Scott Applegate | Georgetown University (original) (raw)

Papers by Scott Applegate

Research paper thumbnail of The dawn of Kinetic Cyber

ABSTRACT Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth ... more ABSTRACT Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber attacks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

International Conference on Cyber Conflict, Jun 4, 2013

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used to illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of Ransomware Defense? Go back to Boot Camp!

Hacker Halted, 2021

Ransomware has become the scourge of the 2020s thus far. Research and reporting show that ransomw... more Ransomware has become the scourge of the 2020s thus far. Research and reporting show that ransomware attacks increased more than 60% in 2020 and continue to grow in 2021. To combat this terrible scourge, every vendor has a new feature, gadget, service, or technical solution to assist you in beefing up your ransomware defenses with only a moderate increase in spending. But the truth is most of these attacks are succeeding not because of the technical acumen of the attackers, but because we are failing to do the basics that keep our networks, users, and data security. This talk will look at ransomware trends over the last few years and apply historic context and lessons learned to recommend the most effective solutions to protect your networks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

2013 5th International Conference on Cyber Conflict, 2013

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used to illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of The dawn of Kinetic Cyber

2013 5th International Conference on Cyber Conflict, 2013

In Articulatory Phonology the jaw is not controlled individually but serves as an additional arti... more In Articulatory Phonology the jaw is not controlled individually but serves as an additional articulator to achieve the primary constriction. In this study the timing of jaw and tongue tip gestures for the coronal consonants /

Research paper thumbnail of The Dawn of Kinetic Cyber

Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that t... more Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber attacks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used to illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of The Principle of Maneuver in Cyber Operations

Research paper thumbnail of Cyber Conflict: Disruption and Exploitation in the Digital Age

Current and Emerging Trends in Cyber Operations, 2015

In August of 1986, a former astronomer-turned-systems-administrator, on his second day on the job... more In August of 1986, a former astronomer-turned-systems-administrator, on his second day on the job, attempted to determine what was causing a 75-cent discrepancy in a UNIX accounting system at the Lawrence Berkeley National Laboratory. Over the course of the next ten months, Clifford Stoll and his coworkers would trace the anomaly to a hacker in Germany who was using computers to steal information from the United States and sell it to the Soviet Union’s KGB (Stoll 2005). This incident represents one of the earliest examples of cyber espionage and pioneered many of the tactics, techniques, and procedures used in cyber incident response actions today. More importantly, this event demonstrated the ability of nation-states or their proxies to leverage emerging network technologies to gather intelligence and to potentially disrupt the services and systems of competitor states. It was one of the groundbreaking events in a phenomenon we will collectively call ‘cyber conflict.’

Research paper thumbnail of Searching for Digital Hilltops A Doctrinal Approach to Identifying Key Terrain in Cyberspace

Research paper thumbnail of Searching for Digital Hilltops A Doctrinal Approach to Identifying Key Terrain in Cyberspace

This paper advocates the use of existing US Army and Joint doctrinal doctrinal processes for iden... more This paper advocates the use of existing US Army and Joint doctrinal doctrinal processes for identifying key terrain in cyberspace. These processes already exist and can be easily tailored to the cyberspace warfighting domain.

Research paper thumbnail of Cyber Conflict – Disruption and Exploitation in the Digital Age

Current and Emerging Trends in Cyber Operations: Policy, Strategy and Practice, 2015

This book explores current and emerging trends in policy, strategy, and practice related to cyber... more This book explores current and emerging trends in policy, strategy, and practice related to cyber operations conducted by states and non-state actors. The book examines in depth the nature and dynamics of conflicts in the cyberspace, the geopolitics of cyber conflicts, defence strategy and practice, cyber intelligence and information security

Research paper thumbnail of The Dawn of Kinetic Cyber

In Proceedings of the 5th International Conference on Cyber Conflict

Cyber-attacks are often called non-violent or non-kinetic attacks, but the simple truth is that t... more Cyber-attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber-attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber-attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber-attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber-attacks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

In Proceedings of the 5th International Conference on Cyber Conflict

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict!
events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of Leveraging Cyber Militias as a Force Multiplier in Cyber Operations

Political hackers and cyber militias have begun to play an increasingly significant role in cyber... more Political hackers and cyber militias have begun to play an increasingly significant role in cyber conflict. Non-state actors, hacktivist groups and patriotic hackers often participate in online hacking battles based on political, ideological or patriotic considerations. These groups, however, lack the legal, moral and ethical constraints often imposed on state-controlled entities. This lack of constraint could lead to the escalation of state-on-state conflicts and may inadvertently drive hostilities toward what Clausewitz would deem as total war in the cyberspace domain. It is with this in mind that western-style democracies, which are often reticent to make use of cyber militias and patriotic hackers, should begin to explore acceptable models to legitimately harness and employ such groups for limited cyber operations. Such usage could introduce needed constraints on these groups and could also prove to be a significant force multiplier in a domain where government and military organizations often suffer from limited human resources. This paper will explore several models for incorporating patriotic hackers and civilian technicians into militia-like organizations and integrating these types of organizations into a state’s cyber operations.

Research paper thumbnail of The Principle of Maneuver in Cyber Operations

The United States Military describes the concept of maneuver as the disposition of forces to cond... more The United States Military describes the concept of maneuver as the disposition of forces to conduct operations by securing positional advantages before and or during combat operations. This paper will explore the concept of maneuver as it relates to cyber operations and cyber warfare. It will attempt to define what constitutes the principle of maneuver within cyberspace as it relates to the traditional concept of maneuver in warfare and how the borderless domain of cyberspace alters this concept. The author will also briefly touch on the issue of sovereignty in cyberspace as it relates to cyber maneuver and attempt to identify how and when the concept of cyber maneuver might cross the line to violate a state’s sovereignty. This paper will demonstrate that there is a valid concept of maneuver in cyberspace, and that the stealth and anonymity provided by the Internet allows for blatant acts which, in a kinetic operation, would most like result in open armed conflict.

Research paper thumbnail of Cyber Militias and Political Hackers - Use of Irregular Forces in Cyber Warfare

IEEE Security and Privacy, Jan 1, 2011

Recent cyberattacks, such as those carried out against Estonia and Georgia, have grayed the line ... more Recent cyberattacks, such as those carried out against Estonia and Georgia, have grayed the line between political hackers and legitimate combatants involved in cyberconflicts. There has been fierce debate as to whether these attacks are the independent acts of politically motivated individuals and groups or the strategic acts of states using covert methods to direct such actions to achieve larger political objectives. These attacks lead to many important questions but have yet to be answered in the international community. Under international agreements, can a computer attack truly be claimed as an armed attack? Are participants in these cyberattacks legitimate combatants, or are they merely politically motivated individuals who are breaking the law and should thus be treated as criminals under existing international agreements? This article explores these issues, the possible benefits and drawbacks of such actions, and the ramifications such cybermilitias might have on the current and future state of cyberconflicts.

Research paper thumbnail of Full Spectrum Red Teaming in the Military Environment

Detailed exploration of the United States Army’s Red Team and the methodology it uses to assess t... more Detailed exploration of the United States Army’s Red Team and the methodology it uses to assess the information assurance defensive posture of processes, systems or organizations in an operational military environment. This paper will explore the unique goals, methods and constraints associated with conducting information assurance red team assessments of military organizations and recommend improvements in a number of areas that currently limit the scope of some assessments and leave critical areas of the Army’s networks untested and potentially vulnerable to exploitation by malicious actors.

Research paper thumbnail of Cyber Warfare - Addressing New Threats in the Information Age

The integration of information technology into virtually every aspect of modern society has creat... more The integration of information technology into virtually every aspect of modern society has created vulnerabilities that can be exploited with potentially disastrous results. Cyber Warfare can be used to exploit these vulnerabilities for political, economic or military effects inexpensively and with few repercussions to the initiating state due to the anonymity and plausible deniability offered by the internet. A number of near-peer competitor states are now developing offensive Cyber Warfare programs in order to potentially create an asymmetric advantage on the modern battlefield. Recent large scale cyber attacks on both Estonia and Georgia demonstrate the danger posed by Cyber Warfare and may represent the beginning of a new arms race to develop this new form of warfare. Cyber Warfare is a new and evolving form of warfare that presents a strategic threat to the United States and must be addressed. The United States should pursue aggressive offensive and defensive cyber warfare programs which must be coordinated across the whole of government in order to address this threat.

Research paper thumbnail of Social Engineering: Hacking the Wetware!

Information Security Journal: A Global …, Jan 1, 2009

Social engineering is a methodology that allows an attacker to bypass technical controls by attac... more Social engineering is a methodology that allows an attacker to bypass technical controls by attacking the human element in an organization. There are many techniques commonly used in social engineering including but not limited to Trojan and phishing email messages, impersonation, persuasion, bribery, shoulder surfing, and dumpster diving. Hackers rely on social engineering attacks to bypass technical controls by focusing on the human factors. Social engineers often exploit the natural tendency people have toward trusting others who seem likeable or credible, deferring to authority or need to acquiesce to social conformity. Mitigation of social engineering begins with good policy and awareness training, but there are a number of other approaches an organization can take to defend against this type of an attack. Social engineering attacks are likely to increase, and it is becoming increasingly important for organizations to address this issue.

Research paper thumbnail of The dawn of Kinetic Cyber

ABSTRACT Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth ... more ABSTRACT Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber attacks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

International Conference on Cyber Conflict, Jun 4, 2013

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used to illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of Ransomware Defense? Go back to Boot Camp!

Hacker Halted, 2021

Ransomware has become the scourge of the 2020s thus far. Research and reporting show that ransomw... more Ransomware has become the scourge of the 2020s thus far. Research and reporting show that ransomware attacks increased more than 60% in 2020 and continue to grow in 2021. To combat this terrible scourge, every vendor has a new feature, gadget, service, or technical solution to assist you in beefing up your ransomware defenses with only a moderate increase in spending. But the truth is most of these attacks are succeeding not because of the technical acumen of the attackers, but because we are failing to do the basics that keep our networks, users, and data security. This talk will look at ransomware trends over the last few years and apply historic context and lessons learned to recommend the most effective solutions to protect your networks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

2013 5th International Conference on Cyber Conflict, 2013

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used to illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of The dawn of Kinetic Cyber

2013 5th International Conference on Cyber Conflict, 2013

In Articulatory Phonology the jaw is not controlled individually but serves as an additional arti... more In Articulatory Phonology the jaw is not controlled individually but serves as an additional articulator to achieve the primary constriction. In this study the timing of jaw and tongue tip gestures for the coronal consonants /

Research paper thumbnail of The Dawn of Kinetic Cyber

Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that t... more Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber attacks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used to illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of The Principle of Maneuver in Cyber Operations

Research paper thumbnail of Cyber Conflict: Disruption and Exploitation in the Digital Age

Current and Emerging Trends in Cyber Operations, 2015

In August of 1986, a former astronomer-turned-systems-administrator, on his second day on the job... more In August of 1986, a former astronomer-turned-systems-administrator, on his second day on the job, attempted to determine what was causing a 75-cent discrepancy in a UNIX accounting system at the Lawrence Berkeley National Laboratory. Over the course of the next ten months, Clifford Stoll and his coworkers would trace the anomaly to a hacker in Germany who was using computers to steal information from the United States and sell it to the Soviet Union’s KGB (Stoll 2005). This incident represents one of the earliest examples of cyber espionage and pioneered many of the tactics, techniques, and procedures used in cyber incident response actions today. More importantly, this event demonstrated the ability of nation-states or their proxies to leverage emerging network technologies to gather intelligence and to potentially disrupt the services and systems of competitor states. It was one of the groundbreaking events in a phenomenon we will collectively call ‘cyber conflict.’

Research paper thumbnail of Searching for Digital Hilltops A Doctrinal Approach to Identifying Key Terrain in Cyberspace

Research paper thumbnail of Searching for Digital Hilltops A Doctrinal Approach to Identifying Key Terrain in Cyberspace

This paper advocates the use of existing US Army and Joint doctrinal doctrinal processes for iden... more This paper advocates the use of existing US Army and Joint doctrinal doctrinal processes for identifying key terrain in cyberspace. These processes already exist and can be easily tailored to the cyberspace warfighting domain.

Research paper thumbnail of Cyber Conflict – Disruption and Exploitation in the Digital Age

Current and Emerging Trends in Cyber Operations: Policy, Strategy and Practice, 2015

This book explores current and emerging trends in policy, strategy, and practice related to cyber... more This book explores current and emerging trends in policy, strategy, and practice related to cyber operations conducted by states and non-state actors. The book examines in depth the nature and dynamics of conflicts in the cyberspace, the geopolitics of cyber conflicts, defence strategy and practice, cyber intelligence and information security

Research paper thumbnail of The Dawn of Kinetic Cyber

In Proceedings of the 5th International Conference on Cyber Conflict

Cyber-attacks are often called non-violent or non-kinetic attacks, but the simple truth is that t... more Cyber-attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber-attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber-attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber-attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber-attacks.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

In Proceedings of the 5th International Conference on Cyber Conflict

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict!
events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of Leveraging Cyber Militias as a Force Multiplier in Cyber Operations

Political hackers and cyber militias have begun to play an increasingly significant role in cyber... more Political hackers and cyber militias have begun to play an increasingly significant role in cyber conflict. Non-state actors, hacktivist groups and patriotic hackers often participate in online hacking battles based on political, ideological or patriotic considerations. These groups, however, lack the legal, moral and ethical constraints often imposed on state-controlled entities. This lack of constraint could lead to the escalation of state-on-state conflicts and may inadvertently drive hostilities toward what Clausewitz would deem as total war in the cyberspace domain. It is with this in mind that western-style democracies, which are often reticent to make use of cyber militias and patriotic hackers, should begin to explore acceptable models to legitimately harness and employ such groups for limited cyber operations. Such usage could introduce needed constraints on these groups and could also prove to be a significant force multiplier in a domain where government and military organizations often suffer from limited human resources. This paper will explore several models for incorporating patriotic hackers and civilian technicians into militia-like organizations and integrating these types of organizations into a state’s cyber operations.

Research paper thumbnail of The Principle of Maneuver in Cyber Operations

The United States Military describes the concept of maneuver as the disposition of forces to cond... more The United States Military describes the concept of maneuver as the disposition of forces to conduct operations by securing positional advantages before and or during combat operations. This paper will explore the concept of maneuver as it relates to cyber operations and cyber warfare. It will attempt to define what constitutes the principle of maneuver within cyberspace as it relates to the traditional concept of maneuver in warfare and how the borderless domain of cyberspace alters this concept. The author will also briefly touch on the issue of sovereignty in cyberspace as it relates to cyber maneuver and attempt to identify how and when the concept of cyber maneuver might cross the line to violate a state’s sovereignty. This paper will demonstrate that there is a valid concept of maneuver in cyberspace, and that the stealth and anonymity provided by the Internet allows for blatant acts which, in a kinetic operation, would most like result in open armed conflict.

Research paper thumbnail of Cyber Militias and Political Hackers - Use of Irregular Forces in Cyber Warfare

IEEE Security and Privacy, Jan 1, 2011

Recent cyberattacks, such as those carried out against Estonia and Georgia, have grayed the line ... more Recent cyberattacks, such as those carried out against Estonia and Georgia, have grayed the line between political hackers and legitimate combatants involved in cyberconflicts. There has been fierce debate as to whether these attacks are the independent acts of politically motivated individuals and groups or the strategic acts of states using covert methods to direct such actions to achieve larger political objectives. These attacks lead to many important questions but have yet to be answered in the international community. Under international agreements, can a computer attack truly be claimed as an armed attack? Are participants in these cyberattacks legitimate combatants, or are they merely politically motivated individuals who are breaking the law and should thus be treated as criminals under existing international agreements? This article explores these issues, the possible benefits and drawbacks of such actions, and the ramifications such cybermilitias might have on the current and future state of cyberconflicts.

Research paper thumbnail of Full Spectrum Red Teaming in the Military Environment

Detailed exploration of the United States Army’s Red Team and the methodology it uses to assess t... more Detailed exploration of the United States Army’s Red Team and the methodology it uses to assess the information assurance defensive posture of processes, systems or organizations in an operational military environment. This paper will explore the unique goals, methods and constraints associated with conducting information assurance red team assessments of military organizations and recommend improvements in a number of areas that currently limit the scope of some assessments and leave critical areas of the Army’s networks untested and potentially vulnerable to exploitation by malicious actors.

Research paper thumbnail of Cyber Warfare - Addressing New Threats in the Information Age

The integration of information technology into virtually every aspect of modern society has creat... more The integration of information technology into virtually every aspect of modern society has created vulnerabilities that can be exploited with potentially disastrous results. Cyber Warfare can be used to exploit these vulnerabilities for political, economic or military effects inexpensively and with few repercussions to the initiating state due to the anonymity and plausible deniability offered by the internet. A number of near-peer competitor states are now developing offensive Cyber Warfare programs in order to potentially create an asymmetric advantage on the modern battlefield. Recent large scale cyber attacks on both Estonia and Georgia demonstrate the danger posed by Cyber Warfare and may represent the beginning of a new arms race to develop this new form of warfare. Cyber Warfare is a new and evolving form of warfare that presents a strategic threat to the United States and must be addressed. The United States should pursue aggressive offensive and defensive cyber warfare programs which must be coordinated across the whole of government in order to address this threat.

Research paper thumbnail of Social Engineering: Hacking the Wetware!

Information Security Journal: A Global …, Jan 1, 2009

Social engineering is a methodology that allows an attacker to bypass technical controls by attac... more Social engineering is a methodology that allows an attacker to bypass technical controls by attacking the human element in an organization. There are many techniques commonly used in social engineering including but not limited to Trojan and phishing email messages, impersonation, persuasion, bribery, shoulder surfing, and dumpster diving. Hackers rely on social engineering attacks to bypass technical controls by focusing on the human factors. Social engineers often exploit the natural tendency people have toward trusting others who seem likeable or credible, deferring to authority or need to acquiesce to social conformity. Mitigation of social engineering begins with good policy and awareness training, but there are a number of other approaches an organization can take to defend against this type of an attack. Social engineering attacks are likely to increase, and it is becoming increasingly important for organizations to address this issue.

Research paper thumbnail of Ransomware Defense? Go back to Boot Camp!

Hacker Halted, 2021

Ransomware has become the scourge of the 2020s thus far. Research and reporting show that ransomw... more Ransomware has become the scourge of the 2020s thus far. Research and reporting show that ransomware attacks increased more than 60% in 2020 and continue to grow in 2021. To combat this terrible scourge, every vendor has a new feature, gadget, service, or technical solution to assist you in beefing up your ransomware defenses with only a moderate increase in spending. But the truth is most of these attacks are succeeding not because of the technical acumen of the attackers, but because we are failing to do the basics that keep our networks, users, and data security. This talk will look at ransomware trends over the last few years and apply historic context and lessons learned to recommend the most effective solutions to protect your networks.

Research paper thumbnail of Challenges of "Modern" Cyber Warfare

A brief discussion on the challenges presented to both nation-states, and the private sector by s... more A brief discussion on the challenges presented to both nation-states, and the private sector by state-sponsored use of cyber capabilities.

Research paper thumbnail of Measuring Success in Defensive Cyber Operations

Discussion on measuring success in Defensive Cyberspace Operations.

Research paper thumbnail of Towards a Cyber Conflict Taxonomy

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors ... more This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

Research paper thumbnail of The Dawn of Kinetic Cyber

Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that t... more Cyber attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber attacks.

Research paper thumbnail of Leveraging Cyber Militias as a Force Multiplier in Cyber Operations

Political hackers and cyber militias have begun to play an increasingly significant role in cyber... more Political hackers and cyber militias have begun to play an increasingly significant role in cyber conflict. Non-state actors, hacktivist groups and patriotic hackers often participate in online hacking battles based on political, ideological or patriotic considerations. These groups, however, lack the legal, moral and ethical constraints often imposed on state-controlled entities. This lack of constraint could lead to the escalation of state-on-state conflicts and may inadvertently drive hostilities toward what Clausewitz would deem as total war in the cyberspace domain. It is with this in mind that western-style democracies, which are often reticent to make use of cyber militias and patriotic hackers, should begin to explore acceptable models to legitimately harness and employ such groups for limited cyber operations. Such usage could introduce needed constraints on these groups and could also prove to be a significant force multiplier in a domain where government and military organizations often suffer from limited human resources. This paper will explore several models for incorporating patriotic hackers and civilian technicians into militia-like organizations and integrating these types of organizations into a state?s cyber operations.

Research paper thumbnail of The Principle of Maneuver in Cyber Operations

This presentation explores the principle of maneuver in cyber operations. It looks at the traditi... more This presentation explores the principle of maneuver in cyber operations. It looks at the traditional concept of maneuver and uses this as a prism to define and explore the characteristic of maneuver in the warfighting domain of cyberspace. The author examines both offensive and defensive types of cyber maneuver and discusses kinetic analogies to each. Finally the presentation briefly touches on issues of sovereignty in cyberspace as it relates to cyber maneuver.

Research paper thumbnail of Cyber Mlitias, Political Hackers and Cyber Warfare

90 minute class on general concepts associated with cyber warfare. Discussion included cyber warf... more 90 minute class on general concepts associated with cyber warfare. Discussion included cyber warfare, cyber weapons, cyber militias and the Law of Armed Conflict. Presented at George Washington University in the Fall of 2011.

Research paper thumbnail of EC-Council's Rountable Forum: Modern Defense Against

Round Table Discussion on current issues surrounding cyber warfare and cyber crime.

Research paper thumbnail of Red Team Operations

Discussed technical, legal, administrative, operational and logistic requirements for creating an... more Discussed technical, legal, administrative, operational and logistic requirements for creating and running a cyber security red team.

Research paper thumbnail of Anatomy of a Hack

Discussion on the general methodology that hackers typically use to attack a network and how OPSE... more Discussion on the general methodology that hackers typically use to attack a network and how OPSEC professionals can learn to recognize some of the vulnerabilities in your organizations and mitigate them to make the hackers job harder.