You've reached the end of your free preview.
Want to read all 288 pages?
Unformatted text preview: Intelligent Systems, Control and Automation:
Science and Engineering Martti Lehto
Pekka Neittaanmäki Editors Cyber Security:
Technology Intelligent Systems, Control and Automation:
Science and Engineering
Volume 93 Series editor
Professor S. G. Tzafestas, National Technical University of Athens, Greece
Editorial Advisory Board
Professor P. Antsaklis, University of Notre Dame, IN, USA
P. Borne, Ecole Centrale de Lille, France
R. Carelli, Universidad Nacional de San Juan, Argentina
T. Fukuda, Nagoya University, Japan
N. R. Gans, The University of Texas at Dallas, Richardson, TX, USA
F. Harashima, University of Tokyo, Japan
P. Martinet, Ecole Centrale de Nantes, France
S. Monaco, University La Sapienza, Rome, Italy
R. R. Negenborn, Delft University of Technology, The Netherlands
A. M. Pascoal, Institute for Systems and Robotics, Lisbon, Portugal
G. Schmidt, Technical University of Munich, Germany
T. M. Sobh, University of Bridgeport, CT, USA
C. Tzafestas, National Technical University of Athens, Greece
K. Valavanis, University of Denver, Colorado, USA More information about this series at Martti Lehto Pekka Neittaanmäki
• Editors Cyber Security: Power
and Technology 123 Editors
Faculty of Information Technology
University of Jyväskylä
Finland Pekka Neittaanmäki
Faculty of Information Technology
University of Jyväskylä
Finland ISSN 2213-8986
ISSN 2213-8994 (electronic)
Intelligent Systems, Control and Automation: Science and Engineering
ISBN 978-3-319-75307-2 (eBook)
Library of Congress Control Number: 2018933475
© Springer International Publishing AG, part of Springer Nature 2018
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part
of the material is concerned, speciﬁcally the rights of translation, reprinting, reuse of illustrations,
recitation, broadcasting, reproduction on microﬁlms or in any other physical way, and transmission
or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar
methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this
publication does not imply, even in the absence of a speciﬁc statement, that such names are exempt from
the relevant protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this
book are believed to be true and accurate at the date of publication. Neither the publisher nor the
authors or the editors give a warranty, express or implied, with respect to the material contained herein or
for any errors or omissions that may have been made. The publisher remains neutral with regard to
jurisdictional claims in published maps and institutional afﬁliations.
Printed on acid-free paper
This Springer imprint is published by the registered company Springer International Publishing AG
part of Springer Nature
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Preface The traditional military environments of ground, sea, and air have been expanded to
include a cyber environment. The cyber environment is not a separate area, but
rather cyber-threats and attacks manifest in all other environments.
Cyber battlespace and unmanned capabilities have lowered the threshold of
warfare, and at the same time changed the traditional war–peace setting. During the
cold war, a concept known as a gray period was used, which was understood as the
time before the actual war. Hybrid warfare has created a state that can precede
traditional war, appear after the war’s activity phase or without traditional warfare.
A new paradigm of warfare is replacing the traditional model of declaration of war
and the creation of a peace treaty, by creating a state in which war is not declared
nor is a peace treaty made. The target of hybrid warfare has to live rather long
within a state of conflict and instability, where cyberspace is increasingly the target
New elements are being merged to form the warfare of the 2020s, especially in
the cyber environment, the aim being to stay under the threshold of war.
Deliberately maintaining instability with non-kinetic operations, especially in the
case of a superpower, can justify presence and operations in a certain region.
Operations are justiﬁed as peacekeeping, maintaining stability, protecting one’s
own interests and citizens or assisting allies, which are all seemingly appropriate
activities. The cyber environment has created a new state through which to influence the regions of other countries by taking advantage of different military and
nonmilitary means to achieve goals by political and military pressure.
The new capabilities of armed forces have created new opportunities for the
kinetic and non-kinetic use of force in the cyber environment. This environment
needs to be able to seamlessly integrate manned and unmanned platforms working
in the air, on the surface, beneath the surface, and in cyberspace. Through new
systems, targets can be more effectively spotted, monitored, and identiﬁed, troops
can be lead, and weapons systems can be guided to achieve the desired impact.
Forming a real-time situational picture and shared situational awareness needs to
happen even faster. The leading process needs information content as accurate and
timely as possible, in order to execute centralized command and decentralized
v vi Preface operations and protect its own operations in the cyber environment. Grounds for the
use of resources have to be created faster than the adversary can effect their decision
process, by analyzing the situational view and the adversary’s operations, goals and
Systems thinking is emphasized in the development of cyber influence. In
strategic thinking, the focus needs to be given to system influence and not to
individual targets. Military operations require accurate analysis, with the emphasis
on the adversary’s focus, critical structures, and vital functions and their vulnerabilities. Only through this kind of comprehensive approach can strategic goals be
achieved with kinetic and non-kinetic operations. The target of cyberattacks is not
only armed forces but also the society’s critical functions. The critical functions of a
society need to be protected in all circumstances.
Currently in international politics the emphasis is on cyberpolitics, which
describes the cyber environment primarily as a political operational environment.
Matters of cybersecurity are more prominent and given more importance in international forums and organizations, such as OSCE, EU, NATO, OECD, and the
Superpowers have compared cyberattacks to military actions, which can be
responded to by all means necessary. For now, cyber operations have been interpreted as so-called soft operations, which is why the threshold for their use is lower
than that of traditional military operations.
The openness of cyberspace enables entities to launch attacks from around the
world by taking advantage of system vulnerabilities, which can be found in the
actions of individual, the operational procedures of organizations, and the information technology in use. It is hard to protect against complex and advanced
malware. Attackers are hard to identify in the abstract, let alone determining their
true identities. Cyberspace has changed international dominance. It creates the
possibility for small countries and non-state actors to operate efﬁciently. In
cyberspace, size and mass no longer dominate; know-how is now paramount.
May 2017 Dr. Pekka Neittaanmäki
Dr. Martti Lehto
Professor Contents Part I Cyber Power The Modern Strategies in the Cyber Warfare . . . . . . . . . . . . . . . . . . . .
Martti Lehto 3 Cyber Capabilities in Modern Warfare . . . . . . . . . . . . . . . . . . . . . . . . .
Jim Q. Chen and Alan Dinerman 21 Developing Political Response Framework to Cyber Hostilities . . . . . . .
Jarno Limnéll 31 Cyber Security Strategy Implementation Architecture
in a Value System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Rauno Kuusisto and Tuija Kuusisto
Cyber Deterrence Theory and Practise . . . . . . . . . . . . . . . . . . . . . . . . .
Andreas Haggman 49
63 Jedi and Starmen—Cyber in the Service of the Light Side
of the Force . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Torsti Sirén and Aki-Mauri Huhtinen 83 Alternative Media Ecosystem as a Fifth-Generation Warfare
Supra-Combination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Andreas Turunen 99 Part II Cyber Security Technology Data Stream Clustering for Application-Layer DDoS Detection
in Encrypted Trafﬁc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Mikhail Zolotukhin and Timo Hämäläinen
Domain Generation Algorithm Detection Using Machine
Learning Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Moran Baruch and Gil David vii viii Contents Tailorable Representation of Security Control Catalog
on Semantic Wiki . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Riku Nykänen and Tommi Kärkkäinen
New Technologies in Password Cracking Techniques . . . . . . . . . . . . . . . 179
Sudhir Aggarwal, Shiva Houshmand and Matt Weir
Survey of Cyber Threats in Air Trafﬁc Control and Aircraft
Communications Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Elad Harison and Nezer Zaidenberg
Stopping Injection Attacks with Code and Structured Data . . . . . . . . . . 219
Algorithmic Life and Power Flows in the Digital World . . . . . . . . . . . . 233
Honeypot Utilization for Network Intrusion Detection . . . . . . . . . . . . . . 249
Simo Kemppainen and Tiina Kovanen
Security Challenges of IoT-Based Smart Home Appliances . . . . . . . . . . 271
Tuomas Tenkanen, Heli Kallio and Janne Poikolainen Part I Cyber Power The Modern Strategies in the Cyber
Martti Lehto Abstract As there is no generally accepted definition for cyber warfare, it is a
term that is quite liberally used in describing events and actions in the digital cyber
world. The concept of cyber warfare became extremely popular from 2008 to 2010,
partly superseding the previously used concept of information warfare which was
launched in the 1990s. For some, cyber warfare is war that is conducted in the
virtual domain. For others, it is a counterpart to conventional “kinetic” warfare.
According to the OECD’s 2001 report, cyberwar military doctrines resemble those
of so-called conventional war: retaliation and deterrence. Researchers agree with the
notion that the definition of cyberwar should address the aims and motives of war,
rather than the forms of cyber operations. They believe that war is always widespread
and encompasses all forms of warfare. Hence, cyber warfare is but one form of waging
war, used alongside kinetic attacks. The new capacities of armed forces create new
possibilities, for both the kinetic and non-kinetic use of force in cyberspace. Cyber
era capabilities make possible operations in the new nonlinear and indefinite hybrid
cyber battlespace. It must be possible to seamlessly integrate the decision-makers,
actors and all types of manned and unmanned platforms in the air, on the surface,
under the surface, in space, and in cyberspace. The main trends that are changing
the cyber battlespace are networking, time shortening, the increase in the amount
of data, and proliferation of autonomous and robotic systems, as well as artificial
intelligence and cognitive computing.
Keywords Cyber warfare · Non-kinetic · Battle management 1 Introduction
Digitalization is taking place by leaps and bounds in the armed forces. In this discourse, computers are seen as robust equipment and the metaphors promise total
surveillance, efficient control, and technological solutions to several complex probM. Lehto (B)
Faculty of Information Technology, University of Jyväskylä, Jyväskylä, Finland
e-mail: [email protected]
© Springer International Publishing AG, part of Springer Nature 2018
M. Lehto and P. Neittaanmäki (eds.), Cyber Security: Power and Technology,
Intelligent Systems, Control and Automation: Science and Engineering 93,
3 4 M. Lehto lems in the battlefield. Information technology establishes and nurtures this development by creating a real-time intelligence, surveillance, and command system, as well
as battlespace structures. These new digital structures in the cyber domain enable the
emergence of new threats (Edwards 1996).
This millennium carries on the technological development whose inception began
over 200 years ago. We are about to enter an era in which nanotechnology, highspeed computing capability, and artificial intelligence are coupled with massive data
warehouses and their virtual networks. Technology has developed exponentially;
this being the case, future decades will generate new innovation at a continually
increasing rate (Weisbrook 2007).
The cyberspace environment can be characterized by the acronym VUCA: volatility, uncertainty, complexity, and ambiguity. Cyberspace is both linked to and distinguished from air, land, sea, and space in that it is a man-made domain established
using electronic technology and software, firmware, and hardware programs specifically designed to manipulate electromagnetic energy into encoded signals (Scherrer
and Grund 2009).
The armed forces’ new capabilities create new opportunities for the kinetic and
non-kinetic use of force in cyberspace. Cyber age capabilities make it possible to
function in the new, nonlinear and only vaguely demarcated hybrid battlespace. For
this purpose, it must be possible to seamlessly integrate both manned and unmanned
platforms that operate in the air, and both on and below the surface, as well as in
space and cyberspace. New systems can better detect, track, and identify targets,
command troops, and guide weapon systems to achieve their intended effect. Time
and information become paramount in this operating environment. A real-time situational picture and shared situational awareness must be achieved ever more rapidly.
The command process demands precise and correctly timed information, even when
units are moving, to implement centralized command and dispersed action, and to
carry out force protection in the cyber battlespace.
Present warfare is totally dependent on the C5ISR system (command–control—
command and control, coordination and communication of the military operations
require a functional C5ISR system. The C5ISR system is the most vulnerable part,
and therefore it should be the most important object in the cyber defense of the armed
forces. The C5ISR system of today’s defense systems is a complex behemoth from
the radios, radars, and mainframes, to the PC devices, to the embedded and cyberphysical systems. The C5ISR system uses the data networks of armed forces, and in
addition the Internet, civilian networks, wireless solutions, navigation systems, and
radio networks of the wide frequency range. The networked C5ISR system also contains a huge variety of vulnerabilities. Hostile penetration is possible in any given part
of the system and the attack can cause problems for radar surveillance, telecommunications or the air defense system. It can paralyze the fire control system, positioning
system, and the satellite or mobile communication systems. The complexity of the
system makes it impossible to totally eliminate the vulnerabilities and to identify and
track penetrations inside the system. The networking increases the efficiency of the
defense systems, but at the same time, more dangerous vulnerabilities arise. The Modern Strategies in the Cyber Warfare 5 Cyber defense uses a variety of different sources and methodologies to mitigate
active threats, using fields such as incident response, malware analysis, digital forensics, and even intelligence-driven defense. Cyber warfare may be the greatest threat
that nations have ever faced. Never before has it been possible for one person to
potentially affect an entire nation’s security. And, never before could one person
cause such widespread harm as is possible in cyber warfare. Cyber power will be
as revolutionary to warfare as airpower, but the current vectoring of the domain will
determine which nation will hold cyber dominance and to what effect (Alford 2009;
In the other warfighting domains, power is derived from the human ability to use
tools to manipulate the domain to their advantage. The same logic applies to power
in cyberspace. A useful definition of cyber power is the ability to use cyberspace to
create advantages and influence events in all the operational environments and across
the instruments of power (Kuehl 2009; Sorensen 2010). 2 The Shifting Nature of Warfare
2.1 Change in Networking
The operating logic of military operations is to link together collectors, decisionmakers, and effectors in a flexible and simple manner that improves situational
awareness, makes decision-making quicker, and increases the tempo of execution
and survivability. The required information infrastructure will be achieved by fusing
IT networks and ICT systems. Everything can be connected to everything else in
Network centricity facilitates mobility, geographical dispersion, and the functioning of virtual organizations. Reliable, real-time dissemination, and the use of information in the entire area of operations are the necessary prerequisite for change, and
a uniform situational picture must be taken all the way to the level of an individual
combatant, fighter, and ship. It must also be possible to control the information from
an “empty” area to facilitate one’s own operations.
Network-centric warfare, including all relevant changes in warfare, is associated
with a development in which the center of gravity has shifted from platforms to networks, where all actors merge into an adaptive ecosystem and in which the attention
is focused on strategic choices and optimal decision-making.
In US Defence Forces, Network Centric Operations (NCO) replaced the NCW
vernacular in 2003 to counter the view that network-centric concepts and capabilities
were only applicable to high-end combat; rather, it was desired that it will be known
that it was applicable to the full mission spectrum, including non-kinetic missions.
NCO is a real-time operation model designed to securely deliver mission-critical
information throughout the chain of command anytime, anywhere, to achieve an
advantage over an adversary. Its goal is to use relevant information to achieve the 6 M. Lehto desired results of a military operation with minimal casualties, and at minimal cost.
NCO affects all levels of military activity, from the tactical to the strategic. At the
operational level, it gives commanders the capability to perform precisely, at an
efficient operational tempo. NCO is a collection of powerful organizational and
technical concepts. On the organizational side, it posits that organizations are more
effective when they bring “power to the edge,” that is, when they make information
freely available to those who need it and permit free collaboration among those who
are affected by or can contribute to a mission. This freedom brings the operational
benefits of better and more widespread understanding of the commander’s intent,
better self-synchronization of forces in planning and operations, fuller freedom...
View Full Document
- Fall '19
- World War II, Armed forces, United States armed forces, Cyberwarfare