Digital Transformation, Cyber Security and Resilience

A digital modernisation of the European Armed Forces requires the setting up of a structured and scalable process to ensure mission readiness. Modern implementations of fielded systems coexist with legacy systems. A plethora of platforms, nodes and information sources integrate a hyper connected battlefield. This article analyses the challenges in seeking harmonized solutions in the field of communications and information systems and especially at the tactical edge which is one of the most demanding areas when it comes to ensure availability and interoperability. Emerging technologies such as Artificial Intelligence, Internet of Things and others are at the core of this modernisation.

Fast, secure, and tamper-proof information sharing between NATO units on a need-to-know basis is crucial. Data quality and integrity are core needs but also resilience to failures and manipulations. The core idea of this paper is to use dis-tributed ledger technology to allow for a secure information exchange between Command and Control Information Systems of different NATO nations and non-NATO stakeholders such as non-NATO nations or mission observers. Moreover, the distributed ledger supports available NATO standards and formats for da-ta exchange and storage.

This paper reports on the information sharing practices of cyber competency centres representing different sectors and constituencies. The cyber competency centres participated in the form of CSIRTs employed the ECHO Early Warning System. Through a structured tabletop exercise, over 10 CSIRTS were engaged and a number of features were captured and monitored. A key research question was to determine the factors that can potentially hinder or amplify Cyber Threat Intelligence information sharing. The exercise imitated real attack scenarios using state-of-the-art tactics techniques and procedures as observed by real-world APT groups and daily incidents. The findings revealed differences in terms of timeliness, response time and handling tickets with different Traffic Light Protocol classifications, duration of handling a ticket and intention to disclose.

The security community has long identified cyber situational awareness as a critical component of effective cyber defense on a national, sectoral, and international scale. Additionally, in recent years, and particularly as the online operations of many sectors of daily life have become increasingly interdependent, the need to safeguard individual services to protect entire economic sectors has become increasingly apparent. Intrusion detection and prevention systems (IDS/IPS) are widely recognized as a critical component of an organization’s cyber resilience and situational awareness skills, as they are an excellent tool for preventing and detecting malicious activity directed at business operations. The extensive majority of scientific and commercial advances in the field, however, remain widely focused on the development of complex solutions for large enterprises or specific infrastructures, rendering them inaccessible to small and medium-sized enterprises (SMEs), academic institutions, and non-profit organizations that are unable to afford, administer, manage, or even consider employing IDS/IPS in their organizational frame of reference.

This article is a revised and extended version of the “MonSys: A Scalable Platform for Monitoring Digital Services Availability, Threat Intelligence, and Cyber Resilience Situational Awareness” article, published in Information & Security: An International Journal vol. 46, 2020, and proposes an approach to making monitoring systems more widely accessible and shares the lessons learned, and the key findings from the pilot implementation of a platform, specifically designed to address those needs – MonSys. MonSys is a flexible, robust, and scalable monitoring platform, implemented as a cloud-based service and an on-premise solution, which is specifically designed at addressing the need for ensuring digital service availability. It includes customized and standard service integrity and availability checks. Furthermore, this contribution will present some achievements, findings, and ongoing efforts concerning the planned integration of this platform, with the Early Warning System of the ECHO project, while ensuring long-term data storage, custom tests, and alerts, behavior analysis, and information sharing with very little limitations, while preserving excellent scalability with thousands of ad-hoc tests for online services and devices, such as IoT and IIoT.

In the digital transformation era where covid-19 leaves no time to slow down the digitization process, because this slowdown can cost human health and lives. The rapid switching to many digital solutions that technological advancement provides is the salvation from the growing covid threat that continues to take its toll. But Cybercrime embodied in terrorism, kidnapping, industrial and economic espionage can be no less dangerous to modern society. In this study, we focus on the Cyber security of widespread services, where we find problems and offer possible solutions. The subject of the analysis is the cryptographic protection and the generators for generating random numbers RNG and PRNG. The results of the proposed method are discussed and is a shown possibility increasing cryptographic protection of the information systems.

Providing efficient data protection and information sharing capability across different security domains, belonging to NATO, the Nations and specific Communities of Interest (COI), is of paramount importance for effective execution of NATO operations. Current information protection practices rely to a large extent on a network-layer mechanism for compartmentalization of information and separation between different COIs. This leads to segregation of networks into separate network domains and the implementation of perimeter defence at the boundaries of these domains. Data-centric security (DCS) architecture rather than focusing on network perimeter defence focuses on securing access to the data itself. DCS represents a new concept for protection of data within IT systems. It introduces a comprehensive set of security measures, involving both passive and reactive measures, which can be configured to address various data protection and information sharing scenarios relevant to NATO in both short and long term. The proposed generic architecture is based on the NATO C3 Taxonomy and the NATO Communication and Information System Security Capability Breakdown.

Advanced network sensors, data storage, and processing technologies allow the accumulation of logs, network flows, and system events from various sources in terabytes of heterogeneous data. The abundance of data can be used to train and validate multiple machine learning approaches and algorithms to detect anomalies and classify network attacks. This paper presents the state of the art in data preprocessing, feature selection, and applying various machine learning methods for intrusion detection. It outlines the main challenges in big data analytics, the functional requirements to related tools and applications, and the opportunities provided by combining the outputs of several methods to increase the accuracy of detection and decrease the number of false alarms. Finally, the authors propose an architecture of an intrusion detection system combining offline machine learning and dynamic processing of data streams.

Donated distributed computing, also known as volunteer computing, is a form of distributed computing that is organized as a public donation of calculating resources. Donated calculating power can involve thousands of separate CPUs and it can achieve the performance of a supercomputer. In most of the cases donated distributed computing is organized by open source software, which can lead to the involvement of many more volunteers. This research focuses on cybersecurity issues when donated distributed computing is used for optimization with evolutionary algorithms.

This paper considers approaches to distribute functions of a corporate network protection system between a set of informational modules – agents, that will ensure mobility, adaptability and fault tolerance of a multi-agent protection system (MAS). The analysis of classes of MAS agents by their functionality is conducted. The integration of MAS in corporate networks is based on the distribution of corporate network components between agents which are responsible for their protection. Internal and external information flows caused by user and attacker actions are used to reproduce network activity processes. By involving sets that simulate the behavior of a regular user, an attacker and a component, the set of MAS agents has been extended to include the following sets: user agent; intruder agent; agent component. The modeling of the MAS agents was conducted with using of the Unified Modeling Language, in particular, the state diagram is constructed and the algorithms of classical agents are described in details: protection agent and counteraction agent, and new ones: user agent, intruder agent, component agent.

It is noted that the proposed approach has a number of advantages, namely: the components of a typical corporate network are distributed across several nodes, so MAS agents will also operate on different nodes, which will ensure the saving and mobility of computing resources; the use of MAS will allow to adapt to changes in the network architecture easily; the creation of new agents provides flexibility of the solution and high scalability; due to the distributed work of agents, the fault tolerance of the system increases: it is harder to attack and disable than systems with a single security server; management of the entire corporate security system can be organized centrally by combining multiple agents using an integration information bus.

The article deals with the peculiarities of using cellular automata as one-way functions in the Diffie-Hellman algorithm, which allows generating encryption keys for transmitting Big Data in conditions of information exchange via open communication channels. The authors improve the Diffie-Hellman algorithm by using a new type of one-way functions - cellular automats. The used automats have extended rules in the direction of determining the laws of birth rate, life continuation and death conditions, and control of the radius of intra-population interaction. The use of a multi-population cellular system is also considered as a separate extension of the cellular automata. Depending on user needs, the complexity of encryption can be adjusted (this will affect the time of algorithm execution and the reliability of a one-way function). A method has also been developed to test the performance of specific automats with configurable initial parameters, which allows testing the cellular automata before use. The new type of one-way functions allows using the Diffie-Hellman algorithm for frequent generation of encryption keys. The software was implemented in three programming languages: Python, MatLab and C#. This allows to compare results and implement the software required for the study in the languages most suitable for the tasks under consideration.

After the analysis of the possible cipher attacks against the popular asymmetric cipher RSA, a new method is proposed. This method uses the factorization of large numbers and is successful against RSA only when the two prime numbers used to generate the keys for the cipher have close values.

Low-power wide-area networks became truly popular just recently and nowadays is a subject of active research. Network coverage and cost efficiency unlock hidden power and technology capabilities. Nevertheless, there are still many concerns raised. Reliability and quality of service that can be delivered are hard to control. CIA Triade in connection to IoT networks have complications and adopting face challenges. Processing large batches of data over LPWAN complex and has bandwidth limitations on both physical and regulation layers. In this paper, we adopt an algorithm controlling the quality of service for huge batches of data transmission (based on media file examples) over LPWAN networks. We propose an approach that enables institutionalization based on Semtech LoRa controllers with well defined-predictable outputs of the system. Research various configurations and discover possible capacity limits. Proposed algorithms and practices allow the system to self-configure and optimize the amount of traffic sent over the network based on the application needs, which eventually provide the desired level of control over data integrity and availability within given technology boundaries.

An experimental K-band radar setup has been developed using industrial radar board IVS-465 and NI MyRIO for control and data acquisition. Experimental drone K band signatures have been recorded and analyzed. It has been confirmed by analysis of recorded spectrograms that drone K band radar signatures are influenced mainly by the drone frame motion. The signals from the rotation of the propellers are of lower intensity with characteristic spectral lines. A phenomenological model of a drone radar Doppler signature is proposed, based on experimental data, representing a reflected signal from a scattering point with harmonic motion. The comparison of the measured and modeled signals shows similarity in the parameters. Electromagnetic FEM model of drone propeller has been investigated for radar cross section estimation and scattering points visualization in K band.

The ongoing digital transformation caused by emerging technologies poses novel challenges but also opportunities. Western Balkan (WB) leaders are lagging behind the ongoing processes of this transformation. The article argues that WB leaders need to comprehend digital transformation and use this process to improve governance, boost the economy and address existing social challenges.

Accessibility issues are actively involved in the field of information and communication technologies. To improve human-machine interfaces, it is necessary to study the specifics of the interactions of people with special needs, including to improve their security of access to various digital resources. Thanks to the state of the art, people with disabilities have wide access to the Internet, including educational resources. The aim of this paper is to propose an approach for the heuristics evaluation of web accessibility based on the analytic hierarchy process (AHP) method. As there are many groups of people with disabilities, to narrow the scope of this study, we turn our attention to the perspective of the visually impaired users. To approve the approach, the authoring team applies it using Bulgarian and Polish academic websites.

Cybersecurity is becoming increasingly important in our daily lives. For the end-user of IT devices, this is a personal responsibility. In a corporate network, however, the responsibilities for implementing a certain level of cybersecurity are not individual or of a certain team, but of each of the employees. The development of capabilities to counter cyber threats is associated with certain organizational and technical measures. End-user training is undoubtedly one of the leading organizational measures. Conducting training in an environment as close as possible to the real one helps the trainees to better understanding the existing threats and the result of them. At the same time, the use of a real IT infrastructure for conducting trainings hides many challenges and leads to the need for specific planning and organizing the usage of the available information resources. The specificity of the main activity of Nikola Vaptsarov Naval Academy (NVNA) presupposes the building of specific capabilities for cyber defense and conducting training in the field of cybersecurity for users with different knowledge and skills. Particular challenges in this activity area are involved with the IMO requirements for cybersecurity at sea. This paper presents the adopted concept in NVNA for building and developing a Security Operations and Training Center (SOTC). Major design and organizations steps are described. A part of this concept was presented on “Digilience 2020” conference.

Emerging technologies have increased the potential of cascading effects of technology-driven disruptions at the organizational and societal levels. The innovation funding of the European Commission aims to establish a European cybersecurity market (Aaltola and Ruoslahti 2020), increase European self-sufficiency and efforts to protect European citizens. While political priorities aim to strengthen ethics, trust, security (Malatras and Dede 2020) and fight against cybercrime (Prime Minister’s Office 2016), the cybersecurity Research, Development and Innovation (RDI) establishments must show the evidence of increased capabilities, fostered markets and competences (Commission 2020). Even with the successful practices of sharing cybersecurity awareness, there is potential to fail to understanding how European cybersecurity RDI activities impact and effect society and its citizens (Bradshaw 2018). This research presents knowledge management framework and related toolkit of Key Performance Indicators (KPIs): Framework for Societal Impact Assessment for Network Projects. This paper includes a literature review of societal and knowledge management approaches relevant to analyze the societal effects of a network innovation projects. Moreover, we elaborate the elements for the framework presented earlier (Aaltola and Ruoslahti 2020) with a data analysis of selected network projects’ KPIs to collect proof that demonstrates the impacts achieved by the selected activities at the societal level.