Cybersecurity Professionals Research Articles

A principlist framework for cybersecurity ethics

The ethical issues raised by cybersecurity practices and technologies are of critical importance. However, there is disagreement about what is the best ethical framework for understanding those issues. In this paper we seek to address this shortcoming through the introduction of a principlist ethical framework for cybersecurity that builds on existing work in adjacent fields of applied ethics, bioethics, and AI ethics. By redeploying the AI4People framework, we develop a domain-relevant specification of five ethical principles in cybersecurity: beneficence, non-maleficence, autonomy, justice, and explicability. We then illustrate the advantages of this principlist framework by examining the ethical issues raised by four common cybersecurity contexts: penetration testing, distributed denial of service attacks (DDoS), ransomware, and system administration. These case analyses demonstrate the utility of this principlist framework as a basis for understanding cybersecurity ethics and for cultivating the ethical expertise and ethical sensitivity of cybersecurity professionals and other stakeholders.

Cybersecurity professionals information sharing sources and networks in the U.S. electrical power industry

This article describes an exploratory qualitative case study of information sharing among cybersecurity professionals in the critical U.S. electrical power industry. Drawing on organizational information processing theory, this study examined how information related to cybersecurity related threats and response alternatives was accessed and shared in the participants’ organizations and within their broader industry network. In-depth interviews of 13 participants from 10 organizations were conducted to identify the nature of information sharing, the networks used to access the information, and changes that could improve information sharing between cybersecurity professionals and their organizations. The study found that information sharing networks exist at interpersonal, company-to-company, and company-to-multicompany levels of analysis. The role of trust in forming these networks was notable, as was the role of certain communication media, particularly threat briefings, testing exercises, and cybersecurity mutual assistance planning. The study found that certain types of network actors, such as law enforcement agencies, had strong relationship ties with the utility companies, while other actor types had weak or nonexistent ties. The implications for critical infrastructure protection are discussed.

Towards Next-Generation Cybersecurity with Graph AI

Cybersecurity professionals are inundated with large amounts of data, and require intelligent algorithms capable of distinguishing vulnerable from patched, normal from anomalous, and malicious from benign. Unfortunately, not all machine learning (ML) and artificial intelligence (AI) algorithms are created equal, and in this position paper we posit that a new breed of ML, specifically graph-based machine learning (Graph AI), is poised to make a significant impact in this domain. We will discuss the primary differentiators between traditional ML and graph ML, and provide reasons and justifications for why the latter is well-suited to many aspects of cybersecurity. We will present several example applications and result of graph ML in cybersecurity, followed by a discussion of the challenges that lie ahead.

Cyber Range for Research-Inspired Learning of “Attack Defense by Pretense” Principle and Practice

There is an increasing trend in cloud adoption of enterprise applications in, for example, manufacturing, healthcare, and finance. Such applications are routinely subject to targeted cyberattacks, which result in significant loss of sensitive data (e.g., due to data exfiltration in advanced persistent threats) or valuable utilities (e.g., due to resource the exfiltration of power in cryptojacking). There is a critical need to train highly skilled cybersecurity professionals, who are capable of defending against such targeted attacks. In this article, we present the design, development, and evaluation of the Mizzou Cyber Range, an online platform to learn basic/advanced cyber defense concepts and perform training exercises to engender the next-generation cybersecurity workforce. Mizzou Cyber Range features flexibility, scalability, portability, and extendability in delivering cyberattack/defense learning modules to students. We detail our “research-inspired learning” and “learn-apply-create” three-phase pedagogy methodologies in the development of four learning modules that include laboratory exercises and self-study activities using realistic cloud-based application testbeds. The learning modules allow students to gain skills in using latest technologies (e.g., elastic capacity provisioning, software-defined everything infrastructure) to implement sophisticated “attack defense by pretense” techniques. Students can also use the learning modules to understand the attacker-defender game in order to create disincentives (i.e., pretense initiation) that make the attacker's tasks more difficult, costly, time consuming, and uncertain. Lastly, we show the benefits of our Mizzou Cyber Range through the evaluation of student learning using auto-grading, rank assessments with peer standing, and monitoring of students' performance via feedback from prelab evaluation surveys and postlab technical assessments.

Designing a K-16 Cybersecurity Collaborative: CIPHER

Cyberattacks have become more common, sophisticated, and harmful, while, at the same time, there is a critical shortage of cybersecurity professionals. For example, from October 2019 to September 2020, there were more than 40,000 unfilled positions for information security analysts. <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">2</sup> While educational organizations have responded to this burgeoning demand, cybersecurity education and training institutions in the United States have found it difficult to keep pace with the growing call for cybertalent.

Breaking botnets: A quantitative analysis of individual, technical, isolationist, and multilateral approaches to cybersecurity

Abstract Malicious networks of botnets continue to grow in strength as millions of new users and devices connect to the internet each day, many becoming unsuspectingly complicit in cyber-attacks or unwitting accomplices to cybercrimes. Both states and nonstate actors use botnets to surreptitiously control the combined computing power of infected devices to engage in espionage, hacking, and to carry out distributed denial of service attacks to disable internet-connected targets from businesses and banks to power grids and electronic voting systems. Although cybersecurity professionals have established a variety of best practices to fight botnets, many important questions remain concerning why levels of botnet infections differ sharply from country to country, as relatively little empirical testing has been done to establish which policies and approaches to cybersecurity are actually the most effective. Using newly available time-series data on botnets, this article outlines and tests the conventionally held beliefs and cybersecurity strategies at every level—individual, technical, isolationist, and multilateral. This study finds that wealthier countries are more vulnerable than less wealthy countries; that technical solutions, including patching software, preventing spoofing, and securing servers, consistently outperform attempts to educate citizens about cybersecurity; and that countries which favor digital isolation and restrictions on internet freedom are not actually better protected than those who embrace digital freedom and multilateral approaches to cybersecurity. This latter finding is of particular importance as China’s attempts to fundamentally reshape the internet via the “Digital Silk Road” component of the Belt and Road Initiative will actually end up making both China and the world less secure. Due to the interconnected nature of threats in cyberspace, states should instead embrace multilateral, technical solutions to better govern this global common and increase cybersecurity around the world.

Design and implementation of a SMART Learning environment for the Upskilling of Cybersecurity professionals in Mauritius

Teaching and Learning confined to within the four walls of a classroom or even online Learning through Massive Online Courses (MOOCs) and other Learning Content Management Systems (LCMS) are no longer seen as the optimal approach for competency and skills development, especially for working professionals. Each of these busy learners have their own training needs and prior knowledge. Adopting the one-size-fits-all teaching approach is definitely not effective, motivating and encouraging. For some learners, the content might be too easy and for others, it might be too difficult. This is why this research presents the use of SMART Learning Environment that makes use of Intelligent Techniques to personalise the learning materials for each learner. This mismatch in skills is becoming a pressing issue and is having a direct impact on the ICT Sector, which is one of the pillars of the Mauritian Economy. This research, therefore, besides proposing a novel approach to learning, also attempts to address an issue of national importance. Data was collected during three phases, namely an Expert Reference Group Discussion, a pre-test questionnaire and a survey questionnaire. The Expert Reference Group Discussion was carried out to further understand the training needs and expectations of Cybersecurity professionals in Mauritius. A SMART Learning Environment making use of Artificial Neural Networks and Backpropagation Algorithm to personalise learning materials was eventually designed and implemented. The major findings of this research were that personalisation of learning materials through the use of a SMART Learning Environment can be used to address the training needs of Cybersecurity professionals in Mauritius.

РОЗРОБЛЕННЯ МОДЕЛЕЙ УПРАВЛІННЯ РИЗИКАМИ У ПРОЄКТАХ КІБЕРБЕЗПЕКИ З ВИКОРИСТАННЯМ НЕЧІТКОЇ ЛОГІКИ

This article is devoted to the analysis of the conditions for the implementation of startup projects in the field of cybersecurity, which are currently implemented and funded by the state through the use of modern information technology. There are many different startup projects in this field, related to the rapid development of information technology and information security technology. However, the opportunities for public funding and attracted private funding for such projects are limited, which in some way hinders opportunities for further development. Thus, there is a task of selecting the best startup projects in the field of cybersecurity, which in turn requires the development of the necessary models and modeling methods. This paper investigates and analyzes information sources that show that the issue of evaluating the effectiveness of IT startups is not sufficiently addressed, especially for the use of products of such projects in cybersecurity. This imposes additional requirements and restrictions on the IT products of such projects and on the management processes of such projects. In addition, the future of cybersecurity startups is associated with many parameters that are highly conditional and predictable in the early stages of project review. Therefore, to accept the project for consideration, it is advisable to use fuzzy modeling methods. By using the fuzzy set method, it is possible to use fuzzy variables that reflect the uncertainty of some parameters of such projects. The proposed research methodology is based on the analysis of project efficiency and the use of fuzzy set methods. For this purpose, membership functions are constructed, which establish the degree of belonging of a fuzzy set. The trapezoid model is chosen as the function type and the parameters corresponding to the pessimistic, basic and optimistic scenarios are set. The novelty of the work is to determine the degree of risk of a startup project, which depends on the criterion of project effectiveness. The paper proves the dependence of the cybersecurity project risk indicator on the value of the project effectiveness criterion. The proposed approach has shown its feasibility and can be used to analyze startup projects by scientists, project managers, entrepreneurs and investors, cybersecurity professionals

METHOD OF MARKETPLACE LEGITIMATE USER AND ATTACKER PROFILING

The number and complexity of cybercrime are constantly growing. New types of attacks and competition are emerging. The number of systems is growing faster than new cybersecurity professionals are learning, making it increasingly difficult to track users' actions in real-time manually. E-commerce is incredibly active. Not all retailers have enough resources to maintain their online stores, so they are forced to work with intermediaries. Unique trading platforms increasingly perform the role of intermediaries with their electronic catalogs (showcases), payment and logistics services, quality control - marketplaces. The article considers the problem of protecting the personal data of marketplace users. The article aims to develop a mathematical behavior model to increase the protection of the user's data to counter fraud (antifraud). Profiling can be built in two directions: profiling a legitimate user and an attacker (profitability and scoring issues are beyond the scope of this study). User profiling is based on typical behavior, amounts, and quantities of goods, the speed of filling the electronic cart, the number of refusals and returns, etc. A proprietary model for profiling user behavior based on the Python programming language and the Scikit-learn library using the method of random forest, linear regression, and decision tree was proposed, metrics were used using an error matrix, and algorithms were evaluated. As a result of comparing the evaluation of these algorithms of three methods, the linear regression method showed the best results: A is 98.60%, P is 0.01%, R is 0.54%, F is 0.33%. 2% of violators have been correctly identified, which positively affects the protection of personal data.

Cyber Threat Intelligence in Risk Management

Cyber Threat Information (CTI) has emerged to help cybersecurity professionals keep abreast of and respond to rising cyber threats (CT) in real-time. This paper aims to study the impact of cyber threat intelligence on risk management in Saudi universities in mitigating cyber risks. In this survey, a comprehensive review of CTI concepts and challenges, as well as risk management and practices in higher education, is presented. Previous literature was reviewed from theses, reviews, and books on the factors influencing the increase of cyber threats and CTI as well as risk management in higher education. A brief discussion of previous studies and their contribution to the current paper and the impact of CTI on risk management to reduce risk. An extensive search of more than 65 research papers was conducted and 28 were cited in this survey. Cyber threats are changing in addition to the huge flow of information about them and dealing with these threats on time requires advance and deep information about the nature of these threats and how to take appropriate defensive measures, and this is what defines the concept of CTI. The use of cyber threat information in risk management enhances the ability of defenders to mitigate growing cyber threats.

INTERDISCIPLINARY APPROACH TO THE DEVELOPMENT OF IB RISK MANAGEMENT SKILLS ON THE BASIS OF DECISION-MAKING THEORY

This article is devoted to the problem of readiness of students majoring in 125 Cybersecurity at Borys Hrinchenko Kyiv University to manage information security risks (IS) based on the decision-making theory. The interdisciplinary approach in education, namely, the integration of the disciplines "Risk Theory" and "Decision Theory", allowed to implement in the educational process the formation of practical skills of risk management of future cybersecurity professionals. Based on the achievements of didactics and psychological theories, the analysis of concepts in the field of interdisciplinary methodology is carried out and the relevance and significance of its introduction into the educational process of institution of higher education is substantiated. The peculiarities of the organization of the educational process of training bachelors of information and cyber security in the context of an interdisciplinary approach are described. The elements of the methodology of formation of practical skills of students to make managerial decisions in the conditions of risk on the basis of interdisciplinary principles are developed, theoretically presented and substantiated. It is proved that interdisciplinary exchange, integration of theoretical knowledge of disciplines contribute to new fundamental results, create preconditions for the development of practical skills, provide a holistic image of training future specialists in information and cyber security.

THE PROBLEM OF CYBER SECURITY PROFESSIONALS TRAINING: APPLIED ORIENTATION OF MATHEMATICAL DISCIPLINES

The study substantiates the urgent need to train qualified specialists capable of responding to cyber incidents and countering cyber threats in a short time, conducting state audits and creating effective management systems for information security and cybersecurity. The aim of the work is to reveal the ways and features of the organization of the study of mathematical disciplines in order to effectively train higher education students majoring in 125 «Cybersecurity». The role of the mathematical component of cybersecurity and the organization of the educational process of mathematical disciplines for the purpose of effective professional training of future cybersecurity specialists is considered. It is concluded that most professionally-oriented disciplines that provide basic knowledge in all aspects of information security are based on fundamental mathematical training. The study argues that the applied problems solved by the students of the specialty 125 «Cybersecurity» must meet the methodological requirements for real practical content, which provides an illustration of the practical value and significance of the acquired mathematical knowledge in the cyber- and/or information security field. The solution to the problem of improving the quality of mathematical training of the students is considered through the use of intra-subject and interdisciplinary links, the introduction of applied orientation of mathematical disciplines and the principle of continuity. The paper presents examples of professionally oriented tasks that are offered to higher education students majoring in 125 «Cybersecurity» studying mathematical disciplines. It is proved that the introduction of applied orientation of mathematical disciplines creates the necessary conditions and attracts students to the professional sphere, which is an important step towards improving the quality of training of cybersecurity professionals.

Data-Driven Decision Support for Optimizing Cyber Forensic Investigations

Cyber attacks consisting of several attack actions can present considerable challenge to forensic investigations. Consider the case where a cybersecurity breach is suspected following the discovery of one attack action, for example by observing the modification of sensitive registry keys, suspicious network traffic patterns, or the abuse of legitimate credentials. At this point, the investigator can have multiple options as to what to check next to discover the rest, and will likely pick one based on experience and training. This will be the case at each new step. We argue that the efficiency of this aspect of the job, which is the selection of what next step to take, can have significant impact on its overall cost (e.g., the duration) of the investigation and can be improved through the application of constrained optimization techniques. Here, we present DISCLOSE, the first data-driven decision support framework for optimizing forensic investigations of cybersecurity breaches. DISCLOSE benefits from a repository of known adversarial tactics, techniques, and procedures (TTPs), for each of which it harvests threat intelligence information to calculate its probabilistic relations with the rest. These relations, as well as a proximity parameter derived from the projection of quantitative data regarding the adversarial TTPs on an attack life cycle model, are both used as input to our optimization framework. We show the feasibility of this approach in a case study that consists of 31 adversarial TTPs, data collected from 6 interviews with experienced cybersecurity professionals and data extracted from the MITRE ATT&CK STIX repository and the Common Vulnerability Scoring System (CVSS).

AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification

Distributed Denial-of-Service (DDoS) attacks are increasing as the demand for Internet connectivity massively grows in recent years. Conventional shallow machine learning-based techniques for DDoS attack classification tend to be ineffective when the volume and features of network traffic, potentially carry malicious DDoS payloads, increase exponentially as they cannot extract high importance features automatically. To address this concern, we propose a hybrid approach named AE-MLP that combines two deep learning-based models for effective DDoS attack detection and classification. The Autoencoder (AE) part of our proposed model provides an effective feature extraction that finds the most relevant feature sets automatically without human intervention (e.g., knowledge of cybersecurity professionals). The Multi-layer Perceptron Network (MLP) part of our proposed model uses the compressed and reduced feature sets produced by the AE as inputs and classifies the attacks into different DDoS attack types to overcome the performance overhead and bias associated with processing large feature sets with noise (i.e., unnecessary feature values). Our experimental results, obtained through comprehensive and extensive experiments on different aspects of performance on the CICDDoS2019 dataset, demonstrate both a very high and robust accuracy rate and F1-score that exceed 98% which also outperformed the performance of many similar methods. This shows that our proposed model can be used as an effective DDoS defense tool against the growing number of DDoS attacks.

Challenges in Cyber Security Education

Cyber security education is an important and pertinent topic as it plays a major role in mitigating the risks caused by a global shortage of cyber security experts. In order to better support this crucial function, a cyber security skills framework needs to be agreed upon by academics in this field, along with an increase in the visibility of cyber security education and training. Without these, there is likely to be a long-term shortfall between the number of skilled cyber security professionals and demand, potentially leaving organisations, institutions, and governments vulnerable. Our contribution to this challenge is threefold. Firstly this article addresses the development of a cyber security skills framework and its applicability. Secondly, we have analysed a sample of 87 study programs in order to produce an overview of cyber security topic areas. Moreover, the collected data are visualized in an interactive map, i.e. a dynamic web application with the aim to help students in their search for a cyber security study program. Finally, a cyber security curricula designer tool is proposed; this application would serve as a guideline for cyber security curricula designers.

Kiberbiztonság a járműiparban

Összefoglalás. Jelen cikk célja a járműipar egyes területeit érintő kiberbiztonsági kockázatok vizsgálata. Fentiekkel összhangban a cikk első részében a járműipar kiberbiztonsági szempontból releváns területei kerülnek meghatározásra. Ezt követően megtörténik a 2018. évben rögzített járműipari kibertámadások kockázatalapú értékelő elemzése. Summary. Nowadays, cybersecurity has a critical impact to our lives. The Internet has also got a substantial role in our days since many people are constantly connected to the Internet (e.g., through online social networks) (Török et al. 2020a). Besides, numerous personal and individual devices are connected. The growing number of connected devices and cyberspace expansion make our lives easier. However, this affects our privacy, with the potential for unauthorized use of personal information. In summary, life in a networked world carries unknown dangers. In the future, many new risk factors are expected to occur, which will significantly increase the level of cybersecurity threats. Examining the aspects of the automotive industry, we should mention the summary of Cheng et al., which explores the field’s problems through novel theoretical solutions and related practical considerations. The book pays special attention to vehicle communication and networked systems. This book examines three main scientific directions for 5G-compliant vehicle-to-vehicle communication and cooperative vehicle control: modeling and testing capabilities for vehicle-to-vehicle communication, state-of-the-art technologies related to the physical layer, and MAC design procedures (Cheng et al. 2019). Cheng and colleagues (Cheng et al. 2019) examined the communication channels currently applied in the automotive industry or that are expected to be applied soon. Particular attention has been paid to examining the tasks and challenges that need to be addressed in order to support the spread of the connected transport systems in the future. The evaluation focused on the cooperation of connected vehicles. Their study also outlined the most important security risks and challenges associated with new communication solutions. In the light of the above-mentioned considerations, it can be said that the emergence of connected and autonomous vehicles can make a significant contribution to the positive effects of cyberspace, but can also have a disadvantageous impact on the vulnerability of transport processes. In line with this, it is important to examine and understand the vulnerabilities of connected and autonomous vehicles, the threats to vehicles. With this knowledge, automotive cybersecurity professionals’ responsibility is to develop appropriate security functions and capabilities for connected and autonomous vehicles and transport systems. This enables the systems to detect, evaluate, and, if necessary, treat different attacks and malicious interventions. Along with the above objectives, many research studies in the automotive segment have already focused on identifying cybersecurity assessment frameworks for motor vehicles. Among these, it is worth highlighting the projects “HEAling Vulnerabilities to ENhance Software Security and Safety” and “E-safety vehicle intrusion protected applications” (Cheah et al. 2018).

Lessons Learned in Leveraging Existing Simulations for Cybersecurity Training, Evaluation, and Research

We provide lessons learned in leveraging existing simulations to conduct human-subjects cybersecurity experiments and develop training for cybersecurity professionals. First, we provide criteria for the evaluation and categorization of existing simulation tools into four categories (competitions, testbeds, tabletop exercises, and simulations used in published research). Following this, eight criteria are offered to evaluate simulations on their suitability for use in experiments. We evaluated one representative product in each category. This paper serves as a resource for practitioners who use simulation as a method of training or evaluation. Further, this work is a starting point for researchers to efficiently find and leverage simulations to conduct cybersecurity research.

Cyber-mitigation: Cybersecurity emergency management.

Cybersecurity is within the realm of emergency management, as cyber-attacks can generate both virtual and real world issues that emergency responders may be called upon to deal with. However, it has a skillset and other characteristics that are distinct from the types of emergency management that most practitioners commonly-and are prepared-to deal with. This paper compares the two disciplines, discusses areas where cybersecurity professionals and researchers can learn from the emergency management discipline and proposes new research directions within the emergency management domain.

Integrated framework for cybersecurity auditing

ABSTRACT Organizations receive several cyberattacks on their daily operations, thus the need for auditing. However, there is no unified tool to perform cybersecurity audit tasks which are expensive and tedious. In this paper, we build a cybersecurity framework to perform cybersecurity auditing process in organizations. It covers several types of threats and risks by providing the information systems auditors and cybersecurity professionals with several types of controls. Moreover, it illustrates the essential tools and techniques for cybersecurity auditing. The proposed framework clarifies the security issues through output reports. These reports specify the cybersecurity gaps. Also, it helps practitioners to generate an integrated tool to support cybersecurity auditors learning how to secure organizations and finding a mechanism to achieve the cybersecurity audit tasks.

Resolving dark web identities

Criminals continue to pose a significant threat on the dark web; a threat that will continue for decades. As cybersecurity professionals, we often hear and read about many forms of breached data fo...