The 11th annual International Conference on Cyber Conflict (CyCon) took place in Tallinn from 28 to 31 May 2019. The core topic of CyCon 2019 was ‘Silent Battle’, a title broad enough to allow for diverse interpretations stemming from the concern that the community of like-minded democracies is, more than ever before, being challenged by threats from cyberspace. How best can we cope with those challenges to our national security from a strategic perspective? Where is the equilibrium in a silent battle and how can we cope with it? How can AI, machine learning and big data help us? How will international law develop in light of the serious effects of state-sponsored operations that may or may not be hard to attribute? These and many other questions shaped the interdisciplinary discussions of CyCon 2019.
The Call for Papers in June 2018 resulted in 111 submitted abstracts. After careful selection and peer review by the Academic Review Committee, 29 articles were selected for publication.
The papers for the strategic track of the conference were the most numerous, reaching a total of 12. Martin C. Libicki discusses collective defence in cyberspace and the idea of establishing a Baltic-area cyberspace alliance, considers what such an alliance would do, assesses its costs and benefits for its members, and considers its implications for NATO and for the United States. Using multiple case studies, Keir Giles and Kim Hartmann explain the recent shift towards a more transparent policy on cyber conflicts and its future implications for numerous nations and NATO. As the first step 2 of their multiphase research, Daniel Kapellmann and Rhyner Washburn investigate various information-sharing platform designs for streamlining the exchange of knowledge, discussion and management of ICS vulnerabilities, a topic that possibly has not been sufficiently in focus to date. Barış Egemen Özkan and Serol Bulkan show how, besides hardware, commercial-off-the-shelf software obsolescence leads to major vulnerabilities for nations in cyberspace, especially with regard to critical infrastructure and military systems, and offer possible mitigations. Bilyana Lilly, Quentin Hodgson, Lillian Ablon and Adam Moore propose a high-level practical approach to the cyber Indications and Warnings (I&W) concept by examining a set of I&W frameworks to effectively anticipate and defend against cyber threats. Erwin Orye and Olaf Maennel consider how to predict and measure the outcome of cyber effects and recommend a set of best practices for enhancing cyber effects in modern warfare.
Jason Healey and Neil Jenkins outline a methodology and metrics for the recent counteroffensive cyber operations policy of the United States in terms of its deterrent impact. Ji Young Kong, Kyoung Gon and Jong In Lim describe the versatility of North Korea’s many cyber operation state actors and suggest strategies to cope with them. Max Smeets provides an empirical analysis of the existing military cyber organisations of allied nations and offers solutions to address similar key organisational challenges among them. Brad Bigelow sets out a set of equivalent principles that could be applied to military cyberspace operations performed below the level of armed conflict, and assesses the functions to designate the role for the military. Gil Baram and Udi Sommer show why, and under which geopolitical circumstances, countries choose to give up the advantages of anonymity after experiencing cyber attacks. James Pavur and Ivan Martinovic present a strategic analysis of the impact of cyberspace on key stabilising factors and the threat posed to space’s longstanding stability by cyber Anti-Satellite Weapons.
Three articles focused on the operational aspects of cyber defence. Alicia Bargar, Janis Butkevics, Stephanie Pitts and Ian McCulloh propose the use of social network analysis (SNA) to bolster the identification of false narratives used during information operations on social media. Joe Burton and Simona R. Soare explain the strategic implications of the weaponisation of AI for international security. Robert Koch highlights the potential risks to military operations coming from the Dark Web, and proposes ways to mitigate these risks.
There were five articles with a legal bent. Kenneth Kraszewski describes the SamSam ransomware attack on Atlanta in early 2018 and provides an analysis of the possible legal responses available to the United States. Jeff Kosseff analyses the United States’ new operational concept to ‘defend forward’ and investigates the possible options 3 available to the US within the limits imposed by existing international law. Nikolas Ott and Anna-Maria Osula examine the increasingly important role that regional organisations play in stabilising states’ relationships in cyberspace and elaborate on their possible synergies with the UN efforts. Przemysław Roguski investigates the factors challenging the concept of sovereignty in cyberspace and proposes a different understanding of this foundational principle of international law, through a model of ‘layered sovereignty’. Barrie Sander observes states’ reluctance to agree on cyberspecific multilateral treaties and to publicly clarify the customary international rules applicable to hostile cyber operations, and suggests that the silence of states can be interpreted according to the different types of security threats they are facing.
Turning to the technical arena, Giovanni Apruzzese, Michele Colajanni, Luca Ferretti and Mirco Marchetti shed light on adversarial attacks that aim to affect the detection and prediction capabilities of machine-learning models. Nicolas Känzig, Roland Meier, Luca Gambazzi, Vincent Lenders and Laurent Vanbever present a system that quickly and reliably identifies command and control channels without prior network knowledge. Roman Graf, Ross King and Aaron Kaplan offer effective identifying and defeating methodologies for malware applications in Android smartphones. Joonsoo Kim, Kyungho Kim and Moonsu Jang discuss the design and construction of a universal cyber-physical platform through the final design choices. Giuseppina Murino, Alessandro Armando and Armando Tacchella seek a model-free, quantitative, and general-purpose evaluation methodology to extract resilience indexes from system logs and process data. Pierre Dumont, Roland Meier, David Gugelmann and Vincent Lenders tackle the problem of detecting malicious shell sessions based on session logs, by analysing the sequence of commands that the shell users executed. Martin Strohmeier, Matthias Schäfer, Marc Liechti, Markus Fuchs, Markus Engel and Vincent Lenders analyse and discuss the challenges related to information gathering in the Dark Web for cyber security intelligence purposes. Artūrs Lavrenovs introduces a methodology for measuring different properties of individual devices participating in distributed denial-of-service (DDoS) attacks. Finally, Robert Koch and Mario Golling analyse the characteristics of silent battles and hidden cyber attacks and summarise the current and expected developments.
All the articles in this book have gone through a double-blind peer review by at least two members of CyCon’s Academic Review Committee. We greatly appreciate the role of the members of the Committee in reviewing and rating the submitted papers to guarantee the academic quality of the CyCon 2019 proceedings.