Mitigating Cyber-Attacks in Cloud Environments

Involvement of multiple cloud providers enhances the security complexity in cloud computing. Despite engaging best in class human and hardware resources, cyber-attacks in cloud paradigm continue to rise. This work aims to explore the cloud vulnerabilities that arise due to the multiple entry points. Underlying security threats are categorized into resources at providers' end, hardware security, transmission security, process security, and endpoint security. To mitigate the cyber-attacks in cloud, this work proposed a comprehensive multi-point-based framework that leverages the underlying hardware to strengthen the security at the user's end, internet service provider's end, and at the cloud data center. Security is further fortified by including the process level interaction at terminals. Framework is advanced enough to accommodate the vulnerable points of a system and a network. With the implementation of the proposed system, potential attacks can be detected during early state of penetration.

Global Terrorism as a Virus

Two decades after the twin towers collapsed, the identification of global terrorism still remains an open question for everyone. However, since 9/11, the trope of the virus entered the scholarly discourses as well as the sociopolitical debate. This investigation is aimed at moving from the metaphor of terrorism as a virus to the virus-like pathogenic processes that affect terror threats. The proposal is to highlight the fluid identity of a main viral phenomenon of evildoing, according to a strict dialogue with the microbiological domain. New lenses are needed. As the author argues, systemic thinking better suits this subject matter than traditional linear thinking. The author will seek to highlight the development of global terrorism in terms of the biological mechanism of the virus's life (pathogenesis). Finally, it will be assumed that through the subject matter of global threat philosophy can improve the understanding of a dynamic principle of identity suitable to living entities/open systems.

Islamists vs. Far Right Extremists

In this study, a data mining technique, specifically a decision tree, was applied to look at the similarities and differences between Islamists and Far Right extremists in the Profiles of Individual Radicalisation in the United States (PIRUS) dataset. The aim was to identify differences and similarities across various groups that may highlight overlaps and variations across both Islamists and Far Right extremists. The data mining technique analysed data in the PIRUS dataset according to the PIRUS codebook's grouping of variables. The decision tree technique generated a number of rules that provided insights about previously unknown similarities and differences between Islamists and Far Right extremists. This study demonstrates that data mining is a valuable approach for shedding light on factors and patterns related to different forms of violent extremism.

International Law and Cyberoperations

Foreign cyberattacks and interferences are becoming more frequent and sophisticated. In the continued absence of a general consensus regarding the applicability of concrete international legal rules in the domain of cybersecurity, individual States are beginning to determine unilaterally their national positions. The article introduces and critically assesses the national strategy of France published in late 2019 in light of current international law and further developments in 2020. France confirms the validity of current international legal norms and raises challenging and innovative legal points for an efficient update such as the right to respond to any unlawful cyberoperation that targets France, right to preemptive self-defence, and violation of the due diligence principle. The mission of the article is to evaluate the document as an important source of impetus and the potential of its impact in international law of cybersecurity.

Improving Discriminating Accuracy Rate of DDoS Attacks and Flash Events

Internet security has become a big issue with the passage of time. Among many threats, the distributed denial-of-service (DDoS) attack is the most frequent threat in the networks. The purpose of the DDoS attacks is to interrupt service availability provided by different web servers. This results in legitimate users not being able to access the servers and hence facing denial of services. On the other hand, flash events are a high amount of legitimate users visiting a website due to a specific event. Consequences of these attacks are more powerful when launched during flash events, which are legitimate traffic and cause a denial of service. The purpose of this study is to build an intelligent network traffic classification model to improve the discrimination accuracy rate of DDoS attacks from flash events traffic. Weka is adopted as the platform for evaluating the performance of a random forest algorithm.

COVID-19 and Biocybersecurity's Increasing Role on Defending Forward

The evolving nature of warfare has been changing with cybersecurity and the use of advanced biotechnology in each aspect of the society is expanding and overlapping with the cyberworld. This intersection, which has been described as “biocybersecurity” (BCS), can become a major front of the 21st-century conflicts. There are three lines of BCS which make it a critical component of overall cybersecurity: (1) cyber operations within the area of BCS have life threatening consequences to a greater extent than other cyber operations, (2) the breach in health-related personal data is a significant tool for fatal attacks, and (3) health-related misinformation campaigns as a component of BCS can cause significant damage compared to other misinformation campaigns. Based on the observation that rather than initiating the necessary cooperation COVID-19 helped exacerbate the existing conflicts, the authors suggest that BCS needs to be considered as an essential component of the cyber doctrine, within the Defending Forward framework. The findings are expected to help future cyber policy developments.

A Monte-Carlo Analysis of Monetary Impact of Mega Data Breaches

The monetary impact of mega data breaches has been a significant concern for enterprises. The study of data breach risk assessment is a necessity for organizations to have effective cybersecurity risk management. Due to the lack of available data, it is not easy to obtain a comprehensive understanding of the interactions among factors that affect the cost of mega data breaches. The Monte Carlo analysis results were used to explicate the interactions among independent variables and emerging patterns in the variation of the total data breach cost. The findings of this study are as follows: The total data breach cost varies significantly with personally identifiable information (PII) and sensitive personally identifiable information (SPII) with unique patterns. Second, SPII must be a separate independent variable. Third, the multilevel factorial interactions between SPII and the other independent variables elucidate subtle patterns in the total data breach cost variation. Fourth, class action lawsuit (CAL) categorical variables regulate the variation in the total data breach cost.

Enhancing Cyberweapon Effectiveness Methodology With SE Modeling Techniques

A recent cyberweapons effectiveness methodology clearly provides a parallel but distinct process from that of kinetic weapons – both for defense and offense purposes. This methodology promotes consistency and improves cyberweapon system evaluation accuracy – for both offensive and defensive postures. However, integrating this cyberweapons effectiveness methodology into the design phase and operations phase of weapons systems development is still a challenge. The paper explores several systems engineering modeling techniques (e.g., SysML) and how they can be leveraged towards an enhanced effectiveness methodology. It highlights how failure mode analyses (e.g., FMEA) can facilitate cyber damage determination and target assessment, how block and parametric diagraming techniques can facilitate characterizing cyberweapons and eventually assess the effectiveness of such weapons and conversely assess vulnerabilities of systems to certain types of cyberweapons.

Commissioning Development to Externals

Bringing externals in the critical business processes and having them assume some or all of the responsibilities associated with the critical business functions comes with information security risks whose impact, if materialized, could be disastrous for business and therefore warrants a meticulous and holistic approach for managing those risks. Compounded with the engagement of externals in the development process, risks facing a development project require robust risk management by the outsourcing organization. The organization should be able influence the security behavior of those externals and induce them to comply with certain secure development principles and practices. Delving deep into those risks brought about by suppliers, this study aims at offering a methodology in addressing the risks associated with commissioning some or all components of a would-be-developed product to externals and shows how those risks can be mitigated by controlling the security behavior of suppliers through well-tailored contractual provisions.

Complex System Governance as a Foundation for Enhancing the Cybersecurity of Cyber-Physical Systems

This article investigates the possible benefits of complex system governance (CSG) as a foundation for enhancing cybersecurity in critical cyber-physical systems (CPS). CPS are intrinsically linked to cyberspace and vulnerable to a wide range of risks stemming from physical and cyber threats. There remains a lack of robust frameworks for addressing the issue of cybersecurity for CPS at the metasystem level. In response, the authors suggest CSG as an organizing construct capable of providing a greater degree of cohesion and as a means to provide for design, execution, and evolution of ‘metasystemic' functions necessary to provide for communication, control, and coordination, and integration is critical to the cybersecurity of CPS. In this article, CSG is introduced as a potential construct for enhancing cybersecurity in CPS. A hypothetical case study application is then provided to illustrate the potential for this research. Finally, the authors offer conclusions and suggest future research. Keywords Case Study, Complex System Governance, Cyber-Physical Systems, Management Cybernetics, Metasystem Function, Power Grid, Systems Thinking