Active offensive cyber situational awareness : theory and practice

Al-Shamisi, Ahmed

January 2014

There is an increasing gap between the progress of technological systems and the successful exploitation of these systems through cyber-attack. Whilst the mechanism and scope of cyberspace is progressing with each passing day, risk factors and the ability to process the required amount of data from cyberspace efficiently are proving to be major obstacles to achieving desired outcomes from cyber operations. This, coupled with the dramatic increase in the numbers of cyber attackers, who are constantly producing new ways of attacking and paralysing cyber systems for political or financial gain, is a critical issue for countries that have linked their major infrastructures with Internet applications. The defensive methods currently applied to counter these evolving attacks are no longer sufficient, due to their preventive and reactive nature. This research has developed a new Active Situational Awareness theoretical model for Active Defence that aims to enhance the agility and quality of cyber situational awareness in organisations in order to counter cyber attacks. Situational Awareness (SA) is a crucial component in every organisation. It helps in the assessment of an immediate situation in relation to the environment. Current SA models adopt a reactive attitude, which responds to events and works in passive manner to any progressing enemy cyber attack. This creates a defensive mind-set and consequently influences the operator to process and utilise knowledge only within the concept of attack prevention. Thus, one can assume that operators will only gather certain knowledge after the occurrence of an attack, instead of actively searching for new intelligence to create new knowledge about the cyber attack before it takes place. This research study introduces a new approach that incorporates an Active Defence posture; namely, a ‘winning attitude’ that conforms to the military stratagems of Sun Tzu, where operators always engage attackers directly in order to create new knowledge in an agile manner by deploying active intelligence-gathering techniques to inform active defence postures in cyberspace. This also allows the system being protected to remain one step ahead of the attackers to ultimately defeat them and thwart any costly attacks. To back these statements, this study issued a survey to 200 cyber defence and security experts in order to collect data on their opinions concerning the current state of Active SA. Structural Equation Modelling (SEM) was then employed to analyse the data gathered from the survey. The results of the analysis revealed significant importance of Active Offensive Intelligence gathering in enhancing Cyber SA. The SEM showed there is a significant impact on SA Agility and Quality from Active Intelligence gathering activities. Further to this, the SEM results informed the design of the serious gaming environments utilised in this research to verify the SEM causality model. Also, the SEM informed the design of a SA assessment metric, where a behavioural anchor rating scale was used along with ground truth to measure participant SA performance. The results of this experiment revealed that there was 2 times better enhancement in cyber Situational awareness among those who did utilise active measures compared with participants who did not which mean almost double and this shows the importance of offensive intelligence gathering in enhancing cyber SA and speed up defender decision making and OODA loop. This research provided for the first time a novel theory for active cyber SA that is aligned with military doctrine. Also, a novel assessment framework and approaches for evaluating and quantifying cyber SA performance was developed in this research study. Finally, a serious gaming environment was developed for this research and used to evaluate the active SA theory which has an impact on training, techniques and practice Deception utilisation by Active groups revealed the importance of having deception capabilities as part of active tools that help operators to understand attackers’ intent and motive, and give operators more time to control the impact of cyber attacks. However, incorrect utilisation of deception capabilities during the experiment led operators to lose control over cyber attacks. Active defence is required for future cyber security. However, this trend towards the militarisation of cyberspace demands new or updated laws and regulations at an international level. Active intelligence methods define the principal capability at the core of the new active situational awareness model order in to deliver enhanced agility and quality in cyber SA.

363.25

In Search of a Posture of Peace : Nuclear deterrence and the possibility of a Non-Offensive Defence with examples of India, Pakistan and Kazakhstan

Hoekstra, Tijmen

January 2021

This thesis takes the initial steps to find what it calls a ‘posture of peace’, a counterpart to what Hobbes refers to as a posture of war (Hobbes 1651/2004: 79)1. A posture of war representsdefensive initiatives that can be interpreted by others as a certain preparation for conflict, and its base definition is used as a template to formulate an initial version of a posture of peace2.While keeping this concept as an overarching theme throughout the thesis explores the concepts of nuclear posture and a credible minimum deterrence (CMD) through the examples of India and Pakistan. While the thesis discusses four different nuclear postures, there really are only two categories, namely the pro-nuclear and anti-nuclear posture. The main examples of pronuclear posture used here is the case of India and Pakistan, two geographical neighbouring Nuclear Weapon States (NWS) who have been experiencing ongoing frictions and conflicts since (and prior to) becoming nuclear powers. On the other side Kazakhstan serves as an example of an anti-nuclear posture and in regards to the nuclear debate a possible empirical example of a posture of peace. In addition to these postures there is also the concept of NonOffensive Defence (NOD), which is more exemplified in the Kazakhstan’s approach to their nuclear situation as well as their more contemporary initiative in collaboration with several other neighbouring states to form the Central Asia Nuclear Weapons Free Zone (CANWFZ). The thesis concludes that while NOD finds little support in pro-nuclear posturing, there is ample space for it over on the ani-nuclear posture side of the spectrum which in addition aligns more with the present interpretation of a posture of peace. Moreover, the CANWFZ initiative appears to be as close a perfect example of a NOD in the present case and as close as this stage of the research will come to observing a posture of peace.

Non-Offensive Defence

Nuclear Deterrence

Nuclear Posture

Posture of War

Posture of Peace

Social Sciences

Samhällsvetenskap

Other Humanities not elsewhere specified

Övrig annan humaniora