Marek Amanowicz's research while affiliated with NASK National Research Institute and other places

As discussed in Chapter 2, an important current direction in development in ICT systems is the design of new methods for more dynamic and fine-grained control of access to information. Such a new approach must not only support enforcement of need-to-know and responsibility-to-share requirements, but also enable defence-in-depth through cross-layer enforcement of security policies.

The network infrastructure used in modern ICT systems consists of devices, individually configured to process network packets. The disadvantage of such an approach is a complicated and inflexible management process that introduces great difficulty in creating and implementing new network solutions. The administrator must configure each device separately to achieve the desired network operation.

The Topology Manager has been modified by adding a function to handle information on the current security status of components of the data plane in dimensions C, I, and A for links and T for switches, received from SOC. Based on this information, the values of the security attributes of links and switches are updated.

The role and importance of risk assessment when making access control decisions have been discussed in Sect. 2.2.6. In particular, we have pointed out that operational scenarios usually require finding the appropriate balance between ensuring confidentiality and availability of specific resource or service to users. The cost of potential unauthorized disclosure must be balanced with the cost of inability to perform operations or performing them based on incomplete data. Moreover, in practice, we seldom can base our decision on perfect information about trustworthiness of actors (such as users) and assets (such as network and user ICT equipment) used in operations. Our situational awareness is often affected by a large amount of uncertainty about the current state of the system. Therefore, in practice, every access control decision includes some risk acceptance, which the organization needs to adequately assess. In this chapter, we consider how the risk related to transfer of data over an SDN can be effectively managed.

Implementing DCS in a SDN-based system introduces several challenges and requires several enablers, which are discussed in this chapter. Our discussion does not answer all the questions related to the design and implementation of a practical DCS solution. Some additional challenges that are not discussed in detail are, for example, related to integrating DCS with existing cyber defence infrastructure and procedures. For example, acquiring current and reliable information on the security status of SDN components, especially in a multi-domain, federated environment, requires the implementation of effective mechanisms for the cooperation of network control systems and security operation centres (SOCs) that different organisations may manage.

Data is the critical and arguably the most important asset of any enterprise or organisation. Having access to reliable and trustworthy data when needed is a decisive factor in the success or failure of business and military operations.

In this paper a modification of the widely used Kademlia peer-to-peer system to tactical networks is proposed. We first take a look at the available systems today to cover the range of possibilities peer-to-peer systems offer. We iden-tify candidates for use in military networks. Then we com-pare two candidate systems in an environment with highly dynamic participants. The considered environment is focused on the special conditions in tactical networks. Then we give rationale for choosing Kademlia as a suitable system for tac-tical environments. Since Kademlia is not adapted to military networks, a modification to this system is proposed to adapt it to the special conditions encountered in this environment. We show that optimizations in the routing may lead to faster lookups by measuring the modified algorithm in a simula-tion of the target environment. We show also that the pro-posed modification can be used to extend the battery lifetime of mobile peer-to-peer nodes. Our results show that peer-to-peer systems can be used in military networks to increase their robustness. The modifications proposed to Kademlia adapt the system to the special challenges of military tactical networks. Keywords—Kademlia, network enabled capabilities, peer-to-peer, wireless tactical military networks.

Protection against a growing number of increasingly sophisticated and complex cyberattacks requires the real-time acquisition of up-to-date information on identified threats and their potential impact on an enterprise’s operation. However, the complexity and variety of IT/OT infrastructure interdependencies and the business processes and services it supports significantly complicate this task. Hence, we propose a novel solution here that provides security awareness of critical infrastructure entities. Appropriate measures and methods for comprehensively managing cyberspace security and resilience in an enterprise are provided, and these take into account the aspects of confidentiality, availability, and integrity of the essential services offered across the underlying business processes and IT infrastructure. The abstraction of these entities as business objects is proposed to uniformly address them and their interdependencies. In this paper, the concept of modeling the cyberspace of interdependent services, business processes, and systems and the procedures for assessing and predicting their attributes and dynamic states are depicted. The enterprise can build a model of its operation with the proposed formalism, which takes it to the first level of security awareness. Through dedicated simulation procedures, the enterprise can anticipate the evolution of actual or hypothetical threats and related risks, which is the second level of awareness. Finally, simulation-driven analyses can serve in guiding operations toward improvement with respect to resilience and threat protection, bringing the enterprise to the third level of awareness. The solution is also applied in the case study of an essential service provider.

Ensuring a good level of cybersecurity of global IT systems requires that specific procedures and cooperation frameworks be adopted for reporting threats and for coordinating the activities undertaken by individual entities. Technical infrastructure enabling safe and reliable online collaboration between all teams responsible for security is an important element of the system as well. With the above taken into consideration, the paper presents a comprehensive distributed solution for continuous monitoring and detection of threats that may affect services that provision is essential to security and broadly understood the state’s economic interests. The said solution allows to collect, process and share distributed knowledge on hazard events. The partnership-based model of cooperation between the system’s users allows the teams to undertake specific activities at the central level, facilitates global cyber threat awareness, and enhances the process of predicting and assessing cyber risks in order to ensure a near-realtime response. The paper presents an overview of the system’s architecture, its main components, features, and threat intelligence tools supporting the safe sharing of information concerning specific events. It also offers a brief overview of the system’s deployment and its testing in an operational environment of NASK’s Computer Security Incident Response Team (CSIRT) and Security Operation Center (SOC) of essential services operators