Latest Articles
The Post-Quantum Cryptography
Safe digital communication for organizations and individuals is protected online by using cryptography, whether making an online purchase from a favorite online store or sending an email to a friend or colleague. Imagine the impact if cybercriminals could break the cryptographic algorithms used to encrypt all our banking, medical information and history, or any sensitive data we use in our day-to-day digital life.
Read MoreModeling & Simulation: Battle Readiness in a Virtual World
As the world becomes more complex, the U.S. Department of Defense (DoD) faces a range of challenges that demands innovative solutions. One tool that has proven invaluable in this regard is modeling and simulation (M&S)—the process of creating a representation of a system or process and then using that representation to explore and test different scenarios.
Read MoreDark Net Usage for Countries in Conflict
For many, the “dark web” harbors a stigma. After the rise of notorious “dark net markets” like “Silk Road” and “AlphaBay” in the early 2010s, pop culture has come to equate the “dark web” with illegality and contraband.
Read MoreImproving the U.S. Air Force’s Cyber Defense Strategy
April 2007 marks the month when the internet became weaponized [1]. In Estonia’s capital city of Tallinn, the government decided to move a bronze statue of a Russian soldier from the city center to a war memorial cemetery on the outskirts of town (Figure 1). They wanted to move the statue during the 60th anniversary of its erection in 1947, which memorialized the sacrifices of Russian soldiers liberating eastern Europe from the Nazis.
Read MoreA Defense-In-Depth and Layered Approach to Software Supply Chain Security
In this article, we will discuss the confluence and utility of using software supply chain (SSC)-focused frameworks (The Updated Framework [TUF] and the in-toto framework), combined with behavioral approaches using artificial intelligence (AI) aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), to generate a truly comprehensive approach for SSC security [1]. Such a “defense-in-depth” approach recognizes that these frameworks by themselves fall short of addressing the guidelines for the integrity of SSCs.
Read MoreCan the “Gorilla” Deliver? Assessing the Security of Google’s New “Thread” Internet of Things (IoT) Protocol
Security incidents associated with Internet of Things (IoT) devices have recently gained high visibility, such as the Mirai botnet that exploited vulnerabilities in remote cameras and home routers. Currently, no industry standard exists to provide the right combination of security and ease-of-use in a low-power, low-bandwidth environment. In 2017, the Thread Group, Inc. released the […]
Read MoreRebooting Letters of Marque for Private Sector, Active Cyber Defense
The views expressed in this paper are those of the author and do not reflect the official policy or position of the 780th Military Intelligence Brigade, U.S. Intelligence and Security Command, Department of the Army, Department of the Navy, Department of Defense, or the U.S. Government. Letters of Marque for Private Sector Cyber Defense Cyber […]
Read MoreEvaluation of Comprehensive Taxonomies for Information Technology Threats
Categorization of all information technology threats can improve communication of risk for an organization’s decision-makers who must determine the investment strategy of security controls. While there are several comprehensive taxonomies for grouping threats, there is an opportunity to establish the foundational terminology and perspective for communicating threats across the organization. This is important because confusion […]
Read MoreTimes Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers
Sophisticated adversaries are moving their botnet command and control infrastructure to social media microblogging sites such as Twitter. As security practitioners work to identify new methods for detecting and disrupting such botnets, including machine-learning approaches, we must better understand what effect training data recency has on classifier performance. This research investigates the performance of several […]
Read MoreOptimizing for Mission Success Using a Stochastic Gaming Simulation
This article describes how mission scenarios created using gaming software can be used as a graphical concept of operations (CONOPS) and optimized to ensure the highest probability of mission success. Traditional optimization methods have not been designed for mission-level problems, where highly uncertain environmental and operational parameters influence mission success, and clear objectives beyond success […]
Read More