Cyber Defence in the Age of AI, Smart Societies and Augmented Humanity

Cyber-attacks have become more sophisticated over recent years with the different configuration types and various industry sectors have suffered from a range of these attack vectors resulting in some devastating outcomes. These have manifested in the shape of ransomware, malware, manipulation methods, phishing and spear-phishing. Bearing the brunt of many of these attacks has fallen in the area of critical national infrastructure (CNI) and for a variety of reasons from the sensitive data that can be accumulated through to knowing an impact in an area of CNI will have potential devasting effects or leave instability/uncertainty to become a risk. Whilst data breaches are serious incidents, in most organisations, there is a growing concern regarding attacks that are designed to have a more destructive effect, such as the Ukraine cyber-attack in 2015 that resulted in a shutdown of the power grid. Or perhaps the sophisticated attack a year later in Kiev that although causing a brief power blackout, had the manifestations of more concerns in how that attack was built and delivered. Or the WannaCry ransomware attack in 2017 that caused widespread chaos with healthcare institutions unable to carry out any tasks since access to data/systems was unavailable. These critical national infrastructure (CNI) attacks into sectors such as healthcare, energy, etc., cause data breaches/disruptions and are also able to leverage vulnerabilities in the industrial processes, especially where legacy infrastructure contains ICS and SCADA systems. Perhaps the state sponsored cyber-attacks cause the most concern as they tend to be at the more sophisticated level of the spectrum and maximize on amount of potential harm that is delivered. Hence why Command, Communications, Computers, Intelligence, Surveillance and Reconnaissance systems (C4ISR) should have higher degrees of interoperability and be integrated and responsive in the current and accelerating climate of digital warfare. It is clear that cyber command has become as an important priority as the initiatives considered over land, sea and air and considerable investment is going into ensuring its development and advancement.

With the development of automated and AI technology permeating into all sectors of public, private and industry life, the interconnectivity of once remote, siloed and air gapped systems is on the increase. Whilst this affords productive, streamlined and efficient ways of working, monitoring and maximise the effectivity of these systems, it is the connectivity, that can create a critical vulnerability. This vulnerability, is the source of exploitative measures that we refer to in the context of cyberwarfare. Where state and or adversarial threat actors can, utilising mechanisms on the internet, infiltrate, manipulate and attack these systems, to great and potentially devasting effect. It is paramount that the appropriate measures are taken to minimise the risk of these threats and vulnerabilities, through the review and security of internal systems, but also understanding where the vulnerabilities in the systems could lie, and to what effect they would cause should they be exploited. It is also important to understand not only the capabilities of how to respond should such an attack take place, but also the proportionality and legal of such responses.

Contemporary psychological warfare has a number of instruments, including deepfakes, in which the human image is synthesized, based on AI algorithms. At first deepfakes appeared for entertainment. Special software based on artificial intelligence offers the opportunity to create clones that look, speak and act just like their templates. However, today the potential for deepfakes to be used maliciously is growing, whereby one creates a clone of a well-known figure and manipulates his or her words. This chapter analyses a wide range of examples of deepfakes in the modern world, as well as the Internet-services that generate them. It will also consider the possibility of using artificial intelligence to prevent their spread, as they constitute a serious threat to psychological security.

The speed and proliferation of AI and algorithmic technology has far outpaced that of the development of the legislative frameworks to which to govern them, to ensure their appropriate, safe and permissive use. It is not suggested that the development of these technologies and integrations are thwarted or inhibited, but more that there is a holistic review and understanding of the complex integrations between the moral, ethical, technological and legal concepts that their use brings. Multiple approaches must be made, utilising top down legislative mechanisms, bottom up consumer and citizen led engagement approaches, and cross sector and industry led standardisation and frame working. Such a cyclical process would ensure that the continual development and evolution of the appropriate instruments keep in pace with technological development. And with such synergic pace, will bring allow such considerations to be made at the design phase technological solutions, rather than taking a reactionary and sometimes unknown approach. Afullunderstanding of new and emerging technologies is needed, how they interact and are interconnected, as well as their vulnerabilities, and causal effects, both direct and indirect, of the use of algorithmic and automated technology.

Wearable devices have already changed the way in which humans communicate with the digital world. Advances in so called “in-body” devices may further revolutionize the way in which humans learn, play and work. However, new technology brings with it new risks and vulnerabilities. Augmented Human technologies have the potential to help human actors and organizations make better decisions. The data produced must be secured, collated and processed. Unless the integrity of the data is assured these decisions cannot be relied upon. There are also issues related to the privacy of data generated by augmented humans. Sharing and accessing data across multiple jurisdictions presents challenges around consistent application of regulatory frameworks especially regarding data ownership and security.

The Internet of Things (IoT) are being enthusiastically adopted by consumers. By the year 2020 the sum of 31 billon IoT devices will be deployed globally. Subsequent as the IoT device landscape is expanding at such speed, so does the threat landscape and vulnerabilities it introduces increases. Thus, making IoT devices easily prone to attacks or to be used to for launching attacks at large economical scale and society is seeing a growth in the scale and frequencies of these attacks. The large scale of attacks and frequency have caught global attention and causing governments to take the security and privacy threats of IoT very seriously and the UK government amongst others are now turning these concerns into actionable measures by considering ways of protecting consumers against the vulnerabilities and threats of IoT. It is part of these actionable measures that the NCSC (National Cyber Security Centre) recently published in a report about the new laws being proposed by the government to strengthen IoT devices. This chapter will look at the IoT security threats and privacy issues, it will explore whether the growing concern of the government to protect consumer has a foundation by investigating consumers awareness and attitude towards IoT security threats and privacy issues and propose a framework to facilitate the introduction of the new initiative of the government to bring in laws to govern IoT products thereby shifting the responsibility of the security threats to the manufacturers and away from the consumer.

The Internet of Things is a cutting-edge technology that organisations are adopting them in order to increase their business productivity and speed the operations. It has been involved for homes, companies, industries and now it is present in healthcare. However, due to lack of standardisation and accelerated competition, providers are deploying devices focused on innovation without having the proper balance between security, performance and ease of use. This is leading to new attacking vectors easing attackers to penetrate systems with confidence and without the need to be an expert in hacking thanks to the variety of open source tools available on the Internet e.g. Kali Linux, Github. The increased number of cyber attacks through IoT devices has complicated the performance of forensic investigators, reaching to Chains of Custody (CoC) easy to challenge by defenders and the rejection of investigation cases. Healthcare organisations has become the most attractive targets for cyber crime due to the variety and value of information allocated on Electronic Health Records (EHR).

This chapter aim to highlight the Biohacking capabilities and presents a Digital Forensic Investigation Process Model (DFIPM) addressing IoMT devices and assuring data privacy during the process.

Precision healthcare is an emerging concept that will see technology-driven digital transformation of the health service. It enables customised patient outcomes via the development of novel, targeted medical approaches with a focus on intelligent, data-centric smart healthcare models. Currently, precision healthcare is seen as a challenging model to apply due to the complexity of the healthcare ecosystem, which is a multi-level and multifaceted environment with high real-time interactions among disciplines, practitioners, patients and discrete computer systems. Digital Twins (DT) pairs individual physical artefacts with digital models reflecting their status in real-time. Creating a live-model for healthcare services introduces new opportunities for patient care including better risk assessment and evaluation without disturbing daily activities. In this article, to address design and management in this complexity, we examine recent work in Digital Twins (DT) to investigate the goals of precision healthcare at a patient and healthcare system levels. We further discuss the role of DT to achieve precision healthcare, proposed frameworks, the value of active participation and continuous monitoring, and the cyber-security challenges and ethical implications for this emerging paradigm.

5G, the fifth generation of wireless connectivity, is designed to allow long-distance coverage and stable connections as well as rapid data download and upload. As a result of 5G’s the wireless-based technology, the data migration enables a speed of 20 Gbps (Gigabyte per second) through wireless mobile data connections, which simplifies the management of excessive data transmission via 5G. The protocols capability for high quantity data transfer speeds with low latency, compared with the previous generations mobile data telephony makes the protocol ideal for both current IoT and automated systems, as well as enabling the development and further proliferation of more. Data transfer speeds and latency rates have been a bottleneck in the roll out of smart technologies. Despite the relatively high data speeds of 4G connectivity, the availability and development of infrastructure, together with the explosion in the ownership and use of devices utilising the technology, has been a limiting factor in the roll out and use of AI and automated technologies such as driverless vehicles and smart city implementations. Whilst 5G looks to solve these limitations brought by previous generations, there are also drawbacks with 5G. The frequency and narrow wavelength, known as millimeter wave, whilst enabling such high data transfer speeds and reduced latency, also has a very limited distance of effectivity. There is only a very short distance before the signal starts to deteriorate, after which, the deterioration is exponential. 5G signals also cannot penetrate or reflect off of buildings and other obstacles very easily. This means that for a 5G networks implementation to be maximised, direct line of sight between the connected device and the relays or radioheads must be maintained, or at least, with as minimal obstruction as possible. A work around to this limitation is through densification and utilising large numbers of small cell radio heads throughout a coverage area. This will require that there is far greater investment and redevelopment in the mobile telephony infrastructure for this strategy to be implemented.

Blockchain and decentralised distributed ledger technologies are being viewed as a mechanism to provide further protection and enhance the security of data by using its properties of immutability, auditability and encryption whilst providing transparency amongst parties who may not know each other; so, operating in a trustless environment. It’s true that blockchain has its roots in cryptocurrency applications and is still evolving for that purpose in the financial sector, but many other organisations across different industries are beginning to see the non-crypto use cases where this mechanism to record data that cannot be changed or reversed or apply as smart contracts (as a way to time-stamp transactions between parties) is becoming extremely relevant and purposeful. A variety of industry sectors, besides Finance, has undertaken the use of these distributed technologies and beneficial attributes of blockchain from the healthcare and pharmaceutical, real estate, retail and supply chain, legal and publishing. Organisations have flexible options to run blockchain as permissionless (anyone can join), permissioned (where those need to be invited) or hybrid (a consortium type) and whether data should be held on-chain or off-chain. With industry entering its fourth industrial revolution (Industry 4.0) the addition of blockchain as a complimentary technology has its place and there are some industries very suited to the significant impact it may bring. Also, the advances of Internet of Things, Machine Learning and Artificial Intelligence has meant more pressures on potential impacts to data and the ripple effects that cyber-attacks may cause. This has also become complicated, as cyber-attacks have become much more sophisticated over recent years with the different configuration types and various industry sectors have suffered from a range of these different attack vectors, resulting in some devastating outcomes. These have manifested in the shape of ransomware, malware, manipulation methods, phishing and spear-phishing. Whilst data breaches are a serious incident, in most organisations, there is a growing concern regarding attacks that are designed to have a more destructive effect such as the Ukraine cyber-attack in 2015 that resulted in a shutdown of the power grid or the WannaCry ransomware attack in 2017 that caused widespread chaos with healthcare institutions unable to carry out any tasks since access to data/systems was unavailable.

The huge increase in data usage and the rapid development of new technologies such as cloud, IoT, and has also led to the exponential increase in cyber threats online. Anonymity and privacy services have equally seen an exceptional growth rate since the introduction of Blockchain and Tor network, as more individuals demand anonymous services away from the traditional centralised offerings, but also seek more security and privacy. This chapter will review quantitative analysis undertaken to critically evaluate Tor and Blockchain as emerging technologies, by an in-depth comparison of their security and privacy properties. Further analysis is undertaken by utilising network and data points that highlight the necessity of urgent deployment of innovative methods to protect users’ anonymity utilising Blockchain application over the Tor network. By undertaking experimental analysis, it is possible to determine Tor packets from common packets and raises the question on possibilities of cyberattacks leading to loss of personable identifiable information (PII) and de-anonymization.

Advancements in web applications and on-line services continue to stimulate business growth and other applications across the globe. Alongside these developments are the increasing cyber security risks and vulnerabilities, inevitably entailing mitigations. Web application vulnerabilities are security holes, which attackers may attempt to exploit, hence potentially causing serious damage to business, such as stealing sensitive data and compromising business resources. Since web applications are now widely used, critical business environments such as internet banking, communication of sensitive data and online shopping, require robust protective measures against a wide range of vulnerabilities. This work explores remediation methods – HTTP header verification, tokenisation and challenge-response authentication of vulnerabilities against login CSRF attacks. Experiments comprising of nine test cases with the three mitigation methods and three vulnerabilities are conducted to identify whether exploitation of vulnerabilities was able to bypass a mitigation method and how the mitigation behaved in web applications of virtual environments. Using techniques and specific scripts of simulated web applications, three mitigation methods are mapped to the exploitation of the three vulnerabilities in different settings in search of an optimal solution. Results indicate that the HTTP header verification was not successful in protecting users from clickjacking exploitation, while it was successful in protecting against XSS and CSRF attacks. Further, exploitation of the three vulnerabilities bypassed the tokenisation mitigation and XSS attacks were prevented by challenge-response authentication, although exploitation of clickjacking and CSRF defeated the mitigation. The significance of these results lies in the fact that different methods are effective or ineffective in different conditions and therefore no single solution can be considered as most appropriate for web applications. The study concludes that best practices can be sought through empirical and experimental studies, via which observation and analysis of behaviours of different solutions under different scenarios of attacks are conducted. Such experiments, designed to bypass mitigations, provide insights into robust and appropriate implementation approaches and, in the era of Artificial Intelligence and Big Data, they should be routinely and automatically conducted.

Advanced Persistent Threats (APTs) are destructive and malicious cyberattacks aimed at high profile, high value targets with clear objectives in mind with a range of desired outputs. In most cases, these threat groups are state sponsored which makes them extremely well financed, organised and resourced. The attack payloads range from data exfiltration and theft to the undermining of critical national infrastructure. These attacks differ from the typical cyberattacks in several different ways but a key differentiation is their patient “low and slow” approach to prevent detection. This approach, although slow, has been very successful and in many cases, detection is years after initial infection. Many of the attacks detected today, have been over a decade in the making. Most concerning is the fact that traditional defence mechanisms have been unsuccessful at detecting these attacks and so how successful will these methods be against a new generation of attacks? The earliest recording of an APT is probably “the cuckoo’s egg”. An attack in the 1980s in which a West German hacker infiltrated a series of computers in California and over time stole state secrets relating to the US “Star Wars” program. The hacker then sold the information to the Soviet KGB. Although at this point in time, cyber defence was not a government sponsored military department, it raised awareness of just how powerful this threat could be. Since then, worldwide attacks in the private and public sectors have grown exponentially and today, all governments have cyber warfare units.

Most APT attacks are state sponsored; however, this does not mean that attacks are limited to government entities. Far from it. These attacks affect individuals, companies, corporations and governments globally. Attacks can and do encompass a multitude of sophisticated techniques and affect not only the traditional LAN/WAN environments but could also contaminate new generation networks such as mobile 5G networks, vehicular ad hoc networks (VANET) and Internet of Things (IoT) to name but a few. Dealing with these attacks is challenging, most attacks take years to be discovered and traditional detection mechanisms have been woefully inadequate. The age of machine learning and artificial intelligence has brought significant improvement to the detection challenges faced. These fields allow us to look for far more than attack signatures and characteristics. They allow us to look for patterns of behaviour through massive data quantities at speeds previously unimaginable.

Gathering and utilizing stored data is gaining popularity and has become a crucial component of smart building infrastructure. The data collected can be stored, for example, into private, public, or hybrid cloud service infrastructure or distributed service by utilizing data platforms. The stored data can be used when implementing services, such as building automation (BAS). Cloud services, IoT sensors, and data platforms can face several kinds of cybersecurity attack vectors such as adversarial, AI-based, DoS/DDoS, insider attacks. If a perpetrator can penetrate the defenses of a data platform, she can cause significant harm to the system. For example, the perpetrator can disrupt a building’s automatic heating system or break the heating equipment by using a suitable attack vector for a data platform. This chapter focuses on examining possibilities to protect cloud storage or data platforms from incoming cyberattacks by using, for instance, artificial-intelligence-based tools or trained neural networks that can detect and prevent typical attack vectors.

The rise of new digital economies and data-driven supply-chains seeks to revolutionalise the ways information is transferred, processed and analysed across different industry segments in the value-creation. This data-driven manufacturing revolution promises to increase productivity, democratise data sharing capabilities and foster industrial growth in scales never seen before. The traditional transactional models are to be re-visited, and distributed data storage architectures are to be re-designed to accommodate for optimised data flows across different organisation units. Data is increasingly becoming a strategic business resource that through innovation in existing sharing and processing approaches can decompose business bottlenecks in existing production lines and processes and disrupt traditional supply-chain models. This work seeks to articulate a state-of-the-art review of the application and impact of ML techniques and distributed Ledger technologies to further disrupt supply-chain capabilities with regards to data accuracy and completeness.

This chapter centres on the emergence of technology in cases of Domestic Abuse using two adjunct parts; (a) how digital coercive control using smart home devices is now an attack vector for abusers and (b) it sets out to answer if the UK Domestic Abuse bill is adequate to support victims of technology facilitated abuse.

Recent reports in the media have identified cases of Domestic Abuse where attackers are using smart home devices to exert coercive control over their partners or former partners.

This research importantly highlights a lack of awareness of technology facilitated Domestic Abuse by victims, support workers and law enforcement. This has resulted in the development of a new proposed framework titled SHADA Compliance – a Smart Home Anti Domestic Abuse framework. The research concludes that the Domestic Abuse bill does not adequately support the growing threat of technology in cases of Domestic Abuse. A list of recommendations for future study is included that could further the field of research for Domestic Abuse charities, law enforcement and also increase public awareness.

Forensic age estimation is usually requested by courts, but applications can go beyond the legal requirement to enforce policies or offer age-sensitive services. Various biological features such as the face, bones, skeletal and dental structures can be utilised to estimate age. This article will cover how modern technology has developed to provide new methods and algorithms to digitalise this process for the medical community and beyond. The scientific study of Machine Learning (ML) have introduced statistical models without relying on explicit instructions, instead, these models rely on patterns and inference. Furthermore, the large-scale availability of relevant data (medical images) and computational power facilitated by the availability of powerful Graphics Processing Units (GPUs) and Cloud Computing services have accelerated this transformation in age estimation. Magnetic Resonant Imaging (MRI) and X-ray are examples of imaging techniques used to document bones and dental structures with attention to detail making them suitable for age estimation. We discuss how Convolutional Neural Network (CNN) can be used for this purpose and the advantage of using deep CNNs over traditional methods. The article also aims to evaluate various databases and algorithms used for age estimation using facial images and dental images.

The purpose of this research is to identify how feasible it is to securely and effectively implement e-governance in a developed country. The project uses Estonia as a case study, and analyses the path the country chose to take in order to achieve its current state of e-governance. The country’s answer to the existing risks embracing this transition included employing a distributed ledger technology and a proprietary solution acting as a data exchange layer, which promoted improvement on transparency and efficiency, and resulted on an increase on citizen’s trust. The study establishes a direct relationship between e-government and digital security, and compares Estonia’s level of preparedness in cyber security with other nations. This study also investigates the adoption of Cyber Situational Awareness program as an element of secure implementation of e-governance.

Examining Estonia’s results attained over the past two decades, and comparing its e-governance and cyber security index rankings with other developed countries, it becomes clear that the digital transition has acted as a lever in successfully developing the nation and maintaining it at the forefront of cyber security internationally.

This chapter discusses the threat arising from within the organisation, whether from negligence, malice, or exploitation by an external party. The trusted insider is one of the greatest challenges facing organisations today. The analysis considers the balance to be struck between allowing insiders access and privileges to show trust and increase productivity, and securing that access at the cost of good will and with an increased risk of workarounds being found, placing vulnerabilities at the heart of an organisation’s policies and processes. The tactics of social engineering and exploitation of human psychology to compromise or completely bypass technical and procedural security measures are considered, along with the effectiveness of training and difficulties of raising cultural awareness of security on a long term basis in a rapidly changing technological landscape.