CYD：2022年度校园网络安全防御报告（英文版）（75页）.pdf

《CYD：2022年度校园网络安全防御报告（英文版）（75页）.pdf》由会员分享，可在线阅读，更多相关《CYD：2022年度校园网络安全防御报告（英文版）（75页）.pdf（75页珍藏版）》请在三个皮匠报告上搜索。

1、Cyber-Defence CampusAnnual Report 2022Table of Contents1 About the Cyber-Defence Campus 4 Research8 Demonstrators112192 Highlights9 Technologie Monitoring5 Customer and Portfolio Analysis11 Laboratory Infrastructures12 Events13 Presentations15 Communication14 Scientific Papers16 Outlook 202334334047

2、53565739501.1 Strategy Embedding and Key Tasks1.2 Partners1.3 People4.1 Projects in Cyber Security4.2 Projects in Data Science6.1 Innovation Projects Results6.2 Cyber Startup Challenge14.1 Publications14.2 Student WorksMPRINTPublisher:Cyber-Defence Campus,armasuisse,Feuerwerkerstrasse 39,CH-3602 Thu

3、n Contact:+41 58 480 59 34,cydcampusarmasuisse.ch Image reference:Where not stated differently:Source DDPS/DDPS,Pixabay,Adobe Stock6 Innovation7 Security Analysis,Penetration Testing and Security Consulting65673 CYD Talent Development1610 International Scouting and Cooperation48This annual report pr

4、ovides information about the public,unclassified activities of the CYD Campus in 2022.I hope you will enjoy reading it.Thun,31.January 2023Dr Vincent LendersDirector of the Cyber-Defence CampusThe year 2022 was a special year both in terms of security policy and technology.At the beginning of the ye

5、ar,Russia launched a military attack on Ukraine.The cyber incidents associated with the invasion highlight that the use of cyber means to support military action has become the norm.As a result of increasing international interconnectedness and interdependence,cyber attacks are likely to have cross-

6、border effects and can thus also pose a threat to Swiss facilities.According to the 2022 supplementary report to the Security Policy Report 2021,direct cyber attacks against targets in Switzerland can be expected in an escalating situation.ForewordTwo months after the invasion of Ukraine,the Swiss A

7、rmed Forces presented the General Concept Cyber.This concept shows how the Armed Forces should further develop their capabilities in the cyber domain.The Armed Forces must be able to protect themselves and actively ward off threats.The implementation of the strategy will take place gradually with th

8、e development of a cyber command in 2024 and will last until the 2030s.In December,the Federal Council decided to establish a new Federal Office for Cyber Security within the DDPS.The planned Federal Office is to provide a national reporting and point of contact for cyber attacks,disseminate informa

9、tion and warnings and raise awareness among the population for protection against attacks from the network and also protect the federal administration from cyber attacks.Cyber-Defence CampusiAnnual Report 20222022 was also a groundbreaking year for developments in the field of artificial intelligenc

10、e.The company OpenAI unveiled two AI-based systems,DALL-E 2 and ChatGPT,which are able to automatically generate images respectively texts of such high quality that they approximate human abilities.The impact for cyber defence,the CYD Campus and society in general is significant.As Federal Councillo

11、r Viola Amherd pointed out at the REAIM 2023 conference in The Hague,the use of artificial intelligence in defence can offer many opportunities,but at the same time risks and ethical aspects must be taken into account.A lot happened at the CYD Campus in 2022.Looking back,we have made significant pro

12、gress in the fourth year since the CYD Campus was founded.For example,the number of partner organisations working with the CYD Campus has increased to more than 60.I am particularly pleased that we were able to expand the number of study places.In 2022,13 students from Swiss universities had the opp

13、ortunity to conduct their research as CYD Fellows and another 39 students completed a university internship or a masters thesis as part of the talent development programme at the CYD Campus.We managed to effectively network and significantly strengthen the Swiss cyber community thanks to our events

14、such as the CYD Campus Conference in Bern,the Cyber Alp Retreat in Sachseln,the conducted hackathons,the Cyber Startup Challenge and Jam Sessions.We also succeeded in intensifying international cooperation,for example by sending one of our cyber experts to the NATO Cooperative Cyber Defence Centre o

15、f Excellence(CCDCOE)in Tallinn,Estonia,for a three-year period.In November,the new premises of the CYD Campus at Zollstrasse 62 in Zurich were inaugurated together with ETH Zurich and our industrial partners,offering us significantly more space for the joint implementation of projects and events wit

16、h our partners.In 2022 alone,over 50 projects were conducted across locations and over 30 scientific papers were published.A highlight,for example,was the establishment of a national testbed for network security,which links the three CYD Campus locations(Thun,Lausanne and Zurich)via ETH Zurichs inno

17、vative SCION technology.These encouraging developments contribute to our mission:improving cyber defence in Switzerland.As part of the APCD and the Cyber DDPS Strategy,the Cyber Defence(CYD)Campus has been developed and operated in the DDPS for four years.It is located at the Federal Office for Defe

18、nce Procurement(armasuisse).The CYD Campus offers the DDPS an anticipation and knowledge platform for identifying and assessing technological,economic and social cyber trends.In order to be able to cooperate as closely as possible with the universities,the DDPS and industry,the CYD Campus is represe

19、nted at three locations:at the main location in Thun(armasuisse Science and Technology),at the Innovation Park at the EPFL in Lausanne and,since this year,at Zollstrasse 62 in Zurich.This allows it to efficiently build up know-how and provide cyber expertise according to the needs of the Swiss Confe

20、deration.The new location in Zurich in particular allows the CYD Campus to create an ideal environment for collaboration and to provide room for new talents thanks to its larger premises.Due to the changing ecosystem and the increasing threat of cyber attacks in all spheres of life,the Swiss governm

21、ent has made cyber security a central and national security concern.The Federal Department of Defence,Civil Protection and Sport(DDPS)is increasing the allocation of resources to cyber defence and making it a strategic and operational priority.For this reason,the first Action Plan for Cyber Defence(

22、APCD)was created in 2016.In view of the rapid further development of the cyber threat situation over the past five years,a new Cyber DDPS Strategy has been elaborated for the period 20212024,building on the Action Plan.Both the Action Plan and the new Strategy Cyber DDPS are aligned with the overarc

23、hing National Strategy for the Protection of Switzerland against Cyber Risks(NCS).Early identification of trends in the cyber sector:This includes comprehensive technology and market monitoring,international scouting of startups and the fostering of a collaboration network.Research and innovation of

24、 cyber technologies:Through collaboration with academia and industry,emerging cyber risks are identified and innovative solutions are developed to effectively counter threats in the cyber space.In addition,the CYD Campus aims to ensure and enhance the security and resilience of existing cyber system

25、s.The aim of this annual report is to provide insights into the realisation of the above-mentioned tasks in 2022 of the Cyber-Defence Campus.In doing so,a brief summary of some highlights of 2022 will be provided.Public activities in research projects,customer mandates and demonstrators will also be

26、 discussed.Furthermore,activities in 2022 related to the expansion of laboratory infrastructures are addressed and technology and market monitoring activities are described.The final chapters of this report provide an overview of events,publications,presentations and an outlook for 2023.Training of

27、cyber specialists:At the CYD Campus,talents at Master,PhD and postdoc level as well as university interns are trained for future challenges.In addition,CYD Campus experts define and supervise numerous student projects.Strategy Cyber DDPS 2021-2024Core competencies of the Cyber-Defence Campus1 About

28、the Cyber-Defence CampusCyber-Defence Campus1.1 Strategy Embedding and Key TasksConsequently,the CYD Campus acts as a nexus between industry,government administration and academia.In the orientation of the Cyber DDPS Strategy,the head of the DDPS,Federal Councillor Viola Amherd,defines the fields of

29、 action and the corresponding distribution of tasks.Today,the CYD Campus has the following three key tasks:Annual Report 202211.2 PartnersThe CYD Campus is organizationally located at armasuisse Science and Technology(DDPS).About 60 other national and international organisations from academia,indust

30、ry and the public sector contribute as partners.1.2 About CYD Campus-Partners Cyber-Defence CampusPublic Partners/FederationHigher EducationIndustrial PartnersNationalSwiss Armed ForcesBern University of Applied Sciences(BFH)AdnovumFederal Department of Foreign Affairs(FDFA)cole polytechnique fdrale

31、 deLausanne(EPFL),AnapayaFederal Office of Civil Aviation(FOCA)Center for Digital Trust(C4DT)AstrocastFederal Intelligence Service(FIS)Eidgenssische Technische HochschuleZrich(ETHZ)Brunner Elektronik AGFederal Office of Police(fedpol)Northwestern Switzerland University ofApplied Sciences and ArtsCYS

32、ECNational Cyber Security Center(NCSC)Haute cole du Paysage,dIngnierie etdArchitecture de Genve(HEPIA)DecentriqFederal Statistical Office(FSO)HES-SO Valais-WallisFLARM TechnologySwisstopoLucerne University of Applied Sciencesand Arts(HSLU)IBM ResearchSwissnexSchool of Engineering and ManagementVaud(

33、HEIG-VD)Kudelski SecurityMilitary Academy at ETH ZurichNoser EngineeringEastern Switzerland University ofApplied Sciences(OST)RUAGScuola universitaria professionale dellaSvizzera italiana(SUPSI)SwisscomUniversity of FribourgTune InsightUniversity of GenevaUniversity of LausanneUniversity of Neuchtel

34、University of St.GallenUniversity of ZurichZurich University of Applied Sciences(ZHAW)Zurich Information Security and PrivacyCenter(ZISC)InternationalFederal Office for InformationSecurity(BSI),DEKU Leuven,BELCountercraftEuropean Defence Agency EDATU Kaiserslautern,DECybExer TechnologiesKRITISIMDEA,

35、ESPONEKEYLuxembourg Armed ForcesUniversity of LuxembourgPlug and PlayNATO CCDCOEUniversidad de Murcia,ESPSero SystemsUS Department of DefenseUniversidad Rey Juan Carlos,ESPUniversity of Oxford,UKUniversity of Southern California(USC),USANortheastern University,USAList of all the Partners of the Cybe

36、r-Defence Campus in 2022Annual Report 202221.3 PeopleThe direction of the CYD Campus consists of employees of the department Cyber Security and Data Science of armasuisse S+T.CYD Campus DirectionGiorgio TresoldiHead of International Relations and ScoutingDr Alain MermoudHead of Technology and Market

37、 MonitoringDr Colin BarschelHead of Innovation and Industry CollaborationsDr Grme Bovet Head of Research Programme and Data Science GroupDr Vincent LendersDirector of the CYD Campus and Head of DepartmentStefan EngelHead of Business Development and Deputy Director of the CYD Campus1.3 About CYD Camp

38、us-People Dr Bernhard TellenbachHead of Cyberspace Research Programme and Cyber Security GroupCyber-Defence CampusAnnual Report 20223Dr Martin Strohmeier is an expert in the security of cyber-physical systems and scientific project managerPersonnel Focus Cyber SecurityDamian Pfammatter is a penteste

39、r,vulnerability researcher and scientific project managerDaniel Hulliger is a pentester,vulnerability researcher and technical project managerDr Daniel Moser is an expert in wireless communication security,a pentester and a scientific project managerLloren Roma is a pentester and scientific project

40、managerDr Roland Meier is an expert in network security and scientific project manager(joined in November 2022)Dr Miguel Keer is a scientific project managerDr Carlo Matteotti is a cryptologist and supervises students and CYD Fellows as a CYD mentorWilliam Lacube is responsible for the collaboration

41、 with the NATO CCDCOE in Estonia and is a scientific project manager1 ber den CYD Campus-Personen Jahresbericht 20221.3 About CYD Campus-PeopleCyber-Defence Campus4Personnel Focus Data ScienceDr Etienne Voutaz is a data scientist and a scientific project managerDr Ljiljana Dolamic is an expert in Na

42、tural Language Processing and a scientific project managerDr Albert Blarer is a data scientist and a scientific project managerDr Jonas Liechti is a Big Data specialist and a scientific project manager(joined in August 2022)Dr Raphael Meier is an expert in Image Processing and Machine Learning and a

43、 scientific project managerDr Hng-n Sandlin is an expert in Data Analysis and Machine Learning and a scientific project managerIvo Stragiotti is responsible for laboratory infrastructures and is a technical project manager Dr Metin Feridun is a Big Data specialist and a scientific project manager(re

44、tired in October 2022)Cyber-Defence Campus1 ber den CYD Campus-Personen 1.3 About CYD Campus-PeopleAnnual Report 20225SupportMonia KhelifiHead of Administration and Event ManagementAmina BouslamiCYD Campus Lausanne Administrator(from June 2022)1.3 About CYD Campus-PeopleCyber-Defence CampusSarah Fre

45、iCommunication and Administrator CYD Campus Zurich(from April 2022)Annual Report 20227University InternsIn order to increase students cyber expertise and strengthen Switzerlands long-term resilience to cyber threats,the Cyber-Defence Campus offers university internships at all three locations in Thu

46、n,Lausanne and Zurich.In 2022,27 students were able to complete an internship with the Cyber-Defence Campus.The interns come from different universities.Cyber-Defence Campus1 ber den CYD Campus-Personen1.3 About CYD Campus-PeoplePerceval Faramaz,November 22 October 23,International Affairs,LausanneF

47、rancesco Intoci,October 22 March 23,Cyber Security,LausanneLouis Leclair,October 22 March 23,Cyber Security,LausanneAlessandro Tavazzi,September 22 February 23,Technology Monitoring,LausanneEric Jedermann,September 22 February 23,Cyber Security,Thun Lucas Crijns,September 22 February 23,Cyber Securi

48、ty,LausanneEtienne Salimbeni,September 22 February 23,Data Science,LausanneMarc Egli,September 22 February 23,Cyber Security,LausanneNicholas Sperry Grandhomme,August 22 Januar 23,Data Science,LausanneLo Meynent,August 22 January 23,Data Science,LausanneMichiel Lchinger,August 22 July 23,Communicati

49、on and International Affairs,ThunValentin Mulder,May 22 April 2023,Technology Monitoring,LausanneSarah Ismail,May 22 April 2023,Technology Monitoring,LausanneAnnual Report 20228Cyber-Defence Campus1 ber den CYD Campus-Personen1.3 About CYD Campus-PeopleJohannes Willbold,March 22 August 22,Cyber Secu

50、rity,ThunBeatrice DallOmo,March 22 August 22,Cyber Security,ThunGuillaume Follonier,March 22 August 22,Data Science,Lausanne Franois Burguet,March 22 August 22,Technology Monitoring,LausanneJacques Roitel,February 22 July 22,Technology Monitoring,LausanneCyrill Vallez,February 22 Juli 22,Data Scienc

51、e,LausanneAlexander Glavackij,February 22 December 22,Technology Monitoring,LausanneEloi Garandel,September 21 February 22,Data Science,LausanneBenjamin Killian,September 21 February 22,Cyber Security,LausanneSamad Emrys Durussel,September 21 February 22,Data Science,LausanneHuzar Marin,September 21

52、 February 22,Cyber Security,LausanneMarie Reignier Tayar,August 21 January 22,Data Science,LausanneMichael Tsesmelis,June 21 May 22,Technology Monitoring,LausanneSarah Frei,April 21-March 22,Communication,ThunAnnual Report 20229Jodok Vieli,Master Thesis Fellow,ETHZ,October 22 March 23,Project title:

53、Systemization of DNS DoS:Attack Characterization,Mitigation,and Measurement,CYD Mentor:Dr Bernhard TellenbachDr Lucianna Kiffer,Postdoc Fellow,Northeastern University,September 22 August 24,Project title:Security and Usability of Blockchain Networks,CYD Mentor:Dr Bernhard TellenbachLouis-Henri Merin

54、o,Doctoral Fellow,EPFL,June 2022 May 24,Project title:Coercion-Resistant Remote E-Voting Systems with Everlasting Privacy,CYD Mentor:Dr Bernhard TellenbachAlessandro Stolfo,Doctoral Fellow,ETHZ,January 22 December 25,Project title:Privacy-Preserving Learning of Neural Language Models,CYD Mentor:Dr L

55、jiljana DolamicIan Boschung,CYD Master Thesis Fellow,ETHZ,January 22 November 22,Project title:Analysing new security guarantees made possible by the ARMv9 Confidential Compute Architecture,CYD Mentor:Dr Bernhard TellenbachAdalsteinn Jonsson,Master Thesis Fellow,ETHZ,December 21 June 22,Project titl

56、e:Binary Similarity Techniques for Malware Detection,CYD Mentor:Dr Martin StrohmeierLina Gehri,Master Thesis Fellow,ETHZ,November 21-April 22,Project title:Analyzing and Comparing Defense Strategies in a Cyber Defense Exercise,CYD Mentor:Dr Vincent LendersCYD FellowsIn 2020,the CYD Campus launched a

57、 Cyber Defence(CYD)Fellowship Programme together with the EPFL to give students the opportunity to deepen their knowledge in cyber defence topics and to strengthen Switzerlands competences in this field.This enables students to make a research contribution to Switzerlands cyber defence while they ar

58、e still studying.The CYD Fellowship is a competitive talent programme that provides students with a CYD expert to supervise their research work.CYD Fellows are enrolled at a Swiss university and conduct their research on the premises of the CYD Campus at the EPFL Innovation Park in Lausanne,at Zolls

59、trasse in Zurich or at the headquarters in Thun.CYD Fellowships are awarded several times a year to masters students,doctoral students and postdocs and provide a living allowance.In 2022,13 fellows were active:Jan Urech,Master Thesis Fellow,ETHZ,October 21-April 22,Project title:Developing an Automa

60、ted Defender for Cyber Security Exercises,CYD Mentor:Daniel HulligerSimran Tinani,PhD Fellow,UZH,September 21-August 23,Project title:Nonabelian Groups in Cryptography,CYD Mentor:Dr Carlo Matteotti Ksandros Apostoli,Master Thesis Fellow,EPFL,September 21-February 22,Project title:Privacy-Preserving

61、Proof-of-Personhood Token,CYD Mentor:Dr Daniel MoserDr Andrei Kucharavy,Postdoc Fellow,EPFL,December 20-November 22,Project title:Evolutionary dynamics for improved GAN detection,CYD Mentorin:Dr Ljiljana DolamicDina Mahmoud,PhD Fellow,EPFL,September 20-August 24,Project title:ADHeS:Attacks and Defen

62、ses on FPGA-CPU Heterogeneous systems,CYD Mentor:Dr Vincent LendersDr Dimitri Percia David,Postdoc Fellow,UNIGE,August 20-July 22,Project title:Technology Forecasting and Market Monitoring for Cyber-Defence,CYD Mentor:Dr Alain Mermoud1 ber den CYD Campus-Personen Cyber-Defence Campus1 ber den CYD Ca

63、mpus-Personen 1.3 About CYD Campus-PeopleAnnual Report 202210StudentsLukas Baege,ETHZ,October 22 April 23,Supervisor:Dr Martin StrohmeierPascal Schrli,ETHZ,October 22 March 23,Supervisor:Dr Bernhard TellenbachSilvan Niederer,ETHZ,September 22 January 23,Supervisor:Lloren RomaPedro Miguel Sanchez San

64、chez,Universidad de Murcia,September 22 December 22,Supervisor:Dr Grme BovetEnrique Tomas Martinez Beltran,Universidad de Murcia,September 22 December 22,Supervisor:Dr Grme BovetYago Lizarribar,IMDEA Networks Institute,June 22 September 22,Supervisor:Dr Grme BovetMathis Lindner,ETHZ,February 22 Augu

65、st 22,Supervisor:Dr Martin StrohmeierSbastien Gillard,Universit de Fribourg,21 23,Supervisor:Dr Alain MermoudDominique Portenier,ETHZ,September 21 February 22,Supervisor:Dr Daniel MoserSilvio Geel,ETHZ,September 21 February 22,Supervisor:Dr Daniel MoserMarco di Nardo,ETHZ,September 21 February 22,Su

66、pervisor:Dr Daniel MoserFlorian Lerch,ETHZ,September 21 January 22,Supervisor:Dr Martin StrohmeierCYD Campus employees define and supervise student projects at Bachelor,Master and PhD level.The students conduct their projects on the premises of the CYD Campus at EPFL,ETHZ and at the headquaters in T

67、hun.During 2022,work from twelve students was supervised by the CYD Campus.Cyber-Defence Campus1 ber den CYD Campus-Personen 1.3 About CYD Campus-PeopleMembers of the Armed ForcesConstable Michael Bosshard(name changed),August 22-October 22,Data Science,ThunOther members of the armed forces doing th

68、eir army service at Lab 42,an innovation unit of Cyber Batallion 42,used the premises of the CYD Campus in 2022.Annual Report 202211BrokenwireCYD Campus associate Martin Strohmeier,together with research partners from Oxford University,has discovered a vulnerability called Brokenwire in the combined

69、 charging system(CCS)of electric vehicles.CCS is one of the most widely used Direct Current(DC)rapid charging technologies for electric vehicles.The attack interrupts necessary control communication between the vehicle and charger,so that the charging processes are interrupted.The attack can be cond

70、ucted wirelessly from a distance using electromagnetic interfe-rence,allowing individual vehicles or entire fleets to be disrupted simultane-ously.In addition,the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge.ICS Hackathon in ThunFrom 19 to 23 September,the

71、CYD Campus and the Cyber Battalion 42 organised a hackathon on industrial control systems(ICS)and operational technologies(OT).Among the more than 30 participants were researchers from the CYD Campus and the Swiss Armed Forces,employees of the NCSC and Swissgrid,soldiers from Cyber Battalion 42,stud

72、ents from the Lucerne University of Applied Sciences and Arts,ETH Zurich and Ruhr University Bochum,as well as experts from the private sector,such as ALSEC Cyber Security Consulting and Nozomi Networks.The participants were divided into cross-functional teams with different areas of focus in the fi

73、eld of industrial control systems.This allowed the groups to conduct targeted vulnerability analysis,examine different attack vectors and develop appropriate countermeasures.Additionally,this facilitated collaborative and intensive work in smaller groups.Vulnerability tests for ICS systems are diffi

74、cult to implement compared to information systems,as severe damage can be caused.However,in order to be able to carry them out and simulate attacks,as well as for educational and training purposes,appropriate laboratories are particularly suitable.Therefore,the CYD Campus provided two labs for the i

75、nfrastructure of the hackathon,each simulating a different industrial control system.One is the representation of a pumped storage power plant.The second is a reconstruction of a Swiss energy substation for the development of attack and defence strategies,the so-called Krinflab.With the hackathon,th

76、e CYD Campus pursued three goals:to expand the knowledge available in the DDPS within this relevant field,to network experts from industry,universities and the public administration,and to support young talents who want to deepen their expertise in the area.For more information:CYD Campus Hackathon

77、NewsDemonstration of Brokenwire.2 HighlightsCyber-Defence CampusThe researchers demonstrated the attack in a controlled laboratory and then against seven vehicles from different manufacturers and 18 DC high-power chargers.They also conducted a disclosure to industry and proposed various countermeasu

78、res that could be used to limit the impact.Brokenwire has immediate implications for many of the estimated 12 million battery powered electric vehicles on the road worldwide as well as profound implications for the new wave of electrification of vehicle fleets,both for private companies and key publ

79、ic services.In addition,Brokenwire affects electric ships,aircraft and heavy goods vehicles.For more information:Brokenwire website&publicationModel of a pumped storage power plant:CYD Campus ICS laboratory in Thun.Krinflab:Reconstruction of a Swiss energy substation for the development of attack an

80、d defence strategies.Annual Report 202212Trends in Data Protection and Encryption Technologies 2025Militaries and governments have long used encryption technologies to facilitate secret communications.Today,encryption technologies are equally crucial in protecting our economy and civil society.They

81、are key enablers for the ongoing transformation of the digital economy and online society.The study launched in Switzerland by the Cyber-Defence Campus at the beginning of 2022 provides an overview of the changing landscape of encryption and data protection technologies and their global usage trends

82、.The Swiss government mandated the CYD Campus to identify the 38 most crucial encryption and data protection technologies,intending to analyse their anticipated developments until 2025 and derive the implications for the military,civil society,and business sectors.Around fifty experts from academia,

83、the Swiss government,and industry contributed to the study.They included numerous researchers,interns and CYD Fellows from the CYD campus.This study is a reference for organisations and individuals who have to develop coherent and efficient data protection and encryption strategies in the coming yea

84、rs.The technologies are divided into five categories:Inauguration of New CYD Campus Premises in ZurichAnother highlight of the CYD Campus in 2022 was the inauguration of the new premises at Zollstrasse 62 in Zurich.The official reopening of the CYD Campus Zurich on 24 November also celebrated the la

85、unch of SCION.SCION is a novel Internet architecture developed at ETH Zurich ten years ago and made marketable in the last five years by ETH spin-off Anapaya Systems.The technology replaces the insecure internet routing protocol with a more secure and efficient protocol.The DDPS is interested in usi

86、ng this technology for Swiss cyber defence and is testing this technology at the CYD Campus together with Swiss industrial partners.For this purpose,the three CYD Campus locations in Thun,Lausanne and Zurich were equipped with SCION network connections from the companies Swisscom,Sunrise and SWITCH

87、and made available for three years as a national test infrastructure for the armed forces and security authorities.2 Highlights Cyber-Defence CampusInauguration of new CYD Campus premises in Zurich.Alain Mermoud and Valentin Mulder present the study at the CYD Campus Conference.1.Encryption foundati

88、ons technologies are used to create other encryption applications;2.Low-level applications:Focus on basic functionalities;3.High-level applications:Focus on more complex functionalities;4.Data protection technologies:Data protection without encryption;5.Use cases:Concrete ways how technologies can b

89、e used together to create a solution that works.The study was presented at the CYD Campus Conference 2022 and will be published in book form in summer 2023.Annual Report 202213Cyber Startup Challenge 2022The Cyber Startup Challenge was launched in June 2022 for the third year in a row.Within this ch

90、allenge,36 startups from various countries presented their innovative technologies in the field of network detection and security of IoT devices.After evaluation by cyber experts from the Federal Department of Defence,Civil Protection and Sport(DDPS),the three finalists ONEKEY,Narrowin and Sepio wer

91、e eventually invited to the CYD Campus Conference.Each of the finalists was allowed to give a pitch at the Conference,where the startup ONEKEY was ultimately able to convince the DDPS jury.ONEKEY has developed a technology that automatically identifies security vulnerabilities.Using the Software Bil

92、l of Materials(SBOM)and automatically generated Digital Twins,ONEKEY checks operational software for critical security vulnerabilities and compliance infringements.On the one hand,the SBOM provides a detailed overview of all components of a software package.On the other hand,a Digital Twin is a virt

93、ual image of a system and allows its examination in the lab without the source code,the network or physical access to the devices.For more Information:Finalists 2022&Press Release Cyber Startup ChallengeCyber-Defence Campus ConferenceA central task of the CYD Campus is the networking of academia,ind

94、ustry and state actors in the field of cyber defence.For this purpose,the CYD Campus regularly organises events on defence and security-related cyber topics.An important annual event is the CYD Campus Conference,which attracts more than 300 participants.The CYD Campus Conference 2022 took place on 2

95、6 October in the Kursaal in Bern.During the event,experts from public administra-tion,academia and industry spoke on key topics in the area of securing future digital infrastructures.In addition to presentations on developments in the area of communication networks(5G+),the global financial system,t

96、he dissemination of(dis)information and cryptography,the series of talks was rounded off with an insight into the conception and implementation of realistic cyber defence trai-ning such as Locked Shields.2 Highlights Cyber-Defence CampusPanel discussion Study Data Protection and Encryption Technolog

97、ies 2025.Colin Barschel,Head of Innovation CYD Campus and Florian Lukavsky,Co-Founder and CTO of ONEKEY.Annual Report 202214The CCDCOE organised the Locked Shields Cyber Defence exercise in April 2022,which has been held annually since 2010.One of the ways in which the CYD Campus directly participat

98、es in the organisation of the exercise is by sending experts to the Green and Red Teams.These two teams are responsible for the organisation and implementation of the exercise and are composed of experts from all participating states.The Swiss Armed Forces regularly participate with their own Blue T

99、eam or together with other countries to train their experts in cyber defence.During the exercise,the Red Teams operate as attackers against the Blue Teams,which perform as cyber rapid reaction teams defending the national IT systems and critical infrastructures of the fictitious island state of Bery

100、lia against large-scale cyber attacks.In total,more than 2000 participants from 32 nations took part in the event.In addition to protecting numerous complex cyber-physical systems,the teams formed from member states and partners are required to make strategic and tactical decisions,report incidents

101、and deal with challenges in the areas of forensics,law,media relations and information warfare.The aim of the exercise was to improve participants skills and knowledge in the field of cyber defence and to promote cooperation between the different nations and organisations.Due to the numerous attacks

102、 and the complexity of the exercise,Locked Shields is also an ideal environment to test cyber defence products.Chapter 6.1 Innovation project results elaborates on the cooperation between the Cyber-Defence Campus and industry in this context.Representation of Switzerland at the NATO CCDCOECYD Campus

103、 associate William Blonay took up his position as Switzerlands representative at the NATO Cooperative Cyber Defence Centre of Excellence(CCDCOE)in Tallinn,Estonia,in February 2022 and will serve for three years.The CCDCOE is a NATO accredited cyber centre of excellence that aims to strengthen resear

104、ch and training cooperation in the field of cyber defence internationally.The centre achieves this by organising joint exercises and conducting research projects,technical training and conferences.The flagships of the CCDCOE include the annual international conference on cyber conflicts(CyCon),the T

105、allinn Manual and Locked Shields,one of the worlds largest cyber defence exercises(more information in the next highlight),in which William Blonay also participated in the Red and Green Team in 2022.Since joining as a Contributing Nation in 2019,Switzerland has benefited from the exchange of informa

106、tion and knowledge as well as from the various joint research and training activities of the CCDCOE.This cooperation also contributes to the implementation of the National Strategy for the Protection of Switzerland against Cyber Risks(NCS)and the Cyber DDPS Strategy 20212024.Against the backdrop of

107、the changed global political situation,Switzerland is particularly keen to consolidate international cooperation,particularly in the area of defence.Each CCDCOE member state sends one or two experts as representatives to Tallinn.These experts are active in various areas of competence such as technol

108、ogy,strategy,operations,support,education and training,and law.Switzerland is currently represented at the CCDCOE by two delegates:In addition to William Blonay,who belongs to the technology competence area,Lisa Schauss,a member of the Armed Forces Command Support Organisation(FUB)and part of the ed

109、ucation and training competence area,represents Switzerland at the CCDCOE.To learn more about Williams experience at the CCDCOE,read the interview in the December 2022 issue of armafolio.2 Highlights Cyber-Defence CampusCyber Defence Exercise Locked ShieldsWilliam Blonay on his first day representin

110、g Switzerland at the CCDCOE.Part of the exercise Locked Shields im April 2022.Annual Report 202215Cyber security is a hot topic.As we have seen on the news,multiple data breaches have occurred in recent years.This triggered my curiosity and ignited the desire to learn more about the field of cyber s

111、ecurity.I am also fascinated by the world of research and would like to develop my skills in this field.Cyber-Defence CampusJahresbericht 20223 CYD Talent DevelopmentSpecialists in cyber security and data science are scarce in Switzerland as well as in many other countries.The promotion and training

112、 of new cyber talents is therefore a major challenge and one of the three key tasks of the CYD Campus.The CYD Campus pursues different approaches in order to enhance students cyber expertise.On the one hand,the CYD Campus offers university internships at all three locations in Thun,Lausanne and Zric

113、h.In addition,student projects at Bachelor,Master and PhD level are defined and supervised by CYD Campus researchers.These students are enrolled at a university and are supervised by a CYD Campus Mentor.In addition,the CYD Campus,together with EPFL,laun-ched the CYD Fellowship programme in 2020 to m

114、otivate students and provide them with the opportunity to strengthen their skills in the field of cyber defence.In 2022,27 university interns were employed and twelve student projects were supervised by CYD Campus researchers.Furthermore,13 CYD Fellows were active.The aim is to promote a new generat

115、ion of cyber-talents in this way.Thus,the CYD Campus makes a substantial contribution to combating the shortage of skilled workers in the highly specialised cyber field with the long-term goal of ensuring the necessary cyber skills for government,academia and business in Switzerland.Since 2022,parti

116、cipants in the Cyber Training Course also have the opportunity to complete their internship at the Cyber-Defence Campus.The Cyber Training Course was first launched as a pilot project during the 2018 recruit school(RS)and aims to strengthen the cyber defence skills of the Swiss Armed Forces militia.

117、The course is aimed at EFZ IT specialists,school-leavers and university students.In 2022,the first recruit of the Cyber Training Course had the opportunity to complete an internship at the CYD Campus.To gain more insight into the activities of the CYD Fellows,the university interns and the members o

118、f the armed forces(AdA),interviews were conducted for this annual report.Interview with Sarah Ismail,University intern in Lausanne in the field of Technology MonitoringWhat is the research topic you have been working on during your time at CYD Campus?How have the CYD Campuss knowledge and resources

119、helped you in your research?On the one hand,I learned new technical skills,such as programming in a programming language I had not previously mastered.On the other hand,I was able to work with highly specialised and competent people in their field.This made it easier to learn and share knowledge.Fin

120、ally,the CYD Campus provides many tools to help you conduct your research in a pleasant and suitable environment.If you could give one piece of general advice to future interns for their time at the CYD Campus,what would it be?What was your motivation for doing an internship at the Cyber-Defence Cam

121、pus?My research focuses on data protection and encryption technologies.The goal is to predict current trends in these technologies based on public attention via Wikipedia page views.Using data from other sources such as arXiv,Google Trends and OpenAlex,this study determines,measures and analyses the

122、 time-varying public attention given to each technology.I would say that you should not hesitate to communicate with your colleagues and ask them questions,it reinforces collaboration,the exchange of ideas and above all it promotes creativity.Where do you see yourself in 10 years?Ideally,in ten year

123、s time,I would have gained solid professional experience as a business analyst,possibly in the field of cyber security,and I would also like a position with responsibility where I can work on a variety of projects.Cyber-Defence CampusAnnual Report 202216Cyber-Defence CampusJahresbericht 2022Intervie

124、w with Luca Crijns,University intern in Lausanne in the field of Cyber SecurityWhat is the research topic you have been working on during your time at CYD Campus?How have the CYD Campuss knowledge and resources helped you in your research?In addition to my supervisor,I have a technical supervisor wh

125、o is able to help me when I have technical issues with the hardware and software.He has proven invaluable when I have issues or want to talk something through.If you could give one piece of general advice to future interns for their time at the CYD Campus,what would it be?What was your motivation fo

126、r doing an internship at the Cyber-Defence Campus?My motivation was to learn something new.I come from a mathematics background and I previously had no experience with networking whatsoever.Thats why I chose this internship to expand my knowledge and horizons.I wasnt sure if I could see myself worki

127、ng in a field that is closely related to mathematics.I am working on a network filter that is able to extract flows from network traffic with speeds of 100 Gbps based on configurable rules.Filtering by IP addresses and ports is very common and can be done by many hardware solutions.However,deep pack

128、et inspection and filtering based on packet payload are mostly done using software.I tested several hardware solutions combined with appropriate software to do exactly that.For me it proved useful to send out a weekly update on the project at the end of the week.By doing this,you automatically ensur

129、e that you have made progress at the end of every week.In addition to that,remember that your supervisor is there to help and you can usually drop in for a chat if you are stuck.Theres no point staring at the screen for long periods of time wondering what to do.Where do you see yourself in 10 years?

130、Honestly,I havent a clue.As I like the work I do at the CYD Campus,I probably want to do something similar.Its a bit of a simple answer,but at this point I cant provide any more details.3 CYD Talent Development Cyber-Defence CampusInterview with Sergeant Michael Bosshard(Cyber Training Course,name c

131、hanged)What was the research topic you worked on during your time at CYD Campus?How did the CYD Campuss knowledge and resources help you in your research?The CYD Campus was able to provide me with a solid environment where on the one hand I was given enough support to pursue my research goals,and on

132、 the other hand also offered scientific challenges.If you could give one piece of general advice to future interns for their time at the CYD Campus,what would it be?What was your motivation for doing an internship at the Cyber-Defence Campus?My main motivation for my internship was to use my data sc

133、ience skills in order to make an impact in the world of cyber security and asset protection.Coming from a purely scientific background(mathematics),I found it very interesting to apply and develop my knowledge through on use cases.During my time at CYD Campus I worked mostly on Deep Learning Methods

134、 on Graphs.Deep Learning Methods on Graphs is a relatively young field of research which is growing fast.In particular,I studied classification tasks using conventional convolutions as well as more modern methods such as EdgePooling and Variational Graph Autoencoders.The end goal was to streamline g

135、raph-level tasks that would take much more time using static methods.The main piece of advice I would give is that its worth getting to know the environment and the surroundings of the CYD Campus as there are many facilities and structures to support you during your research.Where do you see yoursel

136、f in 10 years?In 10 years time,I hope to have developed into a more experienced data scientist and be able to draw on to a wide variety of different methods and approaches.I cannot tell if I will be working in the public or the private sector,but I am confident that the tasks I will take on will sti

137、ll be challenging and motivating.Annual Report 202217Cyber-Defence CampusJahresbericht 2022Cyber-Defence CampusInterview with Lina Gehri,Master Thesis CYD Fellow in ZurichWhat was the research topic you worked on during your time at CYD Campus?The biggest advantage was that I received a lot of suppo

138、rt from different people at the CYD Campus.If I had a question or needed some assistance,their combined experience and knowledge helped me a lot and many new ideas came up during discussions about my thesis.If you could give one piece of general advice to future CYD fellows for their time at the CYD

139、 Campus,what would it be?What was your motivation for doing a fellowship at the Cyber-Defence Campus?I had already decided to do my master thesis in collaboration with the CYD when my supervisor told me about the fellowships and encouraged me to apply.It seemed like a great opportunity to get to kno

140、w and work with like-minded people,so I decided to give it a shotI created machine-learning models to detect Command and Control attacks.My goal was to generalise the models in such a way that they are able to detect Command and Control traffic in various and unfamiliar network environments.To train

141、 and test them,I used network traffic that was captured during the extensive cyber defence exercise Locked Shields.Make use of the opportunity,go to the office to talk to the people there about what you are doing,whether its about your thesis or your latest interests.Where do you see yourself in 10

142、yearsHopefully still learning new things and still excited about the work I do.If you want specifics,ask me again in 9 and a half years.3 CYD Talent Development Annual Report 2022How did the CYD Campuss knowledge and resources help you in your research?184 ResearchMobile devices(smartphones)are esse

143、ntial for efficient work,yet their mobility and connectivity offer many opportunities for attack.The protection of confidential and classified information is therefore particularly difficult.The aim is to use a commercially available mobile device to share sensitive information and applications.This

144、 device allows information to be exchanged,whether in a call,a message or via an app,up to the level of confidential.The main challenge is to find the best architecture for a secure mobile operating system that balances security,feasibility and user friendliness.Secure Mobile Operating SystemsSmartp

145、hones are at the heart of many peoples digital lives.However,they do not offer the same flexibility as PCs,on which users can install and run any software they like.The vendors of the major operating systems such as iOS and Android can dictate which apps can run,how they run and which phone resource

146、s they can access.This is not desirable,as users have to entrust their security and privacy to OS vendors and accept the functionality restrictions they impose.Given the widespread use of Android and iOS,immediately leaving these ecosystems is not a practical solution.As an alternative,the developme

147、nt of a new smartphone architecture is proposed that gives control back to the users while ensuring compatibility with current smartphone ecosystems.Such a design is proposed and analysed on the basis of advances in trusted execution environments for ARM and RISC-V.4.1 Cyber Security ProjectsSoverei

148、gn Smartphone Architecture Two approaches are pursued to protect sensitive data:The first approach involves compartmentalisation of risks.This means that the area of attack on the system is nested to minimise the impact of an attack.To achieve this,two architectures for a secure mobile operating sys

149、tem were developed,along with a risk analysis.The cyber security not only includes the mobile operating system,but also the hardware,cryptographic components,and boot chain hardening(signatures).The second approach seeks to separate the execution of an application from the operating system and the m

150、anufacturer to ensure sovereignty over the application and to increase security.Research at the CYD Campus is a long-term investment in securing the required expert knowledge and scientific-technical skills for the tasks and activities of the Confederation in the field of cyber defence.As an integra

151、l part of technology management,it also forms the basis for a solid roadmapping of future technologies and for innovation projects of the DDPS.It therefore contributes both to the development of operational cyber defence capabilities that will be required in the future,as well as to the scientific-t

152、echnical support of planning and procurement in the DDPS.Research projects are implemented in collaboration with universities and industrial partners.Cyber-Defence CampusAnnual Report 202219Detection of Software and Device Vulnerabilities:Microsoft Windows ApplicationsNowadays,the Linux kernel is th

153、e basis for various operating systems,which in turn are used on a variety of devices(desktop PCs,server systems,mobile or small electronic devices,etc.).A viable approach to identifying potential security problems in the Linux kernel is to use a so-called kernel fuzzer,which is designed to detect po

154、ssible abnormal behaviour in the kernel based on unanticipated input.Probably the best known of these fuzzers for the Linux kernel is syzkaller.For the current kernel version,a public instance of syzkaller lists more than 1000 such types of abnormal behaviour,but it is unclear whether they are actua

155、lly exploitable,i.e.whether they are genuine vulnerabilities.This research project is working on an automated procedure to assess this exploitability.This is essential in order to be able to classify the criticality of identified instances of abnormal behaviour and to be able to address them in a pr

156、ioritised manner.Detection of Software and Device Vulnerabilities:Linux KernelVulnerability research in the area of Windows-based systems and applications aims to uncover any unknown security gaps.By focusing on software that is used by stakeholders(organisations within the DDPS,but also the rest of

157、 the Federal Administration),a directly measurable benefit for the IT security of the Federal Administration is created in addition to the research activity.Besides the development of competencies for detecting and exploiting vulnerabilities,several security gaps,some of which were critical,have bee

158、n discovered in the past year and communicated to the stakeholders in the form of advisories.Affected vendors were informed about the vulnerabilities in detail and encouraged to fix them as quickly as possible by providing fully functional proof-of-concept exploits.Detection of Software and Device V

159、ulnerabilities:IoT DevicesNowadays,connected devices,often referred to as the Internet of Things(IoT),are omnipresent,yet their applications are often critical with respect to security.Therefore,detecting potential vulnerabilities in such devices is crucial,but often challenging.One particular issue

160、 is that an analyst typically does not have access to the source code of the programs running on the device,which consequently exist only as machine-executable binary code.In contrast to the source code,which is easier for humans to understand,many abstractions(e.g.function names)are no longer prese

161、nt in binary code,thus making analysis much more difficult.Moreover,the binary code depends on the processor architecture used,which often differs more for IoT devices(e.g.ARM,MIPS)than for conventional computers(often x86).In this research project,techniques for the(semi-)automated analysis of IoT

162、binaries are tested and their feasibility is demonstrated with corresponding proof-of-concept tools.4.1 Research-Cyber SecurityCyber-Defence CampusAnnual Report 202220Controllable Routing on the InternetTraditional Internet technologies do not provide end-users with transparency or control over the

163、path of data traffic to its destination.In particular,the lack of information about network devices reduces the trustworthiness of the forwarding path and prevents end-user appli-cations that require certain router functions from reaching their full potential.Furthermore,the loss of control results

164、in applications com-municating via undesirable routes,while alternative paths with more desirable properties remain unusable.Within this project,CYD Campus researchers developed a system that allows applications to flexibly forward traffic,potentially over multiple paths,according to user-defined pr

165、eference policies,with information about routers exposed and trans-parently attested by autonomous systems.The granularity of this infor-4 Forschung-Cyber Sicherheit Cyber-Defence CampusNetwork Programmability Recent advances in programmable network devices make it possible to run custom programs bo

166、th on the control and data level.In this project,we explore how these new possibilities can improve network security.In particular,we focus on network obfuscation,a technique to hide sensitive information that is not protected by traditional security measures such as encryption.In 2022,we focused on

167、 so-called traffic-analysis attacks.These attacks take advantage of the fact that even with encrypted traffic,information about the size and timing of packets is leaked.Published attacks show that this information is sufficient to determine details about ongoing communication.Unfortunately,existing

168、defences are limited in terms of security and/or performance.In collaboration with researchers from ETH Zrich,we developed a system that obfuscates network traffic such that traffic-analysis attacks are no longer possible.The system runs on programmable network devices with high transmission speeds,

169、which makes it particularly suitable for protecting wide-area networks.mation is selected individually by each autonomous system and protects against the disclosure of sensitive network details to attackers.The researchers demonstrated the feasibility of their system by deploying it on a SCION test

170、network,demon-strating a high throughput on commercial hardware.With the growing need for secured connections between offices,partners and cloud-based applications,private networks based on MPLS(Multiprotocol Label Switching),VPN(Virtual Private Network)or similar technologies are no longer a viable

171、 option for building secure WANs(Wide Area Networks).In this project,alternative technologies such as Anapaya/ETHZs SCION and programmable routers are being investigated to enable secure communication and transfer information between company sites,trusted partners,and cloud providers.The aim is to d

172、evelop and evaluate secure routing techniques,including explicit path routing,secure route attestation,defence against distributed denial of service(DDoS)attacks,and traffic obfuscation.These techniques will be demonstrated in a testbed developed in 2022 that connects the CYD Campus sites in Thun,La

173、usanne and Zurich.Secure Wide Area Networking4.1 Research-Cyber Security Annual Report 202221Cyber security information is typically highly sensitive and confidential,making organisations reluctant to share this data with third parties,even if aggregated analysis of common threats would offer signif

174、icant benefits in terms of responsiveness and security.To address this trade-off,CYD Campus researchers are developing a platform that provides guarantees that users can only access the global insights(cyber threat models).Each institution retains full control over its datasets.On the one hand,this

175、is made possible by the development of a distributed architecture without a centralised database and,on the other hand,by the integration of advanced cryptographic techniques based on the model of homomorphic multi-party encryption.This allows institutions to securely collaborate with critical sensi

176、tive data that is not usually shared,leading to new and improved threat posture.In 2022,two prototypes were developed and evaluated for the exchange of data from MISP(Malware Information Sharing Platform)databases and from Network Intrusion Detection Systems(NIDS)such as Suricata.Cyber Threat Intell

177、igence PlatformsQuantum Safe Cryptography Advancing research in the field of quantum computers poses cryptological risks.Previously used digital signature schemes and asymmetric cryptosystems(public key encryption),which are secure for conventional computers,can be broken with quantum computers.For

178、this reason,the National Institute of Standards and Technology(NIST)has promoted the standardisation of quantum-safe public key procedures in recent years.In July 2022,the first four quantum-safe crypto algorithms were determined by NIST.These include one algorithm for encryption(CRYSTALS-Kyber)and

179、three algorithms for digital signatures(CRYSTALS-Dilithium,FALCON and SPHINCS).At the CYD Campus,the candidates of the last evaluation round were examined,which are code-based(finalist Classic McEliece,BIKE and HQC)or based on multivariate polynomials(finalist Rainbow and GemSS).Due to the fact that

180、 it is generally recommended to combine classic algorithms with quantum-safe methods in the future,CYD Campus researchers are currently investigating how a secure multiple key exchange can be implemented when the algorithms are used in hybrid form.4 Forschung-Cyber Sicherheit Cyber-Defence CampusPro

181、tecting against Pulse Wave Distributed Denial of Service(DDoS)AttacksPulse wave Distributed Denial of Service(DDoS)attacks are a new type of network attack consisting of short,high-frequency traffic pulses.Such attacks target the Achilles heel of modern DDoS defence systems:their response time.By co

182、ntinuously adjusting their attack vectors,pulse wave attacks succeed in rendering existing defences ineffective.In this project,CYD Campus researchers use programmable switches to develop an in-network DDoS defence that is effective against pulse wave attacks.To do this,they use Aggregate-based Cong

183、estion Control(ACC),a mechanism that has existed for two decades to handle high-bandwidth congestion events.The researchers propose ACC-Turbo,a revised version of ACC that mitigates patterns of attack by applying online clustering techniques to the network.In this way,ACC-Turbo identifies attacks in

184、 real time and limits attack traffic efficiently.The CYD Campus has fully implemented ACC-Turbo on P4 switches and is currently evaluating it for a variety of attack scenarios.4.1 Research-Cyber Security Annual Report 202222Hacking Micro DronesUnmanned Aerial Vehicles(UAVs),also known as drones,repr

185、esent a revolution in security and military applications.Due to recent advances in miniaturisation and decreasing costs,mini UAVs have also become very popular in the civilian sector.These drones are generally too small and too weak to be equipped with lethal weapons.Nevertheless,they pose a threat

186、to the military and security agencies because they are equipped with powerful sensors and can be used for infiltration or data collection over restricted areas.The military and security agencies are therefore seeking to develop capabilities to counter the threat posed by mini UAVs.The aim of this pr

187、oject is to explore various techniques for jamming and taking over mini-drones in order to neutralise the threat they pose.In particular,it investigates whether it is possible to exploit the wireless control and navigation channels through advanced signal jamming,signal spoofing and signal manipulat

188、ion attacks.This year,the focus has been on complex multi UAV GPS spoofing,which has been successfully demonstrated in the laboratory.Experimental set-up in the lab in order to take over drones in a controlled environment via GPS spoofing.4 Forschung-Cyber Sicherheit Cyber-Defence CampusCloud Enviro

189、nments for Data ProcessingCYD Campus researchers evaluated the ARCA Trusted Operating System(OS),the flagship product of Swiss startup CYSEC.Arca Trusted OS is a hardened Linux-based operating system combined with a secure Kubernetes orchestrator to contain intrusion and prevent compromise of data i

190、n containers on-premise,in the cloud and on the network edge.They also assessed the security of the ARCA appliance(i.e.ARCA Trusted OS running on a bare metal server)to understand possible scenarios in the armed forces where this solution could be used.To this end,a better understanding of the solut

191、ion and its security features was required.In order to achieve this goal,CYD Campus researchers provided a detailed description of the solution,including different modules,components and functions that are part of the ARCA appliance.They also reviewed the key security-related features(i.e.HW/SW comp

192、onents,OS hardening measures,etc.)offered to the applications running on the ARCA appliance,with a focus on whether they provide a higher level of security compared to alternatives and whether they are suitable for integration in the context of the armed forces.Every electronic device generates elec

193、tromagnetic emissions.The electromagnetic signals generated may be related to how the emitting electronic components operate internally.A malicious attacker can intercept the emitted signals and examine them to obtain information about the emitting device.The practice of eavesdropping and protecting

194、 against eavesdropping and their investigation is summarised in a framework known as TEMPEST.In the case of video monitors,the emitted signals can be used to reconstruct the content.It has already been shown how an attacker can use the signals from the connection cable between a PC and a video monit

195、or to extract internal information from the monitor.CYD Campus researchers demonstrated how an attacker can use QR codes to extract internal data by exploiting the signals emitted by the video monitor.They systematically evaluated and tested different attack scenarios.The results show how this attac

196、k would allow large amounts of information to be stolen from a target up to 50 metres away,from different rooms and even from different floors.The work resulted in a publication and was presented at a scientific conference,CRITIS 2022 in Munich.Side-channel Attacks and Hardware Backdoors 4.1 Researc

197、h-Cyber Security Annual Report 202223Cyber-Defence CampusCyber in Aerospace Cyber security in Aerospace has been a key research topic since the inception of the CYD Campus.There are many fundamental commonalities in aerospace,including in the area of cyber security.For example,many legacy technologi

198、es are used that have often been in use unchanged for 20 or even 40 years.Particularly in the area of wireless communication technologies,this fact leads to fundamental security problems,as content is neither encrypted nor authenticated.But even where content is encrypted,it is often not done with o

199、pen,secure standards,but with weak proprietary systems that contradict Kerkhoffs principle about secure cryptosystems.This year,as part of its work on the avionics data link ACARS(Aircraft Communication Addressing and Reporting System),the CYD Campus has identified several such procedures,which can

200、be detected automatically amongst a stream of mixed data(encrypted,unencrypted and weakly encrypted).Further work to decrypt some of the ciphers found is ongoing.Protection of Non-Secure Avionics SystemsThis research project deals with the analysis of vulnerabilities in avionics hardware and the ass

201、ociated wireless protocols.In previous years,CYD Campus researchers analysed attacks on the ADS-B(Automatic Dependent SurveillanceBroadcast),CPDLC(Controller-Pilot Data Link Communications)and FLARM technologies both in theory and in practice with the help of the Avionics Laboratory in Thun.FLARM is

202、 a collision warning device used in light aircraft and drones that was developed in Switzerland and has received worldwide attention and dissemination.In 2022,the researchers dedicated themselves to the practical analysis of the Traffic Collision Avoidance System(TCAS),which is used in larger aircra

203、ft.In addition,the impact of radio frequency interference of the Global Positioning System(GPS)in commercial airliners was examined,in particular after the outbreak of the Ukraine war.Both activities will be ongoing in 2023,alongside practical attacks on CPDLC and a security analysis of European U-S

204、pace technology candidates.4.1 Research-Cyber Security Annual Report 202224Security of Electric Vehicles and Charging InfrastructuresDeep Learning for Security(Steganography)Criminal eavesdroppers and cutting-edge secure communication systems are locked into an eternal arms race,requiring the contin

205、uous further development of existing protocols,as well as novel methodologies and modelling approaches toward analysing cyber threats to real-world side-channel attacks.A particularly important feature of high-utility cryptographic protocols is the ability to conduct cryptography under plausible den

206、iability,as the mere act of encryption is increasingly targeted by oppressive regimes around the world and cryptographic channels,such as those relying on VPNs,are often blocked.In this project,we developed novel demonstrably secure methods for steganographic communication in texts based on research

207、 on deep multi-agent reinforcement learning in cooperative games.Further refinements of this method are planned as well as extension to other modes of communication such as audio.Examination of security vulnerabilities in electric vehicles and charging infrastructures in Thun.Cyber-Defence CampusAs

208、part of the DDPS conversion to electric vehicles,the security of the existing charging infrastructures has to be reviewed.Preliminary work has already been carried out which revealed that for certain systems using so-called Power Line Communication(PLC),the data flow can be intercepted from afar by

209、wireless means.This may have various security and privacy implications for cars and infrastructure.During the CYD Campus Car Hackathon in Thun in October 2021,an active attack on a charging system was developed in which an a low-effort,so-called denial-of-service(DoS)attack wirelessly interrupts and

210、 terminates the charging process.The attack,dubbed Brokenwire,was reported to the National Center for cyber security and all the researchers involved are in communication with car and charging manufacturers with regards to its mitigation.The analysis of such attacks and possible countermeasures was

211、carried out during 2022.4.1 Research-Cyber Security Annual Report 2022254.2 Data Science ProjectsThe electromagnetic spectrum is a versatile resource and at the same time crucial for numerous systems,such as telecommunications,radar and positioning.Therefore,it must be protected from cyber attacks t

212、hat could affect these systems.Automatic algorithms for modulation classification attempt to identify modulations.Some expert systems and approaches based on machine learning provide good results but have problems when dealing with unknown parameters,such as the channel or sampling rate,for which th

213、ey have not been trained.This project explores transfer-learning methods that enable the use of low-cost Software Defined Radios.With transfer learning,the CYD Campus is able to classify modulations under previously unknown conditions that usually lead to misclassification in traditional approaches.

214、Distributed IoT Sensors:Modulation Classification and Collaborative IoTDistributed IoT Sensors:Hardware and Behavioural AnalysisInternet-of-Things(IoT)devices are now ubiquitous in numerous use cases,including in a military context,making them an attractive target for cyber attacks.Unfortunately,man

215、ufacturers do not prioritise security in either hardware or software during the development process.For example,widely used IoT devices do not have a tamper-proof identifier,so they can be easily imitated.By looking at hardware variations,such as clock drift,CYD Campus researchers are training machi

216、ne learning models to recognise hardware fingerprints that can uniquely identify an IoT device.These fingerprints could be used in the future as additional security in various applications.Similarly,researchers create software fingerprints that model the normal behaviour of an IoT device.The Campus

217、trains machine-learning models to detect if a device is behaving in an unexpected way,which enables the detection of cyber attacks such as botnets or ransomware.Metrics such as process calls and resource allocations from the operating system are used for this purpose.Artificial Intelligence Working

218、Group with the USRepresentatives of the CYD Campus and the US Department of Defense have been regularly exchanging information on the topic of artificial intelligence for several years.In particular,joint basic knowledge in this area has been gained and relevant applications identified.For this purp

219、ose,current technical possibilities were examined,potential technology solutions developed and joint activities initiated.Identical areas of interest include the monitoring of new technologies,Internet of Things(IoT)and decentralised machine learning.In 2022,a NATO working group(IST-ET-121)was estab

220、lished and co-chaired with the US Army Research Lab.Within this framework,meetings were held every four weeks,enabling the international participants of the working group(CHE,USA,CAN,SWE,ESP,GER,CCDCOE)to exchange information on the application of machine learning.Cyber-Defence Campus4.2 Research-Da

221、ta Science Annual Report 202226In order to be able to analyse data,it must first be acquired.While cyberspace is de facto a space of its own,cyber risks today can also affect air and space,such as aircraft and satellites.It is therefore important to consider cyber risks in a multidimensional environ

222、ment.In this project,the intention is to collect data in a strategic location,namely the stratosphere.This is particularly interesting because it is located between satellites and the Earth.This will allow researchers from the CYD Campus to collect and locate signals.For this purpose,they are develo

223、ping an elevation platform carried by a weather balloon.The payload will contain a software defined radio that can receive signals and communications and locate transmitters on Earth or in space.Intelligence Gathering Cyberspace:StratosphereComputer-assisted Data Analytics:Robustness of Deep Learnin

224、g ModelsMachine-learning models have become increasingly important in recent years.They are no longer used solely in specialised applications,but can be found in many applications,including smartphones to detect user activity.A crucial question can be derived from this observation:Are these models r

225、obust against attacks?It appears that the vast majority of these models can be easily overcome by an attacker.Since this could have devastating consequences in a military context,the models need be rendered robust against adversarial attacks.In this project,CYD Campus associates are investigating De

226、ep Learning models and exploring methods to increase their robustness.To this end,they have expanded the training set with adversarial samples that could be used by attackers.The results indicate that the robustness of models trained with such adversarial samples improves compared to normal accuracy

227、.Cyber-Defence Campus4.2 Research-Data Science Annual Report 202227Detecting Fakes in Social Media:Efficient Identification of Misinformation and Disinformation inSocial MediaIn the event of a rapidly spreading pandemic,it is necessary to quickly obtain relevant information about the disease.Twitter

228、 is a popular medium to get real-time information about global events.However,the network also serves to spread misinformation.Misleading online content has led numerous people to make a number of assumptions that constitute a danger to themselves and to society in general.We have seen people denyin

229、g the existence of the pandemic,believing that vaccines are more dangerous than the virus itself,and violently protesting against the measures taken by governments to contain the disease.The aim of this project is to develop a robust misinformation detection methodology for social media(especially T

230、witter)that is independent of the specific application domain by quickly classifying event-specific misinformation on arbitrary topics and identifying deliberate attempts to manipulate public opinion through social media.Cyber-Defence Campus4.2 Research-Data Science Suspicious behaviour on social me

231、dia is portrayed under a number of labels,such as fake news,disinformation,compromised accounts,identity fraud,propaganda,hate speech,or radicalisation.All listed behaviours share a common trait:they divide society.The aim of the project is to detect and predict radicalisation events for individual

232、users on social media.The core assumption is that most people that end up radicalised do not start out that way.Radicalisation is a process developing over time.In particular,this process can be a gradual shift towards more and more extreme positions.Even though the line between being radicalised or

233、 not can be fuzzy,we apply some simplification and binarise this process.Since the main goal of the project is to predict radicalisation events,the CYD Campus researchers had to define the point in time where they assume that a shift toward a radical attitude has taken place.The lexical diversity of

234、 a users posts is generally high during the period in which the radicalisation event occurs and lower thereafter,which is why they have adopted this information as an indicator for a change in behaviour.Identifying the most influential features in the information flow makes it possible to provide ea

235、rly warning signals when the intention to radicalise can be pinpointed.Detecting Fakes in Social Media:Identifying Radicalizationthe central root node displays a news report;the nodes marked in black show highly influential users;the nodes highlighted in pink show retweets;the yellow colored nodes s

236、how quotations from the original message or from a retweet.Tweets Propagation Treefrom authentic newsfrom fake newsAnnual Report 202228Cyber-Defence CampusInvestigation of Multimodal Embeddings for the Characterisation of Information OperationsInformation operations have become ubiquitous in social

237、media,which has fuelled the demand for tools that can identify,track and analyse such content.Social media posts are often multi-modal,regularly comprised of text and imagery.Recent advances in Deep Learning allow internet-scale datasets to be used to condense high-dimensional uni-and multi-modal da

238、ta to low-dimensional representations which can be used for downstream tasks.The aim is to investigate if such models can be adopted to analyse information operations on Twitter using zero-and few-shot learning.The ability of such models to characterise image types,topics and the emotionality of pos

239、ts on social media is investigated.In the area of image data emotionality,a novel zero-shot method using Contrastive Language-Image Pre-Training(CLIP)and specially constructed text modules was implemented in this framework to classify the valence of a given image(11-level Likert scale,from 1 very ne

240、gative to 11 very positive with 6 as a neutral value).It was shown that the CLIP-based approach performs better in predicting valence values than widely used baseline methods(ResNet architectures).Furthermore,a method for the classification of 6 basic emotions(+1 neutral emotion)was implemented usin

241、g a combination of CLIP embedded features and traditional machine-learning methods(SVM,random forests,logistic regression).In summary,the project provides a solid theoretical and practical understanding of CLIP for zero/few-shot classification tasks in the context of information operations analysis.

242、In addition,the project has developed an API that implements the developed algorithms and is readily available for purposes of demonstration and study of feasibility.The experiments have demonstrated the effectiveness of large pre-trained models for classification according to different features of

243、posts in social media.Such models can play a crucial role in dynamically analysing these datasets.The aim of this research project is to develop a method that implements a digital signature of video data.With such a signature,it should be possible to verify the authenticity of the video data(i.e.ori

244、gin and integrity of the content).Such a mechanism is particularly important in view of the increasing threat of manipulated video content(e.g.deep fake videos).For instance,officially produced video content could be provided with a digital signature,which in turn can be electronically verified by t

245、he recipient.In this sense,the electronic signature can be seen as a preventive measure against manipulated video content.In order to implement this,research is being conducted on a combination of cryptographic primitives with modern Deep Learning methods(so-called Vector-Quantized Variational Autoe

246、ncoders).A first functional prototype is available for short video sequences.Automatic Classification of Image Information:Authentication and Integrity of Videos against Manipulation4.2 Research-Data Science Annual Report 202229Multi-modal Information Gathering and Fusion:Acquisition and Visualisati

247、on of Data Flows in the Online Advertising SectorCyber-Defence CampusThis research project is examining methods for client-based acquisition and visualisation of data flows to third parties in conjunction with online advertising.The goal of this project is to better understand which data flows are g

248、enerated to third parties when using the Internet.It has already been shown that online advertising,in addition to being used to collect personal information,is also utilised to finance platforms for distributing disinformation and malware.A platform was therefore created in this project which can b

249、e used to raise staff awareness of these issues.The tool“webXray”was used to analyse the data and D3.js used to display the data.The visualisations comprise networks which give an impression of economic relationships between websites and third parties,as well as descriptive statistics,which provide

250、information about the extent of the data collected.Detection of Cyber Attacks on Electrical SystemsThe energy transition is transforming the topology of electricity networks.The phasing out of nuclear power and the increasing electrification of transport means are pushing power grids to operate in n

251、ew operational modes.It is thus expected that production and consumption patterns will be marked in the coming years by increasing uncertainty and greater fluctuations.This transformation impacts the cyber security of such networks.These new conditions require more flexibility and shorter reaction t

252、imes from network actors,especially operators,as well as new cyber security tools.The CYD Campus is developing machine-learning methods to detect certain types of cyber attacks.In particular,we have shown,by analysing production and consumption cycles,that distortion and replay attacks are quickly a

253、nd efficiently detected.4.2 Research-Data Science Annual Report 202230Cyber-Defence CampusData Science Methodologies for Technology and Market Monitoring:Taxonomy Expansion&Linking In order to track technology and market developments,one must be able to recognise technologies,distinguish them,and un

254、derstand their relationships to each other.Using the technology-related concepts within the Wikipedia graph,the CYD Campus proposes a method for identifying the real-world position of a new concept within an existing taxonomy based on semantic and relevant similarities.In addition,a framework for re

255、cognising the technology-related concept in non-structured text is being built by using the approach of concept tagging,which does not involve the extraction of the surface form from the raw text.In this way,it is possible to focus on the semantic content of a document rather than its textual form,a

256、nd to detect concepts that are not explicitly mentioned in the text.In addition,answering questions can be used as an underlying task to link the technologies between them as well as to link the technologies to the companies tackling them.Data Science Methodologies for Technology and Market Monitori

257、ng:Early Technology Detection&MonitoringThe objective of the project is to perform online monitoring of technologies and technology actors in publicly accessible information sources.The monitoring concerns the early detection of mentions of new technologies,of new actors in the technology space and

258、the facts related to new relations between technologies and technology actors.The goal of this project is to answer the following research questions:“How is novelty formalised?”,“Can we train models to detect and identify novelty?”and“Can we reduce the amount of information the user needs to consume

259、?”.CYD Campus researchers answer these questions by transforming the given task into a question/answer task,using the pre-trained language models in a zero-shot and fine-tuned setting.Early Warning Signals in OSINT:Anticipating ConflictsAnticipating conflicts is a key task for governments and armed

260、forces.Knowledge of potential conflicts or instabilities can largely influence geopolitical strategy and enable enhanced preparation.Recently,several open sources have started to collect data that can be of great importance for conflict prediction.In this context,the ACLED database(The Armed Conflic

261、t Location&Event Data Project),which contains numerous daily reports of demonstrations,protests,riots and fatalities from many countries,should be mentioned.The CYD Campus employees developed statistical methods to identify and predict so-called tipping points that indicate a change of direction.Soc

262、ial media were also used to model and detect social instabilities using Machine Learning techniques.4.2 Research-Data Science Annual Report 202231This project aims to investigate Universal Adversarial Perturbations(UAP)that would deceive various modern Deep Learning models for the task of Natural La

263、nguage Processing(NLP)and in particular for the task of text translation.Unlike image processing,attacks in the NLP and neural machine translation(NMT)systems have been little studied.Since NMT systems are used in highly sensitive applications,exploring adversarial attacks,especially UAPs,is critica

264、l to the NMT model.By developing an algorithm to generate UAPs,the project seeks to analyse the vulnerability of NMT systems and understand their behaviour by explaining the existence of UAPs.The project focuses on universal attacks on NLP and NMT systems.For example,a white-box attack scenario is c

265、onsidered,where researchers have access to the parameters of the model,its structure and training data.White-box attacks are more interesting than black-box attacks because they are more target-specific.A black-box attack realistically simulates the attack of a typical Internet hacker.White-box atta

266、cks refer to an attack with certain detailed knowledge about the inner functioning of the system.White-box attacks usually expose more vulnerabilities of the NMT model because they can access the model parameters.The researchers are also assessing the transferability of the proposed white-box attack

267、s to black-box settings,which is more practical in real applications.This project enables better characterisation of the vulnerability of NMT systems and outlines the necessity to design strong defence mechanisms and more robust NMT systems for real-life applications.Machine Translation:Universal Ad

268、versarial PerturbationsMachine Translation:Dialect IdentificationMachine Translation:Families of Languages and DialectsCyber-Defence CampusMachine translation has made significant progress since the introduction of neural network models,and so-called transformers are currently standard for language

269、pairs with a large volume of parallel translation data,so-called high-resource language pairs.For low-resource language pairs or in the case of a complete lack of parallel translation data,additional effort is required.In this project,the emphasis is on solutions for dealing with a low-resource lang

270、uage when high-resource languages from the same family are available.To train the initial translation models,transfer learning was employed using different high-resource languages,which was fine-tuned by the researchers to suit the given low-resource language.Additionally,backward translation is use

271、d as a technique to augment the parallel translation data when only monolingual sources are available.All of these techniques have been shown to enhance the quality of translation in a low-resource setting.The CYD Campus researchers also improved unsupervised NMT by simplifying existing architecture

272、s,with virtually no loss in performance,followed by an algorithm for adaptive scheduling of the training tasks.In addition,they refined tokenization models,either using subword alignment across the source and target languages or with a novel subword construction method.The identification of language

273、 dialects is a very challenging task from the perspective of linguistics and algorithmic processing of natural language.In this project,the main focus was to develop methods for language identification of small samples of text(e.g.social media posts,short messages)focusing primarily on“noisy”text an

274、d language similarity.To tackle these specific challenges,the CYD Campus employees are developing a language/dialect classifier that is robust to noise,whereby the term“noise”means any departure from the standard or known writing.They are focusing on characters and subwords as the units upon which t

275、he classification is based.The change from word to subword tokenisation opens ample space for tokenization possibilities:any substring of a word(subword)is potentially a good token especially for dialect identification where subtle lexical differences might be hidden at the subword level.Moreover,th

276、e choice of the best subword tokenization method might depend on the language that is processed and the downstream task that is performed.4.2 Research-Data Science Annual Report 202232The evaluation of the CYD Campus Portfolios for 2022 is presented in the figure below.The most important core servic

277、es were in the areas of research,innovation,security testing and consulting,as well as in the organisation of events for the cyber community.The legend in the table provides information regarding the distribution of the assignments that were processed under the portfolios in 2022.The federal governm

278、ents cyber disposition is divided into three areas:Cyber security(FDF),Cyber defence(DDPS)and Cyber law enforcement(FDJP).The CYD Campus primarily provides services for the cyber defence sector.However,due to synergies especially in the technological field,the other two areas also benefit from the s

279、ervices of the CYD Campus.The direct services are defined in annual service agreements.In 2022,the CYD Campus provided services for Procurement,Defence and Administration.In 2022,services were provided to the following organisations,among others:armasuisse Defence Group Armed Forces Staff Project Cy

280、ber Command Armed Forces Command Support Organisation (FUB)Joint Operations Command Training and Education Command Federal Intelligence Service Federal Department of Finance:National Cyber Security Centre(NCSC)Federal Office for Civial Protection Federal Office of Police(fedpol)Note:For classificati

281、on reasons,the contractual services cannot be described in more detail in the Annual Report.5 Customer and Portfolio AnalysisCyber-Defence CampusAnnual Report 202233Secure Smartphone 6.1 Innovation Projects ResultsFor classification reasons,we cannot present explicit results,which is why a generic o

282、verview of selected results is provided.The CYD Campus supports technological innovations for public administration units and defence with a technology readiness level(TRL)of 4 to 6.The aim of the innovation projects is to implement the research results or new needs in the form of demonstrators for

283、the customer and to prove the applicability of the technology in practice for the customer.6 InnovationCyber-Defence CampusThe aim of the project is to enhance the security of a smartphone operating system by integrating virtualisation and the SCION technology.SCION is a cutting-edge internet archit

284、ecture that offers robust security,efficient packet forwarding and scalable routing capabilities by organising networks into isolated domains.In this project,a SCION gateway was integrated into Android to route all native application traffic through the secure SCION network.Virtualisation was used t

285、o isolate security risks and provide multiple instances of the Android operating system,each with a different level of confidentiality.The project has successfully demonstrated the ability to run Linux on a virtual machine on a smartphone,using the native display for the first time.SCION TechnologyT

286、he CYD Campus has been working on setting up a SCION network connecting the three CYD Campus locations in Thun,Lausanne and Zurich.The goal in 2022 was to set up a SCION testbed to test various state-of-the-art network attacks and defence measures:secure routing techniques,including explicit path ro

287、uting,secure route confirmation,defences against distributed denial of service(DDoS)attacks and traffic obfuscation.In November 2022,a functional link between the CYD Campus sites was established and successfully tested through independent service providers,ensuring further exploration of the SCION

288、protocol.Launch of the SCION testbed with Toni Eder,Secretary General DDPS and Ivo Stragiotti,CYD Campus employee.Annual Report 202234Homomorphic Encryption to Strengthen Collective Cyber ResilienceDefence systems lose effectiveness if they do not have access to an up-to-date and comprehensive datab

289、ase.At the same time,cyber security information is highly sensitive and confidential.This creates tension between the benefits of improved threat response capabilities and the drawbacks of sharing critical information with third parties.Tune Insights software mitigates this conflict by enabling stak

290、eholders to share even critical and high-value cyber security information without having to share or disclose details to each other.This allows all stakeholders to gain valuable insights and build machine-learning models based on more comprehensive and relevant collective threat intelligence,which e

291、nables better defence.The CYD Campus is developing and testing this new software solution together with Tune Insight,the University Hospital Zurich(USZ)and other critical healthcare infrastructures.The goal is to enable organisations in Switzerland to better collectively defend themselves against cy

292、ber attacks.Cyber-Defence Campus5G5G is the latest generation of mobile networks offering significant advances in terms of speed,capacity and connectivity compared to previous generations.Currently,5G still relies on the previous 4G network as the backbone,but the full 5G Stand Alone(SA)architecture

293、 will be introduced for commercial use in the future.5G SA introduces new features like network slicing,but also new security vulnerabilities that need to be addressed.The CYD Campus is examining the security implications of network slicing and is looking for ways to mitigate vulnerabilities.In the

294、future,network slices can be used to isolate 5G instances,for example for the government.Another security aspect of 5G is Lawful Interception(LI),where telecom operators provide intercepted network data to law enforcement agencies.The 5G SA core network aims to prevent sensitive information from bei

295、ng intercepted by unauthorised parties by providing an interface that is only accessible to authenticated law enforcement agencies.The CYD Campus worked on a project to develop a more privacy-preserving and scalable LI interface by combining technologies such as fully homomorphic encryption(FHE)and

296、information theory.6.1 Innovation-Projects ResultsAnnual Report 202235Cyber Toolkits for Cyber Defence Exercise Locked ShieldsIn the Locked Shields exercise,Blue Teams have to defend themselves against a variety of cyber attacks.Over 8000 attacks were carried out against each Blue Team during the co

297、urse of the exercise in 2022.While most of these attacks are automated,Red Teams also carried out manual,sophisticated attacks,imitating a nation-state adversary.Locked Shields is an optimal opportunity to test different technologies and specific products to respond to a cyber attack.For this reason

298、,the CYD Campus has partnered with innovative Swiss companies to provide the Swiss Blue Team with the most suitable and innovative tools.Each team had to defend an infrastructure consisting of over 40 web applications running on a number of virtual machines.Just like a real network,these application

299、s and web servers had vulnerabilities and bugs,were sometimes misconfigured,or simply not updated to the latest version.Each of these scenarios could allow an attacker to penetrate a company or organisations network.In order to increase the level of complexity,the Red Team had injected several backd

300、oors,such as web shells,prior to the start of the exercise,which gave them easier access.Since updating and patching all services that are exposed to the exercise internet(and thus attacks)is too time-consuming,it was decided to use the Airlock Web Application Firewall as part of the Cyber Toolkit f

301、or the Swiss Blue Team.It was deployed to protect a wide range of applications,from webmail to websites,software repositories to interfaces of services used by critical infrastructures.The use of this product is described below.The first phase of the exercise consisted mostly of automated and known

302、attacks(OWASP Top 10).Thanks to the well-maintained standard rule set of the Airlock Web Application Firewall(WAF),the infrastructure could be successfully protected.Although the attacks became more sophisticated during the course of the exercise,the WAF was able to keep up with more exotic cases.On

303、e such case was an attack on the Content Delivery Network(CDN)deployed in the exercise.The CDN provider distributed malware through the CDN instead of legitimate software,resulting in defacements,cross-site attacks and attacks on legitimate users.In this case,Airlock WAF was used to rewrite the addr

304、esses of the malware resources into legitimate and secure content,thus successfully blocking the attack.In summary,the Swiss Blue Team was able to successfully deploy the technology and respond quickly to evolving attacks,which is a good example of the effective collaboration between the CYD Campus,

305、Swiss industry and the Swiss Armed Forces.6.1 Innovationsresultate 6.1 Resultate der Innovationsprojekte Cyber-Defence CampusContent DeliveryNetwork(CDN)A content delivery network improves availability and scaling in the delivery of online content suchas websites,videos and applications.When a large

306、 number of users request content,it isdelivered faster using locally distributed content servers.CDNs also help to keep the load on theorigin server low as the number of users and content delivery increases(scalability).Web-ShellA web shell is a type of backdoor or malware that allows attackers to r

307、emotely control a webserver.Web shells are usually hidden in legitimate websites or uploaded to the server viavulnerabilities in web applications.Once the web shell is installed on the server,the attacker canuse it to execute arbitrary commands,upload or download files and perform other actions on t

308、heserver.OWASP 10The OWASP Top 10 is a standard document for raising developer awareness and web applicationsecurity.It represents a broad consensus on the most important security risks for webapplications.6.1 Innovation-Projects ResultsAnnual Report 202236Cyber-Defence CampusCyber Training-Simulati

309、on Cyber Incident ResponseManaging a cyber incident requires cooperation and communication between the cyber response team,management,employees and often the public.The speed with which a cyber incident can unfold,combined with the uncertainty involved,makes handling such a crisis particularly chall

310、enging.Besides strong scenario-based playbooks,in order to improve the handling of such situations,it is important to train and test the response.This is mostly done with table-top exercises.However,in the light of increasing digitalisation it makes sense to use computer-based tools,especially given

311、 that most of the communication will happen online or through online-based channels such as emails,websites and social media.The Cyber-Defence Campus,together with the Joint Operations Command and the Armed Forces Command Support Organisation,tested a crisis simulation platform from the company Cond

312、ucttr to effectively prepare for future cyber crises.Several tests were successfully carried out with the participation of civilian experts,military and militia units.allowing the Swiss Army to increase the knowledge and possible use cases for this technology.Overview of Cyber SituationThe existing

313、governmental Information Sharing and Analysis Centres(ISAC)procure,analyse and exchange information in order to protect Switzerlands critical infrastructures.This is essential as a protection against the growing number of cyber threats and must be constantly developed to keep pace with new ones.ISAC

314、 gathers information from partners such as fedpol,Govcert,critical infrastructure operators and private institutions to create an overview of past and current threats.A proof of concept(PoC)was used to test the feasibility of a central platform that integrates different tools and allows cross-refere

315、ncing of events.Three open-source tools were investigated for the PoC:MISP,TheHive/Cortex and OpenCTI.The PoC was built with a microservice architecture and relied mainly on Docker.The platform was continuously tested by partners to understand the requirements for the final product.The proposed solu

316、tion recommends replacing TheHive and Cortex Evolution with a custom platform developed in-house that uses a central database for data storage and is based on a Kubernetes cluster or a single high-performance server.6.1 Innovation-Projects ResultsAnnual Report 2022376.2 Cyber Startup ChallengesThe C

317、yber Startup Challenge 2022 was organised by the Cyber-Defence Campus to explore the startup landscape in the area of Internet of Things(IoT)device security.36 startups from around the world participated and presented innovative technologies in the field of network detection and IoT device security.

318、The jury nominated the three finalists:ONEKEY,Narrowin and Sepio.ONEKEY provides automated security analysis of IoT devices and operational technologies that reduces the time required to identify and remediate vulnerabilities.Narrowins Lightweight Network Explorer enables real-time monitoring and an

319、alysis of network structures,reducing complexity and effort.Sepios Asset Risk Management platform detects,assesses and mitigates known and unknown risks using a novel algorithm and a threat intelligence database.The German startup ONEKEY won the Cyber Startup Challenge 2022 and convinced the jury wi

320、th its innovative technology for automated security and compliance analysis of IoT devices and operational technologies(OT).ONEKEYs solution uses Software Bill of Materials(SBOM)and Digital Twins to detect and isolate security vulnerabilities and compliance breaches.This technology can be integrated

321、 into software development and procurement processes and is used by leading international companies.2022:Network Detection and IoT Device Security2021:Strengthen your Information Sharing and Analysis Centre(ISAC)6.2 Cyber Startup Challenge Cyber-Defence CampusIn 2022,collaboration continued with the

322、 Swiss startup Decentriq,the winner of the Cyber Startup Challenge 2021.The Challenge focused on the topic Boost your Information Sharing and Analysis Center(ISAC).Decentriq offers a software-as-a-service(SaaS)platform that enables secure and private data collaboration.The startup provides Data Clea

323、n Rooms that allow financial institutions to share incident data and gain anonymous insights without compromising privacy.Decentriq uses Confidential Computing technology to ensure that no one,including the platform operator,has direct access to the data.The platform thus offers a solution to the tr

324、ade-off between sharing sensitive data and protecting it.Within the use case of the innovation project,several banks share phishing emails in order to analyse them and gain insights to improve their cyber security and better protect their customers.A successful proof of concept was implemented with

325、three large Swiss banks in 2022.Annual Report 202238Windows platformsLinux platformsWeb applicationsMiddlewareComputer networksVPN technologies and crypto solutionsCommand and control information systemsDrones VehiclesWireless communication systems(voice and data)Aviation and satellite communication

326、 systemsIn 2022,CYD Campus employees examined the security of a dozen military systems that are being processed as part of armament and ICT procurements within the DDPS.The tests were conducted as security analyses,penetration testing or security consulting.The clients were in most cases the procure

327、ment units of armasuisse.The focus was on the following areas:The analyses and audits led to security measures that were subsequently implemented in the procurement projects or are borne as remaining risk by the decision-makers as part of the information security and data protection concept(ISDS).No

328、te:For classification reasons,the security analyses,penetration testing and security consulting services cannot be described in more detail in the Annual Report.7 Security Analyses,Penetration Testing and Security ConsultingCyber-Defence CampusSecurity Advisories 2022The CYD Campus regularly finds v

329、ulnerabilities in manufacturers software and devices.These vulnerabilities are disclosed according to a so-called Responsible Disclosure procedure.According to this procedure,the manufacturers are informed first and only after a reasonable period of time to fix the vulnerabilities are the people aff

330、ected notified or informed about the vulnerabilities.Vulnerabilities are scored according to the Common Vulnerability Scoring System(CVSS).CVSS is an industry standard for assessing the severity of potential or actual security vulnerabilities in computer systems.In the CVSS,the security vulnerabilit

331、ies are evaluated according to various criteria,so-called metrics,and compared with each other so that a priority list for countermeasures can be created.Hardware/SoftwareDateCVSSCVECombined ChargingSystem(CCS)February 226.5CVE-2022-0878CVRF-CSAF-ConverterMarch 225.7CVE-2022-27193CSAF ProviderMay 22

332、6.2CVE-2022-43996e*September 2210Plantronics HubSeptember 227.8Elvexys StreamXDecember 226.5CVE-2022-4778Elvexys StreamXDecember 227.5CVE-2022-4779Elvexys ISOSDecember 224.5CVE-2022-4780Annual Report 202239Intrusion Detection and Prevention Systems(IDS/IPS)such as SNORT require a lot of processing p

333、ower when analysing high-throughput traffic.Analysing a traffic stream of 100 Gbps typically requires multiple servers.This demonstrator shows how to implement a 100 Gbps intrusion prevention system using only a single server.The idea is to offload CPU-intensive tasks to an FPGA and to use the acceleration performance of modern FPGAs.The demonstrator includes an Intel Stratix 10 MX FPGA which is c