Expert answer:The Critical Need for Information Security

Expert answer:Download and read the following articles available in the ACM Digital Library:
Bernier, M., Chapman, I., Leblanc, S. P., & Partington, A. (2011). An overview of cyber-attack and computer network operations simulation. Proceedings from MMS ’11: Military Modeling & Simulation Symposium. Boston, MA.
Maughan, D. (2010, February). The need for a national cybersecurity research and development agenda. Communications of the ACM, 53(2), 29-31.
Write a four to five (4-5) page paper in which you:
1.Identify at least three (3) benefits or key knowledge points that could be derived from using cyber-attack simulator systems and research, and suggest how this insight could assist in defining the needs for security within an organization.
2.Analyze and determine which sector, public or private, has greater insight on the potential of cyberattacks. Justify your answer by citing at least three (3) examples.
3.Suggest at least four (4) best practices that should be implemented when developing a cybersecurity strategy within a security enterprise. Then, evaluate the required roles and functions of Information Technology (IT) personnel that would be required to sustain these best practices.
4.Describe the role of planning when developing a cybersecurity strategy and what key deliverables would ensure an effective implementation and transition.
5.Suggest how public-private partnerships can strengthen cybersecurity efforts and effectiveness in a:
a. Corporate environment
b. Regional level
c. National level
6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality
resources.
the_need_for_a_national_cybersecurity_research_and_development.pdf

an_overview_of_cyber_attack_and_computer_network_operations.pdf

Unformatted Attachment Preview

V
viewpoints
doi:10.1145/1646353.1646365
Douglas Maughan
Inside Risks
The Need for a National
Cybersecurity Research and
Development Agenda
Government-funded initiatives, in cooperation with private-sector partners in
key technology areas, are fundamental to cybersecurity technical transformation.
Official Wh it e H ouse Photo by L aw rence Jackson
Communications’ Inside Risks columns over the past two decades have
frequently been concerned with trustworthiness of computer-communication systems and the applications built
upon them. This column considers what
is needed to attain new progress toward
avoiding the risks that have prevailed
in the past as a U.S. national cybersecurity R&D agenda is being developed. Although the author writes from the perspective of someone deeply involved in
research and development of trustworthy systems in the U.S. Department of
Homeland Security, what is described
here is applicable much more universally. The risks of not doing what is described here are very significant.
—Peter G. Neumann
C
complex,
dynamic, globally interconnected digital and information infrastructure that
underpins every facet of society and provides critical support for
our personal communication, economy, civil infrastructure, public safety,
and national security. Just as our dependence on cyberspace is deep, so
too must be our trust in cyberspace,
and we must provide technical and
policy solutions that enable four
critical aspects of trustworthy cyberspace: security, reliability, privacy,
and usability.
ybe r s pace is the
art in
development
President Barack Obama greets White House Cyber Security Chief Howard A. Schmidt, who
was appointed in December 2009.
The U.S. and the world at large are
currently at a significant decision
point. We must continue to defend
our existing systems and networks. At
the same time, we must attempt to be
ahead of our adversaries, and ensure
future generations of technology will
position us to better protect critical
infrastructures and respond to attacks from adversaries. Governmentfunded research and development
must play an increasing role toward
achieving this goal of national and
economic security.
Background
On January 8, 2008, National Security
Presidential Directive 54/Homeland Security Presidential Directive 23 formalized the Comprehensive National Cybersecurity Initiative (CNCI) and a series of
continuous efforts designed to establish
a frontline defense (reducing current
vulnerabilities and preventing intrusions), which will protect against the
full spectrum of threats by using intelligence and strengthening supply chain
security, and shaping the future environment by enhancing our research, devel-
f e b r ua ry 2 0 1 0 | vo l. 53 | n o. 2 | c om m u n ic at ion s of t he acm
29
viewpoints
opment, and education, as well as investing in “leap-ahead” technologies.
No single federal agency “owns”
the issue of cybersecurity. In fact, the
federal government does not uniquely
own cybersecurity. It is a national and
global challenge with far-reaching
consequences that requires a cooperative, comprehensive effort across the
public and private sectors. However,
as it has done historically, the U.S. government R&D community, working in
close cooperation with private-sector
partners in key technology areas, can
jump-start the necessary fundamental
technical transformation.
Partnerships
The federal government must reenergize two key partnerships to successfully secure the future cyberspace: the
partnership with the educational system and the partnership with the private
sector. The Taulbee Survey2 has shown
that our current educational system is
not producing the cyberspace workers
of the future and the current publicprivate partnerships are inadequate for
taking R&D results and deploying them
across the global infrastructure.
Education. A serious, long-term
problem with ramifications for national security and economic growth is
looming: there are not enough U.S. citizens with computer science (CS) and
science, technology, engineering, and
mathematics (STEM) degrees being
produced. The decline in CS enrollments and degrees is most acute. The
decline in undergraduate CS degrees
portends the decline in master’s and
doctoral degrees as well. Enrollments
in major university CS departments
have fallen sharply in the last few years,
while the demand for computer scientists and software engineers is high
and growing. The Taulbee Survey2
confirmed that CS (including computer engineering) enrollments are down
50% from only five years ago, a precipitous drop by any measure. Since
CS degrees are a subset of the overall
requirement for STEM degrees and
show the most significant downturn,
CS degree production can be considered a bellwether to the overall condition and trend of STEM education. The
problems with other STEM degrees are
equally disconcerting and require immediate and effective action. At the
30
comm unicatio ns o f the acm
same time, STEM jobs are growing,
and CS jobs are growing faster than
the national average.
At a time when the U.S. experiences
cyberattacks daily and as global competition continues to increase, the U.S.
cannot afford continued ineffective educational measures and programs. Revitalizing educational systems can take
years before results are seen. As part of
an overall national cybersecurity R&D
agenda, the U.S. must incite an extraordinary shift in the number of students
in STEM education quickly to avoid a
serious shortage of computer scientists, engineers, and technologists in
the decades to come.
Public-Private Partnerships. Information and communications networks are largely owned and operated
by the private sector, both nationally
and internationally. Thus, addressing
cybersecurity issues requires publicprivate partnerships as well as international cooperation. The public and
private sector interests are dependent
on each other and share a responsibility for ensuring a secure, reliable infrastructure. As the federal government
moves forward to enhance its partnerships with the private sector, research
and development must be included in
the discussion. More and more privatesector R&D is falling by the wayside
and, therefore, it is even more important that government-funded R&D can
make its way to the private sector, given
it designs, builds, owns, and operates
most of the critical infrastructures.
Technical Agenda
Over the past decade there have been
a significant number of R&D agendas
The current publicprivate partnerships
are inadequate for
taking R&D results
and deploying them
across the global
infrastructure.
| F eb r ua ry 201 0 | vo l . 5 3 | no. 2
published by various academic and industry groups, and government departments and agencies (these documents
can be found online at http://www.cyber.
st.dhs.gov/documents.html). A 2006
federal R&D plan identified at least
eight areas of interest with over 50
project topics that were either being
funded or should be funded by federal
R&D entities. Many of these topic areas
have been on the various lists for over a
decade. Why? Because the U.S. has underinvested in these R&D areas, both
within the government and private
R&D communities.
The Comprehensive National Cyber Initiative (CNCI) and the President’s Cyberspace Policy Review3
challenged the federal networks and
IT research community to figure out
how to “change the game” to address
these technical issues. Over the past
year, through the National Cyber Leap
Year (NCLY) Summit and a wide range
of other activities, the U.S. government
research community sought to elicit
the best ideas from the research and
technology community. The vision of
the CNCI research community over the
next 10 years is to “transform the cyberinfrastructure to be resistant to attack
so that critical national interests are
protected from catastrophic damage
and our society can confidently adopt
new technological advances.”
The leap-ahead strategy aligns with
the consensus of the U.S. networking
and cybersecurity research communities: That the only long-term solution to
the vulnerabilities of today’s networking and information technologies is to
ensure that future generations of these
technologies are designed with security
built in from the ground up. Federal
agencies with mission-critical needs
for increased cybersecurity, which includes information assurance as well as
network and system security, can play a
direct role in determining research priorities and assessing emerging technology prototypes.
The Department of Homeland Security Science and Technology Directorate has published its own roadmap in
an effort to provide more R&D direction
for the community. The Cybersecurity
Research Roadmap1 addresses a broad
R&D agenda that is required to enable
production of the technologies that will
protect future information systems and
viewpoints
networks. The document provides detailed research and development agendas relating to 11 hard problem areas
in cybersecurity, for use by agencies of
the U.S. government. The research topics in this roadmap, however, are relevant not just to the governments, but
also to the private sector and anyone
else funding or performing R&D.
While progress in any of the areas
identified in the reports noted previously would be valuable, I believe the “top
10” list consists of the following (with
short rationale included):
1. Software Assurance: poorly written software is at the root of all of our
security problems;
2. Metrics: we cannot measure our
systems, thus we cannot manage them;
3. Usable Security: information security technologies have not been deployed because they are not easily usable;
4. Identity Management: the ability
to know who you are communicating
with will help eliminate many of today’s
online problems, including attribution;
5. Malware: today’s problems continue because of a lack of dealing with malicious software and its perpetrators;
6. Insider Threat: one of the biggest
threats to all sectors that has not been
adequately addressed;
7. Hardware Security: today’s computing systems can be improved with
new thinking about the next generation
of hardware built from the start with security in mind;
8. Data Provenance: data has the
most value, yet we have no mechanisms
to know what has happened to data
from its inception;
9. Trustworthy Systems: current systems are unable to provide assurances
of correct operation to include resiliency; and
10. Cyber Economics: we do not understand the economics behind cybersecurity for either the good guy or the
bad guy.
Life Cycle of Innovation
R&D programs, including cybersecurity R&D, consistently have difficulty
in taking the research through a path
of development, testing, evaluation,
and transition into operational environments. Past experience shows that
transition plans developed and applied
early in the life cycle of the research
program, with probable transition
In order to achieve
the full results of
R&D, technology
transfer needs to be a
key consideration for
all R&D investments.
paths for the research product, are effective in achieving successful transfer
from research to application and use.
It is equally important, however, to acknowledge that these plans are subject
to change and must be reviewed often.
It is also important to note that different technologies are better suited for
different technology transition paths
and in some instances the choice of the
transition path will mean success or
failure for the ultimate product. There
are guiding principles for transitioning
research products. These principles involve lessons learned about the effects
of time/schedule, budgets, customer
or end-user participation, demonstrations, testing and evaluation, product
partnerships, and other factors.
A July 2007 U.S. Department of Defense Report to Congress on Technology Transition noted there is evidence
that a chasm exists between the DoD
S&T communities and acquisition of
a system prototype demonstration in
an operational environment. DOD is
not the only government agency that
struggles with technology transition.
That chasm, commonly referred to as
the “valley of death,” can be bridged
only through cooperative efforts and
investments by both research and acquisition communities.
There are at least five canonical transition paths for research funded by the
federal government. These transition
paths are affected by the nature of the
technology, the intended end user, participants in the research program, and
other external circumstances. Success
in research product transition is often
accomplished by the dedication of the
program manager through opportunistic channels of demonstration, partnering, and sometimes good fortune.
However, no single approach is more
effective than a proactive technology
champion who is allowed the freedom
to seek potential utilization of the research product. The five canonical transition paths are:
˲˲ Department/Agency direct to
Acquisition
˲˲ Department/Agency to
Government Lab
˲˲ Department/Agency to Industry
˲˲ Department/Agency to
Academia to Industry
˲˲ Department/Agency to
Open Source Community
In order to achieve the full results of
R&D, technology transfer needs to be
a key consideration for all R&D investments. This requires the federal government to move past working models
where most R&D programs support only
limited operational evaluations and experiments. In these old working models, most R&D program managers consider their job done with final reports,
and most research performers consider
their job done with publications. In order to move forward, government-funded R&D activities must focus on the real
goal: technology transfer, which follows
transition. Current R&D principal investigators (PIs) and program managers
(PMs) aren’t rewarded for technology
transfer. Academic PIs are rewarded for
publications, not technology transfer.
The government R&D community must
reward government program managers
and PIs for transition progress.
Conclusion
As noted in the White House Cyberspace Policy Review,3 an updated national strategy for securing cyberspace
is needed. Research and development
must be a full partner in that discussion. It is only through innovation creation that the U.S. can regain its position as a leader in cyberspace.
References
1. A Roadmap for Cybersecurity Research, Department
of Homeland Security Science and Technology
Directorate, November 2009; http://www.cyber.st.dhs.
gov/documents.html
2. Taulbee Survey 2006–2007, Computing Research News
20, 3. Computer Research Association, May 2008.
3. White House Cyberspace Policy Review; http://www.
whitehouse.gov/assets/documents/Cyberspace_
Policy_review_final.pdf
Douglas Maughan (Douglas.Maughan@dhs.gov) is a
program manager for cybersecurity R&D at the U.S.
Department of Homeland Security in Washington, D.C.
Copyright held by author.
f e b r ua ry 2 0 1 0 | vo l. 53 | n o. 2 | c om m u n ic at ion s of t he acm
31
An Overview of Cyber Attack and Computer Network Operations Simulation
Ian Chapman,
Mélanie Bernier
Centre for Operational Research and Analysis
Defence Research and Development Canada
Ian.Chapman@drdc-rddc.gc.ca
Melanie.Bernier@drdc-rddc.gc.ca
Sylvain P. Leblanc,
Andrew Partington
Computer Security Laboratory
Royal Military College of Canada
Sylvain.Leblanc@rmc.ca
Keywords: Overview, Survey Paper, Cyber Attacks, Cyber
Warfare, Computer Network Operations
Cyber attacks have the potential to be extremely disruptive
to a wired society. To understand some of the ramifications
of these events, including their potential impact on the use
of networks, the research community has begun the
development of a number of applications to simulate cyber
warfare.
The paper is separated in two main sections. The first
part will discuss prominent private sector and academic
research, while the second will discuss public sector
research in the field of modeling and simulation for cyber
warfare.
This paper is intended to present the results of our
survey of current unclassified research literature, openly
published on the topic of simulation for cyber warfare. It is
not meant to be all encompassing. The authors have not
found other works that attempt to summarize key efforts in
this area of study.
The authors believe that simulation will make ever
greater contributions to the field of cyber warfare and CNO.
This paper and the Military Modeling Symposium that flow
from it should be viewed as an attempt to engage the
research community on this important emerging topic.
Abstract
This paper represents a snapshot of the current state of
the art in the simulation and modeling of cyber attacks and
defensive responses to those. It discusses a number of
simulations of cyber warfare, including live, virtual, and
constructive simulations. The simulations discussed in this
paper were found in the open literature and were conducted
in the private sector, academia, and government. Each
simulation is briefly described, including goals,
methodology, and a brief discussion of its accomplishments.
These modeling and simulation efforts are of particular
interest to the military modeling and simulation community,
as it is likely that military forces will continue to rely ever
more heavily on computer and communication networks.
1.
INTRODUCTION
The concepts and technical challenges behind the
simulation of military conflicts in the traditional operational
domains – land, maritime, and air – have been well
understood for several decades, and thus numerous
applications have been developed to support computer
wargaming. These wargames are typically used to support
training and experimentation, and are seen as a safe and
cost-effective way to assess the effects of new technologies
and equipment before deploying them to the real battlefield.
Recent events, such as the 2007 cyber attack on
Estonia, have shown the rising importance of computer
network operations (CNO)1 in an increasingly internetworked world. Both civilian and military domains have
become increasingly reliant on computer networks for
communication,
information
management,
utilities
management, financial systems, air traffic control, and many
other critical applications. In fact, the authors argue
elsewhere at this conference that CNO education is vital for
both technical and non-technical commanders, and propose
using simulation to further these educational goals [1].
2.
PROMINENT PRIVATE SECTOR AND
ACADEMIC RESEARCH
The idea of simulating cyber attacks has been
investigated by several researchers and students at
universities as well as in private organizations. The
simulations discussed in this section have been selected for
discussion because they represent some of the most
significant work in cyber attack modeling.
2.1. Cyber Attack Modeling using ARENA
ARENA is a constructive simulation developed by
researchers at the Rochester Institute of Technology (RIT),
partially sponsored by the U.S Air Force Research
Laboratory (AFRL) in Rome, NY. The ARENA simulation
software was used to simulate cyber attacks against a
computer network from an external source such as the
internet [2-3].
The simulation models step-by-step attacks on a
computer network. The attacks can be automatically created
within the constructs of the tool, or they can be predefined
in XML files that can be loaded by the simulation tool. Each
1
Per US Doctrine, CNO is comprised of Computer Network
Defense (CND), Computer Network Attack (CNA) and
Computer Network Exploitation (CNE). Many sources use
cyber warfare; we use both terms.
92
attack has a specific associated attack type and a target
computer on the network under attack. The simulation
supports a variety of attack types such as Denial of Service
(DoS) attacks and the installation of a backdoor on a target
computer. Each attack will typically go through numerous
steps to attempt access to a target computer. Therefore, each
attack will typically in …
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades