"De la relation entre cyber et nucléaire", Daniel Ventre, article publié dans la revue DSI, n°132, novembre/décembre 2017, pp. 90-95
eConflicts is a blog about cyberconflicts, cyberwar, cyberdefense, cybersecurity, information warfare, cybercrime, political science and international relations
Total Pageviews
Tuesday, November 14, 2017
Tuesday, October 17, 2017
Les théories du complot à l'heure du numérique
A signaler, la parution de la revue Quaderni n°94, automne 2017: "Les théories du complot à l'heure du numérique", Édité par Julien Giry, 108 pages, Éditions de la Maison des sciences de l'homme, Paris. Présentation du numéro.
Appel à contributions revue FJMR: "Le web 2.0 : lieux de perception des transformations des sociétés"
Appel à contributions revue French Journal for Media Research sur le thème "Le web 2.0 : lieux de perception des transformations des sociétés". Deadline: 1° mars 2018. Détails de l'appel.
Appel à contributions revue Réseaux: "Les machines prédictives"
Appel à contributions de la revue Réseaux pour un numéro thématique sur "Les machines prédictives". Procédure en deux phases: première deadline le 6 novembre 2017 (propositions d'articles de 2 pages maximum) et 1° mars 2018 pour contributions retenues. Détails de l'appel à contribution.
Monday, October 16, 2017
Workshop "Intelligence Oversight : Is Human Rights-Preserving Surveillance Possible?"
Workshop "Intelligence Oversight : Is Human Rights-Preserving Surveillance Possible?", Grenoble, 14 novembre 2017. Programme.
Abstract announcement: International Journal of Cyber Warfare and Terrorism (IJCWT)
Abstract Announcement: International Journal of Cyber Warfare and Terrorism (IJCWT). Volume 7, Issue 4, October - December 2017.
Wednesday, September 27, 2017
CyCon 2018 - Call for Papers
CyCon 2018 - Call for papers:
- Abstract submission: 2 october 2017
- Notification : 31 october 2017
- Full paper: 8 January 2018
- Final Paper: 12 March 2018
More information here
- Abstract submission: 2 october 2017
- Notification : 31 october 2017
- Full paper: 8 January 2018
- Final Paper: 12 March 2018
More information here
Saturday, September 23, 2017
"Cyberguerre" in "Dictionnaire de la guerre et de la paix"
"Cyberguerre", Daniel Ventre, pp.236-240, in "Dictionnaire de la guerre et de la paix", Benoit Durieux, Jean-Baptiste Jeangène Vilmer, Frédéric Ramel (Dir.), 1513 pages, septembre 2017, PUF, https://www.puf.com/content/Dictionnaire_de_la_guerre_et_de_la_paix
Wednesday, August 23, 2017
Accidents de navires de guerre américains: l'hypothèse de cyberattaques
Un article publié par l'AFP le 23 août et reprise par plusieurs sites (ici par exemple) soulève la question suivante: les navires de guerre américains ont subi quelques accidents graves ces derniers mois (plusieurs dizaines de victimes). Peuvent-ils être attribués à des cyberattaques? La piste est explorée.
Monday, July 10, 2017
France Culture - Du grain à moudre - Les cyberattaques atteignent-elles leurs objectifs?
France Culture - Du grain à moudre - "Les cyberattaques atteignent-elles leurs objectifs?" Emission du 7 juillet 2017. Avec la participation de: Daniel ventre, Jean-Marc Manach, Nathalie Devillier. Ecouter l'enregistrement: Podcast
Monday, July 3, 2017
MISC 92 - Villes intelligentes et questions de droit
Daniel Ventre, "Villes intelligentes et questions de droit", revue MISC 92, juillet 2017, pp.72-75. Lire extrait
MISC 92 - Reverse Engineering; ce que le droit autorise et interdit
Daniel Ventre, "Reverse Engineering; ce que le droit autorise et interdit", MISC n°92, Juillet 2017, pp.52-54. Lire extrait
MISC Hors Série n° 15 - L'internet des objets et le droit
Daniel Ventre, "L'internet des objets et le droit", MISC Hors Série n°15, juin 2017, pp.36-40. Lire extrait.
MISC 91 - Les messageries sécurisées: enjeux sociétaux
Daniel Ventre, "Les messageries sécurisées: enjeux sociétaux", revue MISC n° 91, mai 2017, pp.74-77. Lire Extrait
Journal of Cyber Warfare and Terrorism (IJCWT)
Abstract Announcement for International Journal of Cyber Warfare and Terrorism (IJCWT) Volume 7, Issue 3, July - September 2017
- Cyberspace: The New Battlefield - An Approach via the Analytics Hierarchy Process. John S. Hurley (National Defense University, College of Information and Cyberspace (CIC), Washington, DC, USA)
- Formulating the Building Blocks for National Cyberpower. JC Jansen van Vuuren (University of Venda, Thohoyandou, South Africa & CSR Defence, Peace, Safety and Security, Pretoria, South Africa), Louise Leenen (CSIR Defence, Peace, Safety and Security, Pretoria, South Africa), Graeme Plint (Department of Defense, Pretoria, South Africa), Jannie Zaaiman (Belgium Campus, Pretoria, South Africa), Jackie Phahlamohlaka (CSIR Defence, Peace, Safety and Security: CSIR, Pretoria, South Africa)
- Optimization of Operational Large-Scale (Cyber) Attacks by a Combinational Approach. Éric Filiol (Operational Cryptology and Virology Laboratory, ESIEA, Laval, France), Cécilia Gallais (Operational Cryptology and Virology Laboratory, ESIEA, Laval, France)
- Advanced Network Data Analytics for Large-Scale DDoS Attack Detection. Konstantinos F. Xylogiannopoulos (University of Calgary, Calgary, Canada), Panagiotis Karampelas (Hellenic Air Force Academy, Dekelia, Greece), Reda Alhajj (University of Calgary, Calgary, Canada)
Tuesday, June 27, 2017
The words to tell the current Petya ransomware cyberattack
What are the words used by the media to tell the current Petya ransomware cyberattack that is hitting several countries in the world?
Describing the attack:
- "Chaos"
- "massive"
- "global"
- "Unprecedented"
- "major"
- "powerful"
- "huge"
- "une attaque industrialisée"
- "scary"
The advises provided by some cybersecurity"experts":
- "to turn off and disconnect all machines using Windows"
The usual comments on attribution of the attack:
- "the perpetrator - and even the type of attack - aren't entirely clear yet"
Perspectives for the near future:
The long list of victims/targets:
- Countries: Russia, Ukraine, France, UK, Poland, The United Sates...
- Organizations, firms: WPP, Maersk, Rosneft, Saint Gobain...
Describing the attack:
- "Chaos"
- "massive"
- "global"
- "Unprecedented"
- "major"
- "powerful"
- "huge"
- "une attaque industrialisée"
- "scary"
The advises provided by some cybersecurity"experts":
- "to turn off and disconnect all machines using Windows"
The usual comments on attribution of the attack:
- "the perpetrator - and even the type of attack - aren't entirely clear yet"
Perspectives for the near future:
The long list of victims/targets:
- Countries: Russia, Ukraine, France, UK, Poland, The United Sates...
- Organizations, firms: WPP, Maersk, Rosneft, Saint Gobain...
Friday, June 23, 2017
Russian Interference in the 2016 U.S. Elections. Expert Testimony by J. Alex Halderman
"Russian Interference in the 2016 U.S. Elections", Expert Testimony by J. Alex Halderman, Professor of Computer Science, University of Michigan, June 21, 2017, U.S. Senate Select Committee on Intelligence.
Here are the mains conclusions of the testimony:
"U.S. Voting Machines Are Vulnerable... Today, the vast majority of
3
votes are cast using one of two computerized methods. Most states and most voters
use the first type, called optical scan ballots... The other widely used approach has
voters interact directly with a computer, rather than marking a choice on paper. It’s
called DRE, or direct-recording electronic, voting.Both optical scanners and DRE voting machines are computers. Under the hood,
they’re not so different from your laptop or smartphone, although they tend to use much
older technology—sometimes decades out of date...
Some say the decentralized nature of the U.S. voting system and the
fact that voting machines aren’t directly connected to the Internet make changing a state
or national election outcome impossible. Unfortunately, that is not true...
This month, we’ve seen reports detailing Russian efforts to target voter registration
systems in up to 39 states...
We must start preparing now to better defend our election infrastructure... we know
how to accomplish this. Paper ballots, audits, and other straightforward steps can make
elections much harder to attack."
My comment: Is Russia the only threat to voting systems and election infrastructures? Probably not. The "insider threat" is another option. Other foreign countries, politically motivated hackers, organized crime... might try to hack national or any other election process.
Thursday, June 15, 2017
Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences in a Rising deeply Cybered, Conflictual, and Post-Western World
Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences ina Rising deeply Cybered, Conflictual, and Post-Western World, Dr. Chris C. Demchak, Testimony before Hearing on China’s Information Controls, Global Media Influence, and
Cyber Warfare Strategy, Panel 3: Beijing’s Views on Norms in Cyberspace and China’s Cyber Warfare Strategy, Washington, DC, 4 May 2017.
Cybersecurity in the EU Common Security and Defence Policy (CSDP)
Cybersecurity inthe EU CommonSecurity andDefence Policy(CSDP), Challenges and risks
for the EU, EPRS | European Parliamentary Research Service, Scientific Foresight Unit (STOA), PE 603.175, 94 pages, May 2017.
Abstract
This report is the result of a study conducted by the European Union Agency for
Network and Information Security (ENISA) for the European Parliament’s Science and
Technology Options Assessment (STOA) Panel with the aim of identifying risks,
challenges and opportunities for cyber-defence in the context of the EU Common
Security and Defence Policy (CSDP). Acceptance of cyber as an independent domain
calls for the investigation of its integration with the EU’s current and future policies and
capabilities. ENISA analysed the related literature and work on cybersecurity, including
its own publications, to form the basis for this study. In addition, a number of
stakeholders, experts and practitioners, from academia, EU institutions and
international organisations, were consulted in order to ensure the study is well-founded
and comprehensive....
Wednesday, June 7, 2017
Threat Intelligence for Dummies - by Norse
Threat Intelligence for Dummies - by Norse. 52 pages, 2015. Available online.
ANSSI Rapport d'activité 2016 - dossier de presse
ANSSI Rapport d'activité 2016 - dossier de presse, 6 juin 2017, 20 pages. Télécharger le document.
"War by other Means", Max Bergmann and Carolyn Kenney
"War by other Means", Max Bergmann and Carolyn Kenney, Report from the Center for American Progress, June 2017, 45 pages. Download the report
Tuesday, June 6, 2017
Daniel Ventre, Cyberguerre et Communication
Daniel Ventre, Cyberguerre et Communication, pp. 147-166, in "Guerre, Armées et Communication", sous
la direction d’Eric Letonturier, Les Essentiels d’Hermès, CNRS Editions, 230
pages, Mai 2017
Présentation de l'ouvrage: Propagande, censure et
désinformation d’un côté ; devoir de réserve, secret défense et silence dans
les rangs de la « grande muette » d’un autre. Faire la guerre semble condamner
la communication des armées à de tels extrêmes. Mais qu’en est-il aujourd’hui,
avec l’internet et les réseaux sociaux, l’information continue et les lanceurs
d’alerte, et une opinion publique de plus en plus sondée et souveraine ?
Parallèlement, la surveillance géopolitique électronique, la numérisation du
champ de bataille, l’arrivée des drones, robots et soldats augmentés sur les
théâtres d’opérations changent aussi la donne.
Reste que la guerre engage toujours et avant tout des
relations entre des hommes sur le terrain. Elle est aussi profondément un acte
de communication pour être d’abord un dialogue rompu, un affrontement avec
l’altérité. Avec, comme horizon, à l’heure de la montée des nationalismes et la
multiplication des revendications identitaires, un risque croissant
d’incommunication.
Sommaire
- Présentation générale
- Guerre et paix : la communication s’engage - Éric Letonturier
- Phénomènes de communication en zone de combat - André Thiéblemont
- Les « soldats de l’image » au cœur des enjeux de communication de la Défense française - Bénédicte Chéron
- L’opinion des Français sur leurs armées - Barbara Jankowski
- Guerre et information : l’exemple des lanceurs d’alerte - Sébastien Schehr
- Les militaires dans l’espace public numérique - Michel Sage
- Le « Killer Robot » est-il l’avenir de l’« Homo Militaris » ? - Didier Danet
- Cyberguerre et communication - Daniel Ventre
- L’arme de l’information à l’ère du jihad numérique - François‐Bernard Huyghe
- La guerre mise au musée et le tourisme de mémoire - Jean‐Yves Boursier
Tuesday, May 30, 2017
Recent Statements on Cyber Issues
Statement of Admiral Michael S. Rogers, Commander, United States Cber Command, before the Senate Committee on Armed Services, 9 May 2017, 11 pages.
Statement by Ltd Paul M. Nakasone, Commanding General U.S. Army Cyber Command, before the subcommittee on cybersecurity, committee on armed services, 23 May 2017, 15 pages.
Gouvernance de l'internet ou de la cybersécurité?
Quelle est la différence entre gouvernance de l'internet et gouvernance de la cybersécurité? Voici ce qu'en pense Milton Mueller, dans un court article intitulé "Governing cybersecurity or the internet? Report on our workshop", 19 mai 2017.
National Cybersecurity Strategies: recent publications
National Cybersecurity Strategy of Romania - 2017, 9 pages
National Cybersecurity Plan 2022 - Philippines - DICT - April 2017, 59 pages
Building an effective European Cyber Shield - EPSC Strategic Notes - 8 May 2017, 16 pages
Cyber Security of UK Infrastructure - House of Parliament - May 2017, 6 pages
The National Cybersecurity Strategy Guide, 24 April 2017, GCSP, 6 pages
National Cybersecurity Plan 2022 - Philippines - DICT - April 2017, 59 pages
Building an effective European Cyber Shield - EPSC Strategic Notes - 8 May 2017, 16 pages
Cyber Security of UK Infrastructure - House of Parliament - May 2017, 6 pages
The National Cybersecurity Strategy Guide, 24 April 2017, GCSP, 6 pages
Friday, May 26, 2017
Conférence-débat sur "L'évolution de la criminalité au XXIe siècle". 10 mai 2017
Le 10 mai 2017 a eu lieu à l'EFB (Ecole de formation du barreau de Paris) une conférence-débat sur le thème de "l'évolution de la criminalité au XXI° siècle". J'y ai traité de la dimension "cyber". Maître Joseph Cohen-Sabban, avocat au barreau de Paris, a quant à lui partagé son analyse, tirée de son expérience professionnelle, de ce qui caractérise l'évolution de la criminalité au cours de ces dernières années.
Tuesday, May 23, 2017
Congrès de la SQSP - Montréal - 17 au 19 mai 2017
Lors du Congrès de la Société Québécoise de Science Politique qui se tenait à Montréal du 17 au 19 mai 2017, s'est tenue une table-ronde intitulée "La géopolitique du cyberespace et de l'Internet: vers un monde plus (in)stable?". La table-ronde était présidée par Hugo Loiseau, Professeur, Université de Sherbrooke et réunissait :
- Daniel Ventre, CNRS, Laboratoire CESDIP Université Versailles
- Meryem Marzouki, Lab. LIP6 - CNRS & UPMC Sorbonne Universités
- Destiny Tchéhouali, Chercheur CEIM-UQÀM, Président ISOC-Québec
Wednesday, May 10, 2017
Statement of Admiral Michael S. Rogers
"Statement of Admiral Michael S. Rogers", Commander, United States Cyber Command, Before the Senate Committee on Armed Services, 9 May 2017, 11 pages.
Big Data Analytics Techniques for Credit Card Fraud Detection: A Review
"Big Data Analytics Techniques for CreditCard Fraud Detection: A Review", M. Sathyapriya, Dr. V. Thiagarasu, International Journal of Science and Research (IJSR), ISSN (Online): 2319-7064, Index Copernicus Value (2015): 78.96 | Impact Factor (2015): 6.391.
Review of the Current State of UAV Regulations
"Review of the Current State of UAV Regulations", Claudia Stöcker & alt., Remote Sens. 2017, 9, 459; doi:10.3390/rs9050459,
"UAVs—unmanned aerial vehicles—facilitate data acquisition at temporal and spatial
scales that still remain unachievable for traditional remote sensing platforms. However, current legal
frameworks that regulate UAVs present significant barriers to research and development. To highlight
the importance, impact, and diversity of UAV regulations, this paper provides an exploratory
investigation of UAV regulations on the global scale....http://www.mdpi.com/2072-4292/9/5/459/pdf"
17th Annual Conference of the ESC
17th Annual Conference of the European Society of Criminology, 13-16 September 2017. Cardiff, UK.
- Submission period opens March 17, 2017
- Submission closes: 15 June, 2017
Tuesday, May 9, 2017
Gender Policy - Ministry of Defence - Republic of Kenya
Le Ministère de la Défense de la République du Kenya vient de publier un rapport (mai 2017) intitulé "Gender Policy" dans lequel peut lire : "Technology has enhanced habitability and survivability in combat making it easier for both men
and women to engage in operations. The emerging trends in conflict call for complementary roles
of men and women for example in cyber warfare, terrorism inter alia. This type of warfare presents
opportunities for women through the entire war spectrum".
Mais le document ne revenant plus par la suite sur les enjeux "cyber", nous ne comprenons pas en quoi hommes et femmes peuvent être complémentaires dans le cyberconflit, ni en quoi ce dernier offre des opportunités particulières aux femmes.
Notons par ailleurs que le même ministère vient de publier son Livre Blanc (23 pages, 2017) accordant en tout et pour tout 6 lignes au domaine "cyber": "Information technology, web based communication and use
of electronic devices for storage predisposes sensitive Government
information to organized cyber attacks which can undermine
state security. The Ministry of Defence in collaboration with other
stakeholders must develop appropriate capacity and institute
measures to safeguard Information systems infrastructure." C'est donc le Ministère de la Défense qui, au Kenya, aura la charge de la cybersécurité de l'infrastructure des systèmes d'information (le texte est imprécis sur ce point: s'agit-il des seules infrastructures de communication militaires, ou bien de celles du pays en général?).
Tuesday, May 2, 2017
Trump–Modi Agenda for Next Steps in U.S.–India Cybersecurity Cooperation
"Trump–Modi Agenda for Next Steps in U.S.–India
Cybersecurity Cooperation", James Jay Carafano & alt., The Heritage Foundation, Issue Brief, No. 4697 | May 1, 2017. Download.
Monday, May 1, 2017
Is There a Common Understanding of Dual-Use?: The Case of Cryptography
"Is There a CommonUnderstanding of Dual-Use?:The Case of Cryptography", Veronica Vella, STR Review, Volume 3, Issue 4, Spring 2017, pp. 103-122
The Proliferation of CyberSurveillance Technologies: Challenges and Prospects for Strengthened Export Controls
"The Proliferation of Cyber Surveillance Technologies: Challenges and Prospects for Strengthened Export Controls", Fabian Bohnenberger, STR Review, Volume 3, Issue 4, Spring 2017, pp.81-102
Vacance de poste - OTAN - Cyberdéfense
Concours ouvert: Administrateur/Administratrice (politique de cyberdéfense), Division Défis de sécurité émergents, Section Cyberdéfense, Section Cyberdéfense. Détails du poste
Promoting cyber security: Estonia and Latvia as norm-setters
"Promoting cyber security: Estonia and Latvia as norm-setters", Anna Gromilova, Analele UniversităŃii din Craiova. Istorie, Anul XXII, Nr. 1(31)/2017, Abstract
Friday, April 28, 2017
Hearing on China’s Technological Rise: Challenges to U.S. Innovation and Security
Testimony of
Robert D. Atkinson
President
Information Technology and Innovation Foundation
Before the
House Committee on Foreign Affairs
Subcommittee on Asia and the Pacific, Hearing onChina’s Technological Rise:Challenges to U.S. Innovation and Security, April 26, 2017
Washington, DC, 28 pages
Governing the “Digital Shadows”
"Governing the “Digital Shadows”: Public Policy
and Information Communication Technology
(ICT) Acquisition and Utilization in Africa. Article by Ebenezer Olatunji Olugbenga, Open Access Library
Journal, https://doi.org/10.4236/oalib.1103564, 23 pages
Remarks by OSCE Secretary General Lamberto Zannier
Remarks by OSCE Secretary General Lamberto Zannier, 6th Moscow Conference on International Security, 26 April 2017, 4 pages.
"The norms and principles that underpinned the
international order for decades are being contested. Some tools have become obsolete, and we
are struggling to develop policies to address new challenges like cyber-threats. In this regard,
we have some measures in place to prevent conflict stemming from cyber-threats, but
implementation is lacking."
Thursday, April 27, 2017
Attacks with Exploits: from everyday threats to targeted campaigns - Kaspersky Lab Report
"Attacks with Exploits: from everyday threats to targeted campaigns" - Kaspersky Lab Report, April 2017, 28 pages.
"An ‘exploit’ is a computer program created to take advantage of a security vulnerability in
another software program. Exploits provide malicious actors with a way of installing
additional malware on a system". According to the conclusions of the report, "in 2016 the number of attacks with exploits increased 24.54%, to 702,026,084
attempts to launch an exploit." but "4,347,966 users were attacked with exploits in 2016 which is 20.85% less than in the
previous year."
The "Smart" Fourth Amendment - by Andrew Guthrie Ferguson
"The "Smart" Fourth Amendment", article by Andrew Guthrie Ferguson, Cornell Law Review, Vol.102, pp.547-632, 2017. "This Article addresses the question of how the Fourth
Amendment should protect “smart data.” It exposes the growing
danger of sensor surveillance and the weakness of current
Fourth Amendment doctrine. The Article then suggests a new
theory of “informational curtilage” to protect the data trails
emerging from smart devices and reclaims the principle of
“informational security” as the organizing framework for a
digital Fourth Amendment."
Cybersecurity: Critical Infrastructure Authoritative Reports and Resources - CRS Report
"Cybersecurity: Critical Infrastructure Authoritative Reports and Resources", by Rita Tehan - CRS Report. April 21, 2017, 43 pages. This document provides a lot of information about critical infrastructures in the U.S (through a sectorial presentation: energy, financial industry, health, telecommunications, transports), and their vulnerabilities to cyber operations (for instance, let's notice that "U.S. critical infrastructure systems experienced a 20% increase in
attempted cybersecurity breaches in FY2015, ICS-CERT responded
to 295 cybersecurity incidents involving critical infrastructure,
compared with 245 in fiscal 2014").
Symantec - Internet Security Threat Report. Vol. 22
Symantec - Internet Security Threat Report. Vol. 22, April 2017, 77 pages.
"The Symantec Global Intelligence Network
tracks over 700,000 global adversaries and records
events from 98 million attack sensors worldwide.
This network monitors threat activities in over 157
countries and territories through a combination
of Symantec products, technologies, and services,
including Symantec Endpoint Protection™, Symantec
DeepSight™ Intelligence, Symantec Managed
Security Services™, Norton™ consumer products,
and other third-party data sources, generating
more than nine trillion rows of security data... " Download the report.
Hacking Back – Offense/Defense in Enterprise IT Security
"Hacking Back – Offense/Defense in Enterprise IT Security", by Edgar Hurtado Jr, East Carolina University ICTN-4040: Enterprise Information Security, April 2017, 9 pages.
IISS Cyber Report: 13 to 19 April, 2017
"IISS Cyber Report: 13 to 19 April", 2017. This online report is a weekly digest of the world's cyber security news.
A Tech Accord to protect people in cyberspace
"A Tech Accord to protect people in cyberspace", Microsoft Policy Papers, April 2017.
"People need to trust technology, the makers of technology, and cyberspace itself" [...] "The government and the technology industry must partner on cybersecurity".
Microsoft suggests to share responsibilities in the governance of cybersecurity between private and state actors.
A Digital Geneva Convention to protect cyberspace
"A Digital Geneva Convention to protect cyberspace", Microsoft Policy Papers, April 2017.
"Governments continue to invest in greater offensive capabilities in cyberspace, and nation-state attacks
on civilians are on the rise" [...] "A Digital Geneva Convention would create a legally binding framework to govern states’ behavior in
cyberspace".
An attribution organization to strengthen trust online
"An attribution organization to strengthen trust online", Microsoft Policy Papers, April 2017.
"The world needs a new form of cyber defense. An organization that could receive and analyze the
evidence related to a suspected state-backed cyberattack, and that could then credibly and publicly
identify perpetrators, would make a major difference to the trust in the digital world." [...] "The expertise of private sector technology firms should be the basis of this non-political, technicallyfocused
attribution organization."
But should the privatization of such attribution function guarantee transparency, efficiency, and politically-neutral analysis and interpretation of facts and data?
Subscribe to:
Posts (Atom)