This paper examines key trends and developments in information technology, and the implications of those developments on stability and security. Focus is on cyber threats to computer networks, including information theft and sabotage, and acts that disrupt or deny services. Seven trend areas are examined: ubiquity, mobility, hacking tools, performance, vulnerabilities, groundedness, and informa...

This paper describes the placement of a large-scale cyberdefense exercise within the computer science and information technology curricula at an undergraduate institution, the United States Military Academy. Specifically, we describe the US National Security Agency Cyber-Defense Exercise as an example of a large-scale design, implement, and defend exercise. Furthermore, we provide evidence that...

In this paper, we describe a toolset for managing the configuration and management of large-scale networks. In particular, we focus on managing limited processing and communication resources for coordinated network cyber-defense applications. Our implementation encompasses the complete cycle, from initial network modeling and extraction of the relevant constraints, through translation into a fo...

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker...

The Cyber-Terrorist is assumed to be a very real threat to modern information systems, especially those trusted to control the nation’s defenses and critical infrastructure. Very little intelligence or solid data exist regarding this adversary. This discussion chronicles the efforts by a team at the Defense Advanced Research Projects Agency to model and characterize this adversary. The ultimate...

Abstract Private sector Active Cyber Defence (ACD) lies on the intersection of domestic security and international is a recurring subject, often under more provocative flag ‘hack back’, in American debate about cyber security. This article looks at theory practice private provision analyses detail number recent reports publications ACD by Washington DC based commissions think tanks. Many these ...

Internet users such as individuals and organizations are subject to different types of epidemic risks such as worms, viruses, spams, and botnets. To reduce the probability of risk, an Internet user generally invests in traditional security mechanisms like anti-virus and anti-spam software, sometimes also known as self-defense mechanisms. However, such software does not completely eliminate risk...

Moving target cyber-defense systems encompass a wide variety of techniques in multiple areas of cyber-security. The dynamic system reconfiguration aspect of moving target cyber-defense can be used as a basis for providing an adaptive attack surface. The goal of this research is to develop novel control theoretic mechanisms by which a range of cyber maneuver techniques are provided such that whe...

SCADA (Supervisory Control and Data Acquisition) systems are used to control and monitor critical national infrastructure functions like electricity, gas, water and railways. Field devices such as PLC’s (Programmable Logic Controllers) are one of the most critical components of a control system. Cyber-attacks usually target valuable infrastructures assets, taking advantage of architectural/tech...