Visible to the public Geo-Temporal Characterization of Security Threats - January 2016

Submitted by Jamie Presken on Thu, 12/10/2015 - 9:20am

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Kathleen M. Carley
Co-PI(s):
Researchers:

1) HARD PROBLEM(S) ADDRESSED (with short descriptions)
This refers to Hard Problems, released November 2012.

Scalability and Composability: New network metrics developed under this project are scalable.

Policy-governed secure collaboration: This project provides an empirical bases for identifying global issues and needs vis-a-vis secure collaboration; e.g., what states are most threatening and may need special policies. Results show wide variation in infrastructure such that, any procedures designed only for new systems will fail to create secured collaboration at the global level. Results also show that countries with high corruption and unsophisticated IT support are likely to be used by others as the apparent source of attacks.

Predictive Security Metrics: This project provides an empirical basis for assessment and validation of security models. Provides a global model of the flow of cyber threats and associated information, that can be used to develop new social and organizational policies to reduce security threats. Research identifies capability and IT gaps at the global level thus improving selection and prioritization processes.

Resilient Architecture: Nothing directly.

Human Behavior: This project provides an empirical basis for assessing human and organizational variability in capability to thwart and to engage in attacks at the global level. Results provide insight into how to determine whether attacks that appear to be coming from a country are being directed out for malicious intent or whether that country is being inadvertently used by other countries and is so appearing malicious. Results are particularly relevant from a human policy perspective.

2) PUBLICATIONS

None yet in this fiscal year

3) KEY HIGHLIGHTS

  • Discovered a relation between cyber attacks and discussion of cyber attacks in social media; and apx 50% of the time the discussion precedes the attack.
  • Discovered that the lab between social media discussion and the cyber attack occurrence varied by country; e.g. 1 day for France and 6 for Great Britain.
  • Briefed information at NATO trident juncture exercise.
Groups: