Back to Top
Skip to Site Search Skip to Utility Nav Skip to Top Nav Skip to Left Nav Skip to Content
Close Main Menu

2017 Abstracts

Building a Civil-Military Framework for Cyber Deterrence

The Cold War was in part maintained by the clear nuclear deterrence of assured mutual annihilation among superpowers, and fear of nuclear reprisal among non-nuclear states. Some have begun to label the current age the Cyber Cold War, but the era of cyber weaponization is markedly different from the previous cold war in several ways. First, unlike nuclear warheads, cyber weapons may become obsolete before they are ever fired, as computer systems are patched and updated to plug known vulnerabilities. Second, an entire class of cyber weapons can become useless after a single deployment, as the executable code can be reverse-engineered and its exploits defended against. Finally, and perhaps most importantly, there is no longer as clear a deterrent in cyber warfare as there was in the nuclear age. There are neither stockpiles of highly visible, highly effective cyber weapons that ensure a nation’s security by their destructive capacity, nor are there guaranteed repercussions from striking a similarly armed peer.

Further, in the absence of an enemy claiming responsibility, attribution of cyber attacks is a slow and difficult process. Even when we can accurately identify the attacker, Just War Theory (JWT) does not yet consider non-kinetic cyber attacks, such as economic sabotage, as acts of war permitting proportionate retaliation. Russia has allegedly attacked Ukraine, Georgia, and other states using cyber weapons, with little to no publicly-disclosed retaliation from victim states or from the international community. Less developed nations, terrorist groups, and non-nation-state actors can disproportionately employ cyber weapons against a more developed, highly cyber-dependent adversary with little fear of retaliation. For example, if North Korean attackers were able to shut down a US stock exchange, what would be a proportionate response, as North Korea is among 20 or so nations with no stock exchange of their own

The authors propose that civil-military cooperation is crucial to establishing and maintaining both cyber deterrence and cyber defense. Just as the Reserve and National Guard components maintain a trained, ready force to respond to home-land emergencies and peacekeeping needs abroad, a new Civilian Cyber Defense Corps could serve as a kind of cyber national guard. By training qualified civilians in some of the latest defensive and offensive capabilities, we can both respond to the critical need for cybersecurity professionals in private industry and sustain a corps of well-trained cyber guardians to protect and restore critical systems at home and support both defensive and offensive operations against foreign adversaries.

Different from the existing cyber components in the National Guard and Reserve, the key to garnering broad participation would be the civilian nature of the CCDC, waiving both physical fitness and age requirements, trading boots and fatigues for t-shirts and tennis shoes. The Cyber Corps could become a vital bridge to high-paying private industry cybersecurity jobs for returning or retiring active-duty service personnel, a career-booster for underemployed but patriotic Americans coming from displaced industries, and a career-starter for the next generation of Cyber Heroes.

Return to the 2017 Symposium Page

Designing a Military Cyber Strategy for South Africa

South Africa, and indeed the African continent as a whole, experiences challenges in terms of cyber threats within the African digital space.  While South Africa leads the way in terms of legislation and the establishment of formal cyber response and coordination entities, a number of substantial challenges remain.  Foremost amongst these is the framing of a national cyber strategy and further to that, a military or cyber warfare strategy.  There are key questions which arise in the South African context around such strategies in terms of governance, policy development, doctrine and capability development, knowledge collaboration and the sharing of information and intelligence with other states.  Associated questions regarding which entity is responsible for securing South Africa’s digital landscape are equally difficult to answer.

The need to make rapid progress in both the policy and human capital environment is self-evident.  South Africa is home to the most technologically advanced economy in Africa and a service hub for the entire region as well as being an important regional power.  While South African defence planners do not easily foresee a conventional short or medium term military threat to the country the same cannot necessarily be said for a cyber and possibly a cyber/kinetic attack due to the global nature of cyber threats as well as the proliferation of possible nonstate actor adversaries.  The protection of the South African arms manufacturing industry, both from a military as well as an economic perspective, is an additional important consideration.

There are also a number of vexatious foreign policy challenges for South Africa in terms of cyber cooperation as the country is a member of a number of international organisations from the UN, the AU, SADC, BRICS and the Commonwealth.  This is set against a backdrop of the African continent which as a whole faces many security challenges combined with outdated resource challenges in the ITC sector.  Despite this Africa’s number of internet users is exploding as the Continent’s physical cable connectivity to the rest of the world grows at a rapid pace.  It is therefore perhaps fair to assume that the African threat landscape is large and somewhat exposed.  South Africa is dependent on the continued growth and development of the Africa continent as a whole and therefore needs to play a leading role in shaping cyber policy and capacity within the region.  The strategic and economic importance of Africa is reflected by the presence of major world powers such as the United States, Russia and China.  From a South African perspective this presents a complex backdrop against which cyber strategies must be framed.

This paper aims to explore some of these challenges and propose a number of ideas and considerations in terms of the formulation of a military cyber strategy for South Africa.

Return to the 2017 Symposium Page

Cyber Security as a Horizontal Issue in Public Service

Cybersecurity is a major national security issues for all countries. Hungary is also struggling with this problem. Criminal activities in cyberspace has reached the point where national interests need to be represented EU and NATO-wide in cybersecurity related discussions. Governmental IT systems should be protected from criminals and foreign intelligence services, just to name a few challenges. Moreover, Hungary borders the Ukraine where Russia employs hybrid warfare at the highest level, including cyber activities. Meanwhile, Hungary is preparing for the next parliamentary election in 2018, a high-risk endeavor in every European country these days. These elements require a new approach to cyberdefense.

The National University of Public Service (NUPS) in Hungary is responsible for educating military, intelligence and law enforcement officers, public servants, disaster management experts, diplomats and water supply engineers. Cybersecurity is one of the topics that is vital for all students to understand as they must deal with the negative effects of IT related issues on a daily basis in their career. The NUPS Cybersecurity Academy was established in 2017 to support all educational and research activities, meanwhile collect requirements from the affected parties. As a trusted party, it is also responsible for sharing independent information with the public and promoting cybersecurity as a career option inside and outside the university for youngsters. As a research pillar, the Cybersecurity Research Team was established and began a joint research project on some missing fields of the above-mentioned professions, such as security awareness, the security questions of smart cities, the risks of social media, cybercrime investigations, cyberstrategy, international relations in cyberspace and security operation centers.

As a prominent military and civil cooperative effort in the field of cybersecurity, this educational project can be used as a best practice worldwide, therefore our aim is to share our initial experiences. We highlight the legal and institutional background that governs Hungary’s cyberdefense. We also speak about the major challenges and potential answers from the Academia. Moreover, we intend to share the first results of Cybersecurity Research Team.

Return to the 2017 Symposium Page

Cyber-Resilience Strategies for Small Countries

Mass use of the Internet destroyed the Westphalian state system (named after the 1648 Peace of Westphalia treaty). In that system each country has a territory (and people, economy and society), shared (in principle) with no other country, and – usually, and desirably – a government. Within very broad limits, each country is ‘sovereign’: it can make laws that apply within its territory, and it can deal with other countries on the basis of a presumption of equality. Other countries don’t claim to be able to interfere in each other’s internal affairs (with known exceptions).

Nowadays, almost any individual, organization, or state with enough information technology knowledge may easily intervene in the affairs of a country. Mass media almost every day report on such activities. Slowly, kinetic wars are enhanced, or replaced by cyber wars. At present, the major players in cyber attacks are organizations sponsored by state government of various countries: from major players like USA, China or Russia, to minor, like Israel or North Korea. The main objective of all these players is to learn as much as possible of the other countries military and civil activities, and, if desired, disturb these activities.

The issues, which we would like to address, are: In which way small countries may increase their resistance against such cyber-attacks? How big players could support building of these defensive capabilities.

Building resistance against cyber-attacks requires investigation of many quite different problems, including:

  • Information technology itself
  • Education
  • The law
  • International relations
  • Possible cyber-attacks formats
  • National polices related to cyber conflicts and defenses

Investigation of all these problems is costly. And there is an obvious question: Where to find funds covering studies of these problems?

The answer seems to be quite simple, but extremely difficult to apply:

At present, significant majority of governments spend between 1% and 2% of their budget on national defenses. These are substantial money. These funds all invested mostly in the “traditional” military hardware. Almost every week mass media reports about multibillion dollars prototypes of new aircraft carriers, planes, tanks etc.

The basic cost of a new German’s Leopard2 tank with the A7+ upgrades is reported to be about US$10 million. This is only a tank cost and related infrastructure costs much more than that. One such a tank would not be enough to defend a country. So, it could be affordable for big powers like USA or China and not for small countries. For example, at present, Poland has 128 Leopards tanks with the next 123 on order. In neighboring Germany, the number of Leopards tanks is measured in thousands. Due to overwhelming “traditional” military power of super countries small countries do not have any chance to survive attacks launched by major world power. However, they should have enough military hardware to effectively resist attacks from the neighboring countries (if they are not superpowers!). Some investments in the traditional hardware are dubious. For example, a decade ago New Zealand (country surrounded by ocean) bought over 100 of Light Armored Vehicles, of which significant part never left the garage. But one or two of these expensive tanks could be replaced by increased investment in cyber-war studies.

USA government should encourage their partnering countries to shift traditional military spending to cyber defenses. This talk will consider how such policy could look.

Return to the 2017 Symposium Page

A Taxonomy of National Challenges in Cyber Defense

Many countries all over the world are finding themselves trying to figure out how best to tackle cyber defense challenges that continue to be on the rise. This has led to country specific initiatives, regional alliance initiatives and new relationships being formed. The purpose of the paper is to taxonomize the national challenges facing South Africa’s attempts at establishing an effective cyber defense policy. This will be achieved by looking at the current (South African) National Cybersecurity Policy Framework and comparing it with those of other countries that are classified as similar to South Africa.

The research of course shows that every country has its own unique challenges that have to be properly analyzed before attempts to implement policies are put in place. The taxonomy adds value by indicating the magnitude of the challenges and how they differ from other countries. In South Africa’s case, one factor that stands out is the fact that South Africa is a fairly new democracy that has gone through a couple of metamorphoses – including the fusion of armed disparate armed forces – which have significant impact on the path forward.

What our research will show is the dependencies between the solutions that the first world countries come up with and    the problems that are faced by the second world countries. If a first world country is struggling to        find solutions or decide on what needs    to be done within the cyber defense environment, this automatically mean those countries that  depend on the first world country stand to suffer the most. Because of the technological dependencies the second world countries such as South     Africa find themselves having to find solutions outside of the  normal status quo as provided by those who may have been in the lead.

Return to the 2017 Symposium Page

Classification of Web Service-based Attacks and Mitigation Techniques

Web services are being widely used for business integration. Understanding what these web services are and how they work is important. Attacks on these web services are a major concern and can expose an organization’s valuable resources. This paper performs a survey describing web service attacks. We provide a taxonomy of web service vulnerabilities and explain how they can be exploited. This paper discusses some of the approaches that make up best practices and some that are in the development phase. We also discuss some common approaches to address the vulnerabilities. This paper discusses some of the approaches to be used in planning and securing web services. Securing web services is a very important part of a Cybersecurity plan.

Web services (also called application services) are defined as being “A standardized way of integrating Web-based applications using the XML, SOAP, WSDL, and UDDI open standards over an Internet protocol backbone”. WSDL is the Web Service Description Language. It is a XML-based interface definition language that describes the functionality offered by a web service. UDDI is Universal Description, Discovery and Integration. It is platform independent protocol that uses a XML-based registry that worldwide businesses can list themselves.

Web services are increasingly becoming a strategic vehicle for the exchange of data and content distribution for companies and corporations (large and small). It is a vital component of online stores. Within web services, the Simple Object Access Protocol (SOAP) XML-based messages are used to transmit data between the consumer and the provider over the network. This is done using the http or https protocols. These interactions take place when the consumer (client) sends a SOAP message request to the provider (server).

There are many existing attacks on web services and many mitigation approaches. However, there is little effort in providing a taxonomy of attack types and mitigation approaches. In this paper, we do an extensive survey of web service-based attacks and mitigation approaches. We discuss various types of attacks such as SOAP Action Overriding attacks, Privilege Escalation Attacks, Disclosure and Denial of Service attacks. For each of these attacks we provide some best practices and mitigation approaches.

This paper will be organized as follows: Section 2 discusses SOAP and RESTFul web services. Section 3 describes a number of common attacks on web services. Section 4 discusses common tools and approaches from the literature that mitigate web service attacks. Section 5 discusses best practices to mitigate against web service attacks. Section 6 highlights the limitation of the approaches. Finally, Section 7 concludes the paper.

There are many types of attacks that attackers/criminal can use against a computer system. This research was focused on web services SOAP and RESTFul, and the attacks that can be used against them. Knowing the vulnerabilities and exploits that web services are susceptible to is important to finding the best practice for the mitigation of the attacks that can be used against web services.

Return to the 2017 Symposium Page

Hybrid Wars:  The 21st-Century’s New Threats to Global Peace and Security

This article discusses a new form of war, ‘Hybrid War’, under inclusion of aspects of ‘cyber-terrorism’ and ‘cyber-war’ before the backdrop of Russia’s ‘Ukrainian Spring’ and the continuing threat posed by radical Islamist groups in Africa and the Middle East. It discusses the findings of an on-going Hybrid Threat project by the Swedish National Defence College. This interdisciplinary article predicts that military doctrines, traditional approaches to war and peace and its perceptions will have to change in the future.

Return to the 2017 Symposium Page

Is Cyber Shape Shifting?

Neal Kushwaha

Bruce Watson

Impendo Inc.

IP Blox

neal@impendo.com

bruce@ip-blox.com

 

Abstract: Technologies have evolved so rapidly that companies and governments seem to be regularly trying to catch up to new capabilities and thereby sometimes making quick decisions that have the potential to set precedents and apply international challenges.[1]

With the opportunity to a take step away from the technical aspects of cyber and consider the taxonomy, this paper explores the domain of cyber by structuring the conceptual problems and by putting the individual small solutions into their respective places within a conceptual framework.

The paper breaks cyber into seven (7) concepts and discusses each of them:

  1. knowledge trajectory – aligning cyber to knowledge economies;
  2. discrimination – categorizing various cyber weapons;
  3. recombinant and mutable – discussing how cyber weapons can be easily modified when compared to traditional kinetic weapons;
  4. model/object dichotomy collapse and free replication – discussing how in cyber, the code is the object, making it easy to duplicate the weapon and how traditional methods of sanctions may no longer be suitable;
  5. speed of light – the challenge of detecting cyber weapons and the ease with which they can be shared;
  6. dynamic multidimensional space – discussing the change in theatre of operations and how collateral damage is an expected outcome; and
  7. scope of impact – discussing the true impact of cyber weapons and their behaviour.

The paper challenges the reader further by proposing the possibility that cyber is not a Domain of Warfare and that the term “cyber attack” may likely benefit from an alternate label such as “cyber espionage”. We discuss how cyber is impaired by:

  1. attribution, making it difficult to identify the source;
  2. scope of impact resulting in manipulation, interruption/disruption, and bullying; and
  3. highly dependent on the target’s cyber hygiene and IT business processes.

Because of these challenges, we propose cyber is rather simply a tool or tradecraft for the purpose of espionage or sabotage.

Keywords: knowledge economies, knowledge trajectory, capability and maturity model integration, cyber weapons, weapons of mass manipulation, weapons of mass interruption, cyber hygiene, tradecraft, espionage

[1] Clapper, et al., Joint Statement Record, p5 paragraph 1, “…countries do not widely agree on how such principles of international law as proportionality of response or even the application of sovereignty apply in cyberspace.”

Poster Abstracts

Civil-military cooperation and international collaboration in cyber operations

The paper addresses cyber-attacks in the context of civil-military cooperation. The role of international collaboration in Georgia’s  cyber defence is also highlighted.

Cyber threats and attacks have become a common phenomenon, turning more sophisticated and damaging. The world is faced with an evolving complex threat environment. State and non-state actors can use cyber-attacks in the context of military operations. Considering hardly controllable nature of cyber-attacks, it is difficult to bring out a rule of thumb.

The first step to falling for any cyber-attack is to believe that you will not be attacked. Tasks of collective defence, crisis management and cooperative security is crucial. NATO needs to be prepared to defend its networks and operations against the growing sophistication of the cyber threats it faces.

The Government of Georgia has acknowledged the challenge in its first Cyber Security Strategy. Large-scale cyber-attacks launched by Russia against Georgia in August 2008 have clearly demonstrated that the national security of Georgia cannot be achieved without ensuring security of its cyberspace. In the course of the Russian-Georgian war, Russian Federation engaged in targeted and massive cyber-attacks against Georgia alongside land, aerial and naval assault.

According to the National Security Concept of Georgia, Russia poses the most vivid threat not only militarily but also in terms of direct cyber threats both to state and non-state sectors of Georgia. As the document determines cyber security as one of the main directions of its security policy, Georgia tries to create new system of cyber security that will facilitate resilience of cyber infrastructure against cyber threat and also, will represent extra factor in country’s economic growth and social development. Accordingly, it is necessary to adhere to the following rules of cooperation: public-private partnership (PPP) and enhanced international cooperation. Development of mechanisms for cooperation between governmental agencies as well as boosting public-private partnership is essential for ensuring cyber security. Part of critical information system of Georgia is owned by private companies. It is important to develop cooperation modalities that would facilitate proper operation of critical information systems and would also offer additional factors for economic growth.

For successful elimination of cyber threats, first of all, it is omnipotent to consider international experience of civil-military cooperation. Some further recommendations can be considered for the commitment of Georgian cyber security. Furthermore, academic research centers of excellence in the cyber field must be established. It is also essential to promote cooperation between private and governmental sectors.

Finally, it is necessary to develop a national cyber defensive perimeter – automatic computerized system and human systems, which, together, would provide defence for predefined computer systems. Besides, there is a need to develop solutions for local defence as well as to increase the level of cyber security awareness.  

UNG follows Section 508 Standards and WCAG 2.0 for web accessibility. If you require the content on this web page in another format, please contact the ADA Coordinator.

Back to Top