This report investigates the growing role of defence
software and AI/ML (machine learning) in military power
now and in the medium term. It focuses on three goals:to define software-defined defence, to assess ongoing practices and processes in the development of defence software and AI/ML, and identify recurring challenges,  to explore and assess the ongoing efforts towards
software-defined defence in five country case studies – China, France, Germany, the United Kingdom and the United States – and how SinoAmerican strategic competition is shaping them.

The results of successful hacking attacks against commercially available cybersecurity protection tools that had been touted as secure are distilled into a set of concepts that are applicable to many protection planning scenarios. The concepts, which explain why trust in those systems was misplaced, provides a framework for both analyzing known exploits and also evaluating proposed protection systems for predicting likely potential vulnerabilities. The concepts are: 1) differentiating security threats into distinct classes; 2) a five layer model of computing systems; 3) a payload versus protection paradigm; and 4) the nine Ds of cybersecurity, which present practical defensive tactics in an easily remembered scheme. An eavesdropping risk, inherent in many smartphones and notebook computers, is described to motivate improved practices and demonstrate real-world application of the concepts to predicting new vulnerabilities. Additionally, the use of the nine Ds is demonstrated as analysis tool that permits ranking of the expected effectiveness of some potential countermeasures.

Computer Security has become a major challenge in the present years due to the continuous global technological development and the different possibilities for the use of computer. Cyber threats are growing at an alarming rate and at the same pace with the online use of Personal Computers and mobile devices. This work surveys the state of Cyber Security emerging threats landscape, through the overview of related works reported between 2011 and 2013 in the literature by stakeholders and experts in Information Technology (IT) industry. Different type of Cyber emerging threats such as malicious attack, network attack and network abuse have been identiied with speciic interest on virus, Phishing, Spam and insider abuse to mention but a few. It has been established that these Cybercriminals tools are exhibiting common level of sophistication and advancement as the advances in Computer and mobile technologies.

The annual ISACA research also identifies key skills gaps in cybersecurity, how artificial intelligence is impacting the field, the role of risk assessments and cyber insurance in enterprises' security programs, and more.

This paper describes the three-phase evolution process that most countries have already gone through in structuring their cybersecurity activities. We then analyse the limitations of the current phase and outline the necessity in the next phase of evolution of governmental structures – the formation of a national Central Cyber Authority (CCA), a single civilian entity with concrete operational capabilities, responsible for defending the national cyberspace and leading national cybersecurity efforts. We present the logic behind this next phase of evolution as well as basic principles and components comprising the new CCA and its relations with current governmental organisations – regulators, law enforcement agencies and the intelligence community.

This paper will describe the ways that the systems architecture tools and practices, and technology transfer transactional mechanisms available to all DOD laboratories, can be utilized to increase knowledge sharing with small business and industry partners to shorten acquisition cycles.

Since cyberspace was identified as a domain of operations, defence practitioners started a race with academy, researchers, and industry and military organizations working together towards defining related lines of capability development (e.g., DOTMLPFI) and exploring the needs and opportunities they entail. An essential cornerstone of adapting to the convergence of the cyber domain with conventional theaters of operation is the need for producing tools for easing to acquire cyber situational awareness (CSA), from which human operators shall be able to perceive, reason and project situations and events observed in cyberspace that may vertically/horizontally propagate from technological to tactical, operational and strategic planes. Benefiting from the higher maturity level of civilian capabilities for cybersecurity, the military sector has embraced the challenge of creating related beyond state-of-the-art CSA enablers that comprise the existing technological background while adopting concepts such as operations, missions or courses of action (CoAs), properly aligning them with military doctrine. Beyond ongoing development efforts, there is a wide methodological gap in the lack of suitable CSA verification and validation (V&V) frameworks, which are expected to analyze if related capabilities meet the requirements to operate in the military context; at the same time supporting the thorough development life-cycle of brand new cyber defence technologies. With the motivation of closing the identified gap, this research introduces a novel V&V framework able to guide the evaluation of CSA-related tools, which makes converge purely military aspects with dual-use state-of-the-art V&V approaches. Three core CSA evaluation concepts are discussed in-depth: software, operational and application tests. They range from the daily application of new capabilities to their ability to enable the acquisition of a joint operational picture understandable by human decision makers. © 2022 by the authors.

the conduct of hostilities via cyberspace poses many issues regarding the application of international humanitarian law. Cyberspace should be considered as a sui generis battlefield when it comes to the study of the applicable law. The present contribution aims to identify some of the key issues arising from the application of the law of targeting to cyber operations in the context of an armed conflict, focusing exclusively on the application of the principle of distinction. The principle of distinction -the cornerstone on which humanitarian law stands - today is shrouded in uncertainty in the context of cyber operations.

A critical component to any modern cybersecurity endeavor is effective use of its human resources to secure networks, maintain services and mitigate adversarial events. Despite the importance of the human cyber- analyst and operator to cybersecurity, there has not been a corresponding rise in data-driven analytical approaches for understanding, evaluating, and improving the effectiveness of cybersecurity teams as a whole. Fortunately, cyber defense competitions are well-established and provide a critical window into what makes a cybersecurity team more or less effective. We examined data collected at the national finals and four regional events of the Collegiate Cyber Defense Competition and posited that experience, access to simulation-based training, and functional role composition by the teams would predict team performance on four scoring dimensions relevant to the application of information assurance skills and defensive cyber operations: (a) maintaining services, (b) help-desk customer support, (c) handling scenario injects, and (d) mitigating red team attacks. Bayesian analysis highlighted that experience was a strong predictor of service availability, scenario injects, and red team defense. Simulation training was also associated with good performance along these scoring dimensions. High-performing and experienced teams clustered with one another based on the functional role composition of team skills. These results are discussed within the context of stages of team development, the efficacy of challenge-based learning events, and reinforce previous analytical results from cyber competitions.

first examines the diffusion of dual-use innovations between civilian and military research in expert networks on LinkedIn, as well as on the basis of AI patents in a patent network