Cyber Environment Research Articles

Cybersecurity and Risk Prediction Based on Machine Learning Algorithms

Abstract This paper focuses on the application of machine learning in cybersecurity and risk prediction. Considering the complexity and dynamics of the cyber environment, the role of plain Bayesian algorithms in improving the accuracy of cybersecurity prediction is explored. First, the limitations of traditional linear regression machine learning algorithms in cybersecurity are analyzed, pointing out that it is difficult for these algorithms to capture complex nonlinear relationships. For this reason, plain Bayes is introduced to improve machine learning for more accurate prediction and assessment of cybersecurity risks by capturing functions and probabilistic agent models. In terms of methodology, this paper combines various technical tools such as statistical analysis, feature extraction, and risk assessment. The research results show that the improved algorithm outperforms the traditional method in simulation experiments, which is reflected in the 10% improvement in risk assessment accuracy and 20% enhancement of detection sensitivity to network intrusion. In addition, through big data analysis, the algorithm successfully identifies key risk points in network security and effectively predicts potential security threats. The improved machine learning algorithm with plain Bayes has significant advantages in network security and risk prediction and can effectively enhance network security protection capability and prediction accuracy.

Securing the IoT Cyber Environment: Enhancing Intrusion Anomaly Detection With Vision Transformers

Securing the IoT Cyber Environment: Enhancing Intrusion Anomaly Detection With Vision Transformers

THE ROLE OF CYBER SITUATIONAL AWARENESS OF HUMANS IN SOCIAL ENGINEERING CYBER ATTACKS ON THE MARITIME DOMAIN

Through technological advancements, the expanding proportion of maritime transportation on a global scale is becoming faster, more automated, more digital, and ultimately more cyber-space. In particular, the Industrial Revolution 4.0 has brought real-time digital integration of stakeholders in the maritime industry, both on land and at sea, into cyberspace. However, the scope of life and property protection at sea has expanded with the participation of the cyber environment as well as the physical environment. The human factor plays a leading role in ensuring the security of both the physical and cyber environment. In parallel, the main target of hackers who try to gain profit by violating the security environment is the person who does not have sufficient situational awareness of cyber security and can be called the weakest link in the chain. In this study, as main goal, the role of the situational awareness of the employees in the past cyber-attacks on the maritime industry was examined, and a perspective on the measures to be taken was presented. To achieve this research goal, the study utilized the snowballing technique to access literature, which helped uncover additional relevant resources not initially detected. This was followed by a systematic analysis of the collected literature. An analysis of attacks conducted since 2010 revealed that 76% of them utilized social engineering methods, such as phishing, malware, and ransomware. These attackers appear to exploit the maritime industry's insufficient cybersecurity awareness among its employees and the lack of a comprehensive understanding of cybersecurity within the industry.

Cyberwarfare against Critical Infrastructures: Russia and Iran in the Gray Zone

The holistic nature of security in a hyper-connected world has increased the relevance of cyber environment. One of the most relevant threats identified are the attacks against energy infrastructures. This article presents a comparative study of the actions launched by Russia and Iran in the cyber environment against energy supply. Both States are specialized in asymmetric strategies and tactics in which cyber has a core role. The research analyzes the main actions against energy supply infrastructures, studying the pursued objectives and identifying their potential political results. The document is structured by a first theoretical approach to the use asymmetric gray zone and hybrid strategies, focusing on the use of cyber by Rogue States. From this approach, the analysis reflects the political visions of Russia and Iran, linking it with the Russian actions in Ukraine, as well as the Iranian cyber offensives against western targets. Conclusions reflects about the effectiveness of these strategies to the general strategy of both States.

Artificial Intelligence Supported Detection Systems on Embedded Devices

With the transition to the information society, all areas of our lives are rapidly shifting to the digital environment. From education to health, from citizenship procedures to social life, all areas of our lives are interacting in the digital cyber environment. In this process, smart cities, smart networks, and smart factories, especially critical infrastructures required for social life, have become open to the intranet and then to the internet for reasons such as efficient efficiency, speed, remote maintenance, and maintenance. Along with this process, these systems have faced new threat surfaces. One of the components that play an essential role in the operation of these systems is embedded systems. These systems contribute significantly to the effective operation of essential infrastructures. However, any interruption in these systems can lead to significant negative consequences, including economic damage and human life. Although there are many studies on the functioning of embedded systems, there are not enough studies on the cyber security analysis of these systems. For this reason, in this study, attack and detection analyses for embedded systems have been carried out on the test environment created using real systems. The study aims to detect passive attack, which is more difficult to detect than active attacks on the system, by using artificial intelligence algorithms. The analysis results have shown that the attack has been detected in a high ratio. It has been evaluated that the study will significantly contribute to other studies on the security of embedded systems.

Reducing complexity in cyber security architecture: A practical model for security classifications

Building and running cyber security in both worlds, modern cloud security in combination with legacy on premises, introduces extra complexity. Some of the well-known security patterns and models are not applicable in cloud systems, while modern security models like zero trust (ZT) barely fit into legacy systems. Security technologies and tools are the subject of constant enhancements and adaptions to their environment. They can make security decisions on a very fine-grained basis. The corresponding rule sets and policies are becoming more and more decentralised, detailed and complex. Introducing modern security models such as ZT or micro-perimeter enforces the effect. The overall situation makes it hard for the responsible person to control the cyber security situation and the staff operating cyber security systems and technologies. Both are overwhelmed by the mass of fine-grained, fragmented and distributed security workloads. This paper introduces a practical model for security classifications in cyber security environments. The main goal of the model is to reduce complexity and keep cyber environments manageable. The model delivers not only a cyber risk classification regarding a single business application but works as an integrated view over risks for complete cyber environments.

A web-based analytical framework for the detection and visualization space-time clusters of COVID-19

ABSTRACT The COVID-19 pandemic has had a profound impact worldwide and continues to spread due to various mutations of the virus. Many governmental and nonprofit agencies at different levels have quickly developed COVID-19 dashboards to disseminate information on the pandemic to the public. However, most of these systems have mainly distributed “plain” information (e.g. cases, death counts, vaccination), and rarely provided insights that can be gained from spatiotemporal analyses, such as the detection of emerging clusters. The results from these analyses hold tremendous potential for health policymakers as they try to identify ways to slow down transmission. We present a web-based geographic framework to detect and visualize space-time clusters of COVID-19. Our tightly coupled framework integrates the prospective space-time scan statistics and local indicators of spatial association (LISA) with novel 2D and 3D interactive visuals in a cyber environment (http://159.223.164.41/app/). We illustrate the applicability of our approach using COVID-19 data for the continental US. Our framework is portable to other regions that may experience infectious diseases but is also flexible to handle data of different spatial and temporal granularities. This paper fits within an effort to integrate space-time analytics for the monitoring of infectious diseases in web environment, ultimately improving health surveillance systems.

DIAGNOSIS OF THE LEVEL OF KNOWLEDGE RELATED TO CRP ALERT LEVELS AND ALERT LEVELS IN POLAND – RESEARCH REPORT

The topics related to the CRP alert levels and alert levels in Poland are important and topical.Although this is not a new area in the science of security, the use of CRP alert levels and alertlevels as a tool for anti-terrorist activities by public administration bodies in an uninterrupted(continuous) mode for over a year throws a completely different light at the issue of CRP alertlevels and alert levels than the one that was known until February 24, 2022. In the past, alert levelswere introduced many times in the classic approach (ALFA and BRAVO), as well as in relation tothreats in the cyberspace of the Republic of Poland (ALFA-CRP, BRAVO-CRP and CHARLIECRP),both for the entire country and the importance of smaller ones defined in a different way;however, it should be noted that in general until February 2022, it was primarily related to theorganization of mass events or presidential and parliamentary elections. The aggression of theRussian Federation against Ukraine has resulted in alert and CRP alert levels accompanying usuninterruptedly for more than a year, affecting the classical space, the cyber environment as wellas the area of the Polish energy infrastructure located beyond the country’s borders. In view of theabove, given the geopolitical situation in the region of Central and Eastern Europe, knowledgeabout the meaning of the CRP alert levels and the CRP alert levels, as well as the need and abilityto carry out projects to be implemented after the introduction of a specific alert level and CRP alertlevel, becomes particularly important.The aim of the article is to diagnose the level of knowledge among respondents regarding the issueof CRP alert levels and alert levels, taking into account the applicable legal acts in this regard,knowledge about the current situation and the obligations of selected entities stemming fromthe introduction of CRP alert levels and alert levels. In order to better illustrate the inventoriedknowledge, more than 20 drawings have been prepared, which present the distribution of answersto the posed questions.

The Evolution of the Post-Quantum Cyber Environment

Abstract: Quantum computers are expected to one day be capable of breaking public key cryptography, enabling a step change in cyberwarfare capabilities. Risk can be mitigated using new quantum-resistant cryptography algorithms, but the international migration to a new cryptography standard will be time-consuming, costly, and dependent on the work of international standards-developing organizations. Technical standards are increasingly a focus of geopolitical competition, as China has attempted to manipulate standards organizations to tilt standards in their favor. Contrasting national approaches to this competition could significantly impact the evolution of the post-quantum cyber environment. The United States should continue its domestic efforts to migrate to a new cryptography standard, pursue international standardization, and maintain a measured strategy to counter interference from China in open standardization processes.

Building resilient SMEs: Harnessing large language models for cyber security in Australia

The escalating digitalisation of our lives and enterprises has led to a parallel growth in the complexity and frequency of cyberattacks. Small and medium-sized enterprises (SMEs), particularly in Australia, are experiencing increased vulnerability to cyber threats, posing a significant challenge to the nation’s cyber security landscape. Embracing transformative technologies such as artificial intelligence (AI), machine learning (ML) and large language models (LLMs) can potentially strengthen cyber security policies for Australian SMEs. Their practical application, advantages and limitations remain underexplored, however, with prior research mainly focusing on large corporations. This study aims to address this gap by providing a comprehensive understanding of the potential role of LLMs in enhancing cyber security policies for Australian SMEs. Employing a mixed-methods study design, this research includes a literature review, qualitative analysis of SME case studies and a quantitative assessment of LLM performance metrics in cyber security applications. The findings highlight the promising potential of LLMs across various performance criteria, including relevance, accuracy and applicability, although gaps remain in areas such as completeness and clarity. The study underlines the importance of integrating human expertise with LLM technology and refining model development to address these limitations. By proposing a robust conceptual framework guiding the effective adoption of LLMs, this research aims to contribute to a safer and more resilient cyber environment for Australian SMEs, enabling sustainable growth and competitiveness in the digital era.

Enhancing attack resilience of cyber-physical systems through state dependency graph models

AbstractThis paper presents a method that utilizes graph theory and state modelling algorithms to perform automatic complexity analysis of the architecture of cyber-physical systems (CPS). It describes cyber physical systems risk assessment (CPSRA), a tool to provide automatic decision support for enhancing the overall resilience of CPS architectures often used in critical infrastructures. CPRSA is built to enhance industrial risk assessment and improve the resilience of CPS architecture against malicious attacks on the cyber domain that can affect industrial processes, which is critical in a distributed cyber environment. Such attacks often compromise execution states on physical components and lead to hazards or even disasters through plant malfunction. CPSRA is tested against a real-world testbed model of a large SCADA system that is infused with real-world CVE vulnerabilities in some of its components. The tool creates an isomorphic graph of the CPS process model and uses graph algorithms and network analytics on the model to test cyber-attacks and evaluate attack resilience aspects. The tool’s output is then used to pinpoint high-complexity components in terms of influence on the overall CPS architecture and suggest mitigation points for security measure implementation while considering every potential subattack path and subliminal path on the model’s attack graph. The paper complements standardized assessment reports and contributes to automatic architecture assessment for critical infrastructure environments and can be used as the basis to model dependencies and threat propagation in larger digital twins, a need outlined in major NIST publications concerning the security of industrial systems that was previously done manually, without automatic insight into state and vulnerability influences.

The FBI’s Border Coverage (BOCOV) Program and the Ambiguity of Intelligence Missions

Intelligence services must routinely operate in liminal spaces, both operationally and bureaucratically. The Border Coverage (BOCOV) Program of the Federal Bureau of Investigation (FBI) was a Cold War example of an agency seeking to address the vulnerability inherent to a geographic liminal space. Its implementation of the program illustrated the impact of bureaucratic borders—between the FBI and Central Intelligence Agency and between Intelligence Community (IC) and non-IC agencies. Lessons learned, through the implementation of BOCOV, about interagency relations continue to be applicable as the United States contends with the cyber environment, an even more porous space than the physical U.S.–Mexican border.

Assessment of Cyber Security risks: A Smart Terminal Process

In Finland, the connections to global maritime transportation logistics systems are an essential part of the national critical infrastructure. As a part of maritime logistics systems, the port's operations are important elements for global maritime traffic and the transportation supply chain. Digitalization of seaport services makes it possible to increase the efficiency of terminal systems in the logistic processes. At the same time, port logistic processes can notably reduce its CO2 emissions by optimizing port operations. The improvement of port processes relies very much on the development of Information and Communication Technology (ICT) and Industrial Control Systems (ICS) or Operation Technologies (OT) systems. In port environment there are parts that are controlled (ICS/OT) from the cyber environment but directly interact with the physical surroundings. These are called Cyber-Physical Systems (CPS). In this environment, the cyber security aspects of the port logistic need to be addressed. In Finland, the Port SMARTER research program has been on the way since 2021. The aim of the program is to create port services within new technology solutions, and that way improve cargo and people flows while improving the experience for all stakeholders. However, this development increase also complicated system dimensions in the use of ports and makes port operations complex systems of systems environment characterized by a conglomeration of interconnected networks and dependencies. This paper describes a practical approach to risk assessment work regarding the SMARTER research case. It provides a comprehensive cyber security investigation approach to port operations at the system level. In risk assessment work, the paper emphasizes the importation of description of probabilities to defend the system element against estimated probabilities of cyber-attacks at all parts of port processes. The findings of the study are related to the comprehensive cyber security architecture of the SMARTER research goals. The following research interests are related to the issue: "How a comprehensive cyber security investigation can be conducted in smart ports operations?” This paper emphasizes cyber security risks assessment work should be covered from services for operation, information flows in and between systems, as well as electricity supplies to achieve holistic risks assessment in the smart terminal process.

DHCF: Dual disentangled-view hierarchical contrastive learning for fake news detection on social media

Widespread fake news on social media threatens public security and the cyber environment, making fake news detection an essential area of study. The majority of existing fake news detection methods rely on news content (e.g., text and images) and/or social contexts (e.g., comment interactions between posts) to determine the veracity of news. However, existing methods still have the following drawbacks: (1) Overreliance on sufficient reliable labeled data. (2) Lack of robustness to noise and fraudster-designed harmful disguises. (3) Inability to differentiate between the multiple intentions behind retweet and comment behaviors, resulting in generating entangled representations. To address the above aforementioned three issues, we introduce contrastive learning and disentangled representation learning for fake news detection. Specifically, to mine supervised signals from unlabeled data and improve the model's robustness, we design a hierarchical contrastive learning framework that includes multiple data augmentation strategies and three contrastive learning tasks. In addition, to infer the latent intentions of retweets and comments between posts, we propose the disentangled graph encoder (Disen-GraphEnc) and disentangled sequence encoder (Disen-SeqEnc). Extensive experiments demonstrate the superiority of our model over other state-of-the-art methods and is resistant to limited training data and noise attacks. Our code is available on the GitHub (https://github.com/senllh/DHCF).

Cyberspace Geography and Cyber Terrain: Challenges Producing a Universal map of Cyberspace

Much in the same way that cyber has become the fifth military domain, cyberspace has also brought forth the research area of Cyberspace Geography. The challenge of producing a universal map of cyberspace however still exists. Cybersecurity specialists, military personnel and researchers still begin with a blank sheet on which the wanted elements of cyberspace are arranged before solving their actual problem. The abundance of elements in cyberspace requires a careful selection of factors to include in one's map, depending on how it will be used. However, a complex and ever-changing environment such as cyberspace could make use of a generally acknowledged starting point, facilitating this work. In previous research cyberspace has been described as a combination of the physical world, the social world and the information world. The multidisciplinary research in Cyberspace Geography has developed models for mapping and displaying cyberspace. This is often done by creating topological maps, much like the map of the New York subway system. Military cybersecurity researchers have through the concept of Cyber Terrain presented similar models of cyberspace for military operations. Research has also been produced on the techniques and methods for mapping cyberspace as well as the different presentations of the mapped information. Graph theory has for instance been used as a mathematical model of cyberspace. It is nonetheless unclear if there is some degree of universality in the elements that the different research presents. Which are e.g. the similar features between the cyberspace maps that are used for military operations, that describe the cyber environment of a country or between the elements used for modelling a cybersecurity system? This paper aims to present a solution to this challenge by systematically reviewing the research on Cyberspace Geography and Cyber Terrain using thematic analysis. The different elements of the maps of cyberspace are reviewed. The research will answer if a universal map, that can be used as a starting point for solving multiple challenges in cyberspace, can at present be prepared.

Digital Twin of Food Supply Chain for Cyber Exercises

The food supply chain is a critical part of modern societies. As with other facets of life, it is thoroughly digitalized, and uses network connections. Consequently, the cyber security of the supply chain becomes a major concern as new threats emerge. Cyber ranges can be used to prepare for such cyber security threats by creating realistic scenarios mimicking real-world systems and setups. Organizations can participate in cyber security training and exercises that present them with these scenarios. Cyber ranges can also be used efficiently for research and development activities, because cyber ranges are realistic environments and can be used for the generation of realistic data. The aim of this study is to describe a digital twin of the food supply chain built for cyber range-based cyber security exercises. The digital twin mirrors the real-world situation with sufficient detail, as required by the cyber exercise. This research uses the design science methodology, which describes the construction and evaluation of the proposed system. The study explains the general capabilities of the food supply chain digital twin and its use in the cyber range environment. Different parts of the supply chain are implemented as Node.js services that run on the Realistic Global Cyber Environment (RGCE) platform. The flow of ingredients and products is simulated using an apparatus model and message queues. The digital twin was demonstrated in a real live cyber exercise. The results indicate that the apparatus approach was a scalable and realistic enough way to implement the digital twin. The main limitations of the implemented system are the implementation on one specific platform, and the need for more feedback from multiple exercises. Creation of a digital twin enables the use of cyber ranges to train organizations related to the food supply chain.

BIM enabler for facilities management: a review of 33 cases

The purpose of this paper is to investigate the application of building information modelling (BIM) for asset management. It will discuss what tools and processors are used for applying BIM for asset management in construction projects. The method comprises a literature review of 33 projects that have applied BIM or planned to apply BIM for asset management functions. The findings show that a combination of software, hardware, processors, and standards can enable the BIM models to be integrated with the asset management systems. It facilitates easy extraction of information, avoid errors and duplication of work. The most popular way of developing a BIM-based asset management system is incorporating BIM asset data with CMMS or CAFM systems used for asset lifecycle and maintenance management. Engagement of stakeholders related to the operation phase is required as early as possible. Consideration should be given for protecting the information generated within the cyber environment. The research shows how BIM related tools and processors could be integrated to successfully implement BIM enabled asset management. The knowledge can be potentially useful for planning or implementing BIM enabled asset management systems. The research provides insight on the application of BIM for asset management in construction projects globally.

Tehnologiile cloud și necesitatea implementării cloud-ului hibrid în mediul militar

Cloud computing has been widely adopted as the next-generation digitisation model for transforming the organisation into an entity that drives development and innovation. Nowadays, users of computing systems aim to get quick access to the virtual ecosystem and a new experience in cyberspace that seamlessly integrates with the existing services they use today. From the perspective of the military organisation/Military Enterprise, the cloud provides services for users and structures in a scalable, highly reliable and highly available manner, specifically with different security levels associated with the individual profile and functional roles in the organisation. From the end user’s perspective, the cloud provides a simple model for accessing information technology/IT services without the need for the human factor to fully understand the transport/transmission infrastructure and technology used. This article explores how modern military-classified and unclassified cloudnative infrastructures can be secured and managed in a national, military private, or mixed hybrid deployment cyber environment, along with various requirements and considerations for adapting cloud-native applications for military systems. In context, the article provides a simple but comprehensive introduction to the cloud native overview and the major technologies that developers use to build such reliable environments in cyberspace that could be the subject of a feasibility study to implement the concept of hybrid cloud in cyberspace with military use. The material is intended for IT experts, DevOps engineers, CIS (Communications and Information Technology) systems and infrastructure architects, cloud enthusiasts, cloud security experts, and any military professional involved in the development, migration, deployment, and management of current services and operations. of a cloud-native system.

Cloud Technologies and the Need for Hybrid Cloud Implementation in the Military Environment

Cloud computing has been widely adopted as the next-generation digitisation model for transforming the organisation into an entity that drives development and innovation. Nowadays, users of computing systems aim to get quick access to the virtual ecosystem and a new experience in cyberspace that seamlessly integrates with the existing services they use today. From the perspective of the military organisation/Military Enterprise, the cloud provides services for users and structures in a scalable, highly reliable and highly available manner, specifically with different security levels associated with the individual profile and functional roles in the organisation. From the end user’s perspective, the cloud provides a simple model for accessing information technology/IT services without the need for the human factor to fully understand the transport/transmission infrastructure and technology used. This article explores how modern military-classified and unclassified cloudnative infrastructures can be secured and managed in a national, military private, or mixed hybrid deployment cyber environment, along with various requirements and considerations for adapting cloud-native applications for military systems. In context, the article provides a simple but comprehensive introduction to the cloud native overview and the major technologies that developers use to build such reliable environments in cyberspace that could be the subject of a feasibility study to implement the concept of hybrid cloud in cyberspace with military use. The material is intended for IT experts, DevOps engineers, CIS (Communications and Information Technology) systems and infrastructure architects, cloud enthusiasts, cloud security experts, and any military professional involved in the development, migration, deployment, and management of current services and operations. of a cloud-native system.

DEFENSE IS THE BEST OFFENSE: THE EVOLVING ROLE OF CYBERSECURITY BLUE TEAMS AND THE IMPACT OF SOAR TECHNOLOGIES

ABSTRACT The article delves into the intricacies, tools, approaches, and tactics utilized by Cybersecurity Blue Teams, as well as the essential planning practices that lay the foundation for successful operations. The effectiveness of Blue Team operations relies on the proficiency of the Blue Team members, who possess an all-encompassing understanding of cybersecurity principles, technologies, and best practices. Moreover, the article accentuates the tactical implementation of cyber defense mechanisms, such as honeypots, honeynets, and decoy systems, to augment an organization’s capacity to detect and react to emerging threats. A key aspect of the article is the exploration of how Security Orchestration, Automation, and Response (SOAR) technologies support Blue Teams in enhancing their capabilities. SOAR technologies streamline and automate the response process, enabling Blue Teams to quickly identify, investigate, and remediate threats, thereby reducing the time taken to react and strengthening overall security posture. The article also stresses the significance of continuous improvement and adaptation of strategies and techniques in response to the ever-changing threat landscape and emerging technologies. In addition, the article underlines the cooperative and iterative nature of Blue Teaming operations, ensuring that organizations can efficiently adapt to and alleviate the risks posed by a perpetually evolving cyber environment. By scrupulously documenting and examining instances where the Blue Team effectively thwarts the Red Team’s efforts, organizations can cultivate a comprehensive understanding of their security posture and make informed decisions to bolster their defenses. As cyber threats continuously evolve, the role of Cybersecurity Blue Teams is becoming increasingly vital, and organizations that embrace this proactive approach, supported by advanced technologies such as SOAR, will be better prepared to safeguard their critical assets and resist the unyielding barrage of cyber threats.