A critical component to any modern cybersecurity endeavor is effective use of its human resources to secure networks, maintain services and mitigate adversarial events. Despite the importance of the human cyber- analyst and operator to cybersecurity, there has not been a corresponding rise in data-driven analytical approaches for understanding, evaluating, and improving the effectiveness of cybersecurity teams as a whole. Fortunately, cyber defense competitions are well-established and provide a critical window into what makes a cybersecurity team more or less effective. We examined data collected at the national finals and four regional events of the Collegiate Cyber Defense Competition and posited that experience, access to simulation-based training, and functional role composition by the teams would predict team performance on four scoring dimensions relevant to the application of information assurance skills and defensive cyber operations: (a) maintaining services, (b) help-desk customer support, (c) handling scenario injects, and (d) mitigating red team attacks. Bayesian analysis highlighted that experience was a strong predictor of service availability, scenario injects, and red team defense. Simulation training was also associated with good performance along these scoring dimensions. High-performing and experienced teams clustered with one another based on the functional role composition of team skills. These results are discussed within the context of stages of team development, the efficacy of challenge-based learning events, and reinforce previous analytical results from cyber competitions.

first examines the diffusion of dual-use innovations between civilian and military research in expert networks on LinkedIn, as well as on the basis of AI patents in a patent network

State defence and security policies rely mostly on their military capabilities. The latter are ensured through research and development (R&D) as well as procurement, which are subject to defence industry dynamics. Furthermore the defence sector is heavily dependent on public funds; the latter can be more easily allocated if related R&D has a spill-over effect on the civilian sector, creating the potential for a bigger and more globally (or regionally) integrated market. This article investigates, then, how technology moves, and whether defence sector innovations create spin-offs in the civilian sector in the Netherlands. We aim to provide an industry-centred perspective on defence sector dynamics and potentials. For this, the article attempts to answer the following questions: Are defence technologies transferred to the civilian sector? What lessons can be derived from the Dutch case? To address these research puzzles the article’s theoretical framework builds on the technology-transfer literature in analysing the case study of the Netherlands. The basis for this is 23 interviews with representatives of Dutch defence companies that were carried out both in a workshop and in one-to-one settings in May and June 2020.

Background: The U.S. Military Health System (MHS) pioneered the use of telehealth in deployed environments in the early 1990s. However, its use in non-deployed environments historically lagged behind that of the Veterans Health Administration (VHA) and comparable large civilian health systems, due to administrative, policy, and other obstacles that slowed or blocked its expansion in the MHS. A report was prepared in December 2016, which summarized past and then-present telehealth initiatives in the MHS; described the obstacles, opportunities, and policy environment; and provided three possible courses of action for expansion of telehealth in deployed and non-deployed settings. Methods: Gray literature, peer-reviewed literature, presentations, and direct input were aggregated under the guidance of subject matter experts. Results: Past and then-current efforts demonstrated significant telehealth capability in use and in development for the MHS, mainly in deployed or operational settings. Policy from 2011 to 2017 demonstrated an environment favorable for MHS expansion, while the review of comparable civilian and veterans' healthcare systems showed significant benefits including increased access and lower cost from use of telehealth in non-deployed settings. The 2017 National Defense Authorization Act charged the Secretary of Defense with promoting telehealth usage for the Department of Defense, including provisions for removing obstacles and reporting progress within 3 years. The MHS has the ability to reduce burdensome interstate licensing and privileging requirements, but still requires an increased level of cybersecurity, compared to civilian systems. Discussion: The benefits of telehealth fit with the MHS Quadruple Aim of improving cost, quality, access, and readiness. Readiness is particularly served by the use of "physician extenders,"which allows nurses, physician assistants, medics, and corpsmen to provide hands-on care under remote oversight and to practice at the top of their licenses. Based on this review, three courses of action were recommended: to focus largely on developing telehealth in deployed environments; to maintain focus in deployed environments and increase telehealth development in non-deployed environments to keep pace with the VHA and private sector; or to use lessons learned from military and civilian telehealth initiatives to leapfrog the private sector. Conclusion: This review serves as a snapshot in time of the steps leading to telehealth expansion before 2017, which helped to set the stage for later use of telehealth in behavioral health initiatives and as a response to coronavirus disease 2019. The lessons learned are ongoing and further research is expected to inform additional development of telehealth capability for the MHS. © 2022 Oxford University Press.

This study aims to explore existing studies of AI-based cyber attacks and to map them onto a proposed framework, providing insight into new threats. Our framework includes the classification of several aspects of malicious uses of AI during the cyber attack life cycle and provides a basis for their detection to predict future threats. We also explain how to apply this framework to analyze AI-based cyber attacks in a hypothetical scenario of a critical smart grid infrastructure.

The authors aim to clarify whether the existing rules are still completely applicable in the cyber context, and if needed, to find out what kind of improvements and clarifications can be made. Weighing in on these debates, we argue that despite the potential technical challenges and uncertainties, the principle of distinction should be applied to cyberspace. It should also be carefully re-examined and clarified from the standpoint of preventing over-militarization and maximizing the protection of the interests of civilians. For human targets, the elements of combatant status identified in customary international law and relevant treaties are not well suited to the digital battlefield.

In an ever-evolving cyber threat landscape, implementing a defense in depth strategy is essential for organizations to protect their assets, information, and operations. This comprehensive approach combines multiple layers of security measures, including perimeter, network, endpoint, data, identity and access management, application security, security awareness and training, and business continuity planning. By following best practices, such as conducting risk assessments, prioritizing investments, updating policies, monitoring and responding to incidents, and evaluating security measures, organizations can effectively mitigate risks and minimize the impact of potential security incidents. A well-executed defense in depth strategy fosters a security-conscious culture, contributing to the long-term success and resilience of the business.

To identify the KSAs needed for performing cybersecurity jobs, we administered survey interviews to 44 cyber professionals at the premier hacker conferences Black Hat 2016 and DEF CON 24. Questions concerned 32 KSAs related to cyber defense.

The World Economic Forum Centre for Cybersecurity – in collaboration with the Cyber Resilience Index working group and in partnership with Accenture – developed the global Cyber Resilience Index (CRI). Cyber Resilience Framework (CRF) and the Cyber Resilience Index (CRI). The CRI provides public- and private-sector cyber leaders with a common framework of best practice for true cyber resilience, a mechanism to measure organizational performance, and clear language to communicate value. The CRI is also a universal, impartial medium through which organizations in every sector around the globe can evaluate and engage with their ecosystem partners to create a more cyber-resilient digital network.

еhe world is witnessing a rise in cyber-related incidents. As information technology improves and the reliance on technology increases, the frequency and severity of cyber incidents escalate. The impact is felt globally, and South Africa is not immune to the effects. The country's fast-paced technological evolution continues to increase the attack surface within the cyber domain. The increased attack surface is confirmed by recent cyberattacks affecting well-known and established South African organisations.