SciTech News Volume 71, No. 1 (2017)

Columns and Reports From the Editor 3 Division News Science-Technology Division 5 Chemistry Division 8 Engineering Division Aerospace Section of the Engineering Division 9 Architecture, Building Engineering, Construction and Design Section of the Engineering Division 11 Reviews Sci-Tech Book News Reviews 12 Advertisements IEEE

Data standardization

With data rapidly becoming the lifeblood of the global economy, the ability to improve its use significantly affects both social and private welfare. Data standardization is key to facilitating and improving the use of data when data portability and interoperability are needed. Absent data standardization, a “Tower of Babel” of different databases may be created, limiting synergetic knowledge production. Based on interviews with data scientists, this Article identifies three main technological obstacles to data portability and interoperability: metadata uncertainties, data transfer obstacles, and missing data. It then explains how data standardization can remove at least some of these obstacles and lead to smoother data flows and better machine learning. The Article then identifies and analyzes additional effects of data standardization. As shown, data standardization has the potential to support a competitive and distributed data collection ecosystem and lead to easier policing in cases where rights are infringed or unjustified harms are created by data-fed algorithms. At the same time, increasing the scale and scope of data analysis can create negative externalities in the form of better profiling, increased harms to privacy, and cybersecurity harms. Standardization also has implications for investment and innovation, especially if lock-in to an inefficient standard occurs. The Article then explores whether market-led standardization initiatives can be relied upon to increase welfare, and the role governmental-facilitated data standardization should play, if at all

A False Sense of Security — Organizations Need a Paradigm Shift on Protecting Themselves against APTs

Advanced Persistent Threats (APTs) are among the most complex cyberattacks and are generally executed by cyber-attackers linked to nation-states. An organization may have security strategies to prevent APTs. However, a false sense of security may exist when the focus is on implementing security strategies but not on the effectiveness of implemented security strategies. This research aims to find out 1) if organizations are in a false sense of security while preventing APT attacks, 2) what factors influence the false sense of security, and 3) whether organizational culture influence factors contributing to the false sense of security. A theoretical model is developed to evaluate the sense of security to answer the three research questions. The initial model includes seven independent variables, one moderator variable, and one dependent variable. We designed and conducted a survey among cybersecurity professionals to test 14 hypotheses on the sense of security. We further refined and finalized the model based on the data analysis from the survey data. This research confirms that employees are not confident about organizations‟ cybersecurity posture despite all the awareness training, technological advancements, and massive investment. We also identified key factors which influence the employee perception of cybersecurity posture. Based on the research findings, we provided recommendations that can be followed to improve the effectiveness of implemented security strategies

Cybersecurity of Autonomous Systems in the Transportation Sector: An Examination of Regulatory and Private Law Approaches with Recommendations for Needed Reforms

The past twenty-five years gave rise to increasing levels of automation within the transportation sector. From initial subsystems, like vessel satellite tracking and automobile chassis control, automation continues apace. The future promises fully autonomous devices such as unmanned aerial systems (“UAS”) and self-driving cars (“UAV”). These autonomous and automatic systems and devices (“AASD”) provide safety, efficiency, and productivity benefits. Yet AASD operate under continual threat of cyber-attack. ¶ Compromised AASD can produce dire consequences in the transportation sector. The possible consequences extend far beyond financial harms to severe bodily injury or even death. Given both the prevalence of cyber threats and their potentially deadly consequences, the public holds a legitimate interest in ensuring that incentives exist to address the cybersecurity of such systems. ¶ This paper examines both the private and public law mechanisms for influencing AASD cybersecurity behaviors in the transportation sector; and undertakes the first comprehensive comparison of existing agency regulatory schemes. The findings presented herein propose: (1) additional legislation to promote sharing of cyber event data; and (2) transportation sector regulatory best practices that require mandatory submission and review of cybersecurity plans by OEMs and service providers when compromise of their products or services threatens safety of life or critical infrastructure. None of the recommendations advanced herein require regulators to direct the adoption of any specific technical solution or specific cybersecurity standard. Thus, industry participants can remain nimble in the face of evolving cyber threats, while ensuring public safety through what proves to be needed regulatory oversight

Deterring Malicious Behavior in Cyberspace

Recent incidents reveal cyberattacks are being employed and honed in a systematic, coordinated fashion to achieve the objectives of malicious actors. Deterrence of the wide array of actors in cyberspace is difficult, since deterrence has to work in the mind of the attacker. Each attacker will weigh the effort of the attack against the expected benefit under their own criteria or rationality. This article analyzes whether the contemporary and complementary deterrence strategies of retaliation, denial, and entanglement are sufficient to deter malicious cyber actors or if the alternative of active cyberdefense is necessary and viable

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Extending the Cyber Capabilities of Small to Midsize Businesses

This project explores disparities in the cybersecurity practices of small to midsize businesses in comparison to larger organizations with more resources to allocate to cybersecurity. While the adoption of technical solutions offers many advantages, SMBs are struggling to maintain good cybersecurity practices in this era of digital transformation. Considering the overall security climate it is clear that SMBs are vulnerable to cyber threats, are being attacked more often and lack the proper resources or knowledge to effectively address threats. This paper proposes a model for SMBs to enhance their cyber capabilities with cybersecurity assessments and regular training provided by the National Guard’s Defensive Cyber Operations Element (DCO-E). Leveraging the capabilities of the DCO-E, in effect a “national cybersecurity squad,” to support a national cyber readiness and education campaign could be an effective method to enhance the cybersecurity of SMBs. The proposed model is supported with a initial survey results showing a promising willingness and support from SMBs