THREAT PERCEPTIONS AND STRATEGIC ADAPTATION IN 21st CENTURY FINLAND

Kuikka, Mika

January 2022

Small states have limited ability to influence the security environment and other states in the rivalry over scarce resources. How can a small state adapt to changes and challenges in the security environment and protect the state from perceived threats? The purpose of this thesis is to understand how a militarily non-aligned small state's threat perceptions adapts to changes in the security environment and how these developments affect its strategic adaptation. The thesis explains how some 21st century changes of the security environment have affected the Finnish threat perceptions and strategic adaptation of a small state.  The problem is solved by conducting a qualitative content analysis of Finnish security and defence reports of the 21st century and by utilizing an analytic framework constructed for this purpose. The question is answered by presenting the main changes in the Finnish security environment and threat perceptions, and by explaining how policy has been adapted to these changes. The questions are answered both conceptually with theoretic models from a small state perspective and with in-depth analysis utilizing the theoretic models for contextual understanding in a structured manner.  As a result, conceptual frameworks are presented as tentative explanations for a small state’s threat perceptions and strategic adaptation. The contextual results suggest that from a change perspective the Russian aggressions in Ukraine 2014 and 2022 have had the biggest impact on Finnish strategic adaptation in terms of conceptual changes, use of resources and alignment strategies.

Threat perception

strategic adaptation

security

policy

small state

Social Sciences Interdisciplinary

Ethical hacking of IoT devices: OBD-II dongles

Christensen, Ludvig, Dannberg, Daniel

January 2019

The subject area of this project is IT security related to cars, specifically the security of devices connected through a cars OBD-II connector. The aim of the project is to see the security level of the AutoPi OBD-II unit and to analyse where potential vulnerabilities are likely to occur when in use. The device was investigated using threat modeling consisting of analysing the architecture, using the STRIDE model to see the potential attacks that could be implemented and risk assessments of the attacks using the DREAD model. After modelling the system, attempts of implementing attacks, with the basis in the threat modelling, were carried out. No major vulnerabilities were found in the AutoPi device but a MITM attack on the user was shown to be possible for an attacker to succeed with. Even though no major vulnerability was found IoT devices connected to cars might bring security concerns that needs to be looked into by companies and researchers. / Ämnesområdet för detta projekt är ITsäkerhet relaterad till bilar, mer specifikt säkerheten gällande enheter som kopplas in i en bils OBD-II-kontakt. Syftet med uppsatsen är att bedöma säkerhetsnivån på en OBD-II-enhet av modell AutoPi och att analysera var potentiella sårbarheter kan finnas i systemet. Enheten kommer att undersökas med hjälp av hotmodellering som består av att analysera arkitekturen, använda STRIDE-modellen för att upptäcka potentiella attackmetoder samt bedöma riskerna för attackerna med hjälp av DREAD-modellen. Efter det steget görs attackförsök utifrån resultaten från hotmodelleringen. Inga större sårbarheter hittades i AutoPi-enheten men en MITM-attack på användaren visades vara möjlig för en angripare att lyckas med. Ä ven fast inga större sårbarheter hittades kan IoT-enheter kopplade till bilar medföra säkerhetsbrister som företag och forskare måste se över.

Computer and Information Sciences

Data- och informationsvetenskap

Security Analysis of Smart Buildings

Friman, Nelly

January 2020

In recent years, buildings have been starting to become more automated to match the demand forenergy efficient and sustainable housing. Subsystems, or so-called Building Management Systems(BMS), such as heating, electricity or access control, are gradually becoming more automated. Thenext step is to integrate all BMS in a building within one system, which is then called a smartbuilding. However, while buildings are becoming more and more automated, the concerns ofcybersecurity grow larger. While integrating a wide range of Internet of Things (IoT) devices withthe system, the attack surfaces is larger, and this, together with the automation of criticalsubsystems in the building leads to that attacks in worse case can harm the occupants of thebuilding.In this paper, the threats and risks are analyzed by using a security threat model. The goal isto identify and analyze potential threats and risks to smart buildings, with the purpose to giveinsight in how to develop secure systems for them. The process of the model includes five phases ofwhich this study focuses on phase one and three, identifying losses after a successful attack, anddetermine goals and intentions of the attackers for specific attacks, respectively.As a result of the security analysis potential threats were defined, in which the ones withhighest threat event frequency included data leaks and disabling the heating system. Somevulnerabilities and recommendations to improv the system is also discussed, which is of importanceso that occupants can continue to live and work in sustainable, reliable and secure facilities. / På senare år har fastigheter utvecklats till att bli mer automatiserade för att matcha efterfrågan påenergieffektiva och hållbara bostäder. Fastighetslösningarna (Building Management Systems,BMS), såsom värme- eller passersystem, blir gradvis mer automatiserade. Nästa steg är att integreraalla BMS i en byggnad till ett gemensamt system, som då kallas för en smart fastighet. Medanbyggnader blir alltmer automatiserade, växer oron kring cybersäkerhet eftersom man delsintegrerar ett stort antal Internet of Things (IoT)-enheter med systemet och samtidigt automatiserarmånga kritiska fastighetslösningar. I värsta fall skulle därför en utomstående attack kunna leda tillfysisk skada på fastigheter eller personer som befinner sig där.I denna studie utförs en säkerhetsanalys där dessa hot och risker analyseras med hjälp av enhotmodellering. Målet är att identifiera och analysera potentiella hot och risker för smartafastigheter, med syftet att ge insikt i hur man bör säkra dessa system. Modelleringen innehåller femfaser, av vilka denna studie fokuserar på fas ett och tre. I första fasen identifieras vilka förluster somfinns för företag och boende efter en framgångsrik attack och i fas tre identifieras angriparnas måloch avsikter för specifika attacker.Ett resultat av säkerhetsanalysen är att av de potentiella hot som definierats, är de medhögsta antalet försök till attack per år (Threat Event Frecquency, TEF) dataläckage och attinaktivera värmesystemet. Några sårbarheter med smarta fastigheter och rekommendationer för attförbättra systemet diskuteras också. Att utveckla säkra system till smarta fastigheter är av störstavikt för att personer kan fortsätta bo och arbeta i hållbara, pålitliga och säkra byggnader.

Smart Buildings

Cybersecurity

Threat

Risk

Smarta fastigheter

Cybersäkerhet

Hot

Risk

Computer and Information Sciences

Data- och informationsvetenskap

Threat Communication As it Relates to Perception of Victimization: A Study of Awareness of Concealed Weapon Permit Issuance

Jordan, Cody

01 January 2014

Concealed weapon permit issuance is one of the most contentious topics debated in modern politics today. The primary point of disagreement within this debate hinges on whether these permits serve to increase violence by those who possess them, or whether they decrease crime through the deterrent effect of their presence in society. Using responses of residents of a large southeast correctional facility this study analyzed the reported inclination of criminals to commit direct contact crimes under several specific scenarios, based on their exposure to various levels of information relating to issuance of concealed weapon permits. By comparing the responses across groups this research sought to determine whether an individual deterrent effect exists based on available knowledge of issuance. The results suggest that, overall, while no statistically significant difference was noted between the groups there was a trend in the means of those groups that had varying levels of knowledge of concealed weapon permits to report a greater perception of the threat involved in committing crimes under the scenarios presented than those with no such knowledge. This indicates that there may be, to some degree, a deterrent effect found in information relating to such permit issuance.

Threat communication

Criminology and Criminal Justice

An Explanation of Racial Attitudes Utilizing Intergroup Threat Theory and Group Empathy Theory

Larrison, KayLynn Marie

08 1900

This project examined the effects of threat perceptions and group empathy on racial outgroup attitudes. The relationship between threat perception and increased racial prejudice has been well established within the literature, but the effect of group empathy within this dynamic has been largely undocumented. The following study utilizes data from the American National Election Study 2020 Time Series to analyze racial outgroup attitudes among subsamples of Blacks (n = 726), Hispanics (n = 762), and Whites (n = 5,962). Along with threat perception, group empathy was found to be a salient predictor of outgroup attitudes. These results suggest that an effective technique to reduce negative outgroup attitudes would aim to reduce perceptions of outgroups as threatening and increase group empathy.

Group empathy

threat perception

racial attitudes

prejudice

Sociology, Ethnic and Racial Studies

Detecting Threats from Constituent Parts: A Fuzzy Signal Detection Theory Analysis of Individual Differences

Van De Car, Ida

01 January 2015

Signal detection theory (SDT) provides a theoretical framework for describing performance on decision making tasks, and fuzzy signal detection theory (FSDT) extends this description to include tasks in which there are levels of uncertainty regarding the categorization of stimulus events. Specifically, FSDT can be used to quantify the degree to which an event is 'signal-like', i.e., the degree to which a stimulus event can be characterized by both signal and non-signal properties. For instance, an improvised explosive device (IED) poses little threat when missing key elements of its assembly (a stimulus of low, but not zero, signal strength) whereas the threat is greater when all elements necessary to ignite the device are present (a stimulus of high signal strength). This research develops a link between key individual cognitive (i.e., spatial orientation and visualization) and personality (i.e., extroversion, conscientiousness, and neuroticism) differences among observers to performance on a fuzzy signal detection task, in which the items to be detected (IEDs) are presented in various states of assembly. That is, this research relates individual difference measures to task performance, uses FSDT in target detection, and provides application of the theory to vigilance tasks. In two experiments, participants viewed pictures of IEDs, not all of which are assembled or include key components, and categorize them using a fuzzy rating scale (no threat, low threat potential, moderate threat potential, or definite threat). In both experiments, there were significant interactions between the stimulus threat level category and the variability of images within each category. The results of the first experiment indicated that spatial and mechanical ability were stronger predictors of performance when the signal was ambiguous than when individuals viewed stimuli in which the signal was fully absent or fully present (and, thus, less ambiguous). The second study showed that the length of time a stimulus is viewed is greatest when the signal strength is low and there is ambiguity regarding the threat level of the stimulus. In addition, response times were substantially longer in study 2 than in study 1, although patterns of performance accuracy, as measured by the sensitivity index d', were similar across the two experiments. Together, the experiments indicate that individuals take longer to evaluate a potential threat as less critical, than to identify either an absence of threat or a high degree of threat and that spatial and mechanical ability assist decision making when the threat level is unclear. These results can be used to increase the efficiency of employees working in threat-detection positions, such as luggage screeners, provides an exemplar of use of FSDT, and contributes to the understanding of human decision making.

Fuzzy signal detection theory

individual differences

spatial ability

visualization

extraversion

neuroticism

conscientiousness

threat detection

Psychology

The Effect Of Face Threat Mitigation On Instructor Credibility And Student Motivation In The Absence Of Instructor Nonverbal Immediacy

Trad, Laura

01 January 2013

Many years of communication research have shown that an increase in immediacy has been a major factor that affects students‘ perceptions of instructor credibility which in turn affects, both students‘ cognitive and affective learning, student state motivation and a variety of other positive outcomes. However, in order for immediacy to be effective, instructor and student must be in the same location at the same time. With the recent push toward on-line classes, what can we find to act like immediacy in a text based format? This research suggests that face threat mitigation can be used in a text-based environment, to achieve the pro-social goals of instructor credibility and student state motivation to the same extent as it does when coupled with immediacy. This study is a replication of a study done by Witt and Kerssen-Griep (2012). In the original study face threat mitigation (FTM) was coupled with instructor nonverbal immediacy (NVI) and they examined the impact these factors had on instructor credibility (i.e., competence, character, and caring) and student state motivation in a video simulated feedback situation. This study surveyed 218 undergraduate students in an introductory communication course. Students were randomly assigned to read hypothetical scenarios in which FTM was manipulated in a manner similar to Witt and Kerssen-Griep‘s study. They responded to three scales. The current study removed the instructor by using a simulated electronic feedback correspondence. Results of a MANCOVA and four separate ANOVAs were similar to those of the original findings. FTM was found to have a significant positive relationship with instructor credibility (i.e., competence, character, and caring) and student state motivation.

Face threat mitigation

fmt

instructor credibility

student motivation

nvi

nonverbal immediacy

Communication

Vad innebär säkerhet? : En visuell diskursanalys av Försvarsmaktens konstruktion av hot / What does security mean? : A visual discourse analysis of the Swedish Armed Forces formation of threats.

Bark, Anna

January 2023

The purpose of this essay has been to identify and examine how the Swedish Armed Forces (SAF) create and form potential threats through the use of television commercials. Through a method of visual discourse analysis, commercials carried out by the SAF between 2015 and 2017 have been analyzed to identify and understand how the SAF talks about security and creates potential threats. The Copenhagen School of Securitization has been used as a theoretical framework in this essay to help understand how the Swedish Armed Forces create potential threats through speech-acts and the use of visual and auditory elements. The analysis identified that the SAF creates and forms potential security threats through three main narratives: the rights and freedoms of Swedish citizens, gender, and a diverse society. In relation to the theoretical framework and previous research within the field of securitization, the conclusions drawn from this essay's analysis can help illustrate how the SAF's formation of potential threats has the opportunity to influence political decisions and, therefore, the broader security discourse within Swedish society.

Swedish Armed Forces

securitzation

gender

rights and freedoms

diversity

communication

threat

Political Science

Statsvetenskap

An Ontology and Guidelines for Cybersecurity Risk Assessment in the Automotive Domain

Khalil, Karim

January 2023

This study aims to propose a knowledge base ontology for the ISO/SAE 21434 cybersecurity risk assessment activities in the automotive domain. The focus of the paper is to model how the standard views the tasks of Threat Analysis and Risk Assessment (TARA) and cybersecurity concept. The model is supported by practical knowledge gained from a design science activity at a major organization for supplying automotive solutions and components. The scope is limited to matters of methodology in systems security assessment. The meta-model shows concepts, relationships, and axioms describing the different activities, stakeholders, and inter-dependencies. Based on the model knowledge, an integrated approach of TARA guideline is created, describing the steps of each of the activities in which it has been adapted by the organization participating in an applied study. Additionally, to increase the efficiency of the human resources involved in the creation of the security artifacts, a proposal to utilize the model relationships and the guideline to automate recurring TARA tasks. Lessons learned from the applied study are presented. The study has adapted an evaluation strategy based on technical evaluation and user evaluation. The guideline was evaluated through gathering expert’s opinions in a qualitative approach. The ontology meta-model has been qualified for consistency through technical evaluation.

ISO/SAE 21434

Threat Analysis and Risk Assessment

Ontology

Cybersecurity Concept

Information Systems

Treating Infidelity: Therapists' Ratings Of Hope, Threat, Forgiveness, And Justification

Dodini, Aaron Jarrett

20 December 2000

This exploratory study examined the beliefs of 82 experienced Marriage and Family Therapists regarding the treatment of marital infidelity. Participants were asked to read an on-line vignette and respond to a subsequent web based questionnaire by rating levels of hope, threat, forgiveness, and justification for a couple in regard to various affair scenarios. This study employed an experimental design using six groups to discover possible differences in responses across the dependent variables of hope, threat, forgiveness, and justification. Participants were randomly assigned to one of the six groups, which determined which vignette the participant read. The vignettes varied for each group by the type of affair (sexual, emotional, or combination), and the gender of the affair initiator. This study also looked at therapists' personal experience with affairs. Findings suggest an affair initiated by a woman was rated as more threatening to the marital relationship than an affair initiated by a man. Participants were also more likely to justify a woman's affair than a man's affair. While tentative, findings suggest that the type of affair and therapists' personal experience with affairs may be legitimate areas for further study within the context of infidelity research. / Master of Science

Justification

Type of Affair

Gender

Internet

Personal Experience

Therapist's Beliefs

AFTA

Treatment

Hope

Affairs

Infidelity

Forgiveness

Threat