Logo: to the web site of the Swedish Defence University

fhs.se
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats
Swedish Defence University, Department of Military Studies, Military-Technology Division.ORCID iD: 0000-0002-4376-9800
Swedish Defence University, Department of Military Studies, Military-Technology Division.
2013 (English)In: Proceedings of the 2013 European Intelligence and Security Informatics Conference / [ed] Joel Brynielsson & Fredrik Johansson, IEEE Computer Society, 2013, p. 166-171Conference paper, Published paper (Refereed)
Abstract [en]

Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient interorganizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.

Place, publisher, year, edition, pages
IEEE Computer Society, 2013. p. 166-171
Keywords [en]
cyber, counterintelligence, espionage, anomaly detection, attribution
National Category
Information Systems, Social aspects
Research subject
Military Technology
Identifiers
URN: urn:nbn:se:fhs:diva-4118DOI: 10.1109/EISIC.2013.37ISBN: 978-0-7695-5062-6 (print)OAI: oai:DiVA.org:fhs-4118DiVA, id: diva2:640955
Conference
European Intelligence and Security Informatics Conference (EISIC 2013), 12-14 August 2013, Uppsala, Sweden
Available from: 2013-08-14 Created: 2013-08-14 Last updated: 2019-08-26Bibliographically approved
In thesis
1. Military intelligence analysis: institutional influence
Open this publication in new window or tab >>Military intelligence analysis: institutional influence
2017 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Intelligence is vital for the outcome of battles. As long as humans wage war, there will be a need for decision support to military and civilian leaders regarding adversaries or potential adversaries. However, the production of intelligence is neither easy nor without pitfalls. There is a need to better understand the predicaments of intelligence analysis.

Intelligence is bureaucratically produced as well as socially constructed and created in a distinct cultural context. The ‘institution’ captures these three aspects of influence. Therefore, with a particular focus on military intelligence, this thesis aims to deepen the understanding regarding institutional influence on intelligence assessments. The literature regarding intelligence has grown steadily over the last three decades. However, theories and frameworks aimed to understand the phenomenon are still sparse. This is even more true for literature regarding contemporary military intelligence. This thesis intends to contribute to bridging these research gaps. This is done by studying the Swedish military intelligence institution from several different perspectives: its rules-in-use, shared beliefs, and the incoming stimuli primarily related to conducting threat assessments.

More precisely the thesis investigates the use of quantitative methods, doctrines (i.e. the formal rules), and shared beliefs connected to epistemological assumptions and threat assessments. The main contribution of this thesis is that it establishes and describes a casual link between a military intelligence institution and an assessment, by drawing upon rulesin-use and belief systems and their effect on the mental model and consequently the perception of the situation connected to a cognitive bias, and thereby its effect on a given assessment. The thesis makes an effort to render intelligence studies more generalizable, by way of adopting the Institutional Analysis and Development (IAD) framework. The metatheoretical language of the IAD is a promising avenue for explaining and describing the institutional influence on intelligence assessments.

Abstract [sv]

Underrättelse är en avgörande komponent för utfallet av väpnad strid. Så länge människor krigar, kommer det att finnas ett behov av beslutsstöd till militära och civila ledare angående dess motståndare och potentiella motståndare. Produktionen av underrättelse är dock inte lätt eller utan fallgropar. Det finns där för ett behov av att öka förståelsen för de predikamenten kopplade till underrättelseanalys.

Underrättelse som produkt är byråkratiskt såväl som socialt konstruerad och skapas i ett distinkt kulturellt sammanhang. Konceptet "Institution" kan ses fånga alla dessa tre aspekter. Därför handlar det speciellt om militär intelligens, som handlar om att förstå det institutionella inflytandet på intelligensbedömningar. Den tillgängliga underrättelselitteraturen har ökat stadigt under de senaste tre decennierna. Dock gällande teorier och ramverk på området som syftar till att förstå fenomenet är det emellertid fortfarande lite gjort. Detta gäller i än högre utsträckning för det specifika området modern militärunderrättelse verksamhet. Avhandlingen avser att bidra till att överbrygga dessa forskningsgap. Detta görs genom att studera den svenska militärunderrättelseinstitutionen ur flera perspektiv. Dess regler-i-bruk, delad trossystem/övertygelser samt den inkommande stimuli(data/information) primärt kopplade till hur hotbedömningar genomförs. Mer exakt granskar avhandlingen användningen av kvantitativa metoder, doktriner (dvs de formella reglerna) och delade föreställningar kopplade till epistemologiska antaganden och hotbedömningar.

Huvudresultatet av denna avhandling är att det etablerar och beskriver en länk mellan en militärunderrättelseinstitution och de bedömningar som görs. Det går att se en direkt länk mellan de regler-i-bruk samt institutionens trossystem och deras inverkan på individens mentalmodellen. Detta sker genom att de rådande reglerna påverkar förekomesten av kognitivt bias vilket där med påverkar analytikerns uppfattning av en given situation. Avhandlingen har där med en ambition att göra studier i underrättelseanalys mer generaliserbara, genom att applicera och utveckla ramverket för institutionell analys och utveckling (IAD). Det metadeteoretiska språket i IAD är en lovande aveny för att förklara och beskriva det institutionella inflytandet på intelligensbedömningar.

Place, publisher, year, edition, pages
Helsingfors: Finnish National Defence University, 2017. p. 180
Series
Research Publications, ISSN 2343-0001, E-ISSN 2343-0001 ; 14
Keywords
intelligence analysis, military intelligence, institutions and threat assessments
National Category
Political Science
Research subject
Military Technology
Identifiers
urn:nbn:se:fhs:diva-7141 (URN)9789512529292 (ISBN)9789512529308 (ISBN)
Public defence
2017-10-27, Sverigesalen, Drottning Kristinas väg 37, Stockholm, 11:00 (English)
Opponent
Supervisors
Available from: 2017-12-06 Created: 2017-12-05 Last updated: 2019-08-26Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records

Sigholm, JohanBang, Martin

Search in DiVA

By author/editor
Sigholm, JohanBang, Martin
By organisation
Military-Technology Division
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 1964 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf