Defense Information Research Articles

Revisiting Past Cyber Security Recommendations: Lessons we Have Failed to Learn

Cyber-security is constantly evolving as new technologies introduce new vulnerabilities and threat actors constantly develop new techniques to penetrate systems. Much focus in scholarship is on the cyber-offense, while few analyse changes in the cyber-defence posture. Since its inception, defensive information security has evolved and introduced a plethora of new security controls to either prevent, detect, mitigate, or respond to new cyber-attacks. When studying cyber-incidents, a paradox becomes apparent: often, low-end security fails are responsible for most breaches, such as default system configurations and credentials or violations of the principle of least privileges. Even security sensitive organisations such as the US DoD or IT companies suffer from this paradox, as a recent NSA/CISA report indicates: large sums are spent on high-end security programs only to be compromised by low-end attacks. This paradox becomes even more pronounced when introducing a longitudinal historical perspective: many of these issues have been known for decades, as reports from the 1970s show. These include inadequate hardware and software not designed with security in mind, the issue of managing resource access controls in a multi-user environment that includes remote terminals (aka a cloud infrastructure), malicious insider threats that bypass security controls, as well as the issue of applying timely software patches. In sum: while the IT security industry is rushing to introduce new high-level security controls and technologies, the main issues seem to be age-old problems and the failure to learn lessons from the past, warranting a historical approach. In this paper, the origin of security controls is examined, shedding light on relevant best practices, recommendations and why they emerged. Starting in the 1960s, we analyse the emerging technologies of each subsequent decade, explore what changes in IT-security controls these new technologies necessitated, and how IT and later cyber-security changed over the years. Furthermore, reference is made to the aftermath of selected cyber-attacks to further highlight is analysed to explore potential shifts in security paradigms beyond those introduced by technology itself.

Gender and Generation Differences in Finnish Defence Policy Opinions 2000–2020

Outside Finland, gender differences in opinions on defence and security policy have been the subject of analysis in Western states of all sizes. This study investigates whether political opinions on key issues of defence policy in Finland are affected by differences in gender and age, and how such differences can be understood in the context of a small-state where there is conscription for men. Gender differences are suggested in relation to both the Finnish social and political context and the gendered division of labour in a society long characterised by a high willingness to defend the country, male conscription, and military non-alignment. Generational differences are proposed to be related to the directions of potential social change in the population. We analyse survey data from the Finnish Advisory Board for Defence Information collected between 2000 and 2020 on four survey items and test whether opinions on (a) willingness to defend Finland, (b) mandatory male conscription, (c) defence spending, and (d) military alignment vary as a function of sex or age. What emerges as statistically significant is that Finnish men will support the military defence of the country if it is attacked, while older cohorts tend to support mandatory male conscription. Defence spending and military non-alignment in the years 2000 to 2020 were mostly inconclusive on gender and generational differences. With illustrative findings from qualitative interview data from women’s preparedness training in voluntary defence, we suggest a contextual explanation of situated socialisation, where self-perceived proximity to defence issues leads to men being more convinced and women being more ambivalent in their views on defence policy.

Security risk assessment of projects in high-risk areas based on attack-defense game model

Assessing the security risk of projects in high-risk areas is particularly important. This paper develops a security risk assessment model for projects in high-risk areas based on the target loss probability model and Bayesian game model. This model is modeled from the perspective of attack-defense confrontation and addresses the issue that traditional risk assessment focuses on the analysis of the attacker yet neglects to analyze the defender—the defender’s optimum defensive information is not quantitatively determined. The risk level, optimum defensive resource value, and optimum defensive strategy of the project are determined through the analysis of a project in the high-risk area. This enables the project’s risk manager to adjust the defensive resources reasonably and optimally, confirming the objectivity and feasibility of the model and offering a new benchmark for security risk assessment, which has significant practical implications.

Development of Six Ware Cyber Defense Framework (SWCDF) Design as a Standardization of Computer Network Protection State Defense Information System

Development of Six Ware Cyber Defense Framework (SWCDF) Design as a Standardization of Computer Network Protection State Defense Information System

Fostering Fortitude

This article analyzes “National Defense Courses” textbooks that were used to disseminate defense information to the political, social, and administrative elite in Finland. Textbooks from 1967 to 2018 provide qualitative historicaland sociological data, showing how Finland has prepared for war and other security contingencies for the past five decades. The main shift in fostering the population’s allegiance to the state has gone from addressing the management of political heterodoxy as a patriotic endeavor to one of cultivating apolitical resilience in the face of adversity. Both patriotism and resilience appear in the texts as forms of civic piety, in which people’s individual preferences give way to collective interests.

Importance of Consistency and Standardization in Estimating Economic Contributions of the Forest Industry in the Southern United States

Abstract The forest industry is a significant contributor to many local and state economies in the United States (US). Informed public policy at state and national levels requires that decision makers have accurate and defensible information on the value and structure of these economic contributions. However, different methods and modeling assumptions used and different industry sectors included by various analysts complicate meaningful comparisons across regions and time. This work presents a standardized approach to economic contribution assessments of the forest industry. The US Southern Forest region serves as an example of this approach with standardized results for economic contributions per capita, per acre of timberland, and per unit volume of timber harvested when comparing across regions and time. Among other findings, the results suggest that states with developed wood and paper product manufacturing industries have significantly greater economic contributions than states that are concentrated on timber harvesting.

The role of defensive information processing in population-based colorectal cancer screening uptake.

Internationally, colorectal cancer screening participation remains low despite the availability of home-based testing and numerous interventions to increase uptake. To be effective, interventions should be based on an understanding of what influences individuals' decisions about screening participation. This study investigates the association of defensive information processing (DIP) with fecal immunochemical test (FIT)-based colorectal cancer screening uptake. Regression modeling of data from a cross-sectional survey within a population-based FIT screening program was conducted. The survey included the seven subdomains of the McQueen DIP measure. The primary outcome variable was the uptake status (screening user or nonuser). Multivariable logistic regression was used to estimate the odds ratio (OR) for screening nonuse by DIP (sub)domain score, with adjustments made for sociodemographic and behavioral factors associated with uptake. Higher scores (equating to greater defensiveness) on all DIP domains were significantly associated with lower uptake in the model adjusted for sociodemographic factors. In the model with additional adjustments for behavioral factors, the suppression subdomains of "deny immediacy to be tested" (OR, 0.53; 95% confidence interval [CI], 0.43-0.65; p<.001) and "self-exemption" (OR, 0.80; 95% CI, 0.68-0.96; p < .001) independently predicted nonuse of FIT-based screening. This is the first study outside the United States that has identified DIP as a barrier to colorectal cancer screening uptake, and it is the first focused specifically on FIT-based screening. The findings suggest that two suppression barriers, namely denying the immediacy to be tested and self-exempting oneself from screening, may be promising targets for future interventions to improve uptake.

Analysis of Factors Affecting User Acceptance of The Ministry of Defense Information and Documentation Management Officer (PPID) Website

Analysis of Factors Affecting User Acceptance of The Ministry of Defense Information and Documentation Management Officer (PPID) Website

Measures to Ensure the Sustainability of Information Systems in the COVID-19 Environment

National defense requires uninterrupted decision-making, even under direct or indirect impacts of non-traditional threats such as infectious diseases. Since all work utilizes information systems, it is very important to ensure the sustainability and availability of information systems. In particular, in terms of security management, defense work is being performed by dividing the network into a national defense network and a commercial Internet network. This study suggests a work execution plan for sustainability that takes into account the efficiency of work performed on the Internet and the effectiveness of security through effective defense information system operation. It is necessary to minimize the network contact points between the national defense network and the commercial Internet and to select high-priority tasks from various tasks and operate them efficiently. For this purpose, actual cases were investigated for an institution, “Organization A”, and characteristics were presented. Through the targeted tasks and operation plans presented in this paper to improve the effectiveness of defense tasks and ensure security, it will be possible to increase the sustainability and availability of task performance even under non-traditional threats such as infectious diseases.

The evolution of conspicuousness in frogs: When to signal toxicity?

Many organisms use conspicuous colour patterns to advertise their toxicity or unpalatability, a strategy known as aposematism. Despite the recognized benefits of this anti-predator tactic, not all chemically defended species exhibit warning coloration. Here, we use a comparative approach to investigate which factors predict the evolution of conspicuousness in frogs, a group in which conspicuous coloration and toxicity have evolved multiple times. We extracted colour information from dorsal and ventral photos of 594 frog species for which chemical defence information was available. Our results show that chemically defended and diurnal species have higher internal chromatic contrast, both ventrally and dorsally, than chemically undefended and/or nocturnal species. Among species that are chemically defended, conspicuous coloration is more likely to occur if species are diurnal. Our results also suggest that the evolution of conspicuous colour is more likely to occur in chemically defended prey with smaller body size. We discuss potential explanations for this association and suggest that prey profitability (related to body size) could be an important force driving the macroevolution of warning signals.

Holding Your Hand on the Danger Button

Phishing emails continue to be a major cause of cybersecurity breaches despite the development of technical measures designed to thwart these attacks. Most phishing studies have investigated desktop email platforms, but the use of mobile devices for email exchanges has soared in recent years, especially amongst young adults. In this paper, we explore how the digital platform (desktop vs. mobile) influences users' phish detection strategies. Twenty-one young adults (18-25 years) were asked to rate the legitimacy of emails using a live inbox test while using a think-aloud protocol on both platforms. Our results suggest that a lack of knowledge about key defence information on the mobile platform results in weak phish detection. We discuss the implications of these findings and offer design recommendations to support effective phish detection by smartphone users.

The assessment of defense information systems complexity: An addition to genetic taxonomy approach

Defense organizations, like the ministry of defense, the armed forces, the general staff of the armed forces, the army, the navy, or the air force units, use a specific business technology. What makes their business technology specific is a predictable changeability of their business processes. Namely, these organizations function in more than one state, each having its own business processes. An organization transits from one state to another in a predictable manner, thus changing its business processes. This kind of business technology is not exclusively restricted to defense organizations, as it also applies to police as well as crisis management organizations. In order to develop information systems (IS) supporting these organizations properly, the complexity of their future IS should be assessed first. This assessment can be performed by relying on existing genetic taxonomies, i.e., by situating the planned defense IS inside the IS genetic taxonomy space, with regard of relevant characteristics of organizational processes supported by the IS. A behavioral dimension described in this paper addresses the dynamics of states defense systems operate in, offering to contribute to the understanding of defense systems’ response to changes in dynamic ecosystems, assisting thereby researchers and practitioners in describing dynamic properties of investigated systems.

STRATEGY FOR INTEGRATED LAND INFORMATION SYSTEM NETWORK ARRANGEMENTS FOR THE INDONESIAN NATIONAL ARMY

In the era of globalization and information as it is today, and easily accessible data and information management system has become a necessity. Data and information containing ideological, political, economic, socio-cultural, and security aspects are urgently needed to manage national defense policies in order to be able to manage data and information in accordance with the interests of the system, which requires an integrated information network that can collect and manage and regulate the use of data and information. Information according to defense needs. The purpose of this study was to analyze the Strategy for Networking the Integrated Ground Defense Information System, a phenomenological qualitative research method accompanied by data collection techniques of observation, interviews, and documentation studies. The results showed that the TNI AD information system network was not well organized and not integrated where it was found that there were still ranks of the TNI AD that had not been reached by the information system network, then the number of units in the TNI AD was presented, the allocation of internet support for information system purposes was very important. The limited data transmission process, with the non-integration of the information system in the Indonesian Army, resulted in data and information being unable to be shared between data users. The conclusion from this research is that the current Information System Network Arrangement is not optimal, so the Strategy for the Integrated Ground Defense Information System Network Arrangement is carried out with a plan which includes the preparation of an information system title roadmap, the preparation of standards, and the use of independent data, the development of which includes doctrine, personnel, and structure. Organizing and strengthening Infrastructure, which includes the arrangement of LAN and WAN as well as information system network security, including background, objectives, design/methodology/approach, and results/conclusions.Keywords: strategy, structuring, Information System Network, integrated

A multi-point collaborative DDoS defense mechanism for IIoT environment

Nowadays, a large number of intelligent devices involved in the Industrial Internet of Things (IIoT) environment are posing unprecedented cybersecurity challenges. Due to the limited budget for security protection, the IIoT devices are vulnerable and easily compromised to launch Distributed Denial-of-Service (DDoS) attacks, resulting in disastrous results. Unfortunately, considering the particularity of the IIoT environment, most of the defense solutions in traditional networks cannot be directly applied to IIoT with acceptable security performance. Therefore, in this work, we propose a multi-point collaborative defense mechanism against DDoS attacks for IIoT. Specifically, for the single point DDoS defense, we design an edge-centric mechanism termed EdgeDefense for the detection, identification, classification, and mitigation of DDoS attacks and the generation of defense information. For the practical multi-point scenario, we propose a collaborative defense model against DDoS attacks to securely share the defense information across the network through the blockchain. Besides, a fast defense information sharing mechanism is designed to reduce the delay of defense information sharing and provide a responsive cybersecurity guarantee. The simulation results indicate that the identification and classification performance of the two machine learning models designed for EdgeDefense are better than those of the state-of-the-art baseline models, and therefore EdgeDefense can defend against DDoS attacks effectively. The results also verify that the proposed fast sharing mechanism can reduce the propagation delay of the defense information blocks effectively, thereby improving the responsiveness of the multi-point collaborative DDoS defense.

Prospects and Current Status of Defence Information Security in Ukraine

Relevance of the article - security has always been one of the priority issues of state policy. Considering that the defence forces are an inseparable part of state security, studying their information security is essential. The feasibility of this study is confirmed by the fact that in the current conditions of development of the information society, the information technology of the Ukrainian defence forces must adapt to the current challenges and threats, to ensure proper protection of information of strategic importance to the state and collected, consolidated and stored by the defence forces. This article aims to identify problems of information security of defense forces in Ukraine to find ways of their elimination. Formal logical, systemic structural, comparative and legal methods were used to conduct the research. It is stated that by dividing the information space and cyber space, the legislator has laid down legal regulation of protection of the state's information space. It is understood that the Lithuanian and Latvian forces for combating threats to the information space were consolidated within the structure of the Ministry of Defence. Consequently, the authorities argue that the system of entities responsible for protecting the information space needs to be optimized, creating conditions for state-private cooperation in this area, as in the case of Germany, and providing these entities with qualified employees. The results obtained are important for research, law-making and law enforcement activities.

Determinasi Knowledge Sharing Self-Efficacy, dan Kualitas Knowledge Sharing terhadap Employee Job Performance (Studi Pada PT. Aji Pangan Lestari)

Disruption of digital technology that occurs as a result of the industrial revolution 4.0, demands development in various fields including the defense sector. The potential threats to the defense sector have extended even to the cybersecurity dimension. For this reason, it is necessary to develop information technology by involving stakeholders who have human resources with superior job performance. There are several factors that influence employee job performance in the defense sector, including the discussion on self-efficacy and knowledge sharing. Furthermore, this study aims to determine the effect of knowledge sharing self-efficacy and the quality of knowledge sharing on employee job performance. The research sample used is 45 employees of PT. Aji Pangan Lestari which is engaged in defense information technology. The data analysis method used is Partial Least Square using the SmartPLS 3.0 program. The results of the analysis show that the quality of knowledge sharing is largely determined by the knowledge sharing self-efficacy of employees. In addition, it is also concluded that knowledge sharing self-efficacy and the quality of knowledge sharing each have a significant effect on employee job performanceKeywords– knowledge sharing self-efficacy, quality of knowledge sharing, employee job performance

Real-time service integration of defense information system

This study designs a reference model of the Defense REST API server based on the representational state transfer (REST) architecture style to present the most efficient, stable, and sustainable technical criteria for real-time service integration of defense information systems in Korea. The purpose of this component is to provide evidence to be stipulated as part of the Korean Defense Ministry's instructions and regulations, such as the Defense Interoperability Management Directive and the Interoperability Guide, and to support the development of the National Defense Interworking Technology and Interoperability. As the defense information system was subdivided and developed by the army, navy, air force, or business functions, interworking between information systems has become one of the most important factors. However, despite the need for advanced service integration and interworking, various interconnection service modules based on enterprise application integration (EAI), EAI hubs, and spokes were developed at a level that met local requirements (simple data transmission) without specific criteria for each network or information system. As a result, most of the interconnection modules currently in operation suffer from the absence of a technical spectrum, such as not meeting the military's demands for real-time interconnection and service integration, which increases with time. Therefore, this study seeks to identify the above problems by integrating the defense information system into one service and presenting a reference model of the defense REST API server to meet various real-time interworking requirements, analyze the technical basis, and pursue a model that fits military reality.

Navigating ‘danger zones’: social geographies of risk and safety in teens and tweens of color information seeking

ABSTRACT Marginalized people often incur risk when interacting with information providers and institutions; they must weigh the risk of those interactions against the possible benefits of the knowledge or services gained. In this study, we analyze Black, Indigenous, and People of Color (BIPOC) teens and tweens’ articulation of their information practices and their risk management through information seeking. Using data from group interviews with 58 Black, Latinx, Indigenous, and Asian American youth ages 12–18 in North Carolina we describe a model of socially co-constructed information geography focused around identifying, avoiding, and managing risks, costs, and benefits in information-related ‘danger zones.’ Participants described and demonstrated an ongoing conflict between the desire to seek and share information and the desire to avoid social, economic, political, and personal costs of information seeking. When participants observed a possible danger zone, they frequently engaged in a process of cost–benefit analysis that ultimately resulted in a series of defensive information behaviors, including avoidance, confrontation and open resistance, feigned compliance and subversion, and progressive disclosure.

Prospects and current status of defence information security in Ukraine

Relevance of the article - security has always been one of the priority issues of state policy, and considering the fact that the defense forces are an inseparable part of state security, the study of their information security is essential. The feasibility of this study is confirmed by the fact that in the current conditions of development of the information society, the information technology of the Ukrainian defence forces must adapt to the current challenges and threats, to ensure proper protection of information of strategic importance to the state and collected, consolidated and stored by the defence forces. The purpose of this article is to identify problems of information security of defence forces in Ukraine, to find ways of their elimination. Formal logical, systemic structural, comparative and legal methods were used to conduct the research. It is stated that by dividing the information space and cyber space, the legislator has laid down legal regulation of protection of the information space of the state. It is understood that the Lithuanian and Latvian forces for combating threats to the information space were consolidated within the structure of the Ministry of Defence.

Language workers and the challenge of digitalisation

Abstract The increasing digitalisation of communication has not gone unnoticed by the US military. The teaching of communication takes place at the Defense Information School (DINFOS), providing professional instruction to US military members, civilian personnel and allies from around the world. With the emergence of social media and the increasing significance of user-generated content, the teaching of communication, even more so than previously, prioritises the collaboration of academic researchers, practitioners and industry leaders in digitalised media for professional development. Viewing the collaboration as an example of transdisciplinary practice (McGregor, 2014), this paper seeks to gain insight into their thoughts on social media messaging and management for developing themes (Perrin &amp; Kramsch, 2018) for research and practice, as well as for teaching language learners to be language workers (Koller, 2018) in a digitalised mediated world. The analysis of the social media workshop from 2017 is inspired by content analysis (Krippendorff, 2004). Through the analysis, the themes of “Community”, “Content” and “Conduct” are created based on a series of 23 lectures for practitioners by senior officers, academic researchers and persons from social media companies like Twitter and Instagram. The analysis shows, among other things, that the technological dimension of social media may constrain and enable language use in unpredictable ways. For research, practice and learning, the themes may function as a “shared language” for more effective language use towards the increasing digitalisation of communication. The paper concludes by reflecting on two concerns within transdisciplinarity, specifically transdisciplinary identity (Augsburg, 2014) and the link between process and impact (Hansson &amp; Polk, 2018).