CyCon X, the tenth iteration of the annual International Conference on Cyber Conflict, organised by the NATO Cooperative Cyber Defence Centre of Excellence, took place in Tallinn from 29 May to 1 June 2018.
In response to the Call for Papers in June 2017, almost 200 abstracts were submitted in October. After a careful selection and peer review by the Academic Review Committee, this book contains 22 articles whose authors were invited to present at the conference.
Christopher Whyte, Brandon Valeriano, Benjamin Jensen, and Ryan Maness describe the prospects for open-source, public data collection for cyber security events and present an initial data collection and analysis of interstate cyber conflict incidents involving the United States. Aaron F. Brantly examines the applicability of deterrence in the digital age and for digital tools, based on examples from both within and beyond cyberspace. Max Smeets and Herbert S. Lin aim to explain if (and how) offensive cyber capabilities have the potential to change the role of military power and argue that these capabilities can alter the manner in which states use their military power strategically. Quentin E. Hodgson seeks to develop an understanding of how states use cyber capabilities to coerce others for political objectives and examines the use of cyber operations by North Korea and Russia in recent years as part of their broader strategies. Daniel Moore argues that military offensive network operations can be usefully cast into a two-part taxonomy: event-based attacks and presence-based attacks – these two types offer different solutions, encompass varying risks, and may require different resources to accomplish.
Martin C. Libicki shows how cyber espionage between state adversaries can ‘alter the balance of a confrontation’ and ‘shape the inferences that the other side draws about one’s intentions’ in cyberspace. Brad Bigelow suggests that ‘cyberspace’ as a label for a domain should not be confused with the individual networks – some interconnected (‘open’) and some relatively isolated (‘closed’) – involved in military operations; and illustrates the importance of precision in describing the composition of cyberspace. Kim Hartmann and Keir Giles investigate the potential opportunities and challenges of an adjustment to the principle of net neutrality to facilitate defensive action by legitimate actors; how this adjustment could contribute to regaining control in congested cyber domains in the case of national or international cyber incidents; and the associated risks. Robert Koch and Mario Golling analyse the development of both cyber threats and defence capabilities during the past 10 years, evaluate the current situation and give recommendations for improvements, including an overview of upcoming technologies that will be critical for cyber security. Kārlis Podiņš and Kenneth Geers describe the technical aspects of malware re-weaponisation and the implications and ramifications of this phenomenon for a range of strategic concerns, including weapons proliferation and attack attribution.
Turning to the legal perspective, Asaf Lubin provides his view of how low-intensity cyber operations and peacetime espionage operations should be subjected to a single regulatory framework: that cyber law and espionage law should be viewed as ‘communicating vessels’. Krisztina Huszti-Orban explores the division of responsibilities between the public and private spheres in countering terrorism and violent extremism, focusing on ways to ensure that Internet intermediaries follow international human rights standards in the process. Peter Z. Stockburger examines the precautionary principle in international law and argues that its application can help crystallise the due diligence principle in cyberspace. Cedric Sabbah suggests a shift in the approach to cyber norms development: due to the lack of consensus in the UN GGE process, the international community should support the discussions that are already occurring between cybersecurity regulators and authorities. Finally, Jeff Kosseff proposes and elaborates on four goals of common international principles for cybersecurity law: modernisation of cybersecurity laws; uniformity of legal requirements; coordination of cooperative incentives and coercive regulations; and supply chain security.
There are seven articles with a technological viewpoint, the first being a case study authored by Martin Strohmeier et al. exploring the collection of air traffic communication data via open source intelligence methods, for tracking mission critical military and governmental movements. Next, Roland Meier et al. present a threat-intelligent feed that exhibits a robust resistance to tampering attempts in order to provide organisations and individuals with the most original, most valuable and newest feed entries. In their article, F. Jesús Rubio Melón and Artūrs Lavrenovs provide an examination of HTTP security headers of one million most popular websites to assess web security policy implementation rates compared to its HTTP equivalents. Giovanni Apruzzese et al. present an in-depth analysis of adopted machine and deep learning algorithms and their usability for intrusion detection, malware analysis, and spam detection. Regarding insider threat and malicious agents, David Gugelmann and David Sommer et al. explore a novel hidden screen watermarking technique for infiltrated organisations to more rapidly identify and reduce threats after document leaks have occurred. Roman Graf and Ross King’s contribution explores an automated approach for incident reports management, using neural networks and smart contracts. Finally, Steven Noel et al. highlight a prototype tool aimed at improving network security while simultaneously supporting the protection of mission-critical assets in enterprise or military environments.
All the articles in this book have gone through a double-blind peer review by, at minimum, two members of CyCon’s Academic Review Committee. We greatly commend the members of the Committee for guaranteeing the academic quality of the book by reviewing and selecting the submitted papers.