of Personnel Big Data Management System Based On Blockchain, Houbing Song, Jian Chen, Zhihan Lv

Publications

With the continuous development of information technology, enterprises, universities and governments are constantly stepping up the construction of electronic personnel information management system. The information of hundreds of thousands or even millions of people’s information are collected and stored into the system. So much information provides the cornerstone for the development of big data, if such data is tampered with or leaked, it will cause irreparable serious damage. However, in recent years, electronic archives have exposed a series of problems such as information leakage, information tampering, and information loss, which has made the reform of personnel information management more and …

Cybersecurity In The Maritime Domain, Gary C. Kessler

Publications

In 2017 and 2018, the maritime industry saw a record number of attempted—and many successful—frauds via email, phishing, or other means. Demonstrated and actual attacks on vessel networks, communication systems, and navigation systems have become practically routine. Port and shipping line networks are increasingly vulnerable to what appears to be increasingly targeted attacks against maritime systems.

An Overview Of Cryptography (Updated Version 24 January 2019), Gary C. Kessler

Publications

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting health care information. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered here only describe the first of many steps necessary for better security in any number of situations.

Software Safety And Security Risk Mitigation In Cyber-Physical Systems, Miklos Biro, Atif Mashkoor, Johannes Sametinger, Remzi Seker

Publications

Cyber-physical systems (CPSs) offer many opportunities but pose many challenges--especially regarding functional safety, cybersecurity, and their interplay, as well as the systems' impact on society. Consequently, new methods and techniques are needed for CPS development and assurance. This article [and issue] aims to address some of these challenges.

Trustworthiness Requirements For Manufacturing Cyber-Physical Systems, Radu F. Babiceanu, Remzi Seker

Publications

Distributed manufacturing operations include cyber-physical systems vulnerable to cyber-attacks. Long time not considered a priority, cybersecurity jumped to the forefront of manufacturing concerns due to the need to network together legacy, newer equipment, and entire operation centers. This paper proposes trustworthiness solutions for integrated manufacturing physical-cyber worlds, where trustworthiness is defined to complement system dependability requirements with cybersecurity requirements, such that the resulting manufacturing cyber-physical system delivers services that can justifiably be trusted. Acknowledging the inevitability of cyber-attacks, the paper models the cybersecurity component using the resilient systems framework, where system resilience is viewed as preservation of a required state …

Using Journals To Assess Non-Stem Student Learning In Stem Courses: A Case Study In Cybersecurity Education, Gary Kessler, Glenn S. Dardick, Douglas L. Holton

Publications

Embry-Riddle Aeronautical University offers a minor course of study in cybersecurity as an option in our undergraduate Homeland Security program. Since the students are, by and large, social scientists, the focus of the program is to build hyper-awareness of how cybersecurity integrates within their professional aspirations rather than to provide cybersecurity career-level proficiency. Assessing student learning of the technical aspects cannot be performed using traditional tests, as they would not properly measure what the students are learning in a practical sense. Instead, we employ journals and self-reflection to ask the students to express and demonstrate their learning. Although somewhat harder …

Aviation And Cybersecurity: Opportunities For Applied Research, Jon Haass, Radhakrishna Sampigethaya, Vincent Capezzuto

Publications

Aviation connects the global community and is moving more people and payloads faster than ever. The next decade will experience an increase in manned and unmanned aircraft and systems with new features and unprecedented applications. Cybertechnologies—including software, computer networks, and information technology—are critical and fundamental to these advances in meeting the needs of the aviation ecosystem of aircraft, pilots, personnel, passengers, stakeholders, and society. This article discusses current and evolving threats as well as opportunities for applied research to improve the global cybersecurity stance in the aviation and connected transportation industry of tomorrow.

An Overview Of Cryptography (Updated Version, 3 March 2016), Gary C. Kessler

Publications

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations.

A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998.

From Enrollment To Employment: A Dacum Approach To Information Systems And Information Security And Assurance Curriculum Design, Leila Halawi, Wendi M. Kappers, Aaron Glassman

Publications

Issues associated with information security are numerous and diverse. Since the majority of organizational actions rely greatly on information and communication technologies, Information Systems (IS) security is now a main concern for firms, governments, institutes, and society as a whole. As a result, a plethora of graduate programs have been created, covering nearly every aspect of IS security. The authors review the current state of the IS industry presented in the literature, and identify a panel of IS experts in which to explore current job skill needs using a “Developing a Curriculum,” DACUM, process to support curriculum design for two …

An Overview Of Steganography For The Computer Forensics Examiner (Updated Version, February 2015), Gary C. Kessler

Publications

"Steganography is the art of covered or hidden writing. The purpose of steganography is covert communication-to hide the existence of a message from a third party. This paper is intended as a high-level technical introduction to steganography for those unfamiliar with the field. It is directed at forensic computer examiners who need a practical understanding of steganography without delving into the mathematics, although references are provided to some of the ongoing research for the person who needs or wants additional detail. Although this paper provides a historical context for steganography, the emphasis is on digital applications, focusing on hiding information …

Cyberspace: A Venue For Terrorism, David Bieda, Leila Halawi

Publications

This paper discusses how cyberspace has become a venue for terrorists groups for recruiting and proliferating propaganda and terrorism. Moreover, this study explores how the low cost Internet infrastructure and social media sites (such as Facebook, Twitter, and YouTube) have contributed to their networking and operations due to the convenience, in terms of availability, accessibility, message redundancy, ease of use, and the inability to censor content. Concepts such as cyber-weapons, cyber-attacks, cyber-war, and cyber-terrorism are presented and explored to assess how terrorist groups are exploiting cyberspace.

Aircraft Access To System-Wide Information Management Infrastructure, Mohammad Moallemi, Remzi Seker, Mohamed Mahmoud, Jayson Clifford, John Pesce, Carlos Castro, Massood Towhidnejad, Jonathan Standley, Robert Klein

Publications

Within the Federal Aviation Administration’s (FAA) NextGen project, System Wide Information Management (SWIM) program is the essential core in facilitating the collaborative access to the aviation information by various stakeholders. The Aircraft Access to SWIM (AAtS) initiative is an effort to connect the SWIM network to the aircraft to exchange the situational information between the aircraft and the National Airspace System (NAS). This paper summarizes the highlevel design and implementation of the AAtS infrastructure; namely the communication medium design, data management system, pilot peripheral, as well as the security of the data being exchanged and the performance of the entire …

Educating The Next Generation Of Cyberforensic Professionals, Mark Pollitt, Philip Craiger

Publications

This paper provides a historical overview of the development of cyberforensics as a scientific discipline, along with a description of the current state of training, educational programs, certification and accreditation. The paper traces the origins of cyberforensics, the acceptance of cyberforensics as a forensic science and its recognition as a component of information security. It also discusses the development of professional certification and standardized bodies of knowledge that have had a substantial impact on the discipline. Finally, it discusses the accreditation of cyberforensic educational programs, its linkage with the bodies of knowledge and its effect on cyberforensic educational programs.

Forensic Analysis Of Plug Computers, Scott Conrad, Greg Dorn, Philip Craiger

Publications

A plug computer is essentially a cross between an embedded computer and a traditional computer, and with many of the same capabilities. However, the architecture of a plug computer makes it difficult to apply commonly used digital forensic methods. This paper describes methods for extracting and analyzing digital evidence from plug computers. Two popular plug computer models are examined, the SheevaPlug and the Pogoplug.

Book Review: Digital Forensic Evidence Examination, Gary C. Kessler

Publications

This document is Dr. Kessler's review of the second edition of Digital Forensic Evidence Examination by Fred Cohen. ASP Press, 2010. ISBN: 978-1-878109-45-3

Utilizing The Technology Acceptance Model To Assess The Employee Adoption Of Information Systems Security Measures, Cynthia M. Jones, Richard V. Mccarthy, Leila Halawi, Bahaudin Mujtaba

Publications

In this study, the factors that affect employee acceptance of information systems security measures were examined by extending the Technology Acceptance Model. Partial least squares structural equation modeling was applied to examine these factors. 174 valid responses from employees from companies in various industry segments in the United States and Canada were analyzed. The results of the statistical analysis indicate that subjective norm moderated by management support showed the strongest effect on intention to use information systems security measures.

Forensic Analysis Of A Playstation 3 Console, Scott Conrad, Greg Dorn, Philip Craiger

Publications

The Sony PlayStation 3 (PS3) is a powerful gaming console that supports Internet-related activities, local file storage and the playing of Blu-ray movies. The PS3 also allows users to partition and install a secondary operating system on the hard drive. This “desktop-like” functionality along with the encryption of the primary hard drive containing the gaming software raises significant issues related to the forensic analysis of PS3 systems. This paper discusses the PS3 architecture and behavior, and provides recommendations for conducting forensic investigations of PS3 systems.

Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler

Publications

This document is Dr. Kessler's review of Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions, edited by Kenneth J. Knapp. Information Science Reference, 2009. ISBN: 978-1-60566-326-5.

Book Review: Mac Os X, Ipod, And Iphone Forensic Analysis Dvd Toolkit, Gary C. Kessler

Publications

This document is Dr. Kessler's review of MAC OS X, iPod, and iPhone Forensic Analysis DVD Toolkit, edited by Jesse Varsalone. Syngress, 2009. ISBN: 978-1-59749-297-3.

Book Review: The Dotcrime Manifesto: How To Stop Internet Crime, Gary C. Kessler

Publications

This document is Dr. Kessler's review of The dotCrime Manifesto: How to Stop Internet Crime, by Phillip Hallam-Baker. Addison-Wesley, 2008. ISBN: 0-321-50358-9

Book Review: Challenges To Digital Forensic Evidence, Gary C. Kessler

Publications

This document is Dr. Kessler's review of Challenges to Digital Forensic Evidence, by Fred Cohen. Fred Cohen & Associates, 2008. ISBN 1-878109-41-3

The Case For Teaching Network Protocols To Computer Forensics Examiners, Gary C. Kessler, Matt Fasulo

Publications

"Most computer forensics experts are well-versed in basic computer hardware technology, operating systems, common software applications, and computer forensics tools. And while many have rudimentary knowledge about the Internet and simple network-lookup tools, they are not trained in the analysis of network communication protocols and the use of packet sniffers. This paper describes digital forensics applications for network analysis and includes four case studies."

Book Review: Conquest In Cyberspace: National Security And Information Warfare, Gary C. Kessler

Publications

This document is Dr. Kessler's review of Conquest in Cyberspace: National Security and Information Warfare, by Martin C. Libicki. Cambridge University Press, 2007. ISBN 978-0-521-69214-4

Book Review: No Place To Hide, Gary C. Kessler

Publications

This document is Dr. Kessler's review of No Place to Hide, by Robert O'Harrow, Jr. Free Press, 2006. ISBN 0-7432-8705-3.

Assessing Trace Evidence Left By Secure Deletion Programs, Paul Burke, Philip Craiger

Publications

Secure deletion programs purport to permanently erase files from digital media. These programs are used by businesses and individuals to remove sensitive information from media, and by criminals to remove evidence of the tools or fruits of illegal activities. This paper focuses on the trace evidence left by secure deletion programs. In particular, five Windows-based secure deletion programs are tested to determine if they leave identifiable signatures after deleting a file. The results show that the majority of the programs leave identifiable signatures. Moreover, some of the programs do not completely erase file metadata, which enables forensic investigators to extract …