A cryptographic module is a component of a computer system that securely implements cryptographic algorithms, typically with some element of tamper resistance. NIST defines a cryptographic module as "The set of hardware, software, and/or firmware that implements security functions (including cryptographic algorithms), holds plaintext keys and uses them for performing cryptographic operations, and is contained within a cryptographic module boundary." Hardware security modules, including secure cryptoprocessors, are one way of implementing cryptographic modules. Standards for cryptographic modules include FIPS 140-3 and ISO/IEC 19790.
Threat actor
In cybersecurity and risk assessment, a threat actor (or threat agents, attackers, or adversaries) is a person, group, organisation, state, or other entity with the ability to cause, carry, transmit, support, or exploit a threat. Threat actors are commonly analysed according to their motivations, resources, technical capability, access to systems, relationship to a target, and degree of connection to state authority. They may exploit vulnerabilities, conduct social engineering, steal or monetise data, disrupt operations, or support other actors who carry out such activity. Because the term covers a wide range of actors, researchers and security organisations use taxonomies that distinguish between groups such as cybercriminals, state-linked actors, ideologically motivated actors, thrill seekers or trolls, insiders, and competitors. Threat actor classifications are used in risk management, cyber threat intelligence, and incident response to connect observed behaviour with possible objectives and likely future activity. The categories are not always mutually exclusive: the same actor may combine criminal, ideological, commercial, or state-linked motivations, and different organisations may use different names for similar actors. == Risk assessment and security management == In risk assessment, threat actor analysis is used to identify who or what may create, carry, transmit, support, or exploit a threat, and how that actor relates to the system being assessed. Rausand and Haugen classify threat actors by their relationship to the system, distinguishing between internal and external actors, and by intent, distinguishing between intentional and unintentional actors. Threat actor classification may also support incident investigation. Rogers argued that actor categories could be inferred from observable case points, such as tools used, messages left, data targeted, forensic knowledge, and the degree of damage, allowing investigators to assess likely motivation and skill level. Later work similarly linked actor classification to operational analysis. Chng, Lu, Kumar and Yau proposed a framework connecting hacker types, motivations and typical strategies, arguing that observed behaviour before or during an attack can help analysts infer the likely type of actor involved. At the strategic level, actor analysis may consider an actor's resources, capabilities, degree of state involvement, motivations and objectives. == Landscape == The United Nations Institute for Disarmament Research has described the contemporary cyberthreat landscape as involving an increasingly diverse and interconnected set of actors, including state-led operations, cybercriminal syndicates, ideological hacktivists, commercial cyber mercenaries, private companies and civilian volunteers. Its 2026 report argued that these actors vary in resources, technical sophistication and relationships with states, making it traditional distinctions between state, civilian combatant roles, and legitimate and illegitimate conduct harder to apply. == Academic taxonomies == Early taxonomies classified hackers by activity, skill, motivation, or criminal profile. Landreth proposed six categories based on activity: novice, student, tourist, crasher, and thief. Hollinger classified computer misuse into pirates, browsers, and crackers, describing a progression from less-skilled activity to more technically serious offences. Chantler used attributes including activity, skill, knowledge, motivation, and duration of involvement to distinguish between an elite group, neophytes, and "losers and lamers". Parker proposed seven profiles of cybercriminals: pranksters, hacksters, malicious hackers, personal problem solvers, career criminals, extreme advocates, and malcontents, addicts, and irrational or incompetent people. In 2000, Marc Rogers proposed a taxonomy of hackers with seven, non-mutually-exclusive categories: newbie/tool kit users, cyber-punks, internals, coders, old guard hackers, professional criminals, and cyber-terrorists. Rausand and Haugen distinguish between internal and external threat actors, and between intentional and unintentional threat actors. Internal actors have some relationship with, access to, or position inside the system or organisation, while external actors operate from outside it. Intentional actors seek to create, exploit, or support a threat event, whereas unintentional actors may cause or enable a threat event through error, negligence, accident, or lack of awareness. Rogers later revised his hacker taxonomy into Novices, Cyber-punks, Internals, Petty Thieves, Virus Writers, Old Guard hackers, Professional Criminals, Information Warriors, and, more tentatively, Political Activists. In the model, motivation is grouped into four broad domains: curiosity, notoriety, revenge, and financial gain. A 2022 review by Chng, Lu, Kumar and Yau examined 11 hacker typologies published over three decades and proposed a unified framework linking hacker types, motivations, and strategies. The framework identified 13 hacker types and seven motivations, and argued that observed strategies during an attack can help analysts infer the likely type of actor involved. == Government taxonomies == Taxonomies of threat actors by governments are much more likely to include state-level threat actors. In the United States the National Institute of Standards and Technology (NIST) uses the term threat source in its risk-assessment guidance: organisations are directed to identify and characterise threat sources of concern, including capability, intent and targeting for adversarial threat sources, and the range of effects for non-adversarial threat sources. NIST treats threat-source identification as part of the risk-assessment process, alongside identifying threat events, vulnerabilities, likelihood and impact. In the EU, European Union Agency for Cybersecurity publishes the annual ENISA Threat Landscape, which analyses cyber incidents and adversary behaviour affecting the European Union. The 2025 report analysed selected incidents from the previous year and grouped activity around cybercrime, state-aligned activity, foreign information manipulation and interference, and hacktivism. In ENISA's 2025 analysis, hacktivist activity dominated reporting, representing almost 80% of recorded incidents and consisting mainly of low-level distributed denial-of-service operations. ENISA also reported increasing convergence between hacktivism, cybercrime and state-nexus activity, including state-aligned use of hacktivist personas, hacktivist adoption of ransomware, and false-flag or impersonation activity. At the UN level, A 2026 report by the United Nations Institute for Disarmament Research described the cyberthreat landscape as involving state-led operations, cybercriminal syndicates, ideological hacktivists, commercial cyber mercenaries, and civilian volunteers, with actors varying in resources, technical sophistication, and links to states. Canada defines threat actors as states, groups, or individuals who aim to cause harm by exploiting a vulnerability with malicious intent. A threat actor must be trying to gain access to information systems to access or alter data, devices, systems, or networks. The Japanese government's National Centre of Incident Readiness and Strategy (NISC) was established in 2015 to create a "free, fair and secure cyberspace" in Japan. The NICS created a cybersecurity strategy in 2018 that outlines nation-states and cybercrime to be some of the most key threats. It also indicates that terrorist usage of the cyberspace needs to be monitored and understood. The Security Council of the Russian Federation published the cyber security strategy doctrine in 2016. This strategy highlights the following threat actors as a risk to cyber security measures: nation-state actors, cyber criminals, and terrorists. == Techniques == Threat actors use techniques like Social engineering (security), and Phishing, alongside technical exploits like Cross-site scripting, SQL injection, and denial-of-service attacks. == Limitations == In practice, actor categories may overlap (Edward Snowden for example), and the same activity may combine features associated with hacktivism, cybercrime and state-linked operations. The lines between hacktivism, cybercrime and state-nexus activity had continued to blur, with shared toolsets, overlapping methods, fake personas, hacktivist adoption of ransomware, and cybercriminal or state-linked actors masquerading as other groups. Threat actor analysis also has limits as a risk-management method. NIST notes that risk assessments depend on their purpose, scope, assumptions, constraints, information sources, risk model and analytic approach, and that assessments are tied to particular time frames and organisational contexts. NIST also warns that simple threat-vulnerability pairing may be undesirable or problematic where there are many threats and vulnerabilities, and recom
Subliminal channel
In cryptography, subliminal channels are covert channels that can be used to communicate secretly in normal looking communication over an insecure channel. Subliminal channels in digital signature crypto systems were found in 1984 by Gustavus Simmons. Simmons describes how the "Prisoners' Problem" can be solved through parameter substitution in digital signature algorithms. == Examples == An easy example of a narrowband subliminal channel for normal human-language text would be to define that an even word count in a sentence is associated with the bit "0" and an odd word count with the bit "1". The question "Hello, how do you do?" would therefore send the subliminal message "1". The Digital Signature Algorithm has one subliminal broadband and three subliminal narrow-band channels == Improvements == A modification to the Brickell and DeLaurentis signature scheme provides a broadband channel without the necessity to share the authentication key. The Newton channel is not a subliminal channel, but it can be viewed as an enhancement. == Countermeasures == With the help of the zero-knowledge proof and the commitment scheme it is possible to prevent the usage of the subliminal channel. This countermeasure has a 1-bit subliminal channel because for is the problem that a proof can succeed or purposely fail. Another countermeasure can detect, and not prevent, the subliminal usage of the randomness.
Unknown key-share attack
As defined by Blake-Wilson & Menezes (1999), an unknown key-share (UKS) attack on an authenticated key agreement (AK) or authenticated key agreement with key confirmation (AKC) protocol is an attack whereby an entity A {\displaystyle A} ends up believing she shares a key with B {\displaystyle B} , and although this is in fact the case, B {\displaystyle B} mistakenly believes the key is instead shared with an entity E ≠ A {\displaystyle E\neq A} . In other words, in a UKS, an opponent, say Eve, coerces honest parties Alice and Bob into establishing a secret key where at least one of Alice and Bob does not know that the secret key is shared with the other. For example, Eve may coerce Bob into believing he shares the key with Eve, while he actually shares the key with Alice. The “key share” with Alice is thus unknown to Bob.
Government Secure Intranet
Government Secure Intranet (GSi) was a United Kingdom government wide area network, whose main purpose was to enable connected organisations to communicate electronically and securely at low protective marking levels. It was known for the '.gsi.gov.uk' family of domains for government email. Migration away from these domains began in 2019 and was completed in 2023. == History == === Use === Many UK government organisations used the GSi to transfer files on a peer-to-peer (P2P) basis between similarly accredited networks. The network itself was open within the context of its accreditation – it imposed no restrictions on traffic types carried across the network, restrictions and policy control were left to the connecting departments. Email traffic in and out of the network was filtered by an external provider. === Origin === The concept of GSi was defined by the Cabinet Office, and was turned into practical reality by the Internet Special Products group of Cable & Wireless (then known as Mercury Communications) at their Brentford premises. GSi development started late 1996, and can be roughly dated by checking the registration date of its first domain name, 'gsi.net', registered 30 May 1997. The formal go-live date was several months later (according to the Central Computer and Telecommunications Agency (CCTA) this was February 1998). The main drivers behind the development of GSi was the plethora of inter-agency connections in UK government which made managing security and connectivity budgets problematic. GSi not only provided better oversight, it also normalised connectivity. GSi was designed as an accredited, dual link connected Internet Protocol backbone, it imposed no restrictions on what type of traffic it carried; any restrictions were considered a policy decision for each connecting department. The design of GSi partly supported the then developing eGIF interoperability standards. This was a direct consequence of the two key technical people driving the project, one from Cable & Wireless, one from the UK government in the form of the CCTA. GSi used SMTP as mail transport protocol, and the conversion from the then prevalent X.400 email facilities to SMTP proved for many departments an improvement in reliability and speed. In the case of X.400, this conversion also cut email costs substantially as X.400 message conversions were still chargeable even if the conversion failed due to message size. In some cases, the ROI of such an email conversion was as short as two months. The creation of GSi handed Cable & Wireless a monopoly on UK government data connectivity. GSi can be considered one of the more successful UK government IT projects from the point of view of take up - even when still in pilot phase, demand increased to a point where service windows had to be imposed to continue building the platform to full strength. The development of GSi was also the root of the creation of the CESG Listed Adviser Scheme (CLAS). During the build of GSi, the need for accredited advisers became clear as advice on connectivity invariably involved discussing government confidential matters. CESG eventually responded with the above CLAS scheme. === Operations contract === GSi was operated on a five-year renewable contract basis. Energis won this contract from Cable & Wireless in August 2003. Cable & Wireless then bought Energis in 2005, thus regaining control over the platform. Cable and Wireless Worldwide won the GSi Convergence Framework (GCF) contract in 2011. The GSi and Managed Telecommunications Service (MTS) framework agreements finished in August 2011 with contracts running on to 12 February 2012. GCF is intended to facilitate the migration to the Public Services Network. === Previous developments === Government Connect went live across local authorities in England and Wales. Government Connect is a pan-government programme providing an accredited and secure network between central government and every local authority in England and Wales and allows exchange of RESTRICTED information between authorities. The GCSX network is part of the wider GSi and provides connectivity to nearly all central departments. Scottish local authorities have already established a similar network known as the Government Secure Extranet (GSX). Local authorities with a GCSX connection can now use a GCSX email account to exchange sensitive data, including DWP benefits data, patient identifiable data, with health sector staff who have a NHS.net email address, e.g. PCT staff and GPs. As both GCSX and the Police National Network (PNN) are both connected to the wider Government Secure Intranet (GSi), data can be transferred securely between local authorities and the Police. GC Mail can be used now to replace the existing less efficient and less secure methods of exchanging data between local authorities and the Police. Local authorities that deliver Housing and Council Tax benefits are taking part in the e-Transfers programme, which is e-enabling the process for delivery of Local Authority Input Documents (LAIDs) and Local Authority Claim Information (LACIs). Version 4.1 of the Code of Connection for compliance was introduced in 2010. Compared with version 3.2 the main Code of Connection version 4.1 areas of are: Mobile working - full implementation of compliant service Firewall specification (EAL 4) Execution of unauthorised software Requirement for IT Healthchecks (CHECK / CREST / TigerScheme) Labelling e-mails with protective markings. == Public Services Network == The Public Services Network is a UK Government programme that unified the provision of network infrastructure across the United Kingdom public sector into an interconnected "network of networks". This included large elements of GSi. It is now a legacy network. Centrally procured public sector networks migrated across to the PSN framework as they reached the end of their contract terms, either through an interim framework or directly. The Government Secure Intranet (GSi) contracts expired in September 2011, running on to 12 February 2012 and were replaced by the transitional Government Secure Intranet Convergence Framework (GCF).
Eager learning
In artificial intelligence, eager learning is a learning method in which the system tries to construct a general, input-independent target function during training of the system, as opposed to lazy learning, where generalization beyond the training data is delayed until a query is made to the system. The main advantage gained in employing an eager learning method, such as an artificial neural network, is that the target function will be approximated globally during training, thus requiring much less space than using a lazy learning system. Eager learning systems also deal much better with noise in the training data. Eager learning is an example of offline learning, in which post-training queries to the system have no effect on the system itself, and thus the same query to the system will always produce the same result. The main disadvantage with eager learning is that it is generally unable to provide good local approximations in the target function.
SPKAC
SPKAC (Signed Public Key and Challenge, also known as Netscape SPKI) is a format for sending a certificate signing request (CSR): it encodes a public key, that can be manipulated using OpenSSL. It is created using the little documented HTML keygen element inside a number of Netscape compatible browsers. == Standardisation == There exists an ongoing effort to standardise SPKAC through an Internet Draft in the Internet Engineering Task Force (IETF). The purpose of this work has been to formally define what has existed prior as a de facto standard, and to address security deficiencies, particular with respect to historic insecure use of MD5 that has since been declared unsafe for use with digital signatures. == Implementations == HTML5 originally specified the