We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Industry primarily performs cyber security research as an investment in future products and services. Private, academic, and public sectors invest significant resources in cyber security. Attack sophistication is unprecedented along with availability of open source concomitant tools. The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Sheldon, Frederick T Krings, Axel Yoo, Seong-Moo Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop Finally, we discuss mitigation strategies to combat cyber FF, including both training concepts and suggestions for decision aids and visualization approaches.« less We describe a test bed designed to support empirical research on factors a*ecting cyber FF. Cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and o*ensive countermeasures that may be applied to thwart network attacks. Cyber FF is closelymore » related to combat friendly re in that maintaining situation awareness (SA) is paramount to avoiding unintended consequences. Because it involves human failure, cyber FF may be considered to belong to a sub-class of cyber security failures characterized as unintentional insider threats.
We describe examples of cyber FF and discuss how it ts within a general conceptual framework for cyber security failures. We dene cyber FF as intentional o*ensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission e*ectiveness of friendly or neutral forces.
This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly re (FF). Security Informatics Research Challenges for Mitigating Cyber Friendly FireĬarroll, Thomas E.
0 kommentar(er)
