Hybrid threats represent one of the rising challenges to the safe and effective management of digital systems worldwide. The deliberate misuse or disruption of digital technologies has wide-ranging implications for fields as diverse as medicine, social media, and homeland security. Despite growing concern about cyber threats within many government agencies and international organizations, few strategies for the effective avoidance and management of threats or the prevention of the disruption they can cause have so far emerged.
This book presents multiple perspectives based upon a NATO Science for Peace and Security Programme Advanced Research Workshop on ‘Resilience and Hybrid Threats’ held in Pärnu, Estonia from 26-29 August 2018, and includes a mixture of workshop summary papers and invited perspectives from world experts. Topics include the development of strategies for the protection and recovery of systems affected by hybrid threats, and the benefits of those strategies under different disruption scenarios. The role of risk and resilience assessment pertaining to the information domain is a common focus across all perspectives.
Offering an overview of resilience-based decision making through an approach that integrates the threats and dependencies related to infrastructural, informational, and social considerations, the book will be of interest to all those whose work involves the security of digital systems.
The editors would like to acknowledge the generous support of NATO’s Science for Peace and Security Programme, which funded the workshop which inspired this book in August 2018. The editors also thank the many participants who attended this meeting and contributed their ideas to improve the international assessment and governance of hybrid threats. Their names are listed below.
NATO Science for Peace and Security Program Advanced Research Workshop Participants:
Mr. Gonçalo Abreu
Dr. Ilker Adiguzel
Dr. David Angeler
Dr. Fabrizio Baiardi (Group 1 Co-Chair)
Dr. Vladislav Chevardin
Dr. Craig Allen
Dr. Oleh Derevianko
Mr. Adolf J. Doerig
Mr. Kytomaa Eero
Dr. Meir Elran
Ms. Marie-Valentine Florin (Group 2 Co-Chair)
Dr. Scott L. Greer (Group 3 Co-Chair)
Dr. Ian Hall
Mr. Joshua Hall (Group 2 Rapporteur)
Dr. Ansgard Heinrich (Group 3 Co-Chair)
Dr. David Horobin
Dr. Kamrul Hossain
Mr. Käsper Kivisoo
Dr. Naouma Kourti
Mr. Indrek Künnapuu
Dr. James H. Lambert (Group 1 Co-Chair)
Dr. Igor Linkov (Overall Workshop Chair)
Mr. Joel Montgomery
Dr. Luis Muñoz-González
Ms. Nino Nanitashvili
Dr. Raymond J. Nyer
Dr. José Palma-Oliveira
Dr. Wojciech Piotrowicz
Dr. Tim Prior
Dr. Richard Rasmussen
Dr. Jean-Marc Rickli (Group 3 Co-Chair)
Dr. Lada Roslycky (Workshop Co-Coordinator)
Dr. Paul Rowe
Dr. Nabil Sahli
Mr. Mykhailo Samus
Dr. Thomas P. Seager (Group 3 Co-Chair)
Mr. Robert Silverstein
Dr. Joanna Sterling (Group 3 Rapporteur)
Dr. Kuldar Taveter (Workshop Co-Coordinator)
Dr. Heimir Thorisson (Group 1 Rapporteur)
Dr. Jordanka Tomkova
Dr. Benjamin D. Trump (Group 2 Co-Chair)
Mr. Uko Valtenberg
Dr. Ashok Vaseashta
Mr. Besir Wrayet
The Editors would like to acknowledge their Internal Production Editor, Miriam Pollock, who spent considerable effort preparing all chapters for submission.
Additional gratitude is due to the U.S. Army Engineer Research and Development Center, which supported Drs. Linkov and Trump in their work related to resilience of Hybrid Threats.
Additional support is provided by the US Army Engineer Research and Development Center under their military research program. Further support is acknowledged from the US Army Research Laboratory.
The editors are especially grateful for the support of Dr. Alexander Kott, who helped formulate the core idea behind the Advanced Research Workshop and furthered its success.
Hybrid threats represent one of the rising challenges to the safe and effective management of digital systems worldwide. The deliberate misuse or disruption of digital technologies has wide-ranging applications in fields as diverse as medical treatment, to social media, to military operations and homeland security. Despite growing concern of cyber threats within multiple government agencies and international organizations, few strategies of effective hybrid threat management have emerged that simultaneously help organizations avoid or prevent disruptions following hybrid threats, as well as to facilitate organizational recovery and adaptation when such disruptions occur. Resilience-based decision-making serves as one avenue that may help policymakers and other key stakeholders address this challenge by analyzing the nested interdependencies and social resilience upon various digital systems for sources of information, data storage, and device operation and management. We offer one such theoretical discussion of resilience in this area through a systems approach that integrates threats and dependencies related to infrastructural, informational, and social considerations.
Heimir Thorisson, Fabrizio Baiardi, David G. Angeler, Kuldar Taveter, Ashok Vasheasta, Paul D. Rowe, Wojciech Piotrowicz, Thomas L. Polmateer, James H. Lambert, Igor Linkov
13 - 26
Technologies such as smartphones, identification, sensors, and actuators are the basic components of an infrastructure that offers efficiencies and conveniences for citizens, governments, and organizations. This infrastructure faces a variety of threats including kinetic assaults, natural hazards, and accidents as well as information disruption and misinformation. Furthermore, interdependencies among components increase the vulnerabilities of infrastructures. This chapter identifies challenges and solutions to countering hybrid threats by describing data availabilities and needs and by reviewing available theory and methods, even from other fields. The chapter reviews current and ongoing scenarios to assess forecasting methods for future one. Lastly, it also offers some guidelines to increase infrastructure resilience.
We propose a methodology to design a resilient ICT system that defines the tasks to achieve resilience and then maps the system modules onto three planes that implement the system functions, monitor the system to discover ongoing attacks and faults, and reconfigure the system so that it continues to offer its services even when under attack. The three planes define the overall system structure and simplify the implementation of the tasks to support resilience. The paper also reviews the main ICT technologies that support the various tasks to achieve resilience.
A common feature of cyber security and resiliency assessment methodologies is to elicit semi-quantitative information from subject matter experts (SMEs). This information is frequently based on expert knowledge of the capabilities and motivations of hybrid threats. SMEs typically provide ratings of various system aspects on an ordinal (e.g., 1–5) scale which is then aggregated to create a prioritized rank order. Crucial system information may be hidden or lost during such assessments. Here we present an approach which is cognizant of multiple sources of complexity that exist in SME-driven cyber resiliency assessment methodologies.
Nicholas Kolokotronis, Stavros Shiaeles, Emanuele Bellini, Liza Charalambous, Dimitris Kavallieros, Olga Gkotsopoulou, Clement Pavue, Alessandro Bellini, Gohar Sargsyan
76 - 93
The security problems arising from the flawed design of legacy hardware and embedded devices allow cyber-criminals to easily compromise systems and launch large-scale attacks toward critical cyber-infrastructures. The interdisciplinary approach proposed in this chapter captures different phases of such emerging attacks, before and after known or unknown (zero-day) vulnerabilities have been widely exploited by cyber-criminals to launch the attack. Emphasis is given on building a proactive cyber-threat intelligence gathering and sharing system to prevent the exploitation of vulnerabilities and design flaws found in IoT devices. This intelligence information is used to maintain accurate vulnerability profiles of IoT devices, in accordance with data protection, privacy, or other regulations, and optimally alter their attack surface to minimize the damage from cyber-attacks.
The challenge of developing and nurturing research-practice synergy and integration in emergency management and disaster risk reduction is typically described as a challenging multidimensional vision. This paper describes and critically analyses the continuous and comprehensive Israeli effort since 2016 to promote this vision. It relates to the cultural, social, organizational, strategic policy and other aspects of this process. The new applied research-practice emerging and synergetic ecosystem is described and analyzed. Strategically speaking, applied and scientific, local and international implications are discussed.
The lack of a generalizable theory of resilient infrastructure is a serious obstacle to achieving Federal policy goals. This chapter contributes to such a theory by identifying four dimensions of organizational leadership critical to resilient response: 1) allocation of decision rights, 2) access to information, 3) patterns of interaction, and 4) meaning-making. Rather than build resilience by adopting a particular configuration of these organizational dimensions (such as open and decentralized), we theorize that resilience is the capacity to adapt along each dimension in different ways that are effective for response to each particular stress.
Fake news exists in multiple forms that differ in degrees of falsity and malice. The term fake news has been used broadly for and interchangeably with “misinformation,” “disinformation,” “rumors,” and “propaganda.” While subsets of fake news, these information types nonetheless vary by their sources and motivation. By “breaking down” fake news into these distinct types of information, we believe we can better prepare for proper responses that may be taken to combat the spread of hybrid threats. Thus, the aim of this chapter is to strengthen readers’ understanding of these widespread forms of fake news – as they are observed across societies today – that can have severe consequences for civilian and military stakeholders.
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
Tel.: +1 703 830 6300
Fax: +1 703 830 2300 email@example.com
(Corporate matters and books only) IOS Press c/o Accucoms US, Inc.
For North America Sales and Customer Service
West Point Commons
Lansdale PA 19446
Tel.: +1 866 855 8967
Fax: +1 215 660 5042 firstname.lastname@example.org