Search results

This paper aims to highlight the importance and role of strategic cyber intelligence to support risk-informed decision-making, ultimately leading to improved objectives, policies, architectures and investments to advance a nation or organization’s interests in the cyber domain.

Integration of professional research literature from the fields of intelligence studies, strategy and information/computer security.

Investing in technology, firewalls and intrusion detection systems is appropriate but, by itself, insufficient. Intelligence is a key component. Cyber intelligence emphasizes prevention and anticipation, to focus cybersecurity efforts before an attack occurs (“left of the hack”). Strategic cyber intelligence can substantially reduce risk to the organization’s mission and valued assets and support its due diligence.

This paper describes how strategic cyber intelligence can be implemented and used within an enterprise to enhance its cyber defense, and create a more proactive and adaptive security posture. It not only describes strategic cyber intelligence as a distinct discipline, but also demonstrates how the key intelligence functions articulate with existing cybersecurity risk management standards.

The purpose of this paper is to build cyber-physical-psychological ternary fusion crowd intelligence network and realize comprehensive, real, correct and synchronous projection in cyber–physical–psychological ternary fusion system. Since the network of crowd intelligence is the future interconnected network system that takes on the features of large scale, openness and self-organization. The Digital-selfs in the network of crowd intelligence interact and cooperate with each other to finish transactions and achieve co-evolution eventually.

To realize comprehensive, real, correct and synchronous projection between cyber–physical–psychological ternary fusion system, the authors propose the rules and methods of projection from real world to the CrowdIntell Network. They build the mental model of the Digital-self including structure model and behavior model in four aspects: identity, provision, demand and connection, thus forming a theoretical mental model framework of Digital-self.

The mental model is excepted to lay a foundation for the theory of modeling and simulation in the research of crowd science and engineering.

This paper is the first one to propose the mental model framework and projection rules and methods of Digital-selfs in network of crowd intelligence, which lays a solid foundation for the theory of modeling, simulation, intelligent transactions, evolution and stability of CrowdIntell Network system, thus promoting the development of crowd science and engineering.

Cyber threats present constantly evolving and unique challenges to national security professionals at all levels of government. Public and private sector entities also face a constant stream of cyberattacks through varied methods by actors with myriad motivations. These threats are not expected to diminish in the near future. As a result, homeland security and national security professionals at all levels of government must understand the unique motivations and capabilities of malicious cyber actors in order to better protect against and respond to cyberattacks. This chapter outlines the most common cyberattacks; explains the motivations behind these attacks; and describes the federal, state, and local efforts to address these threats.

This chapter focuses on a critical issue in cyber intelligence in the United States (US) that concerns the engagement of state-owned or state-controlled entities with overseeing citizen’s activity in cyberspace. The emphasis in the discussion is placed on the constitutionality of state actions and the shifting boundaries in which the state can act in the name of security to protect its people from the nation’s enemies. A second piece of this discussion is which state actors and agencies can control the mechanisms by which this sensitive cyber information is collected, stored, and if needed, acted upon. The most salient case with regard to this debate is that of Edward Snowden. It reveals the US government’s abuses of this surveillance machinery prompting major debates around the topics of privacy, national security, and mass digital surveillance. When observing the response to Snowden’s disclosures one can ask what point of view is being ignored, or what questions are not being answered. By considering the silence as a part of our everyday language we can improve our understanding of mediated discourses. Recommendations on cyber-intelligence reforms in response to Snowden’s revelations – and whether these are in fact practical in modern, high-technology societies such as the US – follow.

This chapter explores the laws and unique challenges associated with the investigation and prosecution of cybercrime. Crimes that involve the misuse of computers (e.g., hacking, denial of service, and ransomware attacks) and criminal activity that uses computers to commit the act are both covered (e.g., fraud, theft, and money laundering). This chapter also describes the roles of the various federal agencies involved in investigating cybercrime, common cybercrime terms and trends, the statutes frequently used to prosecute cybercrimes, and the challenges and complexity of investigating cybercrime.

This paper aims to demonstrate the utility of a target-centric approach to intelligence collection and analysis in the prevention and investigation of ransomware attacks that involve cryptocurrencies. The paper uses the May 2017 WannaCry ransomware usage of the Bitcoin ecosystem as a case study. The approach proves particularly beneficial in facilitating information sharing and an integrated analysis across intelligence domains.

This study conducted data collection and analysis of the component Bitcoin elements of the WannaCry ransomware attack. A note of both technicalities of Bitcoin operations and current models for sharing cyber intelligence was made. Our analysis builds on and further develops current definitions and strategies for sharing cyber threat intelligence. It uses the problem definition model (PDM) and generic target network model (TNM) to create an analytic framework for the WannaCry ransomware attack scenario, allowing analysts the ability to test their hypotheses and integrate and share data for collaborative investigation.

Using a target-centric intelligence approach to WannaCry 2.0 shows that it is possible to model the intelligence problem of collecting and analysing data related to inflows and outflows of Bitcoin-related ransomware transactions. Bitcoin transactions form graph networks and allow to build a target network model for collecting, analysing and sharing intelligence with multiple stakeholders. Although attribution and anonymity prevail under cryptocurrency usage, there is a means for developing transaction walks using this method to target nefarious cryptocurrency exchanges where criminals are inclined to cash out their proceeds of crime.

The application of a target-centric intelligence approach to the cryptocurrency components of a ransomware attack provides a framework for intelligence units to break down the problem in the financial domain and model the network behaviour of illicit Bitcoin transactions relating to ransomware.

The originality of the crowd cyber system lies in the fact that it possesses the intelligence of multiple groups including intelligence of people, intelligence of objects and intelligence of machines. However, quantitative analysis of the level of intelligence is not sufficient, due to many limitations, such as the unclear definition of intelligence and the inconformity of human intelligence quotient (IQ) test and artificial intelligence assessment methods. This paper aims to propose a new crowd intelligence measurement framework from the harmony of adaption and practice to measure intelligence in crowd network.

The authors draw on the ideas of traditional Confucianism, which sees intelligence from the dimensions of IQ and effectiveness. First, they clarify the related concepts of intelligence and give a new definition of crowd intelligence in the form of a set. Second, they propose four stages of the evolution of intelligence from low to high, and sort out the dilemma of intelligence measurement at the present stage. Third, they propose a framework for measuring crowd intelligence based on two dimensions.

The generalized IQ operator model is optimized, and a new IQ algorithm is proposed. Individuals with different IQs can have different relationships, such as cooperative, competitive, antagonistic and so on. The authors point out four representative forms of intelligence as well as its evolution stages.

The authors, will use more rigorous mathematical symbols to represent the logical relationships between different individuals, and consider applying the measurement framework to a real-life situation to enrich the research on crowd intelligence in the further study.

Intelligence measurement is one of foundations of crowd science. This research lays the foundation for studying the interaction among human, machine and things from the perspective of crowd intelligence, which owns significant scientific value.

As evident from the literature review, the research on cyber security performance is centered on security metrics, maturity models, etc. Essentially, all these are helpful for evaluating the efficiency of cyber security organization but what matters is how the factors of internal efficiency affect the business performance, i.e. the external effectiveness. The purpose of this research paper is to derive the factors of internal efficiency and external effectiveness of cyber security and develop impact model to identify the most and least preferred parameters of internal efficiency with respect to all the parameters of external effectiveness.

There are two objectives for this research: Deriving the factors of internal efficiency and external effectiveness of cyber security; Developing a model to identify the impact of internal efficiency factors on the external effectiveness of cyber security since there is not much evidence of research in defining the factors of internal efficiency and external effectiveness of cyber security, the authors have chosen grounded theory methodology (GTM) to derive the parameters. In this study emic approach of GTM is followed and an algorithm is developed for administering the grounded theory research process. For the second research objective survey methodology and rank order was used to formulate the impact model. Two different samples and questionnaires were designed for each of the objectives.

For the objective 1, 11 factors of efficiency and 10 factors of effectiveness were derived. These are used as independent and dependent variable respectively in the later part of the research for the second objective. For the objective 2 the impact models among independent and dependent variables were formulated to find out the following. Most and least preferred parameters lead to internal efficiency of cyber security organization to identify the most and least preferred parameters of internal efficiency with respect to all the parameters external effectiveness.

The factors of internal efficiency and external effectiveness constructed by using grounded theory cannot remain constant in the long run, because of dynamism of the domain itself. Over and above this, there are inherent limitations of the tools like grounded theory, used in the research. Few important limitations of GTM are as below in grounded theory, it is comparatively difficult to maintain and demonstrate the rigors of research discipline. The sheer volume of data makes the analysis and interpretation complex, and lengthy time consuming. The researchers’ presence during data gathering, which is often unavoidable and desirable too in qualitative research, may affect the subjects’ responses. The subjectivity of the data leads to difficulties in establishing reliability and validity of approaches and information. It is difficult to detect or to prevent researcher-induced bias.

The internal efficiency and external effectiveness factors of cyber security can be further correlated by the future researchers to understand the correlations among all the factors and predict cyber security performance. The grounded theory algorithm developed by us can be further used for qualitative research for deriving theory through abstractions in the areas where there is no sufficient availability of data. Practitioners of cyber security can use this research to focus on relevant areas depending on their respective business objective/requirements. The models developed by us can be used by the future researchers to for various sectoral validations and correlations.

Though the financial costs of a cyber-attack are steep, the social impact of cyber security failures is less readily apparent but can cause lasting damage to customers, employees and the company. Therefore, it is always important to be mindful of how the impact of cyber security affects society as well as the bottom line when they are calculating the potential impact of a breach. Underestimating either impact can destroy a brand. The factor of internal efficiency and external effectiveness derived by us will help stakeholder in focusing on relevant area depending on their business. The impact model developed in this research is very useful for focusing a particular business requirement and accordingly tune the efficiency factor.

During literature study the authors did not find any evidence of application of grounded theory approach in cyber security research. While the authors were exploring research literature to find out some insight into the factor of internal efficiency and external effectiveness of cyber security, the authors did not find concrete and objective research on this. This motivated us to use grounded theory to derive these factors. This, in the authors’ opinion is one of the pioneering and unique contribution to the research as to the authors’ knowledge no researchers have ever tried to use this methodology for the stated purpose and cyber security domain in general. In this process the authors have also developed an algorithm for administering GTM. Further developing impact models using factors of internal efficiency and external effectiveness has lots of managerial and practical implication.