Military Communications and Information Technology: A Trusted ...
Share Embed Flag
Download ePaper

Military Communications and Information Technology: A Trusted ...

Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...

wil.waw.pl
22.01.2015 Views

420 Military Communications and Information Technology... • permanence and periodicity (every daily mission, which is realized usually during one combat day (24 hours) is focused on new experiences, every completed cycle of processing creates a foundation for next iterations); • incremental construction (every cycle generates added value in the form of extended/qualitative and quantitative changes in repository of experiences gained) and exploiting new experiences (experiences gained can be used as a request for change of warfare regulations, add new content to training program/syllabuses and eventually justify changes in doctrines). A. Classification of factual data Classification of factual data and especially of the extracted incidents in cyber defence domain is necessary to perform a statistical analysis of the data. Rules/ guidelines/methods for classifying factual data (especially incidents) in cyber defence domain are presented in this subsection. Proper taxonomy should be created considering rules below e.g.: • Ockham's razor – reduce additional duplicable entities; • divisibility of categories – entity classified to one category cannot be classified elsewhere; • completeness – all categories comprise entire set of possible categories; • unequivocal – classification criteria should be precise enough so that the result of classification is always the same, no matter who is responsible for performing it; • repeatability – classification process is repeatable, no matter how many times it will be repeated; • acceptability – target taxonomy is commonly accepted; • usability – has high informative value. Statistical analysis of particular incidents occurrence is helpful in determination of appropriate defense system against cyber attacks. Factual data collected should be starting point for identification of e.g.: • the weakest elements in military network topology, • vulnerabilities of these networks on cyber attacks, • trends, • cycles, • regularities, • deviations, • anomalies. B. Aims of collecting factual data in cyberspace Cyber terrorist attack can manifest itself in the intrusion on target’s software or information technology systems and hardware. There is plenty of methods to

Chapter 4: Information Assurance & Cyber Defence 421 implement this kind of activities. It results in lack of one, unified classification, because different authors use different criteria of cyber terrorist attack description. Applying the above mentioned Ockham’s razor rule, the following classification, according to CERT Poland (Computer Emergency Response Team), is proposed (in alphabetical order): • attack on email subsystem, • attack on operational system, • attack on a server (for e.g.: WWW, DNS – Domain Name System), • illegal software, • denial of service, • dissemination of illegal and insulting, abusive content, • scanning, • social engineering, • spamming. It can also be handful to differentiate attacks and intrusions following categories: • reconnaissance activities before an attack (intrusion) • passwords cracking methods • exploiting vulnerabilities and security holes (using characteristics of applications, operating systems and protocols) • malicious code attacks (Trojans, viruses, worms) [4]. V. Methodology of collecting information about cyber incidents A. Characteristic of data sources and registration process Among variety of events identified during military missions some can be registered and observed by human senses (soldiers’ and civilians’ participating in mission) and some other only by means technical devices (Figure 2). Considering the scope of the ATHENA project and the characteristics of typical military mission, which are among all: • occurrence of asymmetric threats, • occurrence of sudden events, • time deficit, • incomplete and unsure information, • high pressure for completion of the tasks assigned and the overall goal achievement, it is difficult to perform a comprehensive (and complete) observations by soldiers and civilians (e.g. the main sources of information about incidents) in the timeframe of a mission. As a result a factual data about incidents is usually limited and fragmentary. Thus some auxiliary sources of information should be considered: • correctly constructed models – simulation environments, (e.g. simulation models, war games, battlefield simulators)

420 <strong>Military</strong> <strong>Communications</strong> <strong>and</strong> <strong>Information</strong> <strong>Technology</strong>...<br />

• permanence <strong>and</strong> periodicity (every daily mission, which is realized usually<br />

during one combat day (24 hours) is focused on new experiences, every<br />

completed cycle of processing creates a foundation for next iterations);<br />

• incremental construction (every cycle generates added value in the form<br />

of extended/qualitative <strong>and</strong> quantitative changes in repository of experiences<br />

gained) <strong>and</strong> exploiting new experiences (experiences gained can be<br />

used as a request for change of warfare regulations, add new content to<br />

training program/syllabuses <strong>and</strong> eventually justify changes in doctrines).<br />

A. Classification of factual data<br />

Classification of factual data <strong>and</strong> especially of the extracted incidents in cyber<br />

defence domain is necessary to perform a statistical analysis of the data. Rules/<br />

guidelines/methods for classifying factual data (especially incidents) in cyber defence<br />

domain are presented in this subsection. Proper taxonomy should be created<br />

considering rules below e.g.:<br />

• Ockham's razor – reduce additional duplicable entities;<br />

• divisibility of categories – entity classified to one category cannot be classified<br />

elsewhere;<br />

• completeness – all categories comprise entire set of possible categories;<br />

• unequivocal – classification criteria should be precise enough so that<br />

the result of classification is always the same, no matter who is responsible<br />

for performing it;<br />

• repeatability – classification process is repeatable, no matter how many<br />

times it will be repeated;<br />

• acceptability – target taxonomy is commonly accepted;<br />

• usability – has high informative value.<br />

Statistical analysis of particular incidents occurrence is helpful in determination<br />

of appropriate defense system against cyber attacks. Factual data collected<br />

should be starting point for identification of e.g.:<br />

• the weakest elements in military network topology,<br />

• vulnerabilities of these networks on cyber attacks,<br />

• trends,<br />

• cycles,<br />

• regularities,<br />

• deviations,<br />

• anomalies.<br />

B. Aims of collecting factual data in cyberspace<br />

Cyber terrorist attack can manifest itself in the intrusion on target’s software<br />

or information technology systems <strong>and</strong> hardware. There is plenty of methods to

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!