Case Study 1: The Critical Need for Information Security Access the ACM Digital Library by following the steps below:Login to iCampus. From iCampus, click Research, under Campus & LibraryScroll down to “Information Systems & Computer Science”. Select ACM Digital LibraryDownload and read the following articles available in the ACM Digital Library:Bernier, M., Chapman, I., Leblanc, S. P., & Partington, A. (2011). An overview of cyber-attack and computer network operations simulation. Proceedings from MMS ’11: Military Modeling & Simulation Symposium. Boston, MA.Maughan, D. (2010, February). The need for a national cybersecurity research and development agenda. Communications of the ACM, 53(2), 29-31.Write a four to five (4-5) page paper in which you:Identify at least three (3) benefits or key knowledge points that could be derived from using cyber-attack simulator systems and research, and suggest how this insight could assist in defining the needs for security within an organization.Analyze and determine which sector, public or private, has greater insight on the potential of cyberattacks. Justify your answer by citing at least three (3) examples.Suggest at least four (4) best practices that should be implemented when developing a cybersecurity strategy within a security enterprise. Then, evaluate the required roles and functions of Information Technology (IT) personnel that would be required to sustain these best practices.Describe the role of planning when developing a cybersecurity strategy and what key deliverables would ensure an effective implementation and transition. Suggest how public-private partnerships can strengthen cybersecurity efforts and effectiveness in a: a. Corporate environment b. Regional level c. National level 6. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements:Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:Evaluate the ethical concerns inherent in cybersecurity and how these concerns affect organizational policies.Describe the corollary roles of security in an enterprise.Describe best practices in cybersecurity.Use technology and information resources to research issues in cybersecurity.Write clearly and concisely about topics associated with cybersecurity using proper writing mechanics and technical style conventions.
sec402_articule_1_for_case_study_1.pdf

sec402_articule_2_for_case_study_1.pdf

Unformatted Attachment Preview

An Overview of Cyber Attack and Computer Network Operations Simulation
Ian Chapman,
Mélanie Bernier
Centre for Operational Research and Analysis
Defence Research and Development Canada
Ian.Chapman@drdc-rddc.gc.ca
Melanie.Bernier@drdc-rddc.gc.ca
Sylvain P. Leblanc,
Andrew Partington
Computer Security Laboratory
Royal Military College of Canada
Sylvain.Leblanc@rmc.ca
Keywords: Overview, Survey Paper, Cyber Attacks, Cyber
Warfare, Computer Network Operations
Cyber attacks have the potential to be extremely disruptive
to a wired society. To understand some of the ramifications
of these events, including their potential impact on the use
of networks, the research community has begun the
development of a number of applications to simulate cyber
warfare.
The paper is separated in two main sections. The first
part will discuss prominent private sector and academic
research, while the second will discuss public sector
research in the field of modeling and simulation for cyber
warfare.
This paper is intended to present the results of our
survey of current unclassified research literature, openly
published on the topic of simulation for cyber warfare. It is
not meant to be all encompassing. The authors have not
found other works that attempt to summarize key efforts in
this area of study.
The authors believe that simulation will make ever
greater contributions to the field of cyber warfare and CNO.
This paper and the Military Modeling Symposium that flow
from it should be viewed as an attempt to engage the
research community on this important emerging topic.
Abstract
This paper represents a snapshot of the current state of
the art in the simulation and modeling of cyber attacks and
defensive responses to those. It discusses a number of
simulations of cyber warfare, including live, virtual, and
constructive simulations. The simulations discussed in this
paper were found in the open literature and were conducted
in the private sector, academia, and government. Each
simulation is briefly described, including goals,
methodology, and a brief discussion of its accomplishments.
These modeling and simulation efforts are of particular
interest to the military modeling and simulation community,
as it is likely that military forces will continue to rely ever
more heavily on computer and communication networks.
1.
INTRODUCTION
The concepts and technical challenges behind the
simulation of military conflicts in the traditional operational
domains – land, maritime, and air – have been well
understood for several decades, and thus numerous
applications have been developed to support computer
wargaming. These wargames are typically used to support
training and experimentation, and are seen as a safe and
cost-effective way to assess the effects of new technologies
and equipment before deploying them to the real battlefield.
Recent events, such as the 2007 cyber attack on
Estonia, have shown the rising importance of computer
network operations (CNO)1 in an increasingly internetworked world. Both civilian and military domains have
become increasingly reliant on computer networks for
communication,
information
management,
utilities
management, financial systems, air traffic control, and many
other critical applications. In fact, the authors argue
elsewhere at this conference that CNO education is vital for
both technical and non-technical commanders, and propose
using simulation to further these educational goals [1].
2.
PROMINENT PRIVATE SECTOR AND
ACADEMIC RESEARCH
The idea of simulating cyber attacks has been
investigated by several researchers and students at
universities as well as in private organizations. The
simulations discussed in this section have been selected for
discussion because they represent some of the most
significant work in cyber attack modeling.
2.1. Cyber Attack Modeling using ARENA
ARENA is a constructive simulation developed by
researchers at the Rochester Institute of Technology (RIT),
partially sponsored by the U.S Air Force Research
Laboratory (AFRL) in Rome, NY. The ARENA simulation
software was used to simulate cyber attacks against a
computer network from an external source such as the
internet [2-3].
The simulation models step-by-step attacks on a
computer network. The attacks can be automatically created
within the constructs of the tool, or they can be predefined
in XML files that can be loaded by the simulation tool. Each

1
Per US Doctrine, CNO is comprised of Computer Network
Defense (CND), Computer Network Attack (CNA) and
Computer Network Exploitation (CNE). Many sources use
cyber warfare; we use both terms.
92
attack has a specific associated attack type and a target
computer on the network under attack. The simulation
supports a variety of attack types such as Denial of Service
(DoS) attacks and the installation of a backdoor on a target
computer. Each attack will typically go through numerous
steps to attempt access to a target computer. Therefore, each
attack will typically involve an attacker infiltrating several
intermediary computers and servers on a network in order to
compromise the target computer. Along with its defined
type and target, each attack includes characteristics of the
attacker by giving a normalized value for efficiency, stealth
and skill. Efficiency refers to the speed and swiftness with
which the attacker can move from one intermediary host to
another in a multi-tiered network. Stealth refers to the
attacker’s ability to avoid unnecessary intermediate steps
which may alert network defenders to his presence. Finally,
the attacker’s skill parameter is used to determine
stochastically the success of each intermediary steps
required to prosecute the attack against the target computer.
The ARENA simulation also allows the user to
construct a computer network and execute a series of cyber
attacks on target hosts within that network. The simulated
network can be multi-tiered, with several layers separated
by routers and other network hardware. Host characteristics
can be specified such as the IP address, the operating
system, and the type of Intrusion Detection System (IDS)
sensor used on the hosts (servers or client computers). Once
the network is created, attacks can be simulated manually
(by choosing the attack type, the target and the time when
the attack is launched) or automatically (by using predefined XML attack files). Statistics on the attacks can be
collected by applying the attack details and attacker
characteristics (the attacker’s skill, stealth and efficiency
parameters) against the target network architecture.
This ARENA simulation tool is primarily used to
analyze IDS sensors. IDS sensors are deployed at specific
locations within the target network to examine network
traffic and generate alerts based on programmed rules. Not
all alerts are legitimate; some are the result of attacks, while
others are the result of non-malicious activity. The
simulation outputs an attack log, detailing the target and the
time of occurrence of each attack. The simulation also lists
which attacks triggered alerts, and for each IDS, notes the
details between the true and false positives.
Overall, this is a very well developed simulation tool
capable of simulating many forms of attack on a specific,
user-defined network. The focus on analysis of IDS sensors
makes the output of the simulation somewhat limited, but
useful nonetheless. At the end of a simulation run, the user
is presented with a list of attacks that occurred on the
simulated network and a list of the alerts reported by the
IDS sensors. This output can help analyze the target
network topology; however it offers limited benefits in
training and experimentation.
2.2. RINSE
The Real-Time Immersive Network Simulation
Environment (RINSE) is a live simulation developed by
researchers at the University of Illinois at UrbanaChampaign in 2006 [4]. RINSE was designed with the aim
of developing a simulation capable of supporting large-scale
wide-area networks (WAN) consisting of hundreds of localarea networks (LAN), each administered by users. In
RINSE simulations, attacks are carried out against the WAN
and users attempt to diagnose and counter the attacks to
keep their LAN’s network services running.
Physically, the simulator consists of an enclosed
network with several users acting as LAN managers on
different computers joining the same simulation exercise.
The users are tasked with the defence of their LAN against
computer attacks carried out by the simulation tool. A game
manager coordinates the simulation and plays the role of the
attacker.
Through the command prompt, the user can input
commands that fall into five different categories: attack,
defence (such as the installation of packet filters), diagnostic
networking tools (such as ping), device control (shutting
down or rebooting devices such as hosts and routers), and
simulator data.
The focus of the simulation is on external attack vectors
such as Distributed DoS (DDoS), worms and other attacks
involving high-intensity traffic flows. Simulator commands
are used to control the output of the simulation in order to
highlight the trace flow from a selected host.
RINSE also contains other useful features such as save
points and the ability to vary the pace of the simulation. In
addition, RINSE allows the game manager to adjust the
resources of simulated computers, such as memory and
CPU speed, which is important when modeling DDoS
attacks.
In summary, RINSE is a very powerful and well
designed live simulation tool capable of simulating attacks
on complex networks involving a large number of network
defenders. It is limited by the small number of cyber attacks
that it can simulate. Also, the use of a command-line
interface, instead of a full graphic user interface (GUI),
makes its use cumbersome. While the tool helps with the
training and education of network defenders, it does not
contribute to the general understanding of the implications
of CNO by senior leaders.
2.3. Simulating Cyber Attacks, Defenses and
Consequences by Cohen
Simulating Cyber Attacks, Defences and Consequences
is a paper written by Fred Cohen of Sandia National
Laboratories in the year 1999 [5]. Despite its publication
more than 10 years ago, the paper’s discussion of
developments in cyber attack simulation are still largely
93
his model as he was unable to compare his simulation with
large amounts of data from real world cyber attacks.
However, he maintains that his simulation was validated by
various experts who agreed that his model was accurate.
Nevertheless, since it has been over 10 years since Cohen
designed his simulation, and as he was unable to do much in
the way of validation, one cannot place much faith in the
accuracy of his model. Nevertheless, the ideas, concepts and
methodology in his attempt to simulate cyber attacks are all
very important and applicable to any modern simulation of
cyber attacks.
relevant and have helped contribute to the work on Secusim
(Section 2.4). Cohen’s simulation is constructive, runs on a
single computer and models various attacks on a simulated
network.
Cohen simulates various attack scenarios using the
attacker’s and defender’s skills as the primary simulation
parameter. Cohen went to great lengths to classify attackers
and gives them various attributes and skill levels. Each
attack was given a classification such as vandalism,
professional-theft, military or insider action. Combining
these parameters and attributes yields 34 different classes of
attackers. Each class has a different skill level, different
predetermined attack goals and indication of their ability to
hack stealthily.
This extensive classification scheme makes the
simulation easier to understand and the results easily
analyzed for different types of computer attackers.
Unfortunately Cohen does not detail how he carried out the
classifications. Even if he made very good generalizations
about certain types of attackers, the differences between
individuals are not captured by the simulation. Nevertheless
the idea is intuitive and represents an interesting concept in
cyber attack simulations.
Interestingly, Cohen’s simulation is based on a set of 37
types of threats, 94 types of attacks, and approximately 140
types of protective methods. A database tracks the attacks
and their associated protective methods. This was seen as
very innovative as there is a variety of possible cyber
attacks and only certain defences are possible against certain
attacks. We see no evidence of validation of this extensive
classification scheme.
The output of interest in the simulation is the simulated
duration of the attack and its outcome (whether the attacker
or the defender “wins”). The attacker will win if he achieves
his goals and the defender will win if he successfully
prevents the attacker from achieving his goals. Depending
on the attacker’s goals and the respective skill level of the
attacker and defender, the simulated time of the attack can
range from minutes to years. This is comparable to real life
where attackers may try to accomplish their goals quickly or
wait months or even years for the opportunity to attack.
Cohen extends the usefulness of his simulation by
attempting to value the cost to the attacker and defender in
terms of time spent and the expense of equipment used,
focusing on the cost of a skilled defender versus an
unskilled defender. He posits that hiring a very skilled
computer administrator may be more expensive than the
loss incurred from a cyber attack. Cohen’s work in the
modeling of cost is very simplistic; nevertheless considering
the financial costs in a cyber simulation model is an idea
that may have considerable appeal.
Cohen’s simulation was ground breaking in scope,
attempting to cover many forms of cyber attack and
defence. However, Cohen admits a struggle with validating
2.4. SECUSIM
Secusim is constructive simulation software that was
developed at the Department of Computer Engineering at
Hangkong University in Korea in 2001 [6]. It was designed
for the purpose of “specifying attack mechanisms, verifying
defence mechanisms, and evaluating their consequences.” It
is programmed in C++ for use on a single computer and
includes a GUI allowing the user to create a virtual
computer network of his or her design.
The software has different modes: Basic, Intermediate,
Advanced, Professional and Application. Each mode has
different levels of functionality and customizability. The
research paper contrasts the modes as follows:
 “Basic Mode: Provides basic knowledge of cyberattack mechanisms by retrieving the scenario database.
 Intermediate Mode: Allows the cyber attack simulation
of a given network by selecting arbitrary attacker model
and target host as well as setting the attack scenario.
 Advanced Mode: Supports direct command-level
testing of a given cyber-attack into the given network
models.
 Professional Mode: Provides advanced analysis for link
and node vulnerability of given network by allowing
multiple cyber-attack simulation.
 Application Mode: Includes graphic editing capabilities
allowing users to create and simulate their own
customized network configurations.”
The different modes enable users without much CNO
expertise to operate the software in order to run the
simulation while giving those with more knowledge the
ability to design their own networks and test them against
multiple cyber attacks in a single simulation run.
Secusim is interesting primarily because of its
customizability and its user-friendly GUI. It builds on the
initial research of Fred Cohen and provides a good example
of simulation software used for cyber attack modeling and
analysis.
2.5. Research Efforts Involving OPNET
There have been a few cyber attack simulations that use
the computer software OPNET Modeler. This commercial
simulation software is designed to aid in the analysis and
94
represent very large IP networks and is intended to be used
to train IT staff in combating cyber attacks.
NetEngine features a user interface where the user
views network topology maps, the simulated network’s
status, and router load plots. The software is built so that it
can be accessed through the web using an internet browser.
The simulation software itself is written in C++ and is
designed to be run on Linux machines. The simulation can
model workstations, routers, firewalls, servers, host clusters
and ISPs. Each user of the simulation is placed in charge of
a simulated domain which is a collection of hardware and
software systems on the simulated computer network.
Various cyber attacks are launched against these simulated
domains. The users are able to communicate with each other
during the simulation by using simulated email, facsimile,
telephone or instant message. These communications
processes are also vulnerable to the simulated cyber attacks.
This allows team work to play a role in the simulation.
This simulation tool does not focus on the technical
details of the attacks but instead focuses on their effects.
Therefore, the simulation implements generic attacks such
as DDoS attacks, viruses and worms but makes little attempt
to simulate attacks that rely on targeted computer exploits.
The simulated attacks are predetermined and released
according to a master driving script. This script effects state
changes in the network to simulate an attack. For example,
it can change the load level on a particular link or change
the status of routers, workstations and other devices to
simulate compromises or service degradation. Although the
master driving script contains details and release time for
each attack, these are first reviewed by an exercise
controller who can either accept or cancel the release of the
scripted attack.
NetEngine has been quite successful. It was used as the
basis of Livewire, a four day US national cyber defence
exercise conducted in October 2003. This exercise involved
over 300 participants in the US, including representatives
from the energy and finance sectors. The exercise simulated
a cyber attack against critical infrastructures which required
the participants to communicate and work together to
defend against the attacks or mitigate their impact.
NetEngine has proven to be very useful simulation software
with the ability to simulate large computer networks under
cyber attacks.
design of communication networks, devices, protocols, and
applications. The software allows the modeling of “all
network types and technologies” [7]. This includes VoIP,
TCP, OSPFv3, MPLS, and IPv6. Among OPNET’s many
features are a user interface, support for simulations
distributed across several computers and a library of device
models with source code.
OPNET’s ability to simulate computer networks makes
it an ideal basis for a cyber attack simulation [7]. In this
section, two research papers discuss the use of OPNET in
cyber attack simulations.
2.5.1. Sakhardande – SUNY
“The use of modeling and simulation to examine
network performance under Denial of Service attacks” is a
master’s thesis written by Rahul R. Sakhardande of the State
University of New York in 2008 [8]. Sakhardande modeled
a computer network in OPNET and analyzed its
performance under normal operating conditions and again
when undergoing a simulated DoS attack. The model was
fairly limited as the authors did not configure OPNET to
represent many different network topologies in order to
conduct a more thorough analysis. Furthermore,
Sakhardande was unable to properly validate his model
against real operating environments. Nevertheless, the work
shows that a model of DoS attacks on a network can be
simulated using OPNET, even if the results in this particular
instance were of limited general applicability.
2.5.2. Frequency-Based IDS
“A Frequency-Based Approach to Intrusion Detection”
is a research paper written by Mian Zhou and Sheau-Dong
Lang of the University of Central Flori …
Purchase answer to see full
attachment