US DOD and NATO plan Battlefield Internet of Things connecting sensors, wearables, weapons, minitions, platforms and networks for information dominance

The Internet-of-Things is an emerging revolution in the ICT sector under which there is shift from an “Internet used for interconnecting end-user devices” to an “Internet used for interconnecting physical objects that communicate with each other and/or with humans in order to offer a given service”.

The increasing miniaturization of electronics has enabled tiny sensors and processors to be integrated into everyday objects, making them ‘‘smart’’ , such as smart watches, fitness monitoring products, food items, home appliances, plant control systems, equipment monitoring and maintenance sensors and industrial robots. By means of wireless and wired connections, they are able to interact and cooperate with each other to create new applications/services in order to reach common goals. By 2025, it is predicted that there can be as many as 100 billion connected IoT devices or network of everyday objects as well as sensors that will be infused with intelligence and computing capability.

The rapid growth in IOT devices, however will offer new opportunities for hacking, identity theft, disruption, and other malicious activities affecting the people, infrastructures and economy. Some incidents have already happened, FDA issued an alert about a connected hospital medicine pump that could be compromised and have its dosage changed. Jeep Cherokee was sensationally remote-controlled by hackers in 2015.

The military operations will be significantly affected by widespread adoption of IoT technologies. Analogous to IoT, Military internet of things (MIOT) comprising multitude of platforms, ranging from ships to aircraft to ground vehicles to weapon systems, is expected to be developed. MIoT offers high potential for the military to achieve significant efficiencies, improve safety and delivery of services, and produce major cost savings.

Some of the military applications include fully immersive virtual simulations for soldiers’ training; autonomous vehicles; the ability to use smart inventory systems to consolidate warehouses using a web-based delivery and inventory system; and business systems like the Army Strategic Management System to manage energy, utilities and environmental sensors.  The military has begun taking steps towards implementing IoT technologies—some troops have been issued with helmets containing built-in monitoring devices to detect potential concussions and other brain injuries.

“With strategy concepts such as “net centric,” “information dominance,” and the emergence of cyber as an entirely new domain of operations, information always has and will remain central to the military’s efficiency and effectiveness. Naturally, IoT technologies and architectures that are designed to move and process information more quickly and in distributed environments seem like natural fits for military applications,” write Joe Mariani, Brian Williams, Brett Loubert.



Military  Internet of Things

The vision of military internet of things (MIOT) is to realize “anytime, anyplace connectivity for anything, ubiquitous network with ubiquitous computing” in military domain. Commanders make decisions based on real-time analysis generated by integrating Sensors data from unmanned sensors and reports from the field. These commanders shall benefit from a wide range of information supplied by sensors and cameras mounted on the ground, and manned or unmanned vehicles or soldiers.

The DOD has been using IoT in various ways for years, Pellegrino noted, especially for managing its energy usage and physical infrastructure. Connected energy management solutions have allowed the military to reduce total energy consumption by 23 percent since 2002. The military has about 8,000 smart meters installed, with 66 percent of them reporting to an integrated management system. Connected water management has allowed the military to cut portable water use intensity by 27 percent since 2007, he said.

The University of Illinois is leading a $25 million initiative to develop an “internet of battlefield things.” Officials say the initiative aims to have humans and technology work together in a seamless network. They say the initiative will connect soldiers with smart technology in armor, radios, weapons and other objects to give troops a better understanding of battlefield situations and help them assess risks. Experts say future military operations will rely less on human soldiers and more on interconnected technology. They say unmanned systems and machine intelligence advances can be used to improve military capabilities.

Soldiers need a continual flow of information to make the best decisions possible in battle because they are constantly making quick decisions in the face of adverse conditions, UI computer science professor Tarek Abdelzaher said. “You need to connect to the right sensors, the right cameras, the right devices to collect the right pieces of information,” Abdelzaher said.

The present application researches of MIOT are almost limited on how to improve working efficiency in logistic domain using IOT technologies. In future MIOT can be Equipment Maintenance, Smart Bases, Personal Sensing, Soldier Healthcare, Battlefield Awareness, C4ISR and Fire-Control Systems. Joe Mariani, Brian Williams, Brett Loubert  categorize IoT applications according to those that aim to improve cost efficiency, those that aim to improve warfighter effectiveness, and rare cases that aim for both.

Some of the applications of MIoT are:

  1. Military Equipment Logistics – IoT can be huge enabler of efficiency, visibility and military equipment in the right hands at right time. Deploying radio frequency identification tags and standardized barcodes to track individual supplies down to the tactical level could provide real-time supply chain visibility and allow the military to order parts and supplies on demand.  The ability to use smart inventory systems to consolidate warehouses using a web-based delivery and inventory system.
  2. Equipment Maintenance: The harsh conditions and extended deployments put extensive wear and tear on equipment. IoT can enable enhanced equipment maintenance and management through monitoring, optimizing and appropriately allocating various resources and processes such as manpower, material, financial resources and maintenance personnel.
  3. Smart Bases that incorporate commercial IoT technologies in buildings, facilities, etc., force protection at bases as well as maritime and littoral environments, health and personnel monitoring, monitoring and Justin- time equipment maintenance.
  4.  Personal Sensing, Soldier Healthcare – The combination of IoT sensors (temperature, blood pressure, heart rate, cholesterol levels and blood glucose) through body area networks will allow the health of the soldier to be monitored in real time. Soldiers can be alerted of abnormal states such as dehydration, sleep deprivation, elevated heart rate or low blood sugar and, if necessary, warn a medical response team in a base hospital.
  5. Battlefield Awareness – Situational awareness encompasses a wide range of activities in the battlefield to gain information on enemy’s intent, capability and actual position. IoT can enable a vital role by collecting, analyzing, and delivering the synthesized information in real time for expeditious decision making. IoT can enhance Battlefield Awareness from global, to company, platoon and squad commanders down to single soldiers level.
  6. Fire-Control Systems: In fire-control systems, end-to-end deployment of sensor networks and digital analytics enable fully automated responses to real-time threats, and deliver firepower with pinpoint precision. Munitions can also be networked, allowing smart weapons to track mobile targets or be redirected in flight.
  7. Other use cases for IoT include fully immersive virtual simulations for soldiers’ training; autonomous vehicles;and business systems like the Army Strategic Management System to manage energy, utilities and environmental sensor.


Vulnerability of Military Internet of Things

Security equipment is also vulnerable to exploitation by politically and criminally motivated hackers. Security researchers Runa Sandvik and Michael Auger gained unauthorized access to the smart-rifle’s software via its WiFi connection and exploited various vulnerabilities in its proprietary software. The TP750 was tricked into missing the target and not firing the bullet. Recently IoT devices are themselves used for attacks such as when an internet-connected fridge was used as a botnet to send spam to tens of thousands of Internet users.

Military IoT networks will also need to deal with multiple threats from adversaries, said Army’s John Pellegrino deputy assistant secretary of the Army for strategic integration, including physical attacks on infrastructure, direct energy attacks, jamming of radiofrequency channels, attacks on power sources for IoT devices, electronic eavesdropping and malware.

DARPA has launched Leveraging the Analog Domain for Security (LADS) Program for developing revolutionary approaches for securing Military Internet of things. LADS will develop a new protection paradigm that separates security-monitoring functionality from the protected system, focusing on low-resource, embedded and Internet of Things (IoT) devices.


 US Army’s Internet of Battlefield Things (IoBT) Collaborative Research Alliance (CRA)

US Army’s Internet of Battlefield Things (IoBT) Collaborative Research Alliance (CRA)

Through its Internet of Battlefield Things (IoBT) Collaborative Research Alliance, the Army has assembled a team to conduct basic and applied research involving the explosive growth of interconnected sensing and actuating technologies that include distributed and mobile communications, networks of information-driven devices, and artificially intelligent services, and how ubiquitous “things” present imposing adversarial challenges for the Army. Alliance members leading IoBT research areas include UIUC, University of Massachusetts, University of California-Los Angeles and University of Southern California. Other members include Carnegie Mellon University, University of California Berkeley and SRI International.

The ability of the Army to understand, predict, adapt, and exploit the vast array of internet worked things that will be present of the future battlefield is critical to maintaining and increasing its competitive advantage. The explosive growth of technologies in the commercial sector that exploits the convergence of cloud computing, ubiquitous mobile communications, networks of data-gathering sensors, and artificial intelligence presents an imposing challenge for the Army. These Internet of Things (IoT) technologies will give our enemies ever increasing capabilities that must be countered, but commercial developments do not address the unique challenges that the Army will face in using them.

The U.S. Army Research Laboratory (ARL) has established an Enterprise approach to address the challenges resulting from the Internet of Battlefield Things (IoBT) that couples multi-disciplinary internal research with extramural research and collaborative ventures. ARL intends to establish a new collaborative venture (the IoBT CRA) that seeks to develop the foundations of IoBT in the context of future Army operations. The Collaborative Research Alliance (CRA) will consist of private sector and government researchers working jointly to solve complex problems. The overall objective is to develop the fundamental understanding of dynamically-composable, adaptive, goal-driven IoBTs to enable predictive analytics for intelligent command and control and battlefield services.

For the purposes of this CRA, an Internet of Battlefield Things (IoBT) can be summarized as a set of interdependent and interconnected entities (e.g. sensors, small actuators, control components, networks, information sources, etc.) or “things” that are: dynamically composed to meet multiple mission goals; capable of adapting to acquire and analyze data necessary to predict behaviors/activities, and effectuate the physical environment; selfaware, continuously learning, autonomous, and autonomic, where the things interact with networks, humans, and the environment in order to enable predictive decision augmentation that delivers intelligent command and control and battlefield services.

The IoBT is the realization of pervasive computing, communication, and sensing where everything will be a sensor and potentially a processor (i.e. increased number of heterogeneous devices, connectivity, and communication) where subsequent information is of a scale unseen before. The battlespace itself will consist of active red (enemy), blue (friendly), and gray (non-participant) resources, where deception will be the norm, the environment (e.g. megacities and rural) will be dynamic, and ownership and other boundaries will be diverse and transient.

These IoBT characteristics all translate into increased complexity for the warfighter, particularly because current, commonly available, interconnected “things” will exist in the battlefield and be increasingly intelligent, obfuscated, and pervasive. These IoBT characteristics all translate into increased complexity for the warfighter, requiring situation-adaptive responses, selective collection/processing and real time sensemaking over massive heterogeneous data.

The objective of the IoBT CRA is to develop the underlying science of pervasive, heterogeneous sensing and actuation to enhance tactical Soldier and Mission Command autonomy, miniaturization, and information analytic capabilities against adversarial influence and control of the information battlespace; delivering intelligent, agile, and resilient decisional overmatch at significant standoff and op-tempo.

The IoBT CRA consists of three main research areas: Device/Information Discovery, Composition, and Adaptation to establish theoretical foundations that facilitate goal-driven discovery, adaptation, and composition of devices and data at unprecedented scale, complexity, and rate of acquisition; Autonomous & Autonomic Actuation Enabling Intelligent Services to advance the theory and algorithms for complexity and nonlinear dynamics of real-time actuation and robustness with a focus on autonomic system properties (e.g. self-optimizing, self-healing and self-protecting behaviors); and Distributed Asynchronous Processing and Analytics of Things to enrich the theory and experimental methods for complex event processing, with compact representations and efficient pattern evaluation.

Distributed and Collaborative Intelligent Systems (DCIST) Collaborative Research Alliance (CRA)

Through its Distributed and Collaborative Intelligent Systems (DCIST) Collaborative Research Alliance (CRA), the Army will perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of large heterogeneous teams of intelligent systems and Soldiers against dynamic threats in complex and contested environments and provide technical and operational superiority through fast, intelligent, resilient and collaborative behaviors. Alliance members include the University of Pennsylvania as the lead research organization. Individual research area leads are MIT and Georgia Tech. Other consortium members are University of California San Diego, University of California Berkeley and University of Southern California.

DCIST concentrates its research into three main areas: distributed intelligence, led by MIT, where researchers will establish the theoretical foundations of multi-faceted distributed networked intelligent systems combining autonomous agents, sensors, tactical super-computing, knowledge bases in the tactical cloud, and human experts to acquire and apply knowledge to affect and inform decisions of the collective team; heterogeneous group control, let by Georgia Tech, to develop theory and algorithms for control of large autonomous teams with varying levels of heterogeneity and modularity across sensing, computing, platforms, and degree of autonomy; and adaptive and resilient behaviors, led by the University of Pennsylvania, to develop theory and experimental methods for heterogeneous teams to carry out tasks under the dynamic and varying conditions in the physical world. In addition to these three main research areas, research will be pursued along three underlying research themes in Learning, Autonomous Networking, and Cross Disciplinary Experimentation.

The U.S. Army’s operational competitive advantage in a multi-domain battle will be realized through technology dominance, said ARL Director Dr. Philip Perconti.

NATO task group to examine applicability of IoT to Military

These IoT networks will need to deal with multiple threats from adversaries, Pellegrino said, including physical attacks on infrastructure, direct energy attacks, jamming of radiofrequency channels, attacks on power sources for IoT devices, electronic eavesdropping and malware.

NATO has set up RTO task group  (IST-147) that would  select a  scenario  to   examine applicability of IoT to military operations including  base operations, situational awareness,  boundary surveillance including harbour, energy management, and etc. It shall also access the risk of applying IoT technologies in the scenario. Based on this risk assessment, models for security and trust management that address the most significant risks will be proposed. Mitigation measures may include:  Managing identity, credentials and rights of IoT devices and users; Object level protection and trust; and Assessment of available or emerging commercial security solutions. It shall also define an IoT architecture or architectures that might be used in military situations taking into account existing IoT architectures used in other domains.

Challenges and Requirements for Military internet of things (MIOT)

There is great potential for IoT technologies to revolutionize modern warfare, leveraging data and automation to deliver greater lethality and survivability to the warfighter while reducing cost and increasing efficiency. However the successful development and deployment of IoT technologies across the military requires many challenges to be solved:

  1. In contrast to commercial deployments that mainly focus on systems with fixed sensors/devices Military internet of things (MIOT) shall consist of large number of mobile things such as UAVs, Aircrafts, tanks e.t.c. The mobile IoT paradigm invalidates many of the assumptions of traditional wireless sensor networks, especially with regards to wireless technologies and protocols. In particular, mobile IoT devices would find it quite difficult to connect with each other and other components of the IoT network in the presence of mobility, intermittent connectivity and RF link variability.
  2. Deployment Features: One of the biggest constraints in a battlefield environment is power consumption. IoT devices are likely to be powered by batteries or solar power, and charged on-the-move from solar panels, trucks, or even by motion while walking. In either case, they should last for extended periods of time (at least for the duration of the mission). Therefore, devices and sensors need to be power-efficient.
  3. Challenges related to reliability and dependability, especially when IoT becomes mission critical. Equipment should fulfill the requirements imposed and be compliant with the considerations from military standards (e.g., MIL-STD 810G, MIL-STD 461F, MIL-STD-1275). IoT devices should be ruggedized and prepared to operate under extreme environmental conditions.
  4. Security challenges related to co-existence and interconnection of military and civilian IoT networks. Security concerns are the main issue holding back the military’s use of the Internet of Things. Some potential adversaries have advanced cyber and electronic warfare capabilities, and everything connected to the Internet is potentially vulnerable to attack.
  5. Node Capture Attacks: In a node capture attack, the adversary can capture and control the node or device in IoT via physically replacing the entire node, or tampering with the hardware of the node or device.
  6. Electronic Warfare: Another challenge to IoT implementation is that it makes systems vulnerable to electronic warfare. Most IoT technologies communicate wirelessly on radio frequencies. Adversaries can use relatively unsophisticated methods like RF jamming to block these signals, rendering the devices unable to communicate with backbone infrastructure.
  7. Information management challenges for military application of IoT – trustworthiness, pedigree, provenance, and enabling military commanders and missions to benefit from IoT generated information.

IoT can serve the warfighter better with more intelligence and more ways to coordinate actions amongst themselves. In 20 years the IoT will be ubiquitous, Yet for the Army and wider military to make the most of IoT, it will need to rely on heterogeneous and flexible networks that continue to operate in environments with spotty connectivity, and don’t place burdens on soldiers, said Pellegrino, deputy assistant secretary of the Army for strategic integration.

Pellegrino said some connected devices will be intelligent, and others will be “marginally intelligent” but that connectivity will spread everywhere, from munitions to weapons, robotics, vehicles and wearable devices. All of these devices will generate an enormous amount of data, he said, and the military needs to figure out how to make that data useful.

The CIA and Defense Information Security Agency (DISA) are working with commercial companies to bring the cloud and software to secure government networks. Thus, the infrastructure for dealing with the data volume of tactical IoT applications is, potentially, already in place.

“All of these devices are going to be performing a massive variety of tasks,” Pellegrino said, including recommendations on where and when to attack and defend, and which of them will need to be coordinated.

New technologies required to power IoT

State-of-the-art (SOA) sensors use active electronics to monitor the environment for the external trigger, consuming power continuously and limiting the sensor lifetime to durations of months or less. In addition, it increases the cost of deployment, either by necessitating the use of large, expensive batteries or by demanding frequent battery replacement. It also increases Warfighter exposure to danger.

DARPA’s N-ZERO program intends to extend the lifetime of remotely deployed communications and environmental sensors from months to years, by supporting projects that demonstrate the ability to continuously and passively monitor the environment, waking an electronic circuit only upon the detection of a specific trigger signature. DARPA’s N-ZERO program can also enable the future billions of Internet of Things (IoT) devices that shall be deployed ‘everywhere’ and to be accessed ‘any time’ from ‘anywhere’.

For more information on DARPA N-ZERO:

Flexible Networks

Wireless Sensor Networks shall  play major part in another revolution that is in IoT although other communication techniques are also used in IoT. The future billions of Internet of Things (IoT) devices shall be deployed ‘everywhere’ and to be accessed ‘any time’ from ‘anywhere’, anything from large buildings, industrial plants, planes, cars, machines, any kind of goods. WSN technology shall also be employed in smart cities for applications in smart grid, smart water, intelligent transportation systems, and smart homes.

Pellegrino notes that the battlefield situations the military operates in “range from the moderately stable to very high dynamic situations.” To support IoT, the military’s networks will need to be flexible and interactive, he said, and still work despite limited bandwidth, intermittent connectivity and with a large number of devices on the network.

The arrangement of those networks needs to be done “totally autonomously,” he said. The military’s partners may be changing depending on the mission, and connected devices will need to work across networks with different network equipment and configurations.

“To achieve changing objectives with multiple complex tradeoffs, we have got to have highly adaptive management and organization leading to action, with no burden on the soldier, either cognitive or physical burden,” Pellegrino said.

DARPA has been experimenting with “mobile ad hoc networks,” designed to form a self creating and self healing mesh of communication nodes, with setup time measured in minutes instead of days. DARPA envisions networks of more than 1,000 nodes providing individual soldiers with streaming video from drones and other sensors, radio communications to higher headquarters, and advanced situational awareness of other soldiers’ location and status.

DARPA’s Revolutionary Approach “LADS” for IoT Security 

DARPA, the Department of Defense’s Advanced Research Projects Agency, issued a call for “innovative research proposals” for the Leveraging the Analog Domain for Security (LADS) Program. The program is directing $36 million into developing enhanced cyber defense through analysis of involuntary analog emissions, including things like “electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations.”

The program will explore technologies to associate the running state of a device with its involuntary analog emissions across different physical modalities including, but not limited to, electromagnetic emissions, acoustic emanations, power fluctuations and thermal output variations. This will allow a decoupled monitoring device to confirm the software that is running on the monitored device and what the current state of the latter is (e.g., which instruction, basic block, or function is executing, or which part of memory is being accessed).


for more information on  DARPA LADS:




References and resources also include:


Cyber an operational domain of warfare, and Militaries establishing Cyber commands and planning Offensive cyber operations

The incidents of cyberwarfare are ever increasing, targeting more and more countries and becoming legitimate. Part of the Ukrainian power grid was attacked by hackers, causing blackouts; US accused Iranians of attempting to hack into the control-system of a dam.  President Barack Obama strongly suggested that Russian President Vladimir Putin personally authorized the computer hacks of Democratic Party emails that American intelligence officials say were aimed at helping Republican Donald Trump win the Nov. 8 election. Russia was also suspected for cyber-attack on Turkey following the downing of a Russian fighter jet late last year. The US Government itself has announced to have launched a series of cyber-attacks against the Islamic State coordinated by the Cyber Command. “Our cyberoperations are disrupting their command-and-control and communications,” Mr. Obama saidat the C.I.A. headquarters in Langley, Va., on countering the Islamic State.


“At its heart, cyberwarfare involves digital attacks on the networks, systems and data of another state, with the aim of creating significant disruption or destruction. That might involve destroying, altering or stealing data, or making it impossible to access online services, whether they are used by the military and broader society. These digital attacks may also be designed to cause physical damage in the real world – such as hacking into a dam’s control systems to opening its floodgates,” says Techrepublic. A wider definition of cyberwarfare could also include some elements of what is also known as information warfare — including online propaganda and disinformation, such as the use of ‘troll armies’ to promote a certain view of the world across social media.


“Cyber warfare is a great alternative to conventional weapons,” says Amy Chang, a research associate in the technology and national security program at the Center for a New American Security. “It is cheaper for and far more accessible to these small nation-states. It allows these countries to pull off attacks without as much risk of getting caught and without the repercussions when they are [caught].”


NATO ministers have designated cyber as an official operational domain of warfare, along with air, sea, and land. Cyber warfare has developed into a more sophisticated type of combat between countries, where you can destroy communications infrastructure, said Marc Rogers, Head of Security for DefCon, adding that ordinary people become pawns in these games. Many governments are building a cyberwarfare capability: among the most advanced countries are the US, Russia, China, Iran and South Korea.  US and other coutries including U.K., China, Russia, Israel and others are setting up Unified cyber commands for more effective and coordinated efforts for conducting cyberspace operations, both offensive and defensive. The offensive operations are seen as deterrent to adversaries.


Sergei Shoigu Russia’s defense minister in Feb 2017  made first official acknowledgement of the existence of  Russian cyber army when he said that his nation also has built up its muscle by forming a new branch of the military — information warfare troops.  Retired Gen. Vladimir Shamanov, the head of defense affairs committee in the lower house of parliament, said that information warfare troops’ task is to “protect the national defense interests and engage in information warfare,” according to the Interfax news agency. He added that part of their mission is to fend off enemy cyberattacks. Viktor Ozerov, the head of the upper house’s defense and security committee, also told Interfax that the information troops will protect Russia’s data systems from enemy attacks, not wage any hacking attacks abroad.

The US Unified Cyber command, USCYBERCOM

“The breadth of cyber threats posed to U.S. national and economic security has become increasingly diverse, sophisticated, and impactful,” Director of National Intelligence James Clapper said. “Although we must be prepared for a large, armageddon-scale [attack] that would debilitate U.S. infrastructure, that is not the most likely scenario,” Clapper told the committee. “We foresee an ongoing series of low-to-moderate level cyberattacks from a variety of sources over time, which impose cumulative costs on U.S. economic competitiveness and national security.”


“The first shots of the next actual war will likely be fired in cyberspace and likely with devastating effect,” Chief of Staff  Gen. Milley said at the event. “Many analysts and senior government officials have said their greatest fear is a cyber Pearl Harbor. Paul Nakasone’s father was at Pearl Harbor as a 14-year-old young man. We never want to see that day happen again.”“Army Cyber is racing the clock literally every day to stay ahead of adversaries in cyberspace,” said the Army’s top officer,  Gen. Mark Milley.


Chairman Sen. John McCain, R-Ariz., attributed America’s diminished cyber defenses to the lack of a policy on deterrence. “Our adversaries view our response … as timid and ineffectual. Put simply, the problem is a lack of deterrence. The administration has not demonstrated to our adversaries that the consequence of continued cyberattacks against us outweigh the benefit.”


On March 17 2016, Secretary of Defense Ash Carter testified before Congress that the Pentagon is actively ramping up its cyber and electronic warfare divisions, including $34 billion appropriated exclusively for the new cyber and electronic divisions. On June 23, 2009, the Secretary of Defense directed the Commander of US Strategic Command (USSTRATCOM) to establish a sub-unified command, USCYBERCOM. The increase in the number and sophistication of attacks on the US’ cyber networks is necessitating more effective and coordinated efforts for conducting cyberspace operations, according to US Army officials. US Defense Secretary Ash Carter’s new cyber-strategy acknowledges that the Pentagon may wage offensive cyber-warfare.


U.S. Cyber Command is split off from the intelligence-focused National Security Agency. The goal, they said, is to give U.S. Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA. Making cyber an independent military command will put the fight in digital space on the same footing as more traditional realms of battle on land, in the air, at sea and in space. The move reflects the escalating threat of cyberattacks and intrusions from other nation states, terrorist groups and hackers, and comes as the U.S. faces fears about Russian hacking.


U.S. Cyber Command is composed of several service components, units from military services who will provide Joint services to Cyber Command. In March the Cyber Mission Force was said to be at about half of its target of 6,187 personnel in 133 teams, to be divided among the nation mission force, the combat mission teams and cyber-protection teams. Each service has a two- or three-star headquarters whose commander provides forces both to their service and Cyber Command when they are supporting other joint forces headquarters.


The USCYBERCOM conducts and synchronizes activities to: secure, operate, and defend the DODIN; attain freedom of action in cyberspace while denying same to adversaries; and, when directed, conduct full spectrum cyberspace operations in order to deter or defeat strategic threats to U.S. interests and infrastructure, ensure DoD mission assurance, and achieve Joint Force Commander objectives.


US’s CYBERCOM, which has overall authority over the 133 teams the military services are building certified that the Army’s 41 teams of active-duty soldiers and civilians had reached full operational capability (FOC) on Sept. 28 2017. A similar validation for the Navy’s 40 teams followed on Oct. 6, officials said. Each of the services is expected to have its teams achieve the FOC stage by Sept. 30, 2018, and each declared initial operating capability (IOC) in October of last year.


“Reaching FOC at this point in the development of the Navy’s CMF teams is a testament to the extraordinary hard work invested in manning our teams and training our personnel,” Vice Adm. Michael Gilday, the commander of the Navy’s 10th Fleet/Fleet Cyber Command, said in a statement. But he cautioned that the FOC declaration — coming after 1,800 personnel had completed some 18,000 courses — does not mean the Navy has come close to meeting all of its objectives when it comes to equipping and training its cyber workforce, and is not a measure of overall “combat readiness.”


The US Army will soon send teams of cyber warriors to the battlefield as the military increasingly looks to take the offensive against enemy computer networks. While the Army’s mission is generally to ‘attack and destroy,’ the cyber troops have a slightly different goal, said Colonel Robert Ryan, who commands a Hawaii-based combat team. ‘Not everything is destroy. How can I influence by non-kinetic means? How can I reach up and create confusion and gain control?’ he told reporters. The cyber soldiers have been integrated for six months in infantry units, and will tailor operations according to commanders’ needs, said Colonel William Hartman of the Army’s Cyber Command.


Pentagon has already finalized “Rules of Engagement” for Cyber Warfare which will allow military commanders to determine when the cyber-attack constitutes a “Act of War”. It will also provide a framework so that the military can take appropriate actions


The US Army Network Enterprise Technology Command has activated the Cyber Protection Brigade expected to provide a more agile and responsive cyberspace force. The brigade would include platoon-sized cyber protection teams comprising soldiers, non-commissioned officers, officers, warrant officers, as well as the Army civilian employees. It would comprise of multiple teams, overall 41 teams, focusing on defending DoD’s own networks, defending civilian critical infrastructure and offensive operations.


US Navy’s ninth type command (TYCOM), Information Dominance Forces Command, supports integration of Information Dominance ID capabilities throughout the Navy. The navy’s plan is even more comprehensive than Army’s as they say they plan to integrate the space cadre and oceanographers, in addition to Intelligence specialists, information warfare officers and information professionals.



The creation of U.S. Cyber Command appears to have motivated other countries in this arena.


UK establishes British Cyber Command to Attack ISIL

Britain spies will be able to launch “offensive” cyber-attacks on individual hackers, criminal gangs and rogue states as well as jihadists for the first time under new techniques being developed by the intelligence agencies, George Osborne has revealed.


“Strong defences are necessary for our long-term security. But the capacity to attack is also a form of defence. “We need not just to defend ourselves against attacks, but rather to dissuade people and states from targetting us in the first place. “Part of establishing deterrence will be making ourselves a difficult target, so that doing us damage in cyberspace is neither cheap nor easy. “And part of establishing deterrence will be making sure that whoever attacks us knows we are able to hit back. “We are building our own offensive cyber capability – a dedicated ability to counter-attack in cyberspace.”


According to The Guardian, the 77th brigade formally came into being in April 2015. It was established as a special unit within its military structure – the British Cyber Command, by transferring up to 1500 officers under its command. The brigade will be carrying out covert operations on social networks exclusively, in an effort to spread disinformation and manipulate the population of certain countries, which should create “favorable conditions” for applying political pressure or the executing of regime change in strategically important regions of the world.

China unifying cyber warfare capabilities under a centralized command “Strategic Support Force (SSF)”

China’s rival to U.S. Cyber Command, the ambiguously named Strategic Support Force (SSF) was founded in 2015,  and today responsible for conducting many of Beijing’s most sensitive cyber-espionage and propaganda missions.  A recently released unclassified report by the Defense Department concerning the state of the PLA highlights the importance of the SSF in the scope of Beijing’s quest to challenge the U.S. in cyber and space weapons development.


“Chinese leadership has described the SSF as a ‘new-type’ force and force for innovation, incubating some of the [People Liberation Army]’s most advanced capabilities, meaning it will be earmarked significant resources,” said John Costello, a senior analyst with U.S. dark web intelligence firm Flashpoint. “The SSF reflects a broader conception of cyber operations than that assumed by U.S. armed forces,” said Segal, specifically by Cyber Command. For example, information operations, also known as psychological warfare, is aligned with China’s offensive cyber mission because of the way Chinese military officials generally understand cybersecurity.


China established “information warfare units in the People’s Liberation Army (PLA) in 2003 and in the 2004 it prioritized of using information to fight and win wars. In 2010, China introduced its first department dedicated to defensive cyber war and information security, in response to the creation of USCYBERCOM. The PLA’s first specialized information unit was set up in July 2010, not long after the U.S. Cyber Command went operational.


Segments of the country’s 3PLA, China’s version of the NSA, and 4PLA, a clandestine unit responsible for electronic warfare and information operations, were consolidated into the SSF two years ago. China’s military chiefs unified the country’s cyber warfare capabilities under a centralized command reporting to the Central Military Commission. This would better organize China’s cyber warfare capabilities and enhance the role of cyber within the PLA. A unified command would be “a pretty big deal” in organizing domestic cyber forces to “win informationized local wars,” according to Council on Foreign Relations cyberspace program director Adam Segal.


“It would be an official sign that cyber-attacks would be used in a military conflict,” he said. “Theoretically, it would allow them to concentrate resources in one place and create specialized forces, and might make it easier to plan joint operations.” Rep. Mike Pompeo (R-Kan.) said that China, through the PLA, has developed one of the most sophisticated cyber capabilities in the world.


China’s government is sharply increasing its investment in cyber warfare programs in what U.S. intelligence officials say is a major attempt to compete with superior U.S. military cyber capabilities. The boost in Chinese cyber warfare programs followed a meeting in September of the ruling Communist Party Politburo when General Secretary and President Xi Jinping called for adopting a new information warfare strategy.


State-run Chinese television reported Sept. 2 that President Xi Jinping called for “more military innovation in China and a new strategy for information warfare amid a global military revolution.” The directive was made during an Aug. 29 meeting of the Communist Party Politburo.


North and South Korea

The South Korean government has admitted that its cyber military command was hacked in Sep 2016 by injecting malicious codes into one of its main routing servers. South Korea’s military cyber command, set up to guard against hacking, has said. “It seems the intranet server of the cyber command has been contaminated with malware. We found that some military documents, including confidential information, have been hacked,” a military spokesman told South Korea’s Yonhap news agency.


North Korea is believed to have thousands of personnel involved in cyberwarfare. Since 2010 they have been focusing on application programming interfaces (APIs), which can be designed to attack national infrastructures, North Korean defector and computer science professor Kim Heung-Kwang told the BBC.


A formal investigation has begun into the hack and its origin. Among those suspected, the first finger is being pointed at the North. “North Korea began to train its cyber warriors while developing nuclear arms in the early 1990’s and now commands 1,700 highly skilled and specialised hackers,” Cho Hyun Chun, chief of South Korea’s Defence Security Command had said earlier.


In mid-June, South Korean police reported that more than 140,000 computers at 160 South Korean firms (mostly defense contractors) were hacked by North Korean hackers. During those attacks, more than 40,000 defense-related documents were stolen.


In December 2009, South Korea announced the creation of a cyber warfare command. Reportedly this is in response to North Korea’s creation of a cyber warfare unit. Little is known about the structure of North Korea’s cyber warfare operations, and the regime has said previously it’d retaliate
against any U.S. provocations with conventional, nuclear and cyber-attacks.

Taiwan’s “Cyber Army” Plan

Taiwan’s new Minister of National Defense Feng Shih-kuan (馮世寬) recently confirmed the intention of the new government to create a “Cyber Army” (網軍) as the fourth branch of Taiwan’s armed forces. The announcement followed the plan outlined in the Defense Policy Blue Papers published earlier by the Democratic Progressive Party (DPP), which specifically called for the “[Integration of] existing military units and capacities of IT, communications, and electronics to establish an independent fourth service branch alongside the current Armed Forces consisting of the Army, Navy, and Air Force.” Taiwan’s plan for a Cyber Army however, will make it the first country to assign equal importance to cybersecurity as to the other branches of the armed forces.

Taiwan has been target of cyber-attacks from china since many years, and has been a “testing ground” for China’s cyber army and state-sponsored hackers according to Taiwanese officials.


Germany prepares for cyberwarfare offensive

Germany’s military, the Bundeswehr, is a high-value target for hackers and foreign spy agencies – not only because of its military secrets, but also due to its IT-supported weapons systems. If hackers were ever to gain control of them, the results could be devastating.


Future cyber attacks are to be fended off by the new “Cyber and Information Space Command” (CIR), which will become operational on April 1. The command will have its own independent organizational structure, thus becoming the sixth branch of the German military – on a par with the army, navy, air force, joint medical service and joint support service. Eventually, 13,500 German soldiers and civilian contractors currently dealing with cyber defense from a number of different locations will be brought together under the CIR’s roof.


The Bundeswehr is facing a major change of its strategy in cyber warfare. In addition to defense against cyberattacks, the German army is due to perform attacks on foreign states, DWN wrote, referring to a strategy paper of the German Ministry of Defense. The Bundeswehr will be responsible for responding to cyberattacks – while also resorting to military means in case of attack on its critical infrastructure such as communication and transport networks. The guidelines include not only defensive measures but also offensive ones. The Bundeswehr will be ready to carry out offensive cyber operations in Germany as well as abroad.


Establishing an IDF Cyber Command

IDF Chief of Staff Gadi Eisenkot said that, in light of the challenges the IDF faces in the cyber sphere, a cyber command should be established in order for it to oversee all operational activity in the cyber dimension. According to the IDF Spokesperson’s Unit, the new command will be established over a time period of two years.


The announcement of the new cyber command came a day after Israeli cybersecurity company ClearSky said it had uncovered a massive Iranian cyber-attack against Israel. Attacks were launched against 40 Israeli targets and 500 other targets worldwide, including against reserve generals in the IDF, a security consulting company, and researchers, the firm told Army Radio.


IDF cyber command will be directly subordinate to the Chief of Staff; the fifth such branch after, the air force, navy, and intelligence, charged with both the buildup and the operational missions of the force. The major imperative in coherently implementing the decision to set up a cyber command within the IDF will be the attainment of maximal operational cooperation between the new command and other IDF forces and units.


Meir Elran and Gabi Sibonisay in INSS note: “This will not be an easy undertaking. A particularly important challenge will be the attainment of both long range planning and precise execution capabilities on the different levels, together with an optimal degree of operational flexibility in the defensive and offensive theater. An improved, innovative cyber system will serve to expand Israel’s spectrum of security capabilities, as long as it is integrated with an updated general security doctrine that is responsive to Israel’s rapidly changing needs.”


 Iran scaling up their cyber capabilites

Hackers probably linked to Iran’s government have hit Saudi and Western aerospace and petrochemical firms, marking a rise in Iranian cyber-spying prowess, security firm FireEye (FEYE.O) said on Wednesday, an assessment shared by other U.S. experts.

Iran has been scaling up its cyber capacities since the United States and Israel carried out a cyber assault on Iran in 2010, now known as the “Stuxnet” worm, aimed at disabling centrifuges in its nuclear programme, he said.

Speaking to reporters in Singapore, FireEye Chief Executive Kevin Mandia said Iranian cyber espionage had grown in sophistication since he first spotted Iranians conducting rudimentary attacks on the U.S. State Department in 2008. “They’re good. (They‘ve) got a real capability there,” Mandia said of Iran. In the investigations of attacks on Western companies and governments that FireEye is hired to do, Iran now ranks with China and Russia in terms of frequency, he said.

“In recent years, Iran has invested heavily in building out their computer network attack and exploit capabilities,” said Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security. Cilluffo, a former homeland security advisor to President George W. Bush, estimated last year in testimony before the U.S. Congress that Iran’s cyber budget had jumped twelve-fold under President Rouhani, making it a “top five world cyber-power”.

“They are also integrating cyber operations into their military strategy and doctrine,” he told Reuters on Wednesday.



References and Resources also include:

Australia’s Cyber Vision 2020, cyber security strategy, cyber science and technology plan

The exponential growth of information and communications technology (ICT) technology that includes Internet, telecommunications networks, computer systems, and embedded processors and controllers, has led to creation of Cyberspace, a global domain within ICT. The economic, social and strategic influence is exerted within, and through cyberspace domain, much like the land, air and maritime domains.

Cyber technology has become an embedded feature of modern military systems. Defence and other critical national systems are rapidly evolving to become software defined (i.e. cyber-physical) systems and are also increasingly relying on networks for their operation. There is also a developing relationship between cyber and the military capability of electronic warfare driven by the convergence of technologies, techniques and concepts and in the future we can expect to see integration of these capabilities into one continuum.

In addition to great opportunities, cyberspace also presents significant challenges. According to leading cybersecurity market intelligence agency, Cybersecurity Ventures, cybercrime will continue to rise and cost businesses globally more than $6 trillion annually by 2021.

The australian government  unveiled  its  cyber security strategy in April 2016, and  allocated A$230m to various initiatives over four years. The pilot Joint Cyber Security Centre was opened in Brisbane on 24 February 2017. More than 20 organisations are represented from the energy, water, finance, transport and mining sectors, as well as Queensland Government, CERT Australia, the Australian Federal Police and the Australian Criminal Intelligence Commission. Priorities for the Centre are automated information sharing and targeted analysis of specific cybercrime threats against Australian industry networks.

Following the declaration of Australia’s offensive cyber capability in the Cyber Security Strategy¸ the Prime Minister announced in November 2016 that offensive cyber capabilities are being employed in support of Australian Defence Force operations against Islamic State. This contributes to our national deterrence posture, and promoted mature discussion about the application of such capabilities under international law, says the annual update.

The DSTO realeased Cyber Science and Technology Plan outlining the DSTO strategy to help strengthen Australia’s cyber capabilities and deliver impact to Defence and national security.

Cyber Threats and challenges

In addition to great opportunities, cyberspace also presents significant challenges. Investment by the commercial sector in ICT is resulting in an almost continuous innovation of new cyber devices and novel applications; deepening human-technology partnerships; and an evolving cyber threat that is continually growing and changing.

The proliferation of ransomware – where the victim is prevented from accessing their systems or data until a ransom is paid
– remains an endemic problem across the globe. In Australia, reports of ransomware activity reported to the Australian
Cybercrime Online Reporting Network roughly doubled in 2016 compared to 2015. Australia remains the main target of malicious software – predominantly ransomware and software that steals personal information – in the Asia Pacific region in 2016, likely due to our economic prosperity and high adoption of technology.

Cyberspace has no national boundaries, has the potential for strong asymmetry and provides global reach for nation states, organised groups or individuals to mount an attack or use cyberspace for malicious purposes. Australia has ranked cyber security as one of the key risk areas for both Defence and national security

The enduring challenges identified are: Environmental Surprise : technology progress and its adoption and adaptation can result in unexpected morphing of cyberspace– for example the rapid emergence of mobility and cloud computing. Unknown and Persistent Threat: the cyber threat is highly variable, diverse and rapidly evolving.

Untrustworthiness: There are no guarantees that hardware devices and components; software, firmware and applications; data and information; and people can be trusted. Data-to-Decision Reflex: the ability to respond appropriately, proportionately and in relevant timescales. Cyber-EW concepts, are an emerging area hence concepts are immature.


Advancing the cyber strategy

Strong cyber security is a fundamental element of our growth and prosperity in a global economy. It is also vital for our national security. In April 2016, the government of Australia forwarded a cyber security strategy proposal to solidify its cyber space and fend off the increasing digital threats hurled by enemy states, cybercriminal organizations, and amateur opportunists.

The strategy establishes five themes of action for Australia’s cyber security over the next four years to 2020: A national cyber partnership, Strong cyber defences, Global responsibility and influence, Growth and innovation and a cyber smart nation.

The policy proposes “five themes of action” to see the strategy through to its execution and implementation.

A National Cyber Partnership: To develop co-operation and co-leadership between government bodies and business leaders for the design and implementation of the strategies. Also, to understand and estimate the cost of the cyber threats to the Australian economy.

Strong Cyber Defenses: To evaluate the cyber security performance of government agencies and use advanced technologies to reinforce the security systems of Australia, thereby making the Australian cyber infrastructure resilient to online threats.

Global Responsibility and Influence: To join International partners and promote an “open, free and secure Internet”, and find and terminate the cyber spaces that cyber criminals consider a safe haven.

Growth and Innovation: To bring about innovation in the cyber security defense system by establishing a research and development department. Plus, to empower cyber security businesses to build, promote, or export cyber security products and services.

A Cyber Smart Nation: To spread cyber security awareness in the country as well as to bring on board more cyber security professionals.

It requires partnership involving governments, the private sector and the community. The Australian Government will take a lead role and in partnership with others, promote action to protect our online security.

Much of our digital infrastructure is owned by the private sector, so securing Australia’s cyberspace must also be a shared responsibility. It will be important that businesses and the research community work with governments and other stakeholders to improve our cyber defences and create solutions to shared problems.

The new Critical Infrastructure Centre in the Attorney-General’s Department – in cooperation with the Australian Cyber Security Centre – will work closely with our national critical infrastructure companies to identify cyber vulnerabilities, develop risk assessments and risk management strategies.

Cyber security incidents also offer an opportunity to learn. A new mandatory data breach notification law has come to Australia. Effective in early 2018, if not sooner, the new law will require businesses to notify serious data breach incidents to the Australian Information Commissioner and customers whose data has been compromised. This should place cybercrime high on Australian boards’ agendas and drive the revamping of existing cyber security systems.

To grow our cyber security capabilities to anticipate and respond to cyber threats, we must address our shortage of cyber security professionals. Government has partnered with industry and academia to build research and workforce capability in cyber security by establishing Academic Centres of Cyber Security Excellence,

The Prime Minister and the Minister Assisting the Prime Minister have led international collaboration on cyber security. Australia has continued cyber policy dialogues with China, India, South Korea, Japan, New Zealand and will shortly hold its inaugural dialogue with Indonesia. In February 2017, cyber security was permanently added to the agenda of the Australia-Indonesia Ministerial Council on Law and Security. Bilateral cyber policy engagement has been expanded with other Indo-Pacific nations, including Singapore, Fiji and Samoa.


Cyber Capabilities and S&T plan

The critical capabilities for cyberspace are threat assessment, intelligence, situational awareness, information assurance, and planning and shaping. Threat estimation includes judgment of the possible technical nature of threats (e.g. hardware or software based), likely manifestations (e.g. intermittent loss of communications) and the potential impact on cyber and interdependent systems.

Information assurance encompasses the confidentiality, availability and integrity of information whether it is stored (at rest), being processed (in use) or transmitted (in transit). Intelligence is the collection, processing and analysis of information pertaining to cyberspace and its actors. Situational awareness is the dynamic understanding of the current and projected state of own and other systems and actors and is necessary for decision making. Planning and shaping includes the selection and use of capabilities to influence and shape the cyber environment to support operations.


The DSTO Cyber Science and Technology Plan outline the DSTO strategy to help strengthen Australia’s cyber capabilities and deliver impact to Defence and national security by:
• Identifying foundational research themes that are enduringly relevant, can be applied to priority problems and underpin the development of cyber capabilities.
• Developing the ideas, concepts and methods that will forge the relationship between cyber and other defence capabilities such as electronic warfare.
• Ensure a relevant, resilient and responsive DSTO cyber capability and foster a cohesive, integrated national science and technology base.


Five foundational research themes

S&T is central to developing and seizing cyber opportunities, overcoming cyber challenges and achieving success for Australia as a digital nation, says Dr Alex Zelinsky Chief Defence Scientist. The Plan identifies five foundational research themes that are enduringly relevant; sufficiently comprehensive to cover the cyber problem space and support the development of future capability; and can be readily applied to priority problems.

These are:
Technology Forecasting: Technology forecasting is a multi-disciplinary, capability focused activity, and typically includes Science and technology analysis of technology trends and their potential impact, prototype building and testing, operations research and analysis and modeling and analysis of potential future threats.
Cyber Influence and Data Analytics: Research and development of data processing and big data analytics; social influence and behaviour analysis; multi-level information fusion; reasoning under uncertainty; machine intelligence; reasoning and decision support.
Sensing to Effects: Research and development of sensor to effector concepts, techniques and technologies, and the associated planning and decision making, includes Cyber-EW effects.
Autonomous Cyber Systems: Research and development of concepts, techniques and technologies for automated through to autonomous data processing and analysis and decision making; Artificial intelligence, machine learning, automated reasoning and planning under uncertainty, self-adaptive waveforms and algorithms.
System Design for Resilience: The science and technology underpinning cyber systems designed to operate with the explicit assumption of untrustworthiness. Trusted, trustworthy and robust systems; self-repairing and survivable networks; static and dynamic malware analysis; vulnerability analysis; hardware and software trojan analysis; Secure architectures, dynamic security protocols (including identity management), systems architecture and policies and cloud computing.

The Plan ends with the outline of a proposal to establish a Cyber Security National Science and Technology Strategy designed to: integrate and orchestrate the national resources to focus on cyber security research in support of national security, and grow the national science, technology and professional capability to benefit all sectors of the cyber community.


References and resources also include:

Blockchain or Bitcoin based Industry 4.0, and 3D printing security, faces threat from quantum computer

3D printing or additive manufacturing is ongoing revolution in manufacturing with its potential to fabricate any complex object and is being utilized from aerospace components to human organs, textiles, metals, buildings and even food.From the creation of the additive manufacturing (AM) design to final production on the shop floor, AM files can be easily transmitted with the click of a mouse. The digital nature of AM means that parts and products are easier to share and transmit, enabling the creation of digital supply networks and supply chains.  Additionally, it creates the opportunity to make AM part development fully documentable and attributable, write Stuart Trouton and others in Deloitte University press.

In future AM shall become part of ongoing evolution of the Internet through the “Internet of Things” to the “Internet of Industry”. Another name for the Internet of Industry, common in Germany, is “Industry 4.0”. In this vision, people will be able to study designs, modify them, download them onto nearby 3D printers, and thereby create new goods.

3D printing is also revolutionizing defence by printing small components to full drones on naval vessels, replacement parts for fighter aircrafts to printing ammunition. Substantial improvements have been made in 3D printing with the fabrication of 3D objects from metals, ceramics, plastics, and even multi-material capabilities. John Burrow, deputy assistant secretary of the Navy for Research, Development, Test and Evaluation said, “I think you are about to see its operational and technical potential literally explode off the map.” Burrow and Navy officials envision a future with 3-D printers forward deployed with Marines and installed aboard warships as well as shore-based commands.

However digital and networked nature of AM also give rise to many vulnerabilities. In the absence of a strong data-protection framework, a digital design-and-manufacture process creates the potential for data theft or tampering.  Hackers can exploit 3D printing technology by stealing or altering information designs, rendering your printers unusable, or corrupting your settings to make devices overheat or even explode. And of course, there is the theoretical possibility that 3D printing designs are altered with malicious intent as a method to sabotage constructions, weapons or defense systems.

Blockchain a transformative decentralized digital currency, a secure payment platform free from government interference, is being considered for security of additive manufacturing . The technology has the potential to enhance privacy, security and freedom of conveyance of data. Blockchain is based on open, global infrastructure, decentralized public ledger of transactions that no one person or company owns or controls, ensures security of transfer of funds through public and private cryptology and third parties to verify that they shook, digitally, on an agreement.

However in Oct 2017 paper, Researchers mostly from Singapore claimed  that key  protocols securing technology undergirding bitcoin are “susceptible to attack by the development of a sufficiently large quantum computer”, in their paper “Quantum attacks on Bitcoin, and how to protect against them (Quantum),” made available through the Cornell University Library.

 3D printing could be exploited by Hackers

A report was developed by the National Institute of Standards and Technology – NIST, which is part of the Department of Commerce – to warn contractors of the various vulnerable and exploitable points in the way 3D printing is used by various companies, and is not something that has come out of nowhere.

The two primary threat vectors are via network connectivity and nonvolatile storage media. When devices are not protected by applicable security controls, network connectivity and information stored within nonvolatile storage media may be used to compromise organizational information or disrupt the device.

According to the report, hackers can exploit unprotected 3D printers in a variety of ways. Some of the dangers listed are:

  • Denial of service (DoS): to make printing services unavailable.
  • Spams may waste materials while also result in denial of service for legitimate users.
  • Exploiting default administration/configuration passwords to control the device locally or remotely via a web interface.
  • Intercepting / Alteration / Corruption of unencrypted data and information.
  • Vulnerabilities of commercial embedded operating system.


DOD aims to use additive manufacturing techniques in conjunction with blockchain

The Defense Department aims to use additive manufacturing techniques in conjunction with  blockchain technology in efforts to address intellectual property challenges related to the production of military standard parts, as reported by GCN.  John Bergin, business technology officer at DoD’s Office of the Chief Information Officer, told a defense contracting forum that the U.S. Navy‘s carriers can serve as a model for a use case of blockchain. He added he believes the technology has the potential to help military organizations and industry partners to accelerate the supply chain process for “mil-spec” components.

Bergin mentioned, “What happens, when an F-18 on that carrier breaks a pin in its landing gear? They need a part, but they don’t have the part on the aircraft carrier,” he said. “How do I use additive manufacturing to get there, while still respecting Boeing’s intellectual property rights for that pin? Bergin suggested, “Blockchain -The encrypted and distributed ledger system that makes the Bitcoin cryptocurrency possible could be the answer”

If any part of the aircraft gets faulted due to damage in a small component in that part, the broken component cannot be replaced by substitute component due to intellectual property rights of the vendor. As a result, a new whole part has to be bought.

Bergin said. “IF DOD’s ecosystem of parts management can properly incorporate blockchain ledgers, the 3D printers on a carrier could securely log every pin that’s produced at sea.  You can print it, I can pay Boeing for it, and [the Navy] has planes that fly,” he said.  “How do I support the warfighter abroad, respecting the intellectual property of the vendors, and do it as a team?  Blockchain is part of that story.”

If this kind of system is adopted, it would speed up the process of supply chain by allowing the military force or the navy or the air force to  get only the pin it needs, rather than ordering a full landing gear assembly.  This would help both the military and its industry partners. Bergin said “Let’s stop buying the assembly, and let’s start making the parts where we need them.  It reduces your inventory that’s idle, and increases our operational capability at the front.”

“There are security and quality assurance challenges in addition to the intellectual property concerns”, Bergin said, but he urged vendors to  work with DOD on these issues.


The US Navy Wants to Connect Its 3-D Printers with a Blockchain

The US Navy’s innovation arm has revealed plans to trial blockchain’s potential to bring added security to its manufacturing systems. Blockchain quite simply is a “distributed database” shared through peer to peer connections in such a way that each block is a unique record that gets added to the end of the “chain.” The records are permanent and are unable to be modified. This bond creates trust between all the members of the chain and removes the need for third party mediators to handle transactions, or any other transfer of information.

This “immutable trust” allows for the removal of members not providing value (formerly used as middle-men or brokers) and allows two or more parties to conduct transactions with complete trust. If you can imagine any transaction in your life that depended on trust between you and someone you did not know, you will immediately see the value in Blockchain.

NIAC has planned to conduct a series of experiments (including a proof of concept) using blockchain technology to both securely share data between Additive Manufacturing sites, as well as help secure the digital thread of design and production. The successful  application of this technology in a controlled environment, would then  open the gates to revolutionize other aspects of Naval operations.

The ability to secure and securely share data throughout the manufacturing process (from design, prototyping, testing, production, and ultimately disposal) is critical to Additive Manufacturing and will form the foundation for future advanced manufacturing initiatives.

These efforts are pushing the production of critical pieces of gear and equipment closer and closer to deployed forces. While this change is greatly helping our material readiness, it creates the potential for vulnerabilities and makes the need for a cryptographically secure, traceable, immutable, and controllable data flow of utmost importance.


Bitcoin’s Elliptic Curve Signature Could be Broken by 2027

Bitcoins have two important security features that prevent them from being stolen or copied. Both are based on cryptographic protocols that are hard to crack. In other words, they exploit mathematical functions, like factorization, that are easy in one direction but hard in the other—at least for an ordinary classical computer.

Bitcoin transactions are stored in a distributed ledger that collates all the deals carried out in a specific time period, usually about 10 minutes. This collection, called a block, also contains a cryptographic hash of the previous block, which contains a cryptographic hash of the one before that, and so on in a chain. Hence the term blockchain. (A hash is a mathematical function that turns a set of data of any length into a set of specific length.)

The new block must also contain a number called a nonce that has a special property. When this nonce is hashed, or combined mathematically, with the content of the block, the result must be less than some specific target value.  This process of finding a nonce, called mining, is rewarded with Bitcoins. Mining is so computationally intensive that the task is usually divided among many computers that share the reward.

If a group of miners controls more than 50 percent of the computational power on the network, it can always mine blocks faster than whoever has the other 49 percent. In that case, it effectively controls the ledger. That creates an opportunity for a malicious owner of a quantum computer put to work as a Bitcoin miner.  If this computational power breaks the 50 percent threshold, it can do what it likes.

“One particular area at risk are cryptocurrencies,” the abstract notes. “We investigate the risk of Bitcoin, and other cryptocurrencies, to attacks by quantum computers. We find that the proof-of-work used by Bitcoin is relatively resistant to substantial speedup by quantum computers in the next 10 years,” the paper declares. This, they claim, is “mainly because specialized ASIC miners are extremely fast compared to the estimated clock speed of near-term quantum computers.”

The good news turns quickly bad, as “the elliptic curve signature scheme used by Bitcoin is much more at risk, and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates,” state authors Divesh Aggarwal, Gavin K. Brennen, Troy Lee, Miklos Santha, and Marco Tomamichel.


References and resources also include:

India the prime target of Cyber Warfare campaigns is taking many measures to enhance its cyber security

World has seen recently a series of high-profile global cyber attacks such as the WannaCry ransomware attack in May and NotPetya in June. In May 2017, a massive cyberattack caused major disruptions to companies and hospitals in over 150 countries, prompting a call for greater cooperation around the world. In 2016, nearly one percent of all emails sent were essentially malicious attacks, the highest rate in recent years.

A cyber security firm Quick Heal Technologies said it has detected over 48,000 MS-17- 010 Shadow Broker exploit hits responsible for ‘WannaCry ransomware’ outbreak in India with West Bengal witnessing the most incidents. Ransomware attacks increasingly affected businesses and consumers, with indiscriminate campaigns pushing out massive volumes of malicious emails. Attackers are demanding more and more from victims, with the average ransom demand rising to over 1,000 USD in 2016, up from approximately 300 USD a year earlier.

On May 17, the cyber-security firm Symantec stated in a blog post that it had traced breaches of several Indian organisations to a cyber-espionage group called Suckfly. The targeted systems belonged to the central government, a large financial institution, a vendor to the largest stock exchange and an e-commerce company. The espionage activity began in April 2014 and continued through 2015, Symantec said. Another cyber-security firm, Kaspersky Lab, announced that it too had tracked at least one cyberespionage group, called Danti, that had penetrated Indian government systems through India’s diplomatic entities.

India has been a target of many cyber attacks, cyber espionage and cyber warfare with fingers often pointing towards China and Pakistan. In one instance, according to the Toronto based Munk Centre of International Studies, GhostNet — a Chinese network, had infiltrated networks of the Indian Government as well as of the Dalai Lama. The elite National Security Guard’s website was reportedly defaced with profanity-laden messages for Prime Minister Narendra Modi last month.

On the other hand the commitment of india towards cybersecurity measures remain inadequate. As per the findings of the Global Cybersecurity Index 2017 (GCI) released by the UN telecommunications agency International Telecommunication Union (ITU), India ranks 23 out of the 193 member countries when it comes to commitment to cybersecurity. Singapore has topped a global cyber security index released by the United Nations, followed by other UN member states such as the United States, Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France and Canada, the other top 10 countries.

The Union home ministry  has created new division to check radicalisation and cyber fraud as part of a major rejig of some of its crucial wings. The new wing, CIS, has been created to monitor online crimes and threats, including cyber fraud and hacking, and suggest ways to minimise and fight them. This division will track and counter online fraud, hacking, identity theft, dark net, trafficking and cyber attacks on critical information infrastructure, the officials said.

Rising Cybersecurity threat

Rapid digitisation in all sectors in India is making the country critically prone to targeted cyber attacks and ‘WannaCry’ ransomware attack is “just the tip of the iceberg”, according to  cyber intelligence security company. The vulnerability of Indian critical infrastructure is further increasing with increasingly networking of the country under Digital India including critical infrastructure like transportation networks, power grids and financial institutions through on-line integration, with more and more official data stored on-line.

“Owing to the government initiatives and efforts, coupled with booming penetration of smartphones, PCs and high-speed internet access, the challenges associated with such attacks amplify significantly — making India one of the hot favourite destinations for a targeted cyber attack,” Israel-based Vital Intelligence Group said in a statement.

According to many cyber experts, several Indian companies and some government institutions have seen recently an increase in cyber attacks originating in China.Like in the case of the infrastructure company, these attacks are often carried out through difficult to-trace proxy servers in North Korea, Africa, Eastern Europe and Russia. Unlike a normal attack, the Chinese breaches tend to exploit vulnerabilities of Indian IT systems and “just observe.”

Large hardware imports  from China is also  leads to growing threat of hardware attacks through malicious insertion of  malware or kill switch. Malware is a software which is designed to disrupt, damage, or gain access to a computer system There are reports  that the Chinese have introduced malware or hidden software in Android phones and other hardware for surveillance, making it almost impossible for the user to detect any anomaly.

“The recent attacks strengthens the point that the biggest existential threat that is out there is cyber. It is evident that the world is already engaged in a 24×7 conflict with anonymous soldiers who are extremely difficult to trace,” said Marc Kahlberg, CEO and MD of Vital Intelligence Group.

The group noted that “one size fits all approach” can never be the solution to curb the increasing cyber attacks and a constant vigil is the only solution to stay ahead in the race with the intruders.

“Just like the traditional battlefield, there is no one correct strategy, no short term solution and no silver-bullet to win a war. But awareness, understanding and vigilance combined with accurate targeted offensive frontline cyber intelligence will go a long way to keep the enemy busy and protect all of our cyber interests,” added Kahlberg.


India’s cyber security Initiatives

Indian government unveiled a National Cyber Security Policy 2013 on 2 July 2013, with vision to build a secure and resilient cyberspace for citizens, business and government and also to protect anyone from intervening into your privacy. The mission is to protect information and information infrastructure in cyberspace, build capabilities to prevent and respond to cyber threat, reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology and cooperation.

Recognising the strategic dimensions of cyberspace, the Prime Minister’s Office (PMO) created the position of the National Cyber Security Coordinator in 2014 to implement the policy.

In India, cyberspace is being looked after primarily by the National Technical Research Organization (NTRO) operating under R&AW. Other top layer of agencies performing cyber operations  are the National Intelligence Grid, and the National Information Board.

To ensure Internet security, Computer Emergency Response Team (CERT-IN) was established by Government of India in 2004 that reports Forecast & alerts on Cyber incidents, issuing of guidelines on Cyber incidents etc. occurring in India.

In addition, the National Critical Information Infrastructure Centre (NCIIC) carved out CERT in 2013 is to protect assets in critical sectors like energy, banking, defence, telecom, transportation etc. The NSA is to oversee a public-private partnership to set up a cyber-security architecture.


Cyber warfare

Cyber warfare has developed into a more sophisticated type of combat between countries, where you can destroy critical infrastructure such as power, telecommunications or banking by damaging the computer systems that control those infrastructures. It’s widely acknowledged that offensive cyberattacks will be a necessary component of any future military campaign, and the extreme cyberweapons are being developed now.

In early September 2016, Some 22,000 pages of data related to India’s top secret Scorpene submarine program were published online. This presumed data breach brought the issue of cyber security into the headlines.

Indian Army may face serious cyber attacks from non-state actors in Pakistan, on its critical Information Infrastructure say, the Oil and Natural Gas Corporation of Electric grids.

Pakistan has unleashed a cyber war against India on social media, Over 1000 videos supporting Jehad in Kashmir have been created and several thousand anti India posts in social media have been shared in the last six months. They are both soft toned as well as radical videos, some arousing sympathy for victims, others arousing hatred against armed forces.


Cyber Agency and Cyber command

Many countries starting with US and which now includes U.K., China, Russia, Israel and others are setting up Unified cyber commands for more effective and coordinated efforts for conducting cyberspace operations , both offensive and defensive. The offensive operations are seen as deterrent to adversaries. US, Russia and China are also implementing various defence measures to protect their classified networks from Cyber Warfare.

In a bid to enhance its combat capabilities in the virtual domain, the defence ministry is working towards establishing a new cyber agency to tackle attempts by Chinese and Pakistani hackers to break into its systems and networks. “The tri-services integrated defence staff (IDS) is coming up with a unit to tackle the cyber warfare domain and it will be staffed with personnel from all the three services,” senior government sources told Mail Today.

“The forces have already started pooling in their resources in the cyber domain under the new agency, which would be headed by a major general-rank officer. The organisation will have both offensive and defensive capabilities in cyber warfare,” said the sources. Cyber arsenal shall serve as the key function of strategic deterrence.

Till now, the army, navy and air force have their own separate cells dealing with cyber issues and they have also developed individual networks for safe communication and data exchange.

The information networks created by the forces are state of the art and are capable of detecting any violation at centralised locations within a few microseconds. “If anybody puts in a pen drive in a computer of the military network, our men sitting in Delhi and other centralised locations can detect it within no time and prevent any leakage or attack immediately,” said the sources.

“This step of creating a new cyber agency, which would be a precursor to a cyber command, is in the right direction. Now the focus should be on creating infrastructure for manufacturing totally indigenous information and communication technology equipment,” said information warfare expert Pavithran Rajan.

To test its capabilities, the new agency has also carried out its first cyber warfare exercise under which Indian forces carried out attacks on their own networks to check for loopholes and steps required to strengthen the system, the sources informed.

“The forces deduced that cyber should be the first agency to be raised for dealing with the increasing instances of attacks on military networks and systems,” they said.

The command of the new agency would be on rotational basis for the three services, which means that if it is first headed by an army officer, he would be succeeded by navy and air force officers. The head of the unit would report to the chief of integrated defence staff Lt Gen Satish Dua who heads the organisation at present.


Indian Military testing its own indigenous operating system

In his maiden address to the senior commanders of the three services, the prime minister had asked them to guard against the threats in the cyber domain and after that, Army’s Jammu and Kashmir-based Northern Command started the evaluation of the indigenous operating system for military requirements.

‘The Northern Command has been evaluating the BOSS at its headquarters as an option for replacing the foreign solutions to provide more security to the critical security-related information of the forces deployed there,’ government sources told Mail Today.

BOSS is a software developed to benefit the usage of free software in the country and considered to be an important initiative by military analysts when cyber is fast emerging as warfare domain.

Army sources said protection of vital information in cyber domain is critical for the forces deployed in the command which faces both China and Pakistan as even if the itinerary of a small convoy gets leaked, it can be proven dangerous.
At present, the Indian military is using foreign-origin software, which have been frequently coming under the scanner for working for their countries’ intelligence agencies and cannot be considered safe in the prevailing atmosphere of leaks and cyber espionage.

Currently, a number of equipment in the cyber infrastructure used by the public sector agencies supporting military communication is sourced from foreign manufacturers. Fearing espionage through foreign equipment, an advisory was issued couple of years ago by the Air Force to its personnel against using the phones of a particular phone firm. Army officials from the Corps of Signals – which is responsible for maintenance and looking after entire gamut of military communication – said creating our own information and communication technology infrastructure would also help in providing opportunity for ‘Make in India’ products in the sector.



Cyber Range Centre at IIDT to train cyber warriors

The International Institute of Digital Technologies (IIDT) in Tirupati is planning to establish a Cyber Range Centre to impart training to students in thwarting cyber attacks. “eSF Labs, which is the technology partner for GFSU, is setting up the Cyber Range Centre,” according to J.A. Chowdary, IT Adviser to the Chief Minister.

“At present, phishing, cyber frauds, ransomware, malicious domains, data thefts, and mobile frauds are posing a threat to the country. We have to prepare lakhs of cyber security warriors to protect from malwares,” he said.

“The IIDT students will be trained in tackling all kinds of cyber security threats. The proposed high-end Cyber Range Centre will provide a real-time environment on how to detect and thwart cyber attacks. Discussions will be held with cyber experts, researchers, and students on the subject,” said Mr. Chowdary.


International Cooperation

A cyber partnership can be critical for India to meet its immediate goals in securing its cyber infrastructure and expanding opportunities for the country’s tech sector.

Indian and US officials also met in Washington in August 2015 at the whole-of-government cyber dialogue to discuss enhanced cyber security information sharing, cyber incident management and cyber security cooperation in the context of ‘Make in India’. In Jan 2017, India and the US have signed a Memorandum of Understanding (MoU) for close cooperation and exchange of information pertaining to cyber security. The MoU between Indian Computer Emergency Response Team (CERT-In) and US CERT was signed by Electronics and IT Secretary Aruna Sundararajan and Richard Verma, the US Ambassador to India.

With Narendra Modi’s three-day state visit to Israel –India and Israel in their joint statement have committed to promote security and stability in cyberspace – with the possibility of exploring bilateral ties between their respective governments and businesses.


India’s Cyber Security strategy

Ministry of Communications and Information Technology (India) define objectives as follows:

  • To create a secure cyber ecosystem in the country, generate adequate trust and confidence in IT system and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
  • To create an assurance framework for design of security policies and promotion and enabling actions for compliance to global security standards and best practices by way of conformity assessment (Product, process, technology & people).
  • To strengthen the Regulatory Framework for ensuring a SECURE CYBERSPACE ECOSYSTEM.
  • To enhance and create National and Sectoral level 24X7 mechanism for obtaining strategic information regarding threats to ICT infrastructure, creating scenarios for response, resolution and crisis management through effective predictive, preventive, protective response and recovery actions.
  • To improve visibility of integrity of ICT products and services by establishing infrastructure for testing & validation of security of such product.
  • To create workforce for 500,000 professionals skilled in next 5 years through capacity building skill development and training.
  • To provide fiscal benefit to businesses for adoption of standard security practices and processes.
  • To enable Protection of information while in process, handling, storage & transit so as to safeguard privacy of citizen’s data and reducing economic losses due to cyber crime or data theft.
  • To enable effective prevention, investigation and prosecution of cybercrime and enhancement of law enforcement capabilities through appropriate legislative intervention.



  • Creating a secured Ecosystem.
  • Creating an assurance framework.
  • Encouraging Open Standards.
  • Strengthening The regulatory Framework.
  • Creating mechanism for Security Threats Early Warning, Vulnerability management and response to security threat.
  • Securing E-Governance services.
  • Protection and resilience of Critical Information Infrastructure.
  • Promotion of Research and Development in cyber security.
  • Reducing supply chain risks
  • Human Resource Development (fostering education and training programs both in formal and informal sectors to support Nation’s cyber security needs and build capacity.
  • Creating cyber security awareness.
  • Developing effective Public Private Partnership.
  • To develop bilateral and multilateral relationship in the area of cyber security with other country. (Information sharing and cooperation)
  • Prioritized approach for implementation.
  • Operationalisation of Policy


“Cybersecurity is an ecosystem where laws, organisations, skills, cooperation and technical implementation need to be in harmony to be most effective,” stated the ITU report. India’s highly skilled IT workforce should be trained and harnessed by the government for strategic use. There is requirement to develop comprehensive cyber defence strategy to not only defend India, create a social media counter strategy but also attack adversary networks.


References and resources also include:

Under High-profile global cyber attacks, Global Cybersecurity Index 2017 measures the commitment of the ITU Member States to cybersecurity

Singapore has topped a global cyber security index released by the United Nations, followed by other UN member states such as the United States, Malaysia, Oman, Estonia, Mauritius, Australia, Georgia,     France and Canada, the other top 10 countries. The Index has been released by the UN telecommunications agency International Telecommunication Union (ITU). The moves come against the backdrop of a series of high-profile global cyber attacks over the past two months, such as the WannaCry ransomware attack in May and NotPetya in June.

UN survey shows big gaps in the level of cybersecurity across 193 countries in the world. As per the findings of the Global Cybersecurity Index 2017 (GCI), India ranks 23 out of the 193 member countries when it comes to commitment to cybersecurity. India has been listed in the “maturing category” of the index with a score of 0.683. Around 77 countries have been placed in the maturing category as they have developed complex commitments to cyber security and engage in cybersecurity programmes and initiatives.

The global community is increasingly embracing ICTs as key enabler for social and economic development. The information and communication technologies (ICT) networks, devices and services are increasingly critical for day-to-day life. In 2016, almost half the world used the Internet (3.5 billion users) and according to one estimate, there will be over 12 billion machine-to-machine devices connected to the Internet by 2020.

Yet, just as in the real world, the cyber world is exposed to a variety of security threats that can cause immense damage. In 2016, nearly one percent of all emails sent were essentially malicious attacks, the highest rate in recent years. Ransomware attacks increasingly affected businesses and consumers, with indiscriminate campaigns pushing out massive volumes of malicious emails. Attackers are demanding more and more from victims, with the average ransom demand rising to over 1,000 USD in 2016, up from approximately 300 USD a year earlier. In May 2017, a massive cyberattack caused major disruptions to companies and hospitals in over 150 countries, prompting a call for greater cooperation around the world.

The scale of cybercrime makes it critical for governments to have a robust cybersecurity ecosystem in place to reduce threats and enhance confidence in using electronic communications and services. First launched in 2014, the goal of the Global Cybersecurity Index (GCI) is to help foster a global culture of cybersecurity and its integration at the core of ICTs. The Global Cybersecurity Index (GCI) is a survey that measures the commitment of Member States to cybersecurity in order to raise awareness. 

Important features of the report:

  • One of the strongest commitments is to outline a cybersecurity strategy describing how the country will prepare and respond to attacks against its digital networks. According to the report Only 38% countries have a published cybersecurity strategy and only 11% have a dedicated standalone strategy; another 12% have a cybersecurity strategy under development.
  • Despite half of the Member States not having a cybersecurity strategy, 61% do have an emergency response team (i.e., CIRT, CSRIT, and CERT) with national responsibility. However, just over a fifth (21%) publish metrics on cybersecurity incidents This makes it difficult in most countries to objectively assess incidents based on the evidence and determine if protection measures are working.
  • “Cybersecurity is an ecosystem where laws, organisations, skills, cooperation and technical implementation need to be in harmony to be most effective,” stated the report, adding that cybersecurity is “becoming more and more relevant in the minds of the decision makers.”
  • In addition to showing the overall cyber security commitment of ITUs 193 member-states, the Index also shows the improvement and strengthening of the five pillars of the ITU Global Cybersecurity Agenda: legal, technical, organisational, capacity building and international cooperation.


Some of the interesting comparisons

  • Australia is third ranked in the region and home to AusCERT, one of oldest CERTs in the region formed in 1993. The highest scoring pillar is technical where there is a certification programme for information security skills provided by the Council of Registered Ethical Security Testers (CREST). Modelled after CREST, the council offers assessment, accreditation, certification, education and training in cyber and information security for individuals and corporate entities in both Australia and New Zealand.
  • The Russian Federation ranked second in the region, scores best in capacity building. Its commitments range from developing cybersecurity standards to R&D and from public awareness to a home-grown cybersecurity industry. An example of the latter is Kaspersky Labs, founded in 1997 and whose software protects over 400 million users and some 270 000 organizations.
  • Estonia is the highest-ranking nation in the Europe region. Like Georgia, Estonia enhanced its cybersecurity commitment after a 2007 attack. This included the introduction of an organizational structure that can respond quickly to attacks as well as a legal act that requires all vital services to maintain a minimal level of operation if they are cut off from the Internet. The country also hosts the headquarters of the NATO Cooperative Cyber Defence Centre of Excellence.


Conceptual framework

The GCI revolves around the ITU Global Cybersecurity Agenda (GCA) and its five pillars (legal, technical, organizational, capacity building and cooperation).

The five pillars of the GCI are briefly explained below:

  1. Legal: Measured based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime.
  2. Technical: Measured based on the existence of technical institutions and frameworks dealing with cybersecurity.
  3. Organizational: Measured based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level.
  4. Capacity Building: Measured based on the existence of research and development, education and training programmes; certified professionals and public sector agencies fostering capacity building.
  5. Cooperation: Measured based on the existence of partnerships, cooperative frameworks and information sharing networks.


The GCI 2017 edition measured the commitment of the ITU Member States to cybersecurity and highlighted a number of illustrative practices from around the world. As a logical continuation of the first iteration of the GCI issued in 2014, this version has motivated countries to improve their work related to cybersecurity, raised awareness in countries for the need to start bilateral, multilateral and international cooperation, and increased the visibility of what countries are doing to improve cybersecurity.


References and Resources also include:

Emerging threat of AI-enabled cyber Warfare by cyber criminals and adversaries

AI race has ensued between countries like US, China and Russia to take a lead in this strategic technology. US has launched third Offset strategy to leverage technologies such as artificial intelligence, autonomous systems and human-machine networks to equalise advances made by the nations opponents in recent years.

IN JULY 2017, CHINA’S government issued a sweeping new strategy with a striking aim: draw level with the US in artificial intelligence technology within three years, and become the world leader by 2030. China aims to dominate the next generation of “intelligentized” warfare, relying on “long-range, precise, smart, stealthy and unmanned weapons platforms.”

Putin warns: “Artificial intelligence is the future, not only for Russia but for all of humankind. Whoever becomes the leader in this sphere will become the ruler of the world.” The Russian military is also developing robots, anti-drone systems, and cruise missiles that would be able to analyze radars and make decisions on the altitude, speed and direction of their flight, according to state media.

“We think attackers are leveraging automation in building their attacks for a long time,” said Brian Witten, senior director at Symantec research labs. “In that sense, it is only a matter of time they start leveraging artificial intelligence (AI) a lot more aggressively. It will be their AI against our AI and whoever builds the smartest AI will end up winning the arms race.”

Symantec expects artificial intelligence-enabled cyber attacks to cause an explosion of network penetration, personal data theft, and an epidemic-level spread of intelligent viruses in the coming years, The number of malware variants rose 357 million in 2016 from 275 million two years earlier, while email malware rate also soared from 1 in 244 to 1 in 131during the same period, as per a report by Symantec in April this year. Ransomware detections touched 463,841in 2016.

Developments in the field of artificial intelligence and a recent string of attacks on numerous websites signal a terrifying future of cyber warfare, Elon Musk told his five million Twitter followers. His dire warning pertains to a mixture of machine-learning AI and rather “vulnerable” systems that lay the foundation of the internet. Musk said that the future of cyber warfare may not be waged with humans and our weapons, but with AI systems.


AI enabling Cyber Security

AI has been used recently for fighting cyber crime and cyber warfare. Many cyber security firms are using recent advances in AI and machine learning (ML) to secure systems and data of their clients as attacks get more complex and sophisticated causing unprecedented levels of disruption.

“It is important to recognise that a lot of companies in the security industry have started leveraging AI to make individual products more effective and for not only detecting malware, spam and phishing but also security operations,” said Witten. “Cyber criminals are getting smarter and they are relying on artificial intelligence to stage attacks.”

Organizations and Intelligence agencies are using User Behavior Analytics or UBA to detect when legitimate user accounts/identities have been compromised by external attackers or are being abused by insiders for malicious purposes. DARPA, earlier had launched a program known as Cyber Insider Threat (CINDER) that proposed to monitor the “keystrokes, mouse movements, and visual cues” of insider threats.

In the cyber security context AI definitely helps perceive, identify vents and patterns in a much more predictive way so we can get a well defined output. The whole point of AI is you use pattern recognition software algorithms, deep learning algorithm to detect an anomaly early on and much faster than a human being will do,” said Burgess Cooper, Partner – Cyber Security, EY.

“One of the things driving them to apply AI and ML to security operations is there are not many security experts in the world for hiring. AI doubles the effectiveness of human security experts. It is amazing. Humans with the help of AI are able to detect all kinds of attacks that human alone could not detect,” said Witten. Witten believes that AI should handle tons of data, letting humans focus on strategy.

In a recent blog post, McAfee’s chief technology officer Steve Grobman, said that in the field of cyber security, as long as there is a shortage of human talent, the industry must rely on technologies such as artificial intelligence and ML to amplify the capabilities of the humans.

However, he added as long as there are human adversaries behind cybercrime and cyber warfare, there will always be a critical need for human intellect teamed with technology.

AI enabled cyber crime and cyber Warfare

Just recently, an unknown group of hackers launched a massive “distributed denial of service” (DDoS) attack that took down part of the internet in the West. Analysis of the incident confirmed that the hackers used a huge “botnet,” or a system of computers, that comprised simple internet of things (IoT) devices to overload the systems of Dynamic Network Services (Dyn), a firm that is part of the internet address system. However, Musk said in a tweet that these DDoS attacks might not need human hackers, and in the future, they may be simple feats for advanced AI systems.

As the rates of AI adoption growing rapidly, the number of open source and commercial AI tools, libraries, and platforms, are becoming available which can be exploited by the hackers and cyber criminals. Some of the tools are cloud based Azure Machine Learning service that provides tooling for deploying predictive models as analytic solutions; Caffe Developed by Yangqin Jia, Caffe , an open-source framework for deep learning that supports various types of software architectures that were designed with image segmentation and image classification; and Deeplearning4j an open-source, distributed deep learning library for the JVM.

Cyber warfare has developed into a more sophisticated type of combat between countries, where you can destroy critical infrastructure such as power, telecommunications or banking by damaging the computer systems that control those infrastructures. It’s widely acknowledged that offensive cyberattacks will be a necessary component of any future military campaign, and the extreme cyberweapons are being developed now.

Stuxnet was the first cyberweapon, discovered in 2010 and the subsequent information leaks confirmed that the trojan was indeed a state sponsored malware designed to damage the targeted industrial control systems for a specific type of centrifuge equipment in a special nuclear facility in Iran. Developing such malware takes a lot of resources and skill and time.

Adversaries can use AI to cut short the development time of cyber weapons by using AI to discover the areas of weakness that may exist in targets. The cyber weapon can also be made adaptive according to the targets.



References and resources also include:


US’s strategy to defeat ISIS by carrying cyber war and dropping cyber bombs

US had devised a new strategy to defeat ISIS, and also started cyber warfare campaign against ISIS. US is first in world to have publically declare that it is carrying cyber war against ISIS that involves dropping “cyber bombs”-the term coined by Ash carter- to disrupt its communications and other infrastructure. The cyber warfare campaign is being carried out by military’s seven-year-old U.S. Cyber Command through full range of cyber warfare methods.

A new unit headed by Lt. Gen. Edward Cardon was tasked with developing digital weapons — fashioned from malware and other cyber-tools — that can intensify efforts to damage and destroy the Islamic State’s networks, computers and cellphones. This was also a test of operational effectiveness of its cyber command to conduct offensive mission against ISIS that was formed to thwart traditional foes like Russia, China, Iran and North Korea. The terror groups like ISIS use social media platforms like Twitter, Facebook, YouTube and internet forums to spread their messages, recruit members and gather intelligence.

While U.S. Cyber Command claimed success in carrying out what was called Operation Glowing Symphony, under which Cyber Command obtained the passwords to a number of Islamic State administrator accounts and then used them to access the accounts, change the passwords and delete content such as battlefield video. It also shut the group’s propaganda specialists out of their accounts, former officials said.

However, Last year, then-Defense Secretary Ash Carter expressed frustration that the United States was losing the cyberwar against the militants. He pushed the Cyber Command to be more aggressive. In response, the Pentagon undertook an effort to incorporate cyber technology into its daily military fight, including new ways to disrupt the enemy’s communications, recruiting, fundraising and propaganda.

The military is  now looking for new ways to bring in more civilians with high-tech skills who can help against IS and prepare for the new range of technological threats the nation will face, as reported by AP. Lt. Gen. Paul Nakasone commander of U.S. Army Cyber Command said that means getting Guard and Reserve members with technical expertise in digital forensics, math crypto-analysis and writing computer code. According to Nakasone they are bringing new expertise for identifying enemy networks, pinpointing system administrators or developers, and potentially monitoring how IS’ online traffic moves.

The Army has been steadily building cyber mission teams, as part of a broader Defense Department undertaking. Of the 41 Army teams, just over half come from the Army National Guard and Army Reserve.

United States opened a new line of combat against the Islamic State, directing the military’s eight-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons. In 2009, US established, USCYBERCOM for more effective and coordinated efforts for conducting cyberspace operations. Cyber Command, which was focused largely on Russia, China, Iran and North Korea — where cyberattacks on the United States most frequently originate — has now been given responsibility for operations against what has become the most dangerous terrorist organization in the world.

To know more about USAF cyber platforms :

“The cyberwar seal has been broken in public”, said Peter W Singer of the New America Foundation. In addition to overloading or defacing Isis’s web presence, known as a denial of service attack, and aiming to prevent the uploading or distribution of propaganda, particularly on social media, it is likely that the US Cyber Command is “mapping the people behind networks, their connections and physical locations and then feeding that into targeting on the kinetic side – injecting false info to create uncertainty”, Singer said.

However, a report by The Washington Post said that militant group’s “sophisticated” use of technology is making it difficult for the Pentagon to disrupt the group’s operations and spread of propaganda with specially-crafted malware designed to target the group’s computers, mobile devices, and infrastructure. “Cybercom has not been as effective as the department would expect them to be, and they’re not as effective as they need to be,” said a senior defense official who, like other officials, spoke on the condition of anonymity to discuss internal conversations. “They need to deliver results.”

The situation is difficult as the ISIS is having decentralized architecture which is constantly moving instead of government or nation-state, which relies on fixed and traditional infrastructure. This complicates the targeting as cybercom has to target individuals with malware or long range jamming which may have an adverse effect on civilians. Terrorist’s use of encryption is also hampering operations.

“The more dependent you are on technology, the more you are a target for cyberattack. And ISIS is less dependent,” said James Lewis, a cyber-policy expert at the Center for Strategic and International Studies, as reported by The Washington Post.


Disrupting ISIS’s Command and Control and communications

“Our cyberoperations are disrupting their command-and-control and communications,” Mr. Obama said this month, emerging from a meeting at the C.I.A. headquarters in Langley, Va., on countering the Islamic State.

While officials declined to discuss the details of their operations, interviews with more than a half-dozen senior and midlevel officials indicate that the effort has begun with a series of “implants” in the militants’ networks to learn the online habits of commanders. Now, the plan is to imitate them or to alter their messages, with the aim of redirecting militants to areas more vulnerable to attack by American drones or local ground forces.

Earlier, US Defense Secretary Ashton Carter had said the cyber effort was focused primarily on ISIS terrorists in Syria and that the campaign’s goal was to “overload their network so that they can’t function” and “interrupt their ability to command and control forces there, control the population and the economy.”


“US’s deterrence strategy, which by definition is based on the threat of consequences, is unlikely to succeed in the fight against ISIS or similarly minded groups. Death is a goal for many jihadists, and one to be celebrated.” With few deterrent options, the United States and its partners should support efforts aimed at dissuading would-be fighters before they make the decision to join ISIS, says Thomas M. Sanderson


Cyber Warfare also to counter ISIS propaganda and collect intelligence

The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters. A benefit of the administration’s exceedingly rare public discussion of the campaign, officials said, is to rattle the Islamic State’s commanders, who have begun to realize that sophisticated hacking efforts are manipulating their data. Potential recruits may also be deterred if they come to worry about the security of their communications with the militant group.

The U.S. efforts to monitor ISIS’s use of social media and counter its online propaganda and recruitment efforts have been tentative, hesitant and amateurish. Responsibility for counter-messaging has shifted between various organizations, but these agencies do not seem to share lessons learned or even operate using a cohesive strategy, write ANDREW BYERS AND TARA MOONEY in The HILL.  They suggest bringing together small teams of counterterrorist experts; regional experts who know the languages, dialects, actors and groups involved; and social media-savvy technical experts is a cheap and cost-effective approach.

Terrorism expert Sidney Jones said the country needed a cyber defense agency in order to analyze cyberspace traffic on the Internet, on social media and also on messenger services.



Goals and objectives

Mr Carter has said that by disrupting ISIS’ communications, these cyberattacks risked hindering US intelligence collection. But he said that such “trade-offs” did not detract from the need to disrupt ISIS’ networks.

Carter and the chairman of the Joint Chiefs of Staff, Marine Gen Joseph Dunford, declined to speak about the US cyber campaign in detail, but said it contributed the broader objectives of isolating the Isis capital of Mosul in Iraq and Raqqa in Syria.


Article sources also include:


NATO recognizes cyber as operational domain of warfare requiring collective response, Atlantic Council proposes cyber framework, doctrine and capabilities

NATO plans to bolster its ability to respond to cyberattacks and cybercrime by developing tools that can deter attacks on critical military and civilian network infrastructure. NATO has identified a number of key area for improvement. These include developing enhanced processes to detect, evaluate and respond to threats at all levels. Moreover, NATO aims to promote a more significant degree of information sharing between member states’ intelligence agencies to combat cyberthreats against military sites and critical civilian targets such as telecom networks and power grids.


The development of NATO defensive and offensive cyber weaponry is tasked to the Western alliance’s dedicated cyber unit, which forms part of NATO’s Supreme Headquarters Allied Powers Europe, or SHAPE. It plans to spend an investment of €71m (£61m)  to improve the protection of Nato’s 32 main locations from cyber attacks.


In April 2017, NATO carried out “Locked Shields” exercise which represents the largest international technical cyber defense exercise, according to the NATO Cooperative Cyber Defence Centre of Excellence, which has hosted the annual event since 2010. Locked Shields is a scenario-based exercise aimed at helping to train participating security experts in protecting national IT infrastructure. This year’s exercise scenario directs teams security experts to defend the networks of a fictional country’s military air base when its electric power grid, drones, military command and control systems and operational infrastructure fall under severe cyberattack.  The exercise features about 800 participants from 25 different nations worldwide and also involves protecting several specialized IT systems, including a large-scale system that controls the power grid and a system used for military planning.


“Taking into consideration current key trends in cybersecurity, we are introducing even more specialized systems to the exercise,” said Aare Reintam, the technical director at the center. “This enables us to prepare cybersecurity experts to protect even better vital networks and systems that they are not working with on a regular basis.”


The urgency behind NATO’s deepening interest in cyber defense is driven by the increasing sophistication of cyberthreats against member states, according to Brig. Gen. Christos Athanasiadis, assistant chief of staff cyber at SHAPE. NATO reported earlier this year that its infrastructure came under threat from 500 cyberattacks monthly in 2016.The United States and other NATO states have become increasingly vocal about cyber-attacks launched from Russia, China and Iran, but officials say it remains hard to determine if such attacks stem from government bodies or private groups.  In recent events, cyber attacks have been part of hybrid warfare.

NATO officially recognized cyberspace  an official operational domain of warfare, along with air, sea, and land in July 2016 . Recognizing cyber as an official domain of warfare will allow NATO to improve planning and better manage resources, training and personnel needs for cyber defense operations, said a NATO official. speaking on condition of anonymity.  NATO Secretary General Jens Stoltenberg elaborated: “[This] means that we will coordinate and organize our efforts to protect against cyber-attacks in a better and more efficient way. This is about developing our capabilities and ability to partly protect NATO cyber networks but also to help and assist nations in defending their cyber networks.”


A major cyber-attack could trigger a collective response by NATO, NATO Secretary General Jens Stoltenberg said in an interview as reported by Reuters. “A severe cyber-attack may be classified as a case for the alliance. Then NATO can and must react,” the newspaper quoted Stoltenberg as saying. “How, that will depend on the severity of the attack. In 2014 the U.S.-led alliance assessed that cyber-attacks could potentially trigger NATO’S mutual defense guarantee, or Article 5. That means NATO could potentially respond to a cyber-attack with conventional weapons, although the response would be decided by consensus.


In “Cyber, Extended Deterrence, and NATO,” Franklin D. Kramer, Robert J. Butler, and Catherine Lotrionte have analyzed the changing cyber threat landscape of NATO with potential expanded cyber hybrid action in the future. These include the use of ransomware to hold NATO assets at risk, DDoS to interrupt NATO command and control (C2) and interoperability, and physical disabling of electrical power generation and communications rendering militaries ineffective and worse, threatening domestic public safety.


The authors recommend “The extended deterrence doctrine, if applied to cyberspace, could significantly ameliorate NATO’s cyber vulnerabilities and deficiencies at the national level.” In applying that doctrine to cyber defense, nations with greater capabilities would help provide less capable nations with the establishment, transfer, training, and support of key cyber capabilities.


Advancing Cyber threats

“Over the last decade, there has been a continuing advancement of the cyber threat in both depth and breadth with the expansion of exploitation, disruption, and destruction activities. In an Internet-connected, net-centric world, military networks and key supporting critical infrastructures are now at significant risk from cyber intrusion.”


From a warfighting perspective, we have also seen the integration and synchronization of cyberspace capabilities as part of an adversary’s attack strategy leading up to and in conflict. This hybrid warfare approach of blending conventional, special operations and cyber operations capabilities is most evident in conflicts in Crimea, Syria, and Iraq, and foreshadows the type of warfighting challenge that NATO will face.


More direct attacks as part of hybrid warfare are also possible as cyber warfare integration enables adversaries to strike early and steal advantage through a variety of actions. These include the use of ransomware to hold NATO assets at risk, DDoS to interrupt NATO command and control (C2) and interoperability, and physical disabling of electrical power generation and communications rendering militaries ineffective and worse, threatening domestic public safety.


As Admiral Rogers has testified, if we cannot defend the infrastructure that undergirds our DoD bases and forces from foreign-based cyber threats, then our nation’s military capabilities are weakened and all our instruments of national power diminished. That leaves our leaders with a need for additional options to pursue short of open hostilities, and with fewer capabilities in an actual clash of arms. This raises risk for all by inviting instability and miscalculation.


Extended Deterrence 

The paper recommends that NATO provide extended deterrence to help less cyber-capable nations defend their military, telecommunications, and electric grid infrastructures and to increase NATO’s cyber capabilities as part of an integrated defense by:

  1. Creating “cyber framework nations” each of which would lead a cyber framework group and support national capabilities including the establishment, transfer, training, and support of necessary cyber capabilities; the United States would be the first cyber framework nation;
  2. Establishing operational partnerships, including at the national level, with key private entities, including ISPs and electrical grid operators; and
  3. Developing doctrine and capabilities to provide for the effective use of cyber in a conflict as part of NATO’s warfighting capabilities.


An Approach for Building New NATO Cyber Capability–the Cyber Framework Nation

The US National Institute of Standards and Technology recently developed a national cybersecurity framework (CSF), which leverages best practices and international standards. There are five different functions of the CSF: identify, protect, detect, respond, and recover. A cyber framework country can help provide highly scalable capabilities in each of these functions. These include:

  1. First, identifying highest priority national military cyber assets and supporting telecom and power grid networks that would need to be protected or employed in an response to a cyberattack by an adversary.
  2. Second, extending/enhancing automated intrusion protection and developing resilience efforts, starting with data classification and segmentation, to participating NATO member nations’ militaries, telecommunication companies, and electrical grids. Utilize high-end protection capabilities, such as multi-factor authentication, end-to-end data encryption and diverse, redundant networks, to ensure best information assurance practices in data confidentiality, integrity, and availability.
  3. Third, increasing detection capabilities by provisioning shared cyber threat intelligence capabilities. A NATO cyber threat intelligence capability would develop and share cyber indications and warnings regarding the movement of high-end state cyber-threat activity towards NATO networks and information assets.
  4. Fourth, development of NATO cyber defense “playbooks” and training exercises for cyber-attack response, with techniques, tactics, and procedures (TTPs) developed to maximize the value of the defense and resilience capabilities noted above. Include national grid and telecommunications partners in the private sector as part of the playbook TTPs and training exercises.
  5. Fifth, providing “fly away” cyber-warfare teams to provide NATO member states’ “blue team” assistance to “operate in degraded environments,” recover, and support malware forensics. These would be complementary to NATO Cyber Response Teams.

Cyber Offensive Doctrine and Capabilities

NATO needs to develop doctrine and capabilities to provide for the effective use of cyberspace in a conflict as part of NATO’s warfighting capabilities. Cyber capabilities have the prospect of being an asymmetric capacity and force multiplier that could be of important consequence to the defense of NATO nations. Adding offensive cyber capabilities to NATO’s force structure and response doctrine will increase its deterrent capabilities.

In a similar fashion to air campaign planning, prior analysis of targets, including the probability of collateral consequences could be undertaken, enabling the development of cyber-attack “campaign packages” for commanders.


The paper’s recommendations aim to strengthen NATO’s cyber capabilities and incorporate them into wider Alliance defense strategies, laying out multinational and intergovernmental steps and exploring the role of the private sector.


References and  Resources also include:

Intelligence agencies and DOD employing Real-time behavioral analytics, for detecting advanced external and internal threats and mental health

Market research company Forrester report found,”U.S. organisations suffered $40 billion in losses due to employee theft and fraud.” ” 46% of nearly 200 technology decision-makers reported internal incidents as the most common cause of the breaches they experienced in the past year,” writes Chloe Green in Information Age article.

The insider threat has posed significant challenges to US DOD from millions of documents unearthed by former contractor Edward Snowden to recent breach where sensitive personal data of tens of millions of federal employees has been lifted that not only puts individuals at risk, but compromises certain operational practices of the U.S. military/intelligence complex.

Organizations and Intelligence agencies are now using User Behavior Analytics or UBA to detect when legitimate user accounts/identities have been compromised by external attackers or are being abused by insiders for malicious purposes. DARPA, earlier had launched a program known as Cyber Insider Threat (CINDER) that proposed to monitor the “keystrokes, mouse movements, and visual cues” of insider threats.

The National Security Agency has significantly enhanced its capabilities for detecting cyber-threats in the two-plus years since former NSA contractor Edward Snowden pilfered and disclosed classified information. The multi-layered capabilities, which include user behavior analytics, now protect a private cloud that provides storage, computing and operational analytics to the intelligence community, told CIO Greg Smithberger.

Technology to Find the Next Insider Threat

Organizations must implement ways to monitor and evaluate employees continually. Advanced monitoring tools that identify life stressors, strong emotions, and atypical behavior can provide early warning of potential misconduct or spot small-scale malicious acts before they become something more sinister, writes Daniel McGarvey a counterintelligence expert at Alion Science and Technology.

An initially loyal employee does not suddenly transform into a malicious insider. “The path to a significant destructive act is marked by small infractions that grow in response to mounting personal and professional stress. Employees who engage in one type of counterproductive behavior will often engage in others. Minor misdeeds can escalate into severe transgressions,” writes Daniel McGarvey .

Data on an employee’s non-work activities – such as arrest records, court records, and credit bureau reports – can also reveal concerning behavior. Personality-mapping tools use psycholinguistic analysis to identify personality traits that may predispose an employee to commit destructive acts.

No single technology or technique will be a panacea. Through carefully designed programs that involve technology, human resources, comprehensive security policies, and effective leadership, government agencies and private companies can mitigate insider threat risks in ways that preserve employee privacy and assist at-risk employees before they can do damage. It may prevent the next Edward Snowden – a development that would benefit both the country and the individual who is diverted from a destructive path, writes  Daniel McGarvey .


User behavior Analytics (UBA)

The idea behind UBA is that there’s no way to know which users or machines are good or bad. So you assume they’re all bad, that your network has been compromised, and you constantly monitor and model everything’s behavior to find the bad actors. UBA focuses on what the user is doing: apps launched, network activity, and, most critically files accessed (when the file or email was touched, who touched it, what was done with it and how frequently).

“Old security models have no room for insider threats. As companies pour millions into preventing outside attackers from gaining entrance to their network, they operate under the assumption that those who are granted internal access in the first place are trustworthy,” writes Chloe Green. One survey of 355 IT professionals found that 61% said they couldn’t deter insider attacks, and 59% admitted they were unable to even detect one.

UBA employs modeling to establish what normal behavior looks like. It searches for patterns of usage that indicate unusual or anomalous behavior — regardless of whether the activities are coming from a hacker, insider, or even malware or other processes. While UBA won’t prevent hackers or insiders from getting into your system, it can quickly spot their work and minimize damage.

Derek Lin, Chief Data Scientist at Exabeam, and his team use a variety of supervised and unsupervised machine learning algorithms to detect anomalous patterns of user behavior, as gleaned from a variety of sources, like server logs, Active Directory entries, and virtual private networking (VPN) logs. UBA then uses big data and machine learning algorithms to assess the risk, in near-real time, of user activity.

Lin tells Datanami. “For every user and entity on the network, we try to build a normal profile–this is where the statistical analysis is involved. And then on a conceptual level, we’re looking for deviations from the norm….We use the behavior based approach to find anomalies in the system and surface them up for the security analyst to look at.”

Next, UBA performs risk modeling. Anomalous behavior is not automatically considered a risk. It must first be evaluated in light of its potential impact. If apparently anomalous activity involves resources that are not sensitive, like conference room scheduling information, the potential impact is low. However, attempts to access sensitive files like intellectual property, carries a higher impact score.

“Consequently, risk to the system posed by a particular transaction is determined using the formula Risk = Likelihood x Impact,” says Saryu Nayyar, CEO, Gurucul. Likelihood refers to the probability that the user behavior in question is anomalous. It is determined by behavior modeling algorithms. Meanwhile, impact is based on the classification and criticality of the information accessed, and what controls have been imposed on that data.

“As insider and persistent threats become more sophisticated and frequent, organizations must employ security intelligence capabilities that can quickly assess, identify and analyze user behavior against risk tolerance,” said Mike Armistead, general manager, HP Security, ArcSight.

Mind-reading AI is the newest defense against cyber attacks

Empow, a security startup, just patented a ‘mind-reading’ approach to cyber-security in order to try and discover these attacks the moment they start. CEO and Founder Avi Chesla says today in a press release:

The innovative technology behind the patent enables a human security expert to understand actual the intentions of any attacker. This “mind reading” is accomplished initially by data gathering – we read the data generated by a variety of tools inside the organization – which is then enriched by Internet data sources which yield more signals and cues. These are harvested from good guys and bad. On top of that we apply of NLP algorithms to draw definitive conclusions about what the attacker is after. No one signal lets us read the attackers’ mind, but we connected the dots to generate intention.

The AI uses all the data it can gather to determine what an attack might look like, specific to the system it is protecting, and constantly monitors everything happening on the entire network. When it doesn’t have enough data from internal sources, it begins searching outside of your network for information that fills in the gaps.

It learns to understand what suspicious behavior looks like at the moment it starts. This allows it to react within the first couple of seconds of an attack with a solution tailored to best defend your network and data. The AI is like a guard dog that comes well-trained and never stops learning how to do a better job of guarding your assets.


 NSA’s analytics capabilities thwart internal, external threats

Smithberger says the NSA is using automated capabilities “to up our game” for detecting and responding to anomalies, including anything from external attacks to suspicious internal activity. The NSA is conducting real-time forensic analysis of cybersecurity software and appliances, including firewalls, VPNs and audit logs on every network device “so that we can observe things that humans cannot put together on their own,” Smithberger says.

“But it’s a matter of understanding what is normal on your network, what is authorized on your network with pretty fine granularity … and comparing the observed, in real time, to what has been authorized and what is normal.” Smithberger says that one of the obvious examples includes the capability to spot anomalies as when a credentialed user accesses the network at a strange time and from an unusual geographic location

The agency faces a challenge in balancing the need for maximum security while addressing the privacy concerns of individual users, NSA Director Adm. Mike Rogers said, during a keynote address at the 2016 Billington Cybersecurity Summit

DOD using behavioral analytics to thwart insider threats

One of the technological approaches DOD is working on to mitigate the insider threat is behavioral analytics. Mark Nehmer, deputy chief of implementation for DITMAC said, to compile the indicators, characteristics and behaviors associated with insider threats, including “how they’ve written, where were they in social media, where were they in their work life, where were they in their personal life that we know of that we can find – as deep a dive as we can get on the individuals that we know have actually committed insider threat behaviors.” But despite the push of what Nehmer called this “human science,” he said he’s not sure when DOD will be able to establish verifiable metrics for identifying insider threats.

The other component to the behavioral issue is tying it to authorizing users within the network. The network can understand and take a benchmark on all kinds of normal behavior based on analytics. Whenever any anomalous activity takes place in network then in real time, the network can respond by either stopping traffic and calling for more analytics or shutting down operations until a human authorizes the activity.

VA contracts with DARPA-backed startup for real-time behavioral analytics, mental health app

The U.S. Department of Veterans Affairs has contracted with Boston-based startup Cogito for use of its real-time behavioral analytics mobile app that analyzes voice recordings and mobile phone usage to create clinically validated behavioral indicators of mental health.

The agency said it will use the Cogito app to detect veterans in need of mental health care, including suicide prevention. The predictive behavioral model has been validated through research by agencies including the Defense Advanced Research Projects Agency (DARPA) and The National Institute of Mental Health (NIMH).

The Cogito technology was developed in more than 15 years of research at the MIT Media Lab; the Companion app is intended to reveal unconscious signals in the human voice that disclose information about relationships and state of mind.


References and Resources also include: