NPS NRP Executive Summary ; Testing Multiple Credit/Blame Assignment Methods for Learning ; N2/N6 - Information Warfare ; This research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrp ; Chief of Naval Operations (CNO) ; Approved for public release. Distribution is unlimited.
Cyberconflict provides a new set of challenges to the Law of Armed Conflict. The proposals in the recent Tallinn Manual 2.0 provide a good start, but they are incomplete and do not address important issues. Where laws are lacking, states adopt norms to provide consistency and deterrence. This article provides a broad taxonomy of cyberconflict norms for use by government policymakers, including norms for low-level cyberconflict, norms for starting cyberconflict, norms for conducting it, and norms for post-conflict operations. It also introduces the concept of 'metanorms', norms for handling other norms.
Avoiding attacks on civilian targets during cyberwarfare is more difficult than it seems. We discuss ways in which an ostensibly military cyberattack could accidentally hit a civilian target. Civilian targets are easier to attack than military targets, and an adversary may be tempted to be careless in targeting. Dual-use targets are common in cyberspace since militaries frequently exploit civilian cyber infrastructure such as networks and common software, and hitting that infrastructure necessarily hurts civilians. Civilians can be necessary intermediate objectives to get to an adversary's military, since direct Internet connections between militaries can be easily blocked. Cyberwarfare methods are unreliable, so cyberattacks tend to use many different methods simultaneously, increasing the risk of civilian spillover. Military cyberattacks are often seen by civilian authorities, then quickly analyzed and reported to the public; this enables criminals to quickly exploit the attack methods to harm civilians. Many attacks use automatic propagation methods which have difficulty distinguishing civilians. Finally, many cyberattacks spoof civilians, encouraging counterattacks on civilians; that is close to perfidy, which is outlawed by the laws of armed conflict. We discuss several additional problems, including the public's underestimated dependence on digital technology, their unpreparedness for cyberwarfare, and the indirect lethal effects of cyberattacks. We conclude with proposed principles for ethical conduct of cyberwarfare to minimize unnecessary harm to civilians, and suggest designating cyberspace "safe havens", enforcing reparations, and emphasizing cyber coercion rather than cyberwarfare.
Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC), Orlando, FL, December 2012 ; A replacement system IPARTS is being built for the current U.S. Navy APARTS handheld data-entry device that records evaluations of landings of pilots on aircraft carriers. Navy aircraft are difficult to land and costly to repair, and extensive training and performance monitoring is important. Part of this task includes summarizing older data on landing attempts for comparison of pilot performances. We built tools for analyzing trends exhibited by pilots, pilot groups, aircraft, and evaluators in regard to grades, landing details, and verbal comments. Results are shown on a sample of 85,571 passes representing about 20% of the current Navy records, a significantly larger study than has ever been conducted. These results enabled building several kinds of predictive models of pilot performance which help identify particular pilot problems, and this should help in designing training programs. Fairness of grading of pilots was also assessed by comparisons between military units, aircraft, and graders. The most novel part of the research was understanding and computing statistics on the comments, which are in a telegraphic format using a unique language; a 2433-rule standardization routine and a parser were built to interpret them. Comments were essential in understanding the context of grades. The comment counts were also especially helpful in designing a user interface for a replacement grading device we designed and tested. This work should provide new insights into the performance of military pilots. ; sponsored by the Office of Naval Research under the Technology Solutions program
This paper appeared in the Proceedings of the 9th European Conference on Information Warfare and Security, July 2010, Thessaloniki, Greece. ; Warfare without damage has always been a dream of military planners. Traditional warfare usually leaves persistent side effects in the form of dead and injured people and damaged infrastructure. An appealing feature of cyberwarfare is that it could be more ethical than traditional warfare because its damage could be less and more easily repairable. Damage to data and programs (albeit not physical hardware) can be repaired by rewriting over damaged bits with correct data. However, there are practical difficulties in ensuring that cyberattacks minimize unreversible collateral damage while still being easily repairable by the attacker and not by the victim. We discuss four techniques by which cyberattacks can be potentially reversible. One technique is reversible cryptography, where the attacker encrypts data or programs to prevent their use, then decrypts them after hostilities have ceased. A second technique is to obfuscate the victim's computer systems in a reversible way. A third technique to withhold key data from the victim, while caching it to enable quick restoration on cessation of hostilities. A fourth technique is to deceive the victim so that think they mistakenly think they are being hurt, then reveal the deception at the conclusion of hostilities. We also discuss incentives to use reversible attacks such as legality, better proportionality, lower reparations, and easier ability to use third parties. As an example, we discuss aspects of the recent cyberattacks on Georgia. ; Approved for public release; distribution is unlimited.
This paper appeared in the Proceedings of the Meeting of the Military Sensing Symposium Specialty Group on Battlespace Acoustic and Seismic Sensing, Magnetic and Electric Field Sensors, Laurel, MD, August 2008. ; We report on recent work we have done on detection of two kinds of militarily interesting behavior in an urban battlespace, detection of suspicious behavior and detection and classification of coordinated movements of groups of people. The first is important in detecting terrorism and IED emplacement, and the second is important in detecting military adversaries and what they are doing. Our approaches use only "pose" information, the locations and orientations of people within the sensor field, as extracted from tracking by a fusion of various nonimaging sensing modalities. Restriction to nonimaging sensors saves money, and restriction to pose information avoids most of the serious privacy concerns. We first explain our approach to tracking using signal strengths alone. From experiments with both staged and nonstaged behavior in a public area, we found that the most useful clue to suspicious behavior was the norm of the acceleration vector averaged over several different time scales. With detection and classification of groups of people, by contrast, no single metric was as good as combinations of metrics. We are exploring a variety including average distances between people, uniformity of distances, linearity of the positions of people, number of clusters of people, number of directions in which they can see, overall visibility, average speed of the group, and uniformity of the speed of the group. A key challenge is to make these metrics scale-free as with the acceleration vector analysis. ; supported in part by the National Research Council under their Research Associateship Program at the Army Research Laboratory, in part by the National Science Foundation under the EXP Program, and in part by the BASE-IT Project sponsored by the Office of Naval Research ; Approved for public release; distribution is unlimited.
This is a chapter in Cyber War and Cyber Terrorism, ed. A. Colarik and L. Janczewski, Hershey, PA: The Idea Group, 2007. ; While computer systems can be quite susceptible to deception by attackers, deception by defenders has increasingly been investigated in recent years. Military history has classic examples of defensive deceptions, but not all tactics and strategies have analogies in cyberspace. Honeypots are the most important example today; they are decoy computer systems designed to encourage attacks to collect data about attack methods. We examine the opportunities for deception in honeypots, and then opportunities for deception in ordinary computer systems by tactics like fake information, false delays, false error messages, and identity deception. We conclude with possible strategic deceptions. ; Approved for public release; distribution is unlimited.
This is a chapter in Cyber War and Cyber Terrorism, ed. A. Colarik and L. Janczewski, Hershey, PA: The Idea Group, 2007. ; Offensive cyberwarfare raises serious ethical problems for societies, problems that need to be addressed by policies. Since cyberweapons are so different from conventional weapons, the public is poorly informed about their capabilities and may endorse extreme ethical positions in either direction on their use. Cyberweapons are difficult to precisely target given the interdependence of most computer systems, so collateral damage to civilian targets is a major danger, as when a virus aimed at military sites spreads to civilian sites. Damage assessment is difficult for cyberwar attacks, since most damage is hidden inside data; this encourages massive attacks in the hopes of guaranteeing some damage. Damage repair may be difficult, especially for technologically-primitive victim countries. For these reasons, some cyberwar attacks may be prosecutable as war crimes. In addition, cyberwar weapons are expensive and tend to lose effectiveness quickly after use as they lose their element of surprise, so the weapons are poorly cost-effective. ; Approved for public release; distribution is unlimited.
This article is to appear in Anttiroiko, A.-V., & Malkia, M. (Eds.), Encylopedia of Digital Government, Hershey, PA, USA: The Idea Group, 2006. ; Information systems (computers and networks) are increasingly the targets of attacks ranging from vandalism to serious crimes (Richardson, 2003). Since government systems are valuable resources for a society, it is important to protect them from such attacks. Unfortunately however, government systems can be especially vulnerable (Lucasik, Goodman, & Longhurst, 2003). This is in part because government is distributed over many locations, and it is therefore hard to protect all of its information systems well. Secondly, many government systems must be accessible to a wide range of people (even if through a government intermediary), unlike the specialized systems used in other settings, and users will include a few fools and criminals. Thirdly, governments often use popular business software, and the more popular software is, the more attacks are known against it. Finally, there are many people with antipathy or grudges against governments for one reason or another who may seek revenge by attacking its information systems and data. And with the global Internet, attackers need not be in the same country as the government they attack.
Encyclopedia of Digital Government, ed. A.-V. Anttiroiko & M. Malkia, Hershey, PA, USA: The Idea Group, 2006 ; The World Wide Web quickly evolved as a valuable resource for organizations to provide information and services to users. Much initial development of Web pages was done haphazardly. This resulted in many information gaps and inconsistencies between pages. Departments with more available time created more and better-designed Web pages even when they were no more important. Personnel who created Web pages would move to other jobs and their pages would become obsolete, but no one would bother to fix them. Two copies of the same information on the Web would become inconsistent when only one was updated, leaving the public wondering which was correct. Solutions were needed. We survey here the principal solution methods that have been developed.
This article is to appear in Anttiroiko, A.-V., & Malkia, M. (Eds.), Encylopedia of Digital Government, Hershey, PA, USA: The Idea Group, 2006. ; Multimedia data can be important assets of government computer systems. Multimedia data can be documents, statistics, photographs and graphics, presentations, video and audio of events, and software. Examples include maps, video of meetings, slide presentations by consultants and vendors, graphs of budgets, and text of regulations. Video of meetings of legislatures and other government organizations is particularly valuable as it makes government processes more visible to citizens and can encourage trust in government. Multimedia is also particularly valuable in presenting geographical information (Gant & Ijams, 2004; Greene, 2001), a concern of all governments. Added multimedia can also be used to more effectively deliver information to people, as with films, animations, sound effects, and motivational materials. ; Approved for public release; distribution is unlimited.
This is a chapter in the Encyclopedia of Digital Government, ed. A.-V. Anttiroiko & M. Malkia, Hershey, PA, USA: The Idea Group, 2006. ; The concept of trust in organizations has been an important area of recent research in sociology and management science (Sztompka, 1999). Trust is positive expectations of positive actions by others, and is important to well-functioning organizations of all sorts. Trust facilitates the effectiveness of government. A focus on trust leads to a more humanistic view of individuals within organizations than that of the traditional managerial psychology of humans solely as input-output devices whose performance must be monitored and measured.
IEEE First Symposium on Multi-Agent Security and Survivability, Philadelphia, August 2004 ; Deception is a classic technique useful for military operations. With information systems around the world under frequent attack every day, it is appropriate to consider analogies from conventional warfare, and deception has historically been powerful as both a tactic and a strategy. We here systematically enumerate and rank the available deception options for information systems, both offensively and defensively. We then consider how defensive deceptions can be packaged within "generic excuses" that will more convincing to an attacker than isolated refusals to obey commands. We describe how the selection of the best generic excuses and excuse application times can be formulated with probabilities as an optimization problem and solved. Our theory lends itself well to computer implementation and we provide several examples. ; Homeland Security Leadership Development Program supported by the U.S. Department of Justice Office of Justice Programs and Office for Domestic Preparedness ; Approved for public release; distribution is unlimited.
Proceedings of the 2003 IEEE Workshop in Information Assurance, West Point, NY, June 2003 ; Tactics involving deception are important in military strategies. We have been exploring deliberate deception in defensive tactics by information systems under cyber-attack as during information warfare. We have developed a tool to systematically "counterplan" or find ways to foil a particular attack plan. Our approach is to first find all possible atomic "ploys" that can interfere with the plan. Ploys are simple deceits the operating system can do such as lying about the status of a file. We analyze ploys as to the degree of difficulty they cause to the plan wherever they can be applied. We then formulate a "counterplan" by selecting the most cost-effective set of ploys and assign appropriate presentation methods for them, taking into account the likelihood that, if we are not careful, the attacker will realize they are being deceived and will terminate our game with them. The counterplan can be effected by a modified operating system. We have implemented our counterplanner in a tool MECOUNTER that uses multi-agent planning coupled with some novel inference methods to efficiently find a best counterplan. We apply the tool to an example of a rootkit-installation plan and discuss the results. ; supported by the U.S. Department of Justice Office of Justice Programs and Office for Domestic Preparedness ; Approved for public release; distribution is unlimited.
This paper appeared in the Fifth International Conference on Data Engineering, Los Angeles, CA, February 1989, 410-416. ; Indirect logical inferences can provide a significant security threat to information processing systems, but they have not been much studied. Classification of data can reduce the threat, but classification decisions are typically left to the intuitive judgment of experts. Progress has been made on analyzing indirect statistical inferences that may compromise security of a database system ([3], chapter 6). We describe and implement a nonnumeric analog of these methods for proving security. Our approach involves analyzing facts and inference rules assumed to be known to a compromiser, deriving all their possible consequences using resolution theorem-proving, a technique which we argue is far more appropriate to this problem than rulebased expert systems or information flow analysis. An important contribution of our work is augmentation of resolution to handle associated time intervals and probabilities of statements being true. Our augmentation is simple to use by domain experts untrained in computers, and we believe it will provide the first truly practical tool for analysis of indirect logical inferences in information systems. We demonstrate capabilities with an example from military security. ; Approved for public release; distribution is unlimited.