Offensiva cyberoperationer : en undersökning ur ett humanitärrättsligt perspektiv / Offensive cyber operations : a study from an international humanitarian law perspective

Arell, Viktor

January 2022

Militär och civil verksamhet kan nyttja samma nätverk och vara beroende av samma digitala infrastruktur, vilket innebär att det kan uppstå svårigheter med att göra åtskillnad på vad som är civilt och vad som är militärt i samband med offensiva cyberoperationer. Offensiva cyberoperationers effekter kan dessutom vara svårkontrollerade. Följaktligen uppkommer frågan hur en offensiv cyberoperation ska genomföras med hänsyn till de humanitärrättsliga kraven på att skydda civila personer och objekt.  Syftet med uppsatsen är att undersöka hur befälhavare i Försvarsmakten ska förhålla sig till humanitär rätt vid offensiva cyberoperationer under internationella väpnade konflikter. Med avstamp i detta syfte utgår uppsatsen från följande frågeställningar:  Var går skiljelinjen mellan militära mål och civila i samband med Försvarsmaktens offensiva cyberoperationer under internationella väpnade konflikter? Hur kan sidoskador undvikas i samband med Försvarsmaktens offensiva cyberoperationer under internationella väpnade konflikter?  Frågeställningarna besvaras genom att använda rättsdogmatiskmetod med Tilläggsprotokoll I till Genèvekonventionerna som huvudsaklig rättskälla. Analysen avseende hur sidoskador kan undvikas baseras på Lockheed Martins modell, Cyber kill chain.  Uppsatsens slutsats är att det är ovidkommande för var skiljelinjen går om ett objekt ursprungligen är civilt, om användaren av objektet är civil eller om objektet delvis nyttjas för civila ändamål. Så länge objektet effektivt bidrar till militära operationer och en påverkan av objektet medför en avgjord militär fördel ska det klassificeras som ett militärt mål. Vidare är uppsatsens slutsats att informationsinhämtning och kontroll under hela operationsskedet är nyckeln till att undvika sidoskador i samband med Försvarsmaktens offensiva cyberoperationer under internationella väpnade konflikter. / Military and civilian functions can use the same network and depend on the same digital infrastructure, which means that there can be difficulties when distinguishing civilian objects from military objects during cyber operations. Moreover, the effects of offensive cyber operations can be difficult to control. Consequently, the question arises how an offensive cyber operation should be carried out in the light of the humanitarian law requirement to protect civilians and civilian objects.  The purpose of the thesis is to examine how commanders in the Swedish Armed Forces shall comply with international humanitarian law during offensive cyber operations during international armed conflicts. Based on this purpose, the thesis revolves around the following questions:  Where is the dividing line between military objectives and civilians when the Swedish Armed Forces carry out offensive cyber operations during international armed conflicts?  How can collateral damage be avoided when the Swedish Armed Forces carry out offensive cyber operations during international armed conflicts?  The questions are answered by using legal dogmatic method. Additional Protocol I to the Geneva Conventions is used as the main source of law. The analysis of how collateral damage can be avoided is based on Lockheed Martin's model, Cyber kill chain.  The conclusion of the thesis is that it is irrelevant whether an object is originally civilian, if the user of the object is civilian or if the object is partly used for civilian purposes. As long as the object effectively contributes to military actions and an impact on the object entails a definite military advantage, it shall be classified as a military objective. Furthermore, the thesis concludes that information gathering and control throughout the operation is the key to avoiding collateral damage when the Swedish Armed Forces carry out offensive cyber operations during international armed conflicts.

Cyber

Offensiva cyberoperationer

Cyber kill chain

Humanitär rätt

Distinktion

Social Sciences Interdisciplinary

Training Security Professionals in Social Engineering with OSINT and Sieve

Meyers, Jared James

01 June 2018

This research attempts to create a novel process, Social Engineering Vulnerability Evaluation, SiEVE, to use open source data and open source intelligence (OSINT) to perform efficient and effectiveness spear phishing attacks. It is designed for use by "œred teams" and students learning to conduct a penetration test of an organization, using the vector of their workforce. The SiEVE process includes the stages of identifying targets, profiling the targets, and creating spear phishing attacks for the targets. The contributions of this research include the following: (1) The SiEVE process itself was developed using an iterative process to identify and fix initial shortcomings; (2) Each stage of the final version of the SiEVE process was evaluated in an experiment that compared performance of students using SiEVE against performance of those not using SiEVE in order to test effectiveness of the SiEVE process in a learning environment; Specifically, the study showed that those using the SiEVE process (a) did not identify more targets, (b) did identify more information about targets, and (c) did lead to more effective spear phishing attacks. The findings, limitations, and future work are discussed in order to provide next steps in developing formalized processes for red teams and students learning penetration testing.

social engineering

open source intelligence

ethics

IEEE

ACM

red team

cyber kill chain

cyber security

Science and Technology Studies

Information Security Training and Serious Games

Agrianidis, Anastasios

January 2021

The digital transformation of the 21st century has led to a series of new possibilities and challenges, where one major concern of many major organizations and enterprises is promoting Information Security Awareness and Training (ISAT) for their employees. This aspect of Information Security (IS) can promote cybersecurity in the work environment against threats related to the human factor. Apart from traditional methods as workshops and seminars, researchers study the effect of gamification on ISAT, by proposing customized digital games to train employees regardless their IT skills. This thesis is trying to propose what techniques and approaches can be considered to train people throughout a full threat progression by studying the features of previous efforts. For this purpose, a literature study based on the principles of a systematic literature review (SLR) is essential to gather the available data and review their characteristics. More specifically, the solutions of the researchers are analyzed against the seven steps of the Lockheed Martin Cyber Kill Chain (LM CKC), where each game is classified to one or more phases, according to the training they offer. Thus, some tools can provide a wide range of training, covering many aspects of the CKC, while others are targeting a specific IS topic. The results also suggest that popular attacks involving social engineering, phishing, password and anti-malware software are addressed by many games, mainly in the early stages of the CKC and are focus on trainees without professional IT background. On the other hand, in the last two phases of the CKC, the majority of categorized games involves countermeasures that IS specialists must launch to prevent the security breach. Therefore, this study offers insight on the characteristics of serious games, which can influence an ISAT program, tailored to the enterprise’s distinct IS issue(s) and the IT background of the trainees.

Information Security Awareness Training

Serious Games

Lockheed Martin Cyber Kill Chain

Computer Systems

Datorsystem

Information Systems