New technologies transform the nature of armed conflict. Most emerging technologies are aimed not to destroy the enemies’ armed forces, but to achieve political goals by inflicting minimum physical damage and the use of most of these technologies doesn’t constitute an armed conflict. New technologies include cyber, AI, drones, lethal autonomous weapons—those which don’t have an internationally agreed definition, and cannot be subject to arms control limitations due to their wide civilian commercial application. Nonetheless their development and possible use may have significant impact on national and international security. This poses a serious challenge to arms control, it is unclear how to deal with their production, rules of engagement, verification, export control, non-proliferation. The chapter summarizes the existing expert opinions and government positions on how to work out international rules of engagement on such technologies. The general purpose of the paper is to find the common arguments, acceptable for the key actors, including Russia, Europe, and US on the issues, in order to negotiate the possible agreement.

This paper proposes identifying a vicious fault by using context information, such as voltage and current, of the same substation. When the protection system detects a fault based on measurements transmitted through a network, it collects all measurements of the substation and feeds these data to a probabilistic neural network. Thereafter, the fault caused by fake data that differs from the known fault pattern can be identified and blocked.

This thesis examines the cybersecurity challenges facing municipal governments and proposes a new policy approach. Through a review of existing public-sector cybersecurity concerns and an interview-based case study of Massachusetts municipalities in partnership with the Massachusetts Cybersecurity Center, this thesis identifies the main problem as a lack of a proper incentive structure for municipalities to prioritize cybersecurity improvements. I propose a new approach to state / local government efforts to improve cybersecurity.

This publication provides security and privacy control baselines for the Federal Government.
There are three security control baselines (one for each system impact level—low-impact,
moderate-impact, and high-impact), as well as a privacy baseline that is applied to systems
irrespective of impact level. In addition to the control baselines, this publication provides
tailoring guidance and a set of working assumptions that help guide and inform the control
selection process. Finally, this publication provides guidance on the development of overlays to
facilitate control baseline customization for specific communities of interest, technologies, and
environments of operation.

This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires:
x Maintenance of various field devices, telemetry collection, and/or industrial-level process systems
x Access to facilities via remote data link or modem
x Public facing services for customer or corporate operations
x A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

Advanced AI systems may be developed which exhibit capabilities that present significant risks to public safety or security. They may also exhibit capabilities that may be applied defensively in a wide set of domains, including (but not limited to) developing societal resilience against AI threats. We propose Coordinated Disclosure of Dual-Use Capabilities (CDDC) as a process to guide early information-sharing between advanced AI developers, US government agencies, and other private sector actors about these capabilities. The process centers around an information clearinghouse (the "coordinator") which receives evidence of dual-use capabilities from finders via mandatory and/or voluntary reporting pathways, and passes noteworthy reports to defenders for follow-up (i.e., further analysis and response). This aims to provide the US government, dual-use foundation model developers, and other actors with an overview of AI capabilities that could significantly impact public safety and security, as well as maximal time to respond.

This ENISA study primarily aims to draw a comprehensive overview of the background and current state of play of coordinated vulnerability disclosure (CVD) practices across the EU Member States and outside the EU. First, the study presents a summary of the existing or planned national CVD policy initiatives along with good practices, challenges and recommendations on policy attempts. Second, the study offers an analysis of national, regional and global vulnerability databases, and presents the different practices on vulnerability and registry management along with the formats, metrics and procedures used in these databases.

[No abstract available]

The present study is an attempt to reveal the varied cyber attack strategies adopted by cyber criminals to target the selected banks in India where spoofing, brute force attack, buffer overflow and cross side scripting are found positively correlated with public and private sector banks. Further, the findings show a positive correlation between Intruder Detection and cyber attacks, i.e., online identify theft, hacking, malicious code, DOS attack and credit card/ATM frauds as well as online identify theft, DOS attack & credit card/ ATM fraud are found positively correlated with System Monitoring.

This research examines this discontinuity by first examining conventional military definitions of “cyber operations,” “collateral damage” and international norms governing operations conducted by lawful participants against military targets. It then examines a number of important similarities and differences between conventional and cyber operations as they relate to damage and injury. Finally, it introduces other contexts for considering collateral damage in the cyber realm, and the way in which other legal and strategic regimes have handled the concept, providing specific examples of these outcomes and guidance for how to think about collateral damage in a range of contexts.