In January 2012, MITRE performed a real-time, red team/blue team cyber-wargame experiment. This presented the opportunity to blend cyber-warfare with traditional mission planning and execution, including denial and deception tradecraft. The cyberwargame was designed to test a dynamic network defense cyber-security platform being researched in The MITRE Corporation’s Innovation Program called Bl...

We present a method to devise, execute, and assess a cyber deception. The aim is to cause an adversary to believe they are under a cyber attack when in fact they are not. Cyber network defense relies on human and computational systems that can reason over multiple individual evidentiary items to detect the presence of meta events, i.e., cyber attacks. Many of these systems aggregate and reason ...

Internet-based computer information systems play critical roles in many aspects of the modern society. However, these systems are constantly under cyber attacks that can cause catastrophic consequences. In order to defend these systems effectively, it is necessary to measure and predict the effectiveness of cyber defense mechanisms. In this paper, we investigate how to measure and predict the e...

Since fall 2012, several National Centers of Academic Excellence in Cyber Defense Research (CAE-Rs) fielded a collaborative course to engage students in solving applied cybersecurity research problems. We describe our experiences with this Information Security Research and Education (INSuRE) research collaborative. We explain how we conducted our project-based research course, give examples of ...

We need to change our approach to cyber defense if we are to succeed. We must deeply understand our adversaries, develop effective defensive strategies that will stand the test of time and evolution, and create a new discipline to make this happen. Here is how we start.

The Cyber Defense Exercise (CDX) is a four day Information Assurance exercise run by the National Security Agency/Central Security Service (NSA/CSS) to help train federal service academy students in secure network operations. This paper is a collaborative work on the various tools and techniques used and the overall effectiveness of live-attack exercises in teaching information security.

Supervisory Control And Data Acquisition (SCADA) communications are often subjected to various kinds of sophisticated cyber-attacks which can have a serious impact on the Critical Infrastructure such as the power grid. Most of the time, the success of the attack is based on the static characteristics of the system, thereby enabling an easier profiling of the target system(s) by the adversary an...

With growing concerns for cyber security of critical infrastructures like the power grid, Cyber-Physical Systems (CPS) security testbeds are essential in providing controlled testing environments for evaluating and validating novel CPS security tools and technologies, thereby accelerating the transition of research to industrial practice. The engineering of such testbeds requires significant in...