Pub Date : 2017-11-01DOI: 10.1109/CYCONUS.2017.8167507
A. Lemay, S. Knight
Industrial Control Systems (ICS) networks are an increasingly attractive for attackers. The case of 2015 Ukraine cyber attack where hackers abused the ICS system to create a blackout is a good illustration of this interest. However, to achieve physical effects, it is necessary for attackers to embed themselves deep within the target network. So, attackers must protect this investment by using covert techniques to avoid detection by defenders. This paper explores the problem of highly covert long-lived command and control channels to gain insight into probable evolution paths for attackers in response to increasing defensive capabilities. In particular, it presents a timing-based covert channel for the Modbus using interference. An implementation of the channel using network man-in-the-middle to modulate timing is built as a proof-of-concept of the approach. A performance analysis of the implementation shows that the implementation performs as low bandwidth, but highly covert command and control channel. Furthermore, an analysis of packet captures from a real production network show that the approach would be likely to work in a production environment.
{"title":"A timing-based covert channel for SCADA networks","authors":"A. Lemay, S. Knight","doi":"10.1109/CYCONUS.2017.8167507","DOIUrl":"https://doi.org/10.1109/CYCONUS.2017.8167507","url":null,"abstract":"Industrial Control Systems (ICS) networks are an increasingly attractive for attackers. The case of 2015 Ukraine cyber attack where hackers abused the ICS system to create a blackout is a good illustration of this interest. However, to achieve physical effects, it is necessary for attackers to embed themselves deep within the target network. So, attackers must protect this investment by using covert techniques to avoid detection by defenders. This paper explores the problem of highly covert long-lived command and control channels to gain insight into probable evolution paths for attackers in response to increasing defensive capabilities. In particular, it presents a timing-based covert channel for the Modbus using interference. An implementation of the channel using network man-in-the-middle to modulate timing is built as a proof-of-concept of the approach. A performance analysis of the implementation shows that the implementation performs as low bandwidth, but highly covert command and control channel. Furthermore, an analysis of packet captures from a real production network show that the approach would be likely to work in a production environment.","PeriodicalId":259012,"journal":{"name":"2017 International Conference on Cyber Conflict (CyCon U.S.)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114934190","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/CYCONUS.2017.8167510
Jim Q. Chen
Deterrence is badly needed in the cyber domain but it is hard to be achieved. Why is conventional deterrence not working effectively in the cyber domain? What specific characteristics should be considered when deterrence strategies are developed in this man-made domain? These are the questions that this paper intends to address. The research conducted helps to reveal what cyber deterrence can do and what it cannot do so that focus can be put on the enhancement of what it can do. To include varied perspectives, literature review is conducted. Some research works are specifically examined. Based on these studies, this research proposes a holistic approach in cyber deterrence that is empowered by artificial intelligence and machine learning. This approach is capable of making sudden, dynamic, stealthy, and random changes initiated by different contexts. It is able to catch attackers by surprise. The surprising and changing impact inflicts a cost on attackers and makes them to re-calculate the benefits that they might gain through further attacks, thus discouraging or defeating adversaries both mentally and virtually, and eventually controlling escalation of cyber conflicts.
{"title":"Take the rein of cyber deterrence","authors":"Jim Q. Chen","doi":"10.1109/CYCONUS.2017.8167510","DOIUrl":"https://doi.org/10.1109/CYCONUS.2017.8167510","url":null,"abstract":"Deterrence is badly needed in the cyber domain but it is hard to be achieved. Why is conventional deterrence not working effectively in the cyber domain? What specific characteristics should be considered when deterrence strategies are developed in this man-made domain? These are the questions that this paper intends to address. The research conducted helps to reveal what cyber deterrence can do and what it cannot do so that focus can be put on the enhancement of what it can do. To include varied perspectives, literature review is conducted. Some research works are specifically examined. Based on these studies, this research proposes a holistic approach in cyber deterrence that is empowered by artificial intelligence and machine learning. This approach is capable of making sudden, dynamic, stealthy, and random changes initiated by different contexts. It is able to catch attackers by surprise. The surprising and changing impact inflicts a cost on attackers and makes them to re-calculate the benefits that they might gain through further attacks, thus discouraging or defeating adversaries both mentally and virtually, and eventually controlling escalation of cyber conflicts.","PeriodicalId":259012,"journal":{"name":"2017 International Conference on Cyber Conflict (CyCon U.S.)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130102317","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/CYCONUS.2017.8167502
Elsa B. Kania, J. Costello
The current realities of the cyber domain could be radically disrupted by the advent of quantum communications and quantum computing. The consequent challenges for future cyber security and strategy require a nuanced analysis of these technologies and their likely employment by major powers. The employment of quantum cryptography can create quantum communications systems that are theoretically unhackable. Within the foreseeable future, quantum computing will be powerful enough to overcome most of today's advanced encryption techniques, rendering the majority of existing commercial, government, and military systems unprecedentedly vulnerable. These quantum technologies could respectively tend to advantage defense and offense in the cyber domain. While the “shield” enabled by quantum communications would contribute to technological deterrence through denial, the asymmetries of vulnerability that might result could potentially undermine military cyber stability, while exacerbating the risks of misperception through complicating intelligence collection. In the more distant future, the advent of quantum computing will enable unique offensive power that could leapfrog existing cyber capabilities. The strategic impact of these disruptive technologies will depend upon the approaches of great powers, particularly the U.S. and China, which have become leaders in this technological domain.
{"title":"Quantum technologies, U.S.-China strategic competition, and future dynamics of cyber stability","authors":"Elsa B. Kania, J. Costello","doi":"10.1109/CYCONUS.2017.8167502","DOIUrl":"https://doi.org/10.1109/CYCONUS.2017.8167502","url":null,"abstract":"The current realities of the cyber domain could be radically disrupted by the advent of quantum communications and quantum computing. The consequent challenges for future cyber security and strategy require a nuanced analysis of these technologies and their likely employment by major powers. The employment of quantum cryptography can create quantum communications systems that are theoretically unhackable. Within the foreseeable future, quantum computing will be powerful enough to overcome most of today's advanced encryption techniques, rendering the majority of existing commercial, government, and military systems unprecedentedly vulnerable. These quantum technologies could respectively tend to advantage defense and offense in the cyber domain. While the “shield” enabled by quantum communications would contribute to technological deterrence through denial, the asymmetries of vulnerability that might result could potentially undermine military cyber stability, while exacerbating the risks of misperception through complicating intelligence collection. In the more distant future, the advent of quantum computing will enable unique offensive power that could leapfrog existing cyber capabilities. The strategic impact of these disruptive technologies will depend upon the approaches of great powers, particularly the U.S. and China, which have become leaders in this technological domain.","PeriodicalId":259012,"journal":{"name":"2017 International Conference on Cyber Conflict (CyCon U.S.)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114763605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/CYCONUS.2017.8167511
Jason Healey
After nearly fifteen years of war, the US military is pretty sure that future conflicts won't look like the past.
经过近15年的战争,美国军方非常确定,未来的冲突不会像过去那样。
{"title":"What might be predominant form of cyber conflict?","authors":"Jason Healey","doi":"10.1109/CYCONUS.2017.8167511","DOIUrl":"https://doi.org/10.1109/CYCONUS.2017.8167511","url":null,"abstract":"After nearly fifteen years of war, the US military is pretty sure that future conflicts won't look like the past.","PeriodicalId":259012,"journal":{"name":"2017 International Conference on Cyber Conflict (CyCon U.S.)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131944019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/CYCONUS.2017.8167512
Monica M. Ruiz
The global use of the cyber domain has heightened speed, agility, and interconnectivity within our societies. Consequently, it has also increased threats that share the same characteristics. No longer is reality linear, as two points in time and individuals can connect from varied locations almost instantly, shifting the balance of how we approach traditional security challenges. This paper argues for the creation of volunteer United States (US) Cyber Defense Units (US CDU) at the state-level, similar to the Estonian Defence League's Cyber Defence Unit (EDL CDU). The goal in its establishment being to achieve a whole-of-society approach by creating the opportunity for individuals across sectors to volunteer in the joint cause of protecting US cyberspace. Voluntarism has worked before (e.g. US Minutemen, US National Guard, Civil Air Patrol) and it can certainly work again — this time, for the cyber domain. This paper provides background on prior US cyber defense initiatives and delves into the EDL CDU to draw possible theoretical structures and lessons for the formation and integration of the proposed US CDU. It also examines ongoing developments with the US Cyber Mission Force (CMF) to compare efforts. The paper includes primary and secondary source material from academia, government, and private sectors in both the US and Estonia. It analyzes ongoing efforts for cyber defense and reviews academic literature and research on the topics discussed.
{"title":"Establishing volunteer US cyber defense units: A holistic approach","authors":"Monica M. Ruiz","doi":"10.1109/CYCONUS.2017.8167512","DOIUrl":"https://doi.org/10.1109/CYCONUS.2017.8167512","url":null,"abstract":"The global use of the cyber domain has heightened speed, agility, and interconnectivity within our societies. Consequently, it has also increased threats that share the same characteristics. No longer is reality linear, as two points in time and individuals can connect from varied locations almost instantly, shifting the balance of how we approach traditional security challenges. This paper argues for the creation of volunteer United States (US) Cyber Defense Units (US CDU) at the state-level, similar to the Estonian Defence League's Cyber Defence Unit (EDL CDU). The goal in its establishment being to achieve a whole-of-society approach by creating the opportunity for individuals across sectors to volunteer in the joint cause of protecting US cyberspace. Voluntarism has worked before (e.g. US Minutemen, US National Guard, Civil Air Patrol) and it can certainly work again — this time, for the cyber domain. This paper provides background on prior US cyber defense initiatives and delves into the EDL CDU to draw possible theoretical structures and lessons for the formation and integration of the proposed US CDU. It also examines ongoing developments with the US Cyber Mission Force (CMF) to compare efforts. The paper includes primary and secondary source material from academia, government, and private sectors in both the US and Estonia. It analyzes ongoing efforts for cyber defense and reviews academic literature and research on the topics discussed.","PeriodicalId":259012,"journal":{"name":"2017 International Conference on Cyber Conflict (CyCon U.S.)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126246276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: