New threats - old routines : bureaucratic adaptability in the security policy environment

Within the framework of state security policy, the focus of this dissertation are the relations between how new security threats are perceived and the policy planning and bureaucratic implementation that are designed to address them. In addition, this thesis explores and studies some of the inertias that might exist in the core of the state apparatus as it addresses new threats and how these could be better managed. The dissertation is built on five thematic and interrelated articles highlighting different aspects of when new significant national security threats are detected by different governments until the threats on the policy planning side translate into protective measures within the society. The timeline differs widely between different countries and some key aspects of this process are also studied. One focus concerns mechanisms for adaptability within the Intelligence Community, another on the policy planning process within the Cabinet Offices/National Security Councils and the third focus is on the planning process and how policy is implemented within the bureaucracy. The issue of policy transfer is also analysed, revealing that there is some imitation of innovation within governmental structures and policies, for example within the field of cyber defence. The main findings of the dissertation are that this context has built-in inertias and bureaucratic seams found in most government bureaucratic machineries. As much of the information and planning measures imply security classification of the transparency and internal debate on these issues, alternative assessments become limited. To remedy this situation, the thesis recommends ways to improve the decision-making system in order to streamline the processes involved in making these decisions. Another special focus of the thesis concerns the role of the public policy think tanks in the United States as an instrument of change in the country’s national security decision-making environment, which is viewed from the perspective as being a possible source of new ideas and innovation. The findings in this part are based on unique interviews data on how think tanks become successful and influence the policy debate in a country such as the United States. It appears clearly that in countries such as the United States think tanks smooth the decision making processes, and that this model with some adaptations also might be transferrable to other democratic countries.

Marks of Fire, Value and Faith. Swords with Ferrous Inlays in Finland during the Late Iron Age (ca. 700–1200 AD)

This study explores swords with ferrous inlays found in Finland and dating from the late Iron Age, ca. 700–1200 AD. These swords reflect profound changes not only in styles and fashion but also in the technology of hilts and blades. This study explores how many of these kinds of swords are known from Finland, how they were made and where, what their status was in Late Iron Age Finland, and where the Finnish finds stand in accordance with other areas of Europe. The various methods included measuring of the finds and statistics. The main method of revealing the inlaid marks was radiography due to its non-destructive nature. In cases where inlays were visible without radiography, their details were inspected via microscopy. To study the materials and manufacture of inlaid swords, a sample of them was metallographically analysed to determine the forging technologies and nature of used materials. Furthermore, the manufacture was also studied with experimental approaches. As a result, a catalogue of 151 swords with ferrous inlays was created. This number is relatively high compared with other European countries, although systematic studies have been conducted in only some countries. The inlaid motifs were classified into five distinct categories to help the classification. To summarize, almost every documented inlaid sword was unique in some respect including measurements, inlaid motifs and materials of blades and inlays. Technological variation was also present, some blades being poorer and some of higher quality in spite of the inlaid motifs. Misspelt inscriptions as well as letter-like marks were common in Finland and also in Scandinavia. Furthermore, the provenance of iron and steel used in some blades hints at Scandinavian ores. The above observations, along with the experimental results indicating the existence of multiple alternative techniques of inlaying, suggest that these swords were manufactured locally in Scandinavia, most likely in imitation of Continental European models. Inlaid swords were valued partly for their assumed functionality in combat, as evidenced by damage on some examined blades, or they were valued for their inlays, which could have had fashionable or symbolical meanings bound to local beliefs.

Evaluation of Machine Learning Classifiers for Mobile Network Intrusion Detection Systems

Mobile malwares are increasing with the growing number of Mobile users. Mobile malwares can perform several operations which lead to cybersecurity threats such as, stealing financial or personal information, installing malicious applications, sending premium SMS, creating backdoors, keylogging and crypto-ransomware attacks. Knowing the fact that there are many illegitimate Applications available on the App stores, most of the mobile users remain careless about the security of their Mobile devices and become the potential victim of these threats. Previous studies have shown that not every antivirus is capable of detecting all the threats; due to the fact that Mobile malwares use advance techniques to avoid detection. A Network-based IDS at the operator side will bring an extra layer of security to the subscribers and can detect many advanced threats by analyzing their traffic patterns. Machine Learning(ML) will provide the ability to these systems to detect unknown threats for which signatures are not yet known. This research is focused on the evaluation of Machine Learning classifiers in Network-based Intrusion detection systems for Mobile Networks. In this study, different techniques of Network-based intrusion detection with their advantages, disadvantages and state of the art in Hybrid solutions are discussed. Finally, a ML based NIDS is proposed which will work as a subsystem, to Network-based IDS deployed by Mobile Operators, that can help in detecting unknown threats and reducing false positives. In this research, several ML classifiers were implemented and evaluated. This study is focused on Android-based malwares, as Android is the most popular OS among users, hence most targeted by cyber criminals. Supervised ML algorithms based classifiers were built using the dataset which contained the labeled instances of relevant features. These features were extracted from the traffic generated by samples of several malware families and benign applications. These classifiers were able to detect malicious traffic patterns with the TPR upto 99.6% during Cross-validation test. Also, several experiments were conducted to detect unknown malware traffic and to detect false positives. These classifiers were able to detect unknown threats with the Accuracy of 97.5%. These classifiers could be integrated with current NIDS', which use signatures, statistical or knowledge-based techniques to detect malicious traffic. Technique to integrate the output from ML classifier with traditional NIDS is discussed and proposed for future work.

Animal Spirits in Financial Markets: Agent-Based Model

In this work an agent based model (ABM) was proposed using the main idea from the Jabłonska-Capasso-Morale (JCM) model and maximized greediness concept. Using a multi-agents simulator, the power of the ABM was assessed by using the historical prices of silver metal dating from the 01.03.2000 to 01.03.2013. The model results, analysed in two different situations, with and without maximized greediness, have proven that the ABM is capable of explaining the silver price dynamics even in utmost events. The ABM without maximal greediness explained the prices with more irrationalities whereas the ABM with maximal greediness tracked the price movements with more rational decisions. In the comparison test, the model without maximal greediness stood as the best to capture the silver market dynamics. Therefore, the proposed ABM confirms the suggested reasons for financial crises or markets failure. It reveals that an economic or financial collapse may be stimulated by irrational and rational decisions, yet irrationalities may dominate the market.

Dynamics AX -toiminnanohjausjärjestelmän jatkuvuudenhallinta ja toipumissuunnitelma - Simulaatiotestausmalli: case CGI Suomi Oy

Nyky-yhteiskunta nojautuu vahvasti tietojärjestelmiin luoden laajemman arkkitehtuurisen kokonaisuuden, kybertoimintaympäristön. Liiketoimintaa tukevat tietojärjestelmät tukevat myös organisaatioiden prosesseja kokonaisvaltaisesti. Jotta näitä tärkeitä kyberympäristön tietojärjestelmä- sekä liiketoimintaympäristöresursseja pystytään käyttämään, tulee järjestelmien olla luotettavia ja sovellusten saatavilla vuorokauden ympäri tai aina tarvittaessa. Tilanteet, joissa järjestelmän käytettävyys vaarantuu, voivat eskaloitua yllättäen suuremmiksi, jos poikkeustilanteisiin ei ole varauduttu. Poikkeustilanteisiin varautumiseen tarvitaan jatkuvuudenhallintaa, joka on kiinteästi osa kattavampaa IT-strategiaa ja koko yhteiskunta-/yrityskulttuuria. Työ on toteutettu yhdistäen empiriaa ja teoriaa eli tavoitteena on teoreettisen tietämyksen ja käytännön kokemuksellisen oppimisen ja tietämyksen kautta luoda konstruktiivisella otteella toipumissuunnitelman testauksessa käytettävä simulaatiotestausmalli. Dynamics AX -toiminnanohjausjärjestelmän toipumissuunnitelman simulaatiotestausmallista rakentui selkeä ja kevyt työkalu asiakasyritysten toipumissuunnitelman simulaatiotestauksiin. Diplomityössä kuvatuilla keinotekoisilla järjestelmän häiriötilanteilla pystytään simuloimaan Dynamics AX:n toipumissuunnitelman testauksissa oikeita häiriötilanteita suhteellisen kattavalla tasolla.

Analysis of Automotive Cybersecurity - Attack surfaces and users’ privacy concerns

Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.