Australian Information Warfare and Security Conference

Exterminating the Cyber Flea: Irregular Warfare Lessons for Cyber Defence

Ben Whitham — Thu, 21 Feb 2013 23:50:38 PST

Traditional approaches to tactical Computer Network Defence (CND), drawn from the lessons and doctrine of conventional warfare, are based on a team of deployed security professionals countering the adversary’s cyber forces. The concept of the adversary in cyberspace does not fit neatly into the conventional military paradigms. Rather than fighting an identifiable foe, cyber adversaries are clandestine, indistinguishable from legitimate users or external services, operate across state boundaries, and from safe havens that provide sanctuary from prosecution. The defender also faces imbalances with rules of engagement and a severe disparity between the cost of delivering the defence and the attackers ability to deliver an effect. These operational conditions are more akin with Irregular Warfare (IW) than a conventional conflict. This paper proposes a new approach to CND, based on a review of the literature on IW. Rather than fight the battle alone, the CND team should concentrate efforts to persuade and empower network users to take responsibility for protecting the organisation’s critical data. This approach seeks to apply the lessons learnt from IW, where the resistance to the adoption of security best practices, intentional or otherwise, is the real adversary. This approach appears more likely to deliver long term protection from the current cyber threats than a process, which requires the identification and tracking of adversaries that are invisible and constantly changing.

The Reception, Incorporation and Employment of Informatin Operations by the Australia Defence Force: 1990-2012

Jeff Malone — Thu, 21 Feb 2013 23:50:37 PST

The paper investigates the Australian Defence Force’s (ADF) approach – understood here as the reception, incorporation and operational employment – to military information operations (IO), from 1990 to 2012. The paper identifies key characteristics of the ADF’s approach to IO, and proposes explanatory factors to account for the specific form the ADF’s approach to IO has been manifested. The paper concludes with predictions regarding the future form of IO within the ADF, in the context of the increasing significance of social media, the upcoming 2013 Defence White Paper (WP13) and the US ‘pivot’ to the Asia-Pacific region. The paper is based in-progress doctoral research, and knowledge with respect to IO during his service in the Australian Army.

Protective Emblems in Cyber Warfare

Iain Sutherland et al. — Thu, 21 Feb 2013 23:50:37 PST

The Tallinn Manual will be released in February 2013 and makes a significant step towards defining the concepts of cyber warfare. The early draft of the manual is available and the expert working party have interpreted the existing international agreements, instruments and conventions and applied them to the field of cyber warfare. The manual makes a number of interpretations on the legal position of civilians and other parties. The manual makes it clear that the existing conventions are applicable and that civilian / religious and medical systems should be viewed as non-combatants in a cyber conflict. In the kinetic warfare environment non-combatants are indicated with recognized international symbols such as the Red Cross, Red Diamond and the Red Crescent emblems. This paper proposes a simple method in which these and other symbols for protected sites could be replicated in the cyber world with a form of digital marker to ensure that systems and traffic are recognized as being clearly protected under the same terms as those that apply to the Geneva Conventions.

The Regulation of Space and Cyberspace: One Coin, Two Sides

Brett Biddington — Thu, 21 Feb 2013 23:50:36 PST

In the 1960s, during some very tense days in the Cold War the United States of America (USA) and the Union of Socialist Soviet Republics (USSR) brokered a deal in the United Nations for a treaty regime to govern human activities in outer space. This regime has served well enough for almost 50 years. In recent years, however, fears of space weaponisation, the proliferation of space debris in the Low Earth Orbits (LEO) and increasing demands on the electromagnetic spectrum (EMS) have led to demands for regulatory reform. Some nations now consider space to be the fourth domain of modern warfare. Meanwhile, the cyber domain continues to develop apace. The world is struggling to determine whether, and if so how, to regulate the cyberspace. The United States now considers cyberspace to be the fifth domain of warfare and has announced that it reserves the right to meet cyber attacks, on interests it considers vital, with conventional kinetic responses. The space and cyberspace domains overlap and have mutual dependencies which demand a degree of coherence and integration in legislative, policy, and regulatory responses. There are also some important differences and distinctions. This paper explores some of the dilemmas that are faced by decision-makers who seek to make both the space and cyberspace domains safe and secure places which will deliver benefit to humans across the planet long into the future.

Applying Feature Selection to Reduce Variability in Keystroke Dynamics Data for Authentication Systems

Mark Abernethy et al. — Thu, 21 Feb 2013 23:50:35 PST

Authentication systems enable the verification of claimed identity. Password-based authentication systems are ubiquitous even though such systems are amenable to numerous attack vectors and are therefore responsible for a large number of security breaches. Biometrics has been increasingly researched and used as an alternative to password-based systems. There are a number of alternative biometric characteristics that can be used for authentication purposes, each with different positive and negative implementation factors. Achieving a successful authentication performance requires effective data processing. This study investigated the use of keystroke dynamics for authentication purposes. A feature selection process, based on normality statistics, was applied to reduce the variability associated with keystroke dynamics raw data. Artificial Neural Networks were used for classification, and results were calculated as the false acceptance rate (FAR) and the false rejection rate (FRR). Experimental results returned an average FAR of 0.02766 and an average FRR of 0.0862, which were at least comparable with other research efforts in this field.

Penetration of ZigBee-based wireless sensor networks

Michael N. Johnstone et al. — Wed, 13 Jun 2012 20:04:01 PDT

Wireless Sensor Networks are becoming popular as a simple means of collecting data by public utilities, motor vehicle manufacturers and other organisations. Unfortunately the devices on such networks are often insecure by default, which presents problems in terms of the integrity of the data provided across those networks. This paper explores a range of attacks that were successful on a network consisting of nodes using the ZigBee protocol stack and proposes defences that can be put in place to circumvent these attacks thus leading to more secure systems and increasing user confidence.

Designing a knowledge distribution simulator

Martin Hill et al. — Wed, 13 Jun 2012 20:04:00 PDT

To make good decisions, we need to be suitably informed. 'Good' and 'Suitably' in this case depend on the informational needs of the decision and the mechanisms of getting the information to the decision maker in time. The trade-offs in qualities, quantities, timeliness, impacts on other activities, and so on are infamously wickedly complex, and usually buried in a clutter of special circumstances, personality characteristics, environments unsuitable for study, and so on. Decision-making systems can be explored using case studies and exercises, but these are limited by the expense and time of using real people. A virtual simulator for large scale networks of communities can provide systems to examine that are not otherwise possible, while bearing in mind that simulators only partially reflect real systems. This paper describes a design for such a simulator framework that can be implemented on an ordinary desktop computer. We intend to use it to exercise and explore various ‘knowledge distribution strategies’ in order to understand and suggest information communication mechanisms for investigation in the real world, without expecting it to be complete enough to be prescriptive. We focus on military collaborations as suitably 'eXtreme' environments to exercise these communication mechanisms. Topics for further investigation include isolation, turnover and resilience.

Designing cyber warfare information infrastructure resilience

Semir Daskapan et al. — Wed, 13 Jun 2012 20:03:59 PDT

Due to many cyber attacks in the last years, governments are realizing how vulnerable they have become should there be a break out of a cyberwar. This urged them to establish a cyber warfare information infrastructure in a short time. However, this cyber warfare information infrastructure relies heavily on public infrastructures, like electricity and the Internet, which will be most likely targeted themselves. Therefore, a cyber warfare information infrastructure is by definition a vulnerable infrastructure that needs to be secured against attacks and made resilient. In this paper, we provide a method inspired by the theory of Complex Adaptive Systems to improve the resilience of cyber warfare information infrastructures. This method is applied on one specific security system as a showcase, namely, the intrusion detection system.

Space as a New Sphere of Future Information Warfare

Martti Lehto — Fri, 14 Jan 2011 00:08:00 PST

Air power has seen constant development from the Wright Flyer’s first flight at Kitty Hawk on December 17, 1903 via the advent of the jet age with the service entry of the Messerschmitt Me 262 in 1942, to today’s multirole fighters (F-35 Joint Strike Fighter) and stealth aircraft (B-2 Spirit multi-role bomber). As a result of this evolution of one hundred years air power has emerged as a central component in power projection. As General William Mitchell said: ”Neither armies nor navies can exist unless the air is controlled over them.” (Mitchell 1925, xv)We have witnessed a corresponding development in space, albeit with a lag of nearly sixty years. The first satellite, the Sputnik, went in orbit on October 4, 1957 and the first manned spaceflight was accomplished on April 12, 1961 (by Yuri Gagarin). July 20, 1969 saw the first landing of man on the moon by Neil Armstrong; the first Space Shuttle launch was on April 12, 1981; and the International Space Station (ISS) has remained manned since November 2, 2000. Since 1961, more than 400 men and women have visited the realm of space. General Tommy Franks said:”The pieces of this operation (Iraqi Freedom) which have been successful would not have been so without space-based assets … it’s just simply a fact.”A major ingredient of success in modern warfare is the capability to collect and analyze information and then use it for the execution of command and control. Intelligence, surveillance, command and control, positioning, and targeting systems along with increasingly technical fire systems will have a key role in this area. Deliberate information warfare operations are conducted during times of crisis and war. They are planned based on of information obtained from intelligence and surveillance assets. The aim of the attacker in information operations is to produce a desired effect on targets by means of psychological warfare such as dissemination of information and other psychological operations; by using network attacks and deception along with other forms of information systems warfare; and by employing electronic warfare assets for jamming, and weapons to suppress the enemy’s intelligence, surveillance, and command and control systems.Space, the electromagnetic spectrum, virtual networks, the psychological domain, and media will occupy central roles in any future information warfare, and all these can be used in both defensive and offensive modes. The foregoing sums up as a concept of global information warfare. We already have space-based C4ISR, targeting, and positioning systems. The successful execution of operations in future wars depends on the gaining and maintaining of space supremacy. Space is in the process of becoming a new dimension in information warfare.

Virtual Radicalisation: Challenges for Police

Simon O'Rourke — Fri, 14 Jan 2011 00:08:00 PST

Recent advances in communications technology are providing a medium for individuals or groups to subscribe to extremist worldviews and form networks, access training and obtain information, whilst remaining virtually undetected in the online world. Whilst the Internet is facilitating global virtual communities like Second Life, MySpace and Facebook it is also providing an anonymous meeting place for disenfranchised individuals to gather, share ideas, post and exchange information regarding their particular ideology. This virtual community provides a sense of belonging to a global cause in which the actions of an individual can be aligned to, and seen to contribute towards something more significant than their own lives. Membership of this virtual community can facilitate the indoctrination of individuals, thereby negating psychological barriers that would normally inhibit particular types of behaviour. Terrorist groups operate as amorphous, fluid networks providing them significant advantages over rigidly structured state and nation based law enforcement agencies. In addition terrorist groups are exploiting the combination of rapidly evolving technology and incommodious legislation to prevent detection.

Managing Analysis

David Shaw — Fri, 14 Jan 2011 00:07:59 PST

The Intelligence profession requires effective management to function properly and professional discourse highlights the changing nature of intelligence work. Highlighted “failures” are linked to organizational structures and ethos, and proposals to address the problems include discussion of human and organizational factors with recommendations that address the issues. However, optimising the intelligence process may not be a simple case of applying management techniques as the work relies substantially on individual endeavour. Innovative management techniques are needed and these should be grounded in recognising the peculiar nature of analysis and the skill set required.

Critical Infrastructure Systems Modelling: Benchmarking CPNTools

Graeme Pye et al. — Fri, 14 Jan 2011 00:07:58 PST

This paper reports on the application of systems modelling benchmarks to determine the viability of systems modelling software and its suitability for modelling critical infrastructure systems. This research applies the earlier research that related to developing benchmarks that when applied to systems modelling software will indicate its likely suitability to modelling critical infrastructure systems. In this context, the systems modeling benchmarks will assess the practicality of CPNTools to the task of modelling critical infrastructure systems.

Commercial Critical Systems and Critical Infrastructure Protection: A Future Research Agenda

Matthew J. Warren et al. — Fri, 14 Jan 2011 00:07:57 PST

Secure management of Australia’s commercial critical infrastructure presents ongoing challenges to owners and the government. Although it is currently managed through high-level information sharing via collaboration, but does this suit the commercial sector. One of the issues facing Australia is that the majority of critical infrastructure resides under the control of the business sector and certain aspects such of the critical infrastructure such as Supply Chain Management (SCM) systems are distributed entities and not a single entity. The paper focuses upon the security issues associated with SCM systems and critical infrastructure protection

Australian Critical Infrastructure Protection: A case of two tales

Matthew Warren et al. — Thu, 13 Jan 2011 18:36:46 PST

The protection of critical infrastructures and the choices made in terms of priorities and cost, all impact upon the planning, precautions and security aspects of protecting these important systems. Often the when choices made is difficult to assess at the time the decision is taken and it is only after an incident that the truth of the choices made become fully evident. The paper focuses on two recent examples of Australian Critical Infrastructure protection and the issues that related to those examples.

Wikileaks: The Truth or Not

Ian Rosewall et al. — Thu, 13 Jan 2011 18:36:45 PST

We live in the Information Age, an age where information is shared in a global context and in real time. The issue is whether all information should be disclosed. In the ‘Information Age’ do secrets still exist? Another major issue is whether groups of vigilantes are the ones who should be disclosing this information, should these vigilante groups be trusted? This paper will focus upon the impact of Wikileaks and the problem of Information disclosure especially when that information is confidential. It will identify cases for discussion. In the main these cases will be of a military flavour.

2D Spatial Distributions for Measures of Random Sequences Using Conjugate Maps

Qingping Li et al. — Thu, 13 Jan 2011 18:36:43 PST

Advanced visual tools are useful to provide additional information for modern information warfare. 2D spatial distributions of random sequences play an important role to understand properties of complex sequences. This paper proposes time-sequences from a given logical function of 1D Cellular Automata in both Poincare map and conjugate map. Multiple measure sequences of Markov chains can be used to display spatial distributions using conjugate maps. Measure sequences recursively produced by different logical functions generating maps. Possible complementary feature exits between pair functions, Conjugate symmetry relationships between a pair of logical functions in conjugate maps can be observed.

Success of Agile Environment in Complex Projects

Abbass Ghanbary et al. — Thu, 13 Jan 2011 18:36:40 PST

This paper discusses the impact of agile methodology in complex and modular interrelated projects based on the authors’ practical experience and observations. With the advancement of Web technologies and complex computer systems, business applications are able to transcend boundaries in order to fully meet business requirements and comply with the legislation, policies and procedures. The success of software development as well as software deployment of these complex applications is dependent upon the employed methodology and project management. This is so because employed methodology plays an important position in capturing and modeling of business requirements and project management helps to ensure delivery. Agile methods are rapidly becoming popular in the software development industry. This paper examines this crucial role of agile methodology in a software development and deployment environment.

Media, government and manipulation: the cases of the two Gulf Wars

William Hutchinson — Fri, 09 Apr 2010 00:05:42 PDT

This paper explores the bias and manipulation of the Western mass media during the Gulf wars of 1991 and 2003. The tactics of compliance and the ethics of the press and journalists are examined. The need for a pluralist press is extolled.

Security Metrics - A Critical Analysis of Current Methods

Manwinder Kaur et al. — Fri, 09 Apr 2010 00:05:42 PDT

This paper documents and analyses a number of security metrics currently in popular use. These will include government standards and commercial methods of measuring security on networks. It will conclude with a critical look at some of the problems and challenges faced when using the metrics available today, and also with the development of new metrics.

Visualisation of Critical Infrastructure Failure

W D. Wilde et al. — Fri, 09 Apr 2010 00:05:41 PDT

The paper explores the complexity of critical infrastructure and critical infrastructure failure (CIF), real life examples are used to discuss the complexity involved. The paper then discusses what Visualisation is and how Visualisation can be applied to a security situation, in particular critical infrastructure. The paper concludes by discussing the future direction of the research.