CSIAC JOURNAL

Step into the future with the latest advancements and trends in cybersecurity. 

We blend research with subject matter expertise to provide an outlet for publicly releasable articles on new and emerging science, engineering, and technology within the cybersecurity community.

Latest Articles

The Post-Quantum Cryptography

Safe digital communication for organizations and individuals is protected online by using cryptography, whether making an online purchase from a favorite online store or sending an email to a friend or colleague. Imagine the impact if cybercriminals could break the cryptographic algorithms used to encrypt all our banking, medical information and history, or any sensitive data we use in our day-to-day digital life.

Read More

Modeling & Simulation: Battle Readiness in a Virtual World

As the world becomes more complex, the U.S. Department of Defense (DoD) faces a range of challenges that demands innovative solutions. One tool that has proven invaluable in this regard is modeling and simulation (M&S)—the process of creating a representation of a system or process and then using that representation to explore and test different scenarios.

Read More

Dark Net Usage for Countries in Conflict

For many, the “dark web” harbors a stigma. After the rise of notorious “dark net markets” like “Silk Road” and “AlphaBay” in the early 2010s, pop culture has come to equate the “dark web” with illegality and contraband.

Read More

Improving the U.S. Air Force’s Cyber Defense Strategy

April 2007 marks the month when the internet became weaponized [1]. In Estonia’s capital city of Tallinn, the government decided to move a bronze statue of a Russian soldier from the city center to a war memorial cemetery on the outskirts of town (Figure 1). They wanted to move the statue during the 60th anniversary of its erection in 1947, which memorialized the sacrifices of Russian soldiers liberating eastern Europe from the Nazis.

Read More

A Defense-In-Depth and Layered Approach to Software Supply Chain Security

In this article, we will discuss the confluence and utility of using software supply chain (SSC)-focused frameworks (The Updated Framework [TUF] and the in-toto framework), combined with behavioral approaches using artificial intelligence (AI) aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), to generate a truly comprehensive approach for SSC security [1]. Such a “defense-in-depth” approach recognizes that these frameworks by themselves fall short of addressing the guidelines for the integrity of SSCs.

Read More

Can the “Gorilla” Deliver? Assessing the Security of Google’s New “Thread” Internet of Things (IoT) Protocol

Security incidents associated with Internet of Things (IoT) devices have recently gained high visibility, such as the Mirai botnet that exploited vulnerabilities in remote cameras and home routers. Currently, no industry standard exists to provide the right combination of security and ease-of-use in a low-power, low-bandwidth environment. In 2017, the Thread Group, Inc. released the […]

Read More

Rebooting Letters of Marque for Private Sector, Active Cyber Defense

The views expressed in this paper are those of the author and do not reflect the official policy or position of the 780th Military Intelligence Brigade, U.S. Intelligence and Security Command, Department of the Army, Department of the Navy, Department of Defense, or the U.S. Government. Letters of Marque for Private Sector Cyber Defense Cyber […]

Read More

Evaluation of Comprehensive Taxonomies for Information Technology Threats

Categorization of all information technology threats can improve communication of risk for an organization’s decision-makers who must determine the investment strategy of security controls. While there are several comprehensive taxonomies for grouping threats, there is an opportunity to establish the foundational terminology and perspective for communicating threats across the organization. This is important because confusion […]

Read More

Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers

Sophisticated adversaries are moving their botnet command and control infrastructure to social media microblogging sites such as Twitter. As security practitioners work to identify new methods for detecting and disrupting such botnets, including machine-learning approaches, we must better understand what effect training data recency has on classifier performance. This research investigates the performance of several […]

Read More

Optimizing for Mission Success Using a Stochastic Gaming Simulation

This article describes how mission scenarios created using gaming software can be used as a graphical concept of operations (CONOPS) and optimized to ensure the highest probability of mission success. Traditional optimization methods have not been designed for mission-level problems, where highly uncertain environmental and operational parameters influence mission success, and clear objectives beyond success […]

Read More