Słowa kluczowe

Spain |cybersecurity |CNI |CCN |National Cryptologic Centre

Streszczenie

This interview between Rubén Arcos and Spain’s National Cryptologic Centre (CCN) was conducted via email on 24 October 2022. CCN is part of Spain’s National Intelligence Centre (CNI), and through its national alert and response centre against cyberattacks and cyber threats, CCN-CERT, it contributes to the cybersecurity of Spain. The discussion focuses on Spain’s approach to cybersecurity, existing tools for information sharing/management of cyber incidents and tools supporting the production of intelligence on cyber threats. It also deals with current and emerging trends in the cyber domain and developments and activities in the fields of prevention, detection and response. Finally, the interview highlights measures in the March 2022 National Cybersecurity Plan and initiatives against potential cyber-attacks during elections.

Słowa kluczowe

machine learning |cybersecurity |honeypot |Markov decision process |partially observable Markov decision process |Q-learning

Streszczenie

A honeypot is used to attract and monitor attacker activities and capture valuable information that can be used to help practice good cybersecurity. Predictive modelling of a honeypot system based on a Markov decision process (MDP) and a partially observable Markov decision process (POMDP) is performed in this paper. Analyses over a finite planning horizon and an infinite planning horizon for a discounted MDP are respectively conducted. Four methods, including value iteration (VI), policy iteration (PI), linear programming (LP), and Q-learning, are used in the analyses over an infinite planning horizon for the discounted MDP. The results of the various methods are compared to evaluate the validity of the created MDP model and the parameters in the model. The optimal policy to maximise the total expected reward of the states of the honeypot system is achieved, based on the MDP model employed. In the modelling over an infinite planning horizon for the discounted POMDP of the honeypot system, the effects of the observation probability of receiving commands, the probability of attacking the honeypot, the probability of the honeypot being disclosed, and transition rewards on the total expected reward of the honeypot system are studied.

Słowa kluczowe

information |cognitive |cyber |international humanitarian law |metaverse |warfare

Streszczenie

Hybrid warfare is currently among the most trending topics. Hybrid threats arise in digital, cybernetic, and virtual environments and materialise in the real world. Despite being a somewhat vague term, hybrid activities include cyberwarfare, information warfare, and the emerging and evolving concept of cognitive warfare which appears from their intersection. These buzzwords gained popular attention in the context of the Russo- -Ukrainian conflict and such terms are now in vogue. Even though these topics are in the spotlight, there is also widespread confusion about what exactly these usages mean and what the implications are in branding them as “warfare”. Indeed, all these concepts are fluid, nebulous, and lack an undisputed legal definition. This article aims to clarify their meaning and to shed light on the characteristics of such terms – differences, similarities and overlaps – in the context of hybrid warfare and show the faulty reasoning upon which misunderstandings are based. The paper concludes with a glimpse into the future, closing with a reflection on multi-domain operations facilitated by a fully integrated human- -computer interaction in the metaverse, where physical reality is merged and interacts with digital virtuality.

Słowa kluczowe

Cyberspace |cybersecurity |national security |critical infrastructure |national cyber resilience |smart cities

Streszczenie

There is currently a gap in our academic and practical understanding of the concept of resilience in cyber space at the level of the state, hampering research and policy-making due to the lack of a rigorously constructed, shared terminology. This article contributes to this area by providing a comprehensive capacities-based conceptualisation of state-level cyber resilience. After establishing that cyber resilience is necessary and that it should be developed at the state level, we perform a rigorous exploration of the concept of resilience as it pertains to the different areas involved in state-level cyber resilience. Seeking the most salient characteristics of each one, we identify from the general concept of resilience that it is a non-static process requiring an availability of assets; from state resilience, we identify that resilience capacities are harboured at multiple levels and across actors within the polity; and from cyber resilience, we identify that there is a plethora of different potential damages. Taking all this into consideration, our resulting concept of state-level cyber resilience is the following: the ability of a state, which (a) is made up of multiple layers, to (b) harness a set of key assets in order to (c) confront a particular type of damage to its cyber space, by (d) going through the stages of coping and eventually recovering to its normal state. Having constructed this conceptual framework, this work aids researchers and decision-makers by providing a common terminology and fostering a systematic, multidimensional approach to states’ capacity for resilience in cyber-space.

Słowa kluczowe

Iran |Russia |Cyberwarfare |Hybrid |Gray Zone

Streszczenie

The holistic nature of security in a hyper-connected world has increased the relevance of cyber environment. One of the most relevant threats identified are the attacks against energy infrastructures. This article presents a comparative study of the actions launched by Russia and Iran in the cyber environment against energy supply. Both States are specialized in asymmetric strategies and tactics in which cyber has a core role. The research analyzes the main actions against energy supply infrastructures, studying the pursued objectives and identifying their potential political results. The document is structured by a first theoretical approach to the use asymmetric gray zone and hybrid strategies, focusing on the use of cyber by Rogue States. From this approach, the analysis reflects the political visions of Russia and Iran, linking it with the Russian actions in Ukraine, as well as the Iranian cyber offensives against western targets. Conclusions reflects about the effectiveness of these strategies to the general strategy of both States.

Słowa kluczowe

European Union |deep fakes |Artificial Intelligence Act |AI Act |regulations |transparency obligations |disclosure rules

Streszczenie

The Artificial Intelligence Act (AI Act) may be a milestone of regulating artificial intelligence by the European Union. Regulatory framework proposed by the European Commission has the potential to serve as a benchmark worldwide and strengthen the position of the EU as one of the main players of the technology market. One of the components of the regulation are the provisions on deep fakes, which include the definition, classification as a “specific risk” AI system and transparency obligations. Deep fakes rightly arouse controversy and are assessed as a complex phenomenon, the negative use of which significantly increases the risk of political manipulation, and at the same time contributes to disinformation, undermining trust in information or in the media. The AI Act may strengthen the protection of citizens against some of the negative consequences of misusing deep fakes, although the impact of the regulatory framework in its current form will be limited due to the specificity of creating and disseminating deep fakes. The effectiveness of the provisions will depend not only on the enforcement capabilities, but also on the precision of phrasing provisions to prevent misinterpretation and deliberate abuse of exceptions. At the same time, the AI Act will not cover a significant part of deep fakes, which, due to the malicious intentions of their creators, will not be subject to the protection in the form of transparency obligations. This study allows for the analysis of provisions relating to deep fakes in the AI Act and proposing improvements that will take into account the specificity of this phenomenon to a greater extent.

Słowa kluczowe

NICE Workforce Framework |cybersecurity education |cybersecurity ambassador |cybersecurity internships |cybersecurity training

Streszczenie

The workforce demand for skilled cybersecurity talent has exceeded its supply for years. Historically, the pedagogical approach was to identify and create curricula for the most in-demand technical knowledge, skills, and abilities (KSAs). Unfortunately, the field has tended to neglect nontechnical counterparts. However, recent literature suggests a core set of nontechnical KSAs that employers seek after. This study explored the codification of a nontechnical curriculum for a cybersecurity internship program at the University of Southern Maine (USM). The USM faculty created the Cybersecurity Ambassador Program that can serve students and the community. The service to students is to make them more attractive to employers. The benefit to the community is to provide cybersecurity awareness training to vulnerable populations. This discussion about the USM CAP serves as a case study for other programs considering this type of enrichment using an internship model. CAP started as an informal program, but this research used objective data to create repeatable blueprints. The researchers designed these lesson plans to help students progress from novices to competent in crucial nontechnical skills delineated in the National Initiative for Cybersecurity Education (NICE) Workforce framework. The team used a mixed methods approach to baseline Tier 1/novice students’ skill levels, place them in a cybersecurity enrichment program, track their progress, and determine program efficacy in helping them achieve beginner status. The information shared can serve as a point of departure for a case study that might guide other programs interested in doing similar work.

Słowa kluczowe

cybersecurity capacity building |structured field coding |cybersecurity analysis |multi-methods security research

Streszczenie

Data on cybersecurity capacity building efforts is critical to improving cybersecurity at national levels. Policy should be informed not only by measures that allow internal assessment of strengths and weaknesses that enable cross-national comparisons. The International Telecommunications Union (ITU) and its Global Cybersecurity Index (GCI) has used a standardized survey that has been adapted and used in multiple national assessments by the Global Cyber Security Capacity Centre. This adaptation includes an addition of open field coding assessments that rely heavily on trained experts and interactions with national focus groups. These assessments are checked using multiple coders to increase reliability and reduce bias. This process of ‘structured field coding’ (SFC) is an approach to collecting and coding observations based on multiple methods, quantitative as well as qualitative. This approach differs from open field coding in providing a set structure for coding observations from the field based on established frameworks for assessment. The SFC process is explained along with a discussion of the origin and the advantages and limitations of this methodological approach. It can be used in a variety of studies but is presented here as a means to integrate data for cross-national comparative analyses. Its application to improving the reliability and validity of data collection across a region, such as the EU, would help stakeholders evaluate where they should invest resources to improve their cybersecurity capacity.

Słowa kluczowe

password |macrosocial influence |authentication |users’ behaviour |users protection

Streszczenie

Users’ habits in relation to cybersecurity are frequently examined from the micro perspective, using survey results to obtain impactful variables from individuals, focusing on usability and security factors of passwords. In this paper, the influence of macrosocial factors on password strength is studied in order to offer a global comprehension of the influence of the environment on users. Using the list of the 200 most common passwords by countries released by NordPass in 2021, logistic regression has been used to predict macrosocial variable influencing password strength. Results show that (1) Literacy level of a population; (2) Voice and accountability; (3) Level of global cybersecurity; and (4) Level of data breaches exposure significantly predict users’ password strength performance. The author discusses the impact of government on password hygiene of users hoping to influence the development of policies around cyber security configurations and investment set by nations and institutions.

Słowa kluczowe

supply chain risk |autonomous weapon systems |Artificial Intelligence |emerging technology

Streszczenie

The development of increasingly AI-enabled autonomous systems and other military applications of Artificial Intelligence (AI) have been recognised as emergent major military innovations. In the absence of an effective and enforceable ban on their development and/or usage arising from the Group of Governmental Experts on Lethal Autonomous Weapon Systems (LAWS), it is likely that such systems will continue to be development. Amongst the legal, ethical, practical, and strategic concerns raised by the emergence of such systems, it is important not to lose sight of the risks involved in relying on a high-manufactured system in place of a human. This places additional strains and importance on securing diverse, complex, and over cross-jurisdictional supply chains. This article focuses on the vulnerability of and the risks to the integrity and security of the supply chains responsible for producing AI-enabled autonomous military systems.

Słowa kluczowe

cybersecurity |artificial immune systems |intrusion detection |negative selection |malware

Streszczenie

In this paper, an overview of artificial immune systems (AIS) used in intrusion detection systems (IDS) is provided, along with a review of recent efforts in this field of cybersecurity. In particular, the focus is on the negative selection algorithm (NSA), a popular, prominent algorithm of the AIS domain based on the human immune system. IDS offer intrusion detection capabilities, both locally and in a network environment. The paper offers a review of recent solutions employing AIS in IDS, capable of detecting anomalous network traffic/breaches and operating system file infections caused by malware. A discussion regarding the reviewed research is presented with an analysis and suggestions for further research, and then the work is concluded.

Słowa kluczowe

war |Ukraine |Russia |Cyberspace |strategy

Streszczenie

The article explores Russian engagement in cyberspace during the conflict with Ukraine. Many experts have been surprised not only by the lack of coordination between offensive military operations in cyberspace and other domains, but also by the absence of significant cyberattacks. The central argument revolves around the perceived inadequacy of Russian capabilities. However, the authors contend that such an assessment is flawed and stems from the imposition of Western expectations onto a non-Western actor. They argue that the Russians’ employment of cyberspace not only aligns with their strategic culture but also represents a continuation of their utilisation of cyber as a tool for disinformation, which was previously observed during the war with Georgia in 2008 and the initial phase of the conflict with Ukraine in 2014. The aim of the article is threefold. Firstly, it discusses the Western strategic discourse regarding the potential use of cyberspace in warfare. In contrast to the position of Western experts, the second part of the article presents the Russian approach. The third section describes how the application of Russian cyber warfare concepts has played out in practice during the conflict in Ukraine.

Słowa kluczowe

cybersecurity |human layer |weakest link |trust |trust framework |human trust exploitation

Streszczenie

T he significance of cybersecurity is increasing in our daily digital lives. The reason for this rise is that human interactions take place in computer-mediated environments, or cyberspace, where physical cues from face-to-face interactions are either absent or very minimal. Computer users are becoming increasingly susceptible to cyberattacks as a result of human interactions in cyberspace. Understanding how cybercriminals exploit the human trust, the weakest link in cybersecurity is relevant because cybercriminals focus on attacking the human psychology of trust rather than technical-based controls. To this end, the present paper develops a trust framework on exploitation of humans as the weakest link in cybersecurity. The framework is established by linking the human psychology of trust and techniques used by cybercriminals in deceiving and manipulating users of computer systems. The framework is validated by demonstrating its application using a case study employing real data. Findings show that cybercriminals exploit human trust based on trust development processes and bases of trust, either creating (falsified) expectations or a relationship history to lure the victim in. Furthermore, it is revealed that technical-based controls cannot provide effective safeguards to prevent manipulation of the human psychology of trust.

Słowa kluczowe

critical infrastructures |EU legislative framework |NIS2 Directive |CER Directive |results and challenges

Streszczenie

At the end of 2022 and the beginning of 2023, the EU adopted several new legislative acts aimed at improving the resilience and protection of network and information systems and critical entities across the Union. The objective of this research is to list the said acts, show their interconnections and focus specifically on the analysis of potential weaknesses of two legislative acts, namely: the NIS2 Directive and the CER Directive. The NIS2 Directive is a significant piece of legislation that aims to improve the cybersecurity of the European Union, while the CER Directive is a crucial piece of legislation that aims to improve the physical security of critical entities in the Union. These two documents are applied in parallel and contain many mutual references, which means that weaknesses in one document can have significant consequences in the implementation of the other. Therefore, through standard desk-top analysis of primary and secondary sources, this paper reviews the protection of the EU's critical infrastructures results and challenges by primarily focusing on these two documents. The research found certain weaknesses, explained them and suggested possible solutions.