The paper introduces a topology mutation – the novel concept in Moving Target Defense (MTD). MTD is a new technique that represents a significant shift in cyber defense. Traditional cybersecurity techniques have primarily focused on the passive defense of static networks only. In MTD approach cyber attackers are confused by making the attack surface dynamic, and thus harder to probe and infiltrate. The emergence of Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technology has opened up new possibilities in network architecture management. The application of combined NFV and SDN technologies provides a unique platform for implementing MTD techniques for securing the network infrastructure by morphing the logical view of the network topology.

The purpose of this article is to present three theses – (1) a cultural one: cyberspace is an advanced technical and cultural creation – it is an embodiment of dreams of numerous creators, inventors and engineers; (2) a technical one: security and cyberspace are inseparable components (hence cybersecurity); (3) and a paranoid one: complete security, if achievable, is not a permanent state (hence cyber(in)security). Cyberspace is conceived as a set of digital techniques used to exchange information but also as a new type of social space, partially virtual, which may constitute a being entirely separated from a physical one. A pivotal date for arising of cyberspace may be considered the year 1968 in which routing in the ARPANET network appeared and so did the first programmable logical controller (PLC). For cyberspace this will be the year 1976 – publishing of the key agreement protocol by Witfield Diffie and Martin Hellman. Development of security is correlated with warfare and armament – the military sector has historically made the most significant investments in this area.

Access logs may offer service providers a lot of information about specific users. Depending on the type of the service offers, the operator is capable of obtaining the user’s IP, location, communication habits, device information and so on. In this paper, we analyze a sample instant messenger service that is operating for a certain period of time. In our sandbox, we gathered enough data to correlate user communication habits with their localization, and even contacts. We show how seriously metadata may impact the user’s privacy and make some recommendations about mitigating the quantity of data collected in connection with this type of services.

The paper depicts a complex, distributed information system aimed at promoting cybersecurity awareness at the national level. The system, that is built in accordance with the Act on National Cybersecurity, passed by the Polish Parliament, enables collecting and processing in near-real time available information on the security status of essential services and digital services and, also, provides for assessment of negative impact of the identified threats concerned with the provision of those services. Advanced access control and dissemination mechanisms, for secure information sharing within the system, are provided in order to aggregate distributed knowledge and use this information for online security risk analysis and for generation and distribution of early warnings.

The COVID-19 pandemic is accompanied by a cyber pandemic, involving changes in the modi operandi of perpetrators of various crimes, and an infodemic, associated with the spread of disinformation. The article analyses the impact of the COVID-19 pandemic on cybercrime and presents the latest research on the number of cybercrime cases in Poland and their growth dynamics. It determines the factors that contribute to the commission of a crime and prevent easy identification of criminals. It also suggests the legal and organisational changes that could reduce the number and effects of the most frequently recorded cyberattacks at a time of COVID-19. Particular attention is paid to legal problems of the growing phenomenon of identity theft, and the need to ensure better protection of users from phishing, including through education and proactive security measures consisting in blocking Internet domains used for fraudulent attempts to obtain data and financial resources.

The paper addresses a managerial problem related to ensuring cybersecurity of information and knowledge resources in production enterprises interested in the implementation of INDUSTRY 4.0 technologies. The material presented shows the results of experimental research of a qualitative nature, using two expert inventive methods: brain-netting and a fuzzy formula of inference. The experts' competences included the following three variants of the industrial application of the INDUSTRY 4.0 concept: (1) high production volumes achieved using a dedicated and fully robotic production line (2) the manufacture of short, personalized series of products through universal production cells, and (3) the manufacture of specialized unit products for individual customers. The Google Forms software was used to collect these expert opinions. The conclusions of the research carried out using the brain-netting method point to nine variants of the cybersecurity strategy of IT networks and knowledge base resources in manufacturing enterprises represented by the experts. The results of the research using the fuzzy formula of inference are numerically and situationally defined relations linking the above-mentioned nine strategies with five types of cyber-attacks. The summary record of these relations as the basis for managerial cybersecurity recommendations has a matrix form.

The article presents a number of comments regarding artificial intelligence (AI) that are not obvious to people who do not deal with this field on a daily basis. At the beginning, the name “artificial intelligence” itself and what it is are discussed. This is needed to follow the discussion on what this AI is. Then it was described how AI was created – in the world and in Poland. The consequences of the appearance of the Chat GPT program, as well as the principles of its operation, are also discussed. Due to the widespread interest in AI, controversial statements have also appeared, often coming from scientific authorities from areas of science far from computer science. There is a polemic against such statements in the section entitled “Weeds to weed out”. The article goes on to show that people have wanted AI since ancient times and describe what an intelligent avatar can do. It also presents what legal regulations are currently being tried to impose on AI systems – in the United States and in the European Union, respectively, and therefore also in Poland. Finally, the topic of mutual relations between AI and cybersecurity was discussed.

This paper introduces security assessment methodology for isolated single-workstation multilayer systems processing sensitive or classified data according with a corresponding security model for such system. The document provides a high-level tool for systematizing certain-class-systems security models development. The models based on the introduced methodology cover data confidentiality and availability attributes protection on a sufficient level.

The aim of the paper is to show how graduated engineering students in classical ICT view practically the advent of the QIT. The students do their theses in El.Eng. and ICT and were asked how to implement now or in the future the QIT in their current or future work. Most of them have strictly defined research topics and in some cases the realization stage is advanced. Thus, most of the potential QIT application areas are defined and quite narrow. In such a case, the issue to be considered is the incorporation of QIT components and interfaces into the existing ICT infrastructure, software and hardware alike, and propose a solution as a reasonable functional hybrid system. The QIT components or circuits are not standalone in most cases, they should be somehow incorporated into existing environment, with a measurable added value. Not an easy task indeed. We have to excuse the students if the proposed solutions are not ripe enough. The exercise was proposed as an on-purpose publication workshop, related strictly to the fast and fascinating development of the QIT. The paper is a continuation of publishing exercises with previous groups of students participating in QIT lectures.

Under the pressure of sanitary restrictions, the potential of information technologies available to the academic communities for over a dozen years, but not used for various reasons, is released. As a specific case of this trend, a migration from brick-and-mortar voting towards the remote voting by electronic means may intensify in the post-pandemic period at universities. This phenomenon requires an in-depth analysis, the aim of which is to facilitate the management of academic units to choose optimal solutions in the coming years, when such decisions can be made without time pressure and invasive sanitary restrictions. In the process of electronic remote voting, security is a key requirement, which has a number of various attributes: authenticity, correctness, anonymity, verifiability, receiptfreeness, availability. In response to these, to some extent contradictory, requirements, the world of science has been developing protocols and systems based on cryptographic formalisms for years. This article explains the main challenges related to security of remote electronic voting, from which even advanced solutions implemented in academic practice are not free.

The paper presents the analysis of the Commercial Off-The-Shelf (COTS) software regarding the ability to be used in audio steganography techniques. Such methods are a relatively new tool for hiding and transmitting crucial information, also being used by hackers. In the following work, the publicly available software dedicated to audio steganography is examined. The aim was to provide the general operating model of the information processing in the steganographic effort. The embedding method was analyzed for each application, providing interesting insights and allowing classifying the methods. The results prove that it is possible to detect the hidden message within the specific audio file and identify the technique that was used to create it. This may be exploited further during the hacking attack detection and prevention.