The Experts below are selected from a list of 3405 Experts worldwide ranked by ideXlab platform
Tytarenko Oleksandr - One of the best experts on this subject based on the ideXlab platform.
-
Selection of the best security controls for rapid development of enterprise-level Cyber security
Monterey California: Naval Postgraduate School, 2017Co-Authors: Tytarenko OleksandrAbstract:State-supported Cyber attacks, Cyber espionage campaigns, and hacktivist movements have forced many states to accelerate their Cyber defense development in order to achieve at least a minimum level of protection against expanding threats of Cyber space. As with any other development effort, Cyber Capability development requires resources of time, money, and people, which in most cases are very restricted. To rapidly build up the first line of defense, enterprises should select the most efficient Cyber controls and measures. This thesis sought out the top 10–20 Cyber security controls, where ranking was based upon a return on investment (ROI) assessment. This ROI assessment entailed consideration of both the likely/expected security benefits of each candidate security control (the R numerator), and the likely/expected cost associated with each security control (the I denominator). The primary references for security controls and their specifications are NIST Special Publication 800-53, revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, and publications of SANS, NSA, ISACA, the Center of Protection of National Infrastructure, and other organizations dealing with Cyber security. The selected security controls are presented in a standardized form, with sections for description, expected ownership cost, expected security provided, and general implementation recommendations.http://archive.org/details/selectionofbests1094552944Major, Armed Forces of Ukraine, ArmyApproved for public release; distribution is unlimited
Limnéll Jarno - One of the best experts on this subject based on the ideXlab platform.
-
Strategic leadership in Cyber security, case Finland
'Informa UK Limited', 2020Co-Authors: Lehto Martti, Limnéll JarnoAbstract:Cyber security has become one of the biggest priorities for businesses and governments. Streamlining and strengthening strategic leadership are key aspects in making sure the Cyber security vision is achieved. The strategic leadership of Cyber security implies identifying and setting goals based on the protection of the digital operating environment. Furthermore, it implies coordinating actions and preparedness as well as managing extensive disruptions. The aim of this article is to define what is strategic leadership of Cyber security and how it is implemented as part of the comprehensive security model in Finland. In terms of effective strategic leadership of Cyber security, it is vital to identify structures that can respond to the operative requirements set by the environment. As a basis for national security development and preparedness, it is necessary to have a clear strategy level leadership model for crises management in disturbances in normal and in emergency conditions. In order to ensure Cyber security and achieve the set strategic goals, society must be able to engage different parties and reconcile resources and courses of action as efficiently as possible. Cyber Capability must be developed in the entire society, which calls for strategic coordination, management and executive Capability.peerReviewe
Waters Gary - One of the best experts on this subject based on the ideXlab platform.
-
Cyber Defence and Warfare
Kokoda Foundation, 2020Co-Authors: Ball Desmond, Waters GaryAbstract:The 2013 Defence White Paper includes security against major Cyber attacks on Australia as an element of our �defence of Australia� national strategic interest. It devotes a separate section to Cyber in its strategic outlook. While the White Paper makes heartening comment about the need to integrate Cyber power into national strategy, it provides no insights into how this might be achieved, nor does it set any real strategic direction for an improved whole-of-nation effort. It does not attempt to identify any Cyber objectives that should underpin Australia�s national security strategy. Australia needs to develop a current baseline Cyber posture, derive a consolidated view of all requirements and gaps, and develop future remediation and implementation plans in an integrated fashion. Without this, Cyber Capability gaps across the Australian Government will continue to hinder the agencies� ability to plan for and conduct effective operations. Accordingly, this article calls for a comprehensive capabilities-based assessment, a national Cyber Capability plan, and an implementation plan (with specific actions and implementation responsibilities, timeframes, and performance measures) and a funding strategy for addressing any gaps resulting from the assessment. It also calls for a clearer articulation of operational planning considerations, including dealing with the conflation of electronic warfare and Cyber warfare, and the use of uninhabited aerial vehicles for improved intelligence collection and network penetration
Lehto Martti - One of the best experts on this subject based on the ideXlab platform.
-
Strategic leadership in Cyber security, case Finland
'Informa UK Limited', 2020Co-Authors: Lehto Martti, Limnéll JarnoAbstract:Cyber security has become one of the biggest priorities for businesses and governments. Streamlining and strengthening strategic leadership are key aspects in making sure the Cyber security vision is achieved. The strategic leadership of Cyber security implies identifying and setting goals based on the protection of the digital operating environment. Furthermore, it implies coordinating actions and preparedness as well as managing extensive disruptions. The aim of this article is to define what is strategic leadership of Cyber security and how it is implemented as part of the comprehensive security model in Finland. In terms of effective strategic leadership of Cyber security, it is vital to identify structures that can respond to the operative requirements set by the environment. As a basis for national security development and preparedness, it is necessary to have a clear strategy level leadership model for crises management in disturbances in normal and in emergency conditions. In order to ensure Cyber security and achieve the set strategic goals, society must be able to engage different parties and reconcile resources and courses of action as efficiently as possible. Cyber Capability must be developed in the entire society, which calls for strategic coordination, management and executive Capability.peerReviewe
Kanniainen Vesa - One of the best experts on this subject based on the ideXlab platform.
-
Essays in national defence
'The National Defence University of Ukraine named after Ivan Cherniakhovskyi', 2018Co-Authors: Kanniainen VesaAbstract:Background and motivation For many small countries with a long history of conflicts with a large neighbouring country, the question of national security has a high priority. Alternative survival strategies include a sufficiently strong defence Capability in terms of the defence design and quality of defence materiel or, alternatively, a membership in a defence alliance. Such choices should be based on cost/benefit analyses. The urgency of such analyses becomes burning if tensions arise for one reason or another or if the available options change and attract public discussions, or if the safety class of the country has deteriorated. In Finland, the choice between a military draft (conscription) and an all-volunteer professional army has been the subject of continuous debate over the years. Moreover, as a result of Russia’s occupation of Crimea in 2014 and the subsequent Ukraine crisis, tensions also intensified in the Baltic Sea area. After the Cold War, there was a peaceful period in Western and Central Europe. However, subsequent aggressive political tensions grew. As a response both in Finland and in Sweden, the issue of a potential membership in NATO, the North Atlantic Treaty Organization has been at the core of the debate. As a result of increased tension, Sweden has regretted its abolishment of the draft and its demilitarisation of Gotland Island. It has tried coming back to a partial draft army, but with limited success. The issue of how much to allocate resources to national defence has to do with the valuation of the willingness of the country’s citizens concerning the importance of national security. In repeated surveys, such willingness is appreciated by more than 70 per cent of the population in Finland. This is apparently based on the history of the country with repeated aggressions between the Swedish and Russian empires and the attacks by the Soviet Red Army at the beginning of and during World War II. Research tasks Analytical views on motives behind countries’ fighting have attracted a lot of attention in the theory of conflicts. However, no behavioural theory has been analytically formulated in terms of the risk-taking attitudes of individual soldiers, particularly in a defending army against a larger predator. The current study aimed to produce such an analysis, suggesting a theory of commitment to defend in the spirit of intertemporal altruism across generations. Such an analysis is included as the first article in the current collection. It is extended to study the possibilities of creating deterrence against an attacking army by means of communication and the signaling of the willingness to defend itself. The approach employs game theoretic tools. The second article focuses on the issue of army design through a draft or is alternatively based on a professional army. The third article derives the mathematical option value for a membership in a defence alliance in terms of a coalition theory. In both of them, the analysis is based on a cost-benefit approach. In both articles, the key analytic concept to start with is the risk classification of a country. The key building block in setting up the national defence is based on the acquisition of appropriate defence materiel. Two articles in this collection provide multi-stage analytic decision-theoretic approaches for two issues, i.e. offsets and joint procurements. No previous economic theory of offsets is available in the existing literature. The issue is timely, as Finland has launched its plan to replace its current F/A-18 fighters with a new type of fighter in the coming years. Joint procurements in the acquisition of defence material between independent countries make sense as they seem to be economically justified. In reality, few have actually taken place. The fifth article in the current collection attempts to explain why this is probably the case. For example, efforts to jointly carry out the acquisition of the NH90 helicopters among four Nordic countries failed. Moreover, despite the obvious benefits of joint procurements between the small Baltic states, they never appear to take place. Finally, the Cyber technologies appear to provide a new and complementary instrument for conventional armament. In 2010, the world learned about Stuxnet, a malicious computer worm believed to be jointly created by American and Israeli Cyber weapon specialists. Experts have been convinced that Stuxnet was meant to sabotage the uranium enrichment facility at Natanz in Iran and its centrifuge operational capacity, but the damage spread to other units, too. It is believed that most of the infected computers worldwide by Stuxnet have been in Iran. The Stuxnet attack is the background for the last article in this collection. It explains why Cyber technologies have potentially led to a new era of warfare between hostile countries. Research methods The aim of the current study is to address the issues related to factors or decisions that determine the national security in a small country: the willingness to defend, the army design, potential membership in a military coalition, the acquisition of the defence materiel, and the role of Cyber Capability as a new type of warfare. The approach of the current collection of studies is based on the employment of economic tools and includes economic cost/benefit analyses, mathematical optimisation methods, game-theoretic models, extensions to the Tullock model in contests, and the Nash bargaining approach in arriving at contracts. National security is viewed as a public good and the question is how to incentivise the decision-makers to arrive at the best policies. Tools of information economics are relevant, as a small defending country must try to communicate and signal to a potential predator its commitment to defend. Analytic economic methods are not that typical in the discussions and debates on national security in our country. One reason may be that the war games in such an approach take place in a fictitious mathematical world. It is hoped, however, that with its theoretical results, the current study is able to deliver a message of the usefulness of economic and mathematical tools for conflict studies. Starting with his works in the 1920s, the game theory was initially developed by the Hungarian mathematical genius, John von Neumann. His focus, however, was on zero-sum games, yet typical confrontations in politics or conflicts are not necessarily characterised by zero-sum games. Instead, the Coase theorem suggests the opposite: a peaceful settlement of issues is Pareto- efficient and should lead to a surplus-maximising win-win outcome. Then, the issue arises as to why a commitment to a no-fight equilibrium is so difficult to obtain in the real world. The subsequent development of game theory has moved in other directions: negotiation, bargaining and signaling under informational restrictions. The pioneering work by Thomas C. Schelling, the Nobel prize winner in economics in 2005, characterised the key elements in war games. In his Nobel prize lecture, he expressed his delight on that the world had been able to live without a nuclear war for over sixty years. The famous lesson stated by the Prussian General von Clausewitz in the 19th century on “…not [taking] the first step without considering the last” is one of the corner stones of the modern dynamic game theory. The purpose of mathematical models employed in economics is not to say that they represent the real world. The model world is fictitious and it exists only in the brains of the researchers – and in their publications. Their justification arises from their operation as helpful instruments in checking the validity of thinking and of the stated arguments. Human brains make mistakes, but the mathematics does not. The purpose of models is to build into the analysis the key mechanisms to be examined, rather than the whole messy real world. Many aspects are therefore left out on purpose without claiming that they are irrelevant. The purpose instead, is to put the focus on the key mechanisms
