Understanding Federal Cybersecurity

"Understanding Federal Cybersecurity", by Kate Charlet, Belfer Center for Science and International Affairs, 58 pages, April 2018. 

Building a Canadian Cyberwarfare Capability

"Building a CanadianCyberwarfare Capability", by Chris Cowan and Hannah Delaney, Conference of Defence Associations Institute, Ottawa, 8 pages, April 2018. "On 31 January 2018, the CDA Institute was pleased to host 'Building a Canadian Cyberwarfare Capability' [...] this event brought together five distinguished speakers from the Canadian Armed Forces and the private sector..."

Report - COVERING CYBER Media Coverage of Cyber Issues Since 2014

An interesting study titled "COVERING CYBERMedia Coverage of Cyber Issues Since 2014" has just been published (April, 2018) by the Institute for Public Diplomacy and Global Communication (George Washington University). The author, Sean Aday, " analyzes media coverage of cyber issues in major American newspapers and network and cable news broadcasts since 2014 to assess how these issues are being framed in the press". Among his main conclusions let's mention that :

- "Despite more attention to them, cyber stories were not prominently featured in the news"

- "Cyber is primarily a hacking and cyber security story"

- "In 2016, cyber increasingly became a political story"

- "Cyber is a U.S.-centric issue in American media. Stories rarely discussed the global ramifications of cyber issues"

- "“Villains” in cyber stories are typically hackers, though also frequently governments, including the United States." "The U.S. (in 2014), China (in 2015), and Russia (in 2016 and 2017) traded off being the countries most likely to be villains"

- " villains are far more likely to be “hackers” than tech giants potentially invading customers’ privacy"

- "Who speaks? The tech industry and the U.S. government"

- " By contrast, privacy experts, citizens, and international experts were rarely quoted"

"De la relation entre cyber et nucléaire"

"De la relation entre cyber et nucléaire", Daniel Ventre, article publié dans la revue DSI, n°132, novembre/décembre 2017, pp. 90-95

Les théories du complot à l'heure du numérique

A signaler, la parution de la revue Quaderni n°94, automne 2017: "Les théories du complot à l'heure du numérique", Édité par Julien Giry, 108 pages, Éditions de la Maison des sciences de l'homme, Paris. Présentation du numéro. 

Appel à contributions revue FJMR: "Le web 2.0 : lieux de perception des transformations des sociétés"

Appel à contributions revue French Journal for Media Research sur le thème "Le web 2.0 : lieux de perception des transformations des sociétés". Deadline: 1° mars 2018. Détails de l'appel. 

Appel à contributions revue Réseaux: "Les machines prédictives"

Appel à contributions de la revue Réseaux pour un numéro thématique sur "Les machines prédictives". Procédure en deux phases: première deadline le 6 novembre 2017 (propositions d'articles de 2 pages maximum) et 1° mars 2018 pour contributions retenues. Détails de l'appel à contribution.   

Workshop "Intelligence Oversight : Is Human Rights-Preserving Surveillance Possible?"

Workshop "Intelligence Oversight : Is Human Rights-Preserving Surveillance Possible?", Grenoble, 14 novembre 2017. Programme. 

Abstract announcement: International Journal of Cyber Warfare and Terrorism (IJCWT)

Abstract Announcement: International Journal of Cyber Warfare and Terrorism (IJCWT). Volume 7, Issue 4, October - December 2017. 

CyCon 2018 - Call for Papers

CyCon 2018 - Call for papers:
- Abstract submission: 2 october 2017
- Notification : 31 october 2017
- Full paper: 8 January 2018
- Final Paper: 12 March 2018
More information here

"Cyberguerre" in "Dictionnaire de la guerre et de la paix"

"Cyberguerre", Daniel Ventre, pp.236-240, in "Dictionnaire de la guerre et de la paix", Benoit Durieux, Jean-Baptiste Jeangène Vilmer, Frédéric Ramel (Dir.), 1513 pages, septembre 2017, PUF, https://www.puf.com/content/Dictionnaire_de_la_guerre_et_de_la_paix 

Accidents de navires de guerre américains: l'hypothèse de cyberattaques

Un article publié par l'AFP le 23 août et reprise par plusieurs sites (ici par exemple) soulève la question suivante: les navires de guerre américains ont subi quelques accidents graves ces derniers mois (plusieurs dizaines de victimes). Peuvent-ils être attribués à des cyberattaques? La piste est explorée.

France Culture - Du grain à moudre - Les cyberattaques atteignent-elles leurs objectifs?

France Culture - Du grain à moudre - "Les cyberattaques atteignent-elles leurs objectifs?" Emission du 7 juillet 2017. Avec la participation de: Daniel ventre, Jean-Marc Manach, Nathalie Devillier. Ecouter l'enregistrement: Podcast

MISC 92 - Villes intelligentes et questions de droit

Daniel Ventre, "Villes intelligentes et questions de droit", revue MISC 92, juillet 2017, pp.72-75. Lire extrait

MISC 92 - Reverse Engineering; ce que le droit autorise et interdit

Daniel Ventre, "Reverse Engineering; ce que le droit autorise et interdit", MISC n°92, Juillet 2017, pp.52-54. Lire extrait 

MISC Hors Série n° 15 - L'internet des objets et le droit

Daniel Ventre, "L'internet des objets et le droit", MISC Hors Série n°15, juin 2017, pp.36-40. Lire extrait. 

MISC 91 - Les messageries sécurisées: enjeux sociétaux

Daniel Ventre, "Les messageries sécurisées: enjeux sociétaux", revue MISC n° 91, mai 2017, pp.74-77. Lire Extrait 

Journal of Cyber Warfare and Terrorism (IJCWT)

Abstract Announcement for International Journal of Cyber Warfare and Terrorism (IJCWT) Volume 7, Issue 3, July - September 2017

- Cyberspace: The New Battlefield - An Approach via the Analytics Hierarchy Process. John S. Hurley (National Defense University, College of Information and Cyberspace (CIC), Washington, DC, USA)

- Formulating the Building Blocks for National Cyberpower. JC Jansen van Vuuren (University of Venda, Thohoyandou, South Africa & CSR Defence, Peace, Safety and Security, Pretoria, South Africa), Louise Leenen (CSIR Defence, Peace, Safety and Security, Pretoria, South Africa), Graeme Plint (Department of Defense, Pretoria, South Africa), Jannie Zaaiman (Belgium Campus, Pretoria, South Africa), Jackie Phahlamohlaka (CSIR Defence, Peace, Safety and Security: CSIR, Pretoria, South Africa)

- Optimization of Operational Large-Scale (Cyber) Attacks by a Combinational Approach. Éric Filiol (Operational Cryptology and Virology Laboratory, ESIEA, Laval, France), Cécilia Gallais (Operational Cryptology and Virology Laboratory, ESIEA, Laval, France)

- Advanced Network Data Analytics for Large-Scale DDoS Attack Detection. Konstantinos F. Xylogiannopoulos (University of Calgary, Calgary, Canada), Panagiotis Karampelas (Hellenic Air Force Academy, Dekelia, Greece), Reda Alhajj (University of Calgary, Calgary, Canada)

The words to tell the current Petya ransomware cyberattack

What are the words used  by the media to tell the current Petya ransomware cyberattack that is hitting several countries in the world?

Describing the attack:
- "Chaos"
- "massive"
- "global"
- "Unprecedented"
- "major"
- "powerful"
- "huge"
- "une attaque industrialisée"
- "scary"

The advises provided by some cybersecurity"experts":
- "to turn off and disconnect all machines using Windows"

- "Victims are advised to never pay the ransom"

- "the best thing to do is restore all files from a back up"

The usual comments on attribution of the attack:
- "the perpetrator - and even the type of attack - aren't entirely clear yet"

Perspectives for the near future:

- "The attack will be repelled and the perpetrators will be tracked down"

- "We will get many of these viral attack waves in coming months.”

The long list of victims/targets:
- Countries: Russia, Ukraine, France, UK, Poland, The United Sates...
- Organizations, firms: WPP, Maersk, Rosneft, Saint Gobain...

Russian Interference in the 2016 U.S. Elections. Expert Testimony by J. Alex Halderman

"Russian Interference in the 2016 U.S. Elections", Expert Testimony by J. Alex Halderman, Professor of Computer Science, University of Michigan, June 21, 2017, U.S. Senate Select Committee on Intelligence. 

Here are the mains conclusions of the testimony: 

"U.S. Voting Machines Are Vulnerable... Today, the vast majority of 3 votes are cast using one of two computerized methods. Most states and most voters use the first type, called optical scan ballots... The other widely used approach has voters interact directly with a computer, rather than marking a choice on paper. It’s called DRE, or direct-recording electronic, voting.Both optical scanners and DRE voting machines are computers. Under the hood, they’re not so different from your laptop or smartphone, although they tend to use much older technology—sometimes decades out of date... 

Some say the decentralized nature of the U.S. voting system and the fact that voting machines aren’t directly connected to the Internet make changing a state or national election outcome impossible. Unfortunately, that is not true...

This month, we’ve seen reports detailing Russian efforts to target voter registration systems in up to 39 states...

We must start preparing now to better defend our election infrastructure... we know how to accomplish this. Paper ballots, audits, and other straightforward steps can make elections much harder to attack."

My comment: Is Russia the only threat to voting systems and election infrastructures? Probably not. The "insider threat" is another option. Other foreign countries, politically motivated hackers, organized crime... might try to hack national or any other election process. 

Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences in a Rising deeply Cybered, Conflictual, and Post-Western World

Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences ina Rising deeply Cybered, Conflictual, and Post-Western World, Dr. Chris C. Demchak, Testimony before Hearing on China’s Information Controls, Global Media Influence, and Cyber Warfare Strategy, Panel 3: Beijing’s Views on Norms in Cyberspace and China’s Cyber Warfare Strategy, Washington, DC, 4 May 2017. 

Cybersecurity in the EU Common Security and Defence Policy (CSDP)

Cybersecurity inthe EU CommonSecurity andDefence Policy(CSDP), Challenges and risks for the EU, EPRS | European Parliamentary Research Service, Scientific Foresight Unit (STOA), PE 603.175, 94 pages, May 2017. 

Abstract This report is the result of a study conducted by the European Union Agency for Network and Information Security (ENISA) for the European Parliament’s Science and Technology Options Assessment (STOA) Panel with the aim of identifying risks, challenges and opportunities for cyber-defence in the context of the EU Common Security and Defence Policy (CSDP). Acceptance of cyber as an independent domain calls for the investigation of its integration with the EU’s current and future policies and capabilities. ENISA analysed the related literature and work on cybersecurity, including its own publications, to form the basis for this study. In addition, a number of stakeholders, experts and practitioners, from academia, EU institutions and international organisations, were consulted in order to ensure the study is well-founded and comprehensive.... 

Threat Intelligence for Dummies - by Norse

Threat Intelligence for Dummies - by Norse. 52 pages, 2015. Available online.

ANSSI Rapport d'activité 2016 - dossier de presse

ANSSI Rapport d'activité 2016 - dossier de presse, 6 juin 2017, 20 pages. Télécharger le document.