Beyond "Complacency and Panic": Will the NIS Directive Improve the Cybersecurity of Critical National Infrastructure?

This is a pre-copyedited, author-produced version of an article accepted for publication in European Law Review following peer review. The definitive published version Michels, J. and I. Walden. “Beyond “Complacency and Panic”: Will the NIS Directive Improve the Cybersecurity of Critical National Infrastructure?” European Law Review (2020): 25-47. is available online on Westlaw UK

Too-Big-To-Fail 2.0? Digital Service Providers

The Article explains why addressing Too-Big-To-Fail 2.0 has not yet become a political and societal priority. First, digital service providers are technology companies, which, many believe, are shaped by market forces such that they fail and succeed in equal measure without producing negative ripple effects on the economy or society. Second, technology giants are not as carefully regulated as banks becauseunlike banks, they do not take insured deposits backed by the government. Third, even heavily regulated financial institutions have not been required until recently to focus on cybersecurity. Finally, some believe that there is no point in worrying about Too-Big-To-Fail 2.0 as it is difficult to prepare for theoretical unknowns. Despite these arguments, however, the Article contends that given the factors outlined in the Critical Service Provider list of criteria, such as size, business involvement in multiple industry sectors, and impact on technology, the economy, and cyber-social systems, Too-Big-To-Fail 2.0 is a valid concern. Recognizing this problem, the Article then calls for the design of a new systematic approach, resembling to a limited extent that of the Dodd-Frank Act, to understand which entities qualify as Critical Service Providers and why they should have enhanced risk management procedures. The Article proposes certain criteria to ground such an approach. Finally, the Article suggests that the companies designated as Critical Service Providers should be subject to some type of supervisory scrutiny, which would be the product of a collaborative private-public initiative and result in better risk management and internalizing

A Framework for Integrating Transportation Into Smart Cities

In recent years, economic, environmental, and political forces have quickly given rise to “Smart Cities” -- an array of strategies that can transform transportation in cities. Using a multi-method approach to research and develop a framework for smart cities, this study provides a framework that can be employed to: Understand what a smart city is and how to replicate smart city successes; The role of pilot projects, metrics, and evaluations to test, implement, and replicate strategies; and Understand the role of shared micromobility, big data, and other key issues impacting communities. This research provides recommendations for policy and professional practice as it relates to integrating transportation into smart cities

WE ARE ALL GONNA DIE: HOW THE WEAK POINTS OF THE POWER GRID LEAVE THE UNITED STATES WITH AN UNACCEPTABLE RISK

Federal regulations aim to ensure grid reliability and harden it against outages; however, widespread outages continue. This thesis examines the spectrum of regulations to evaluate them. It outlines their structure, the regulations’ intent, and weighs them against evolving cyber and physical threats and natural disaster risks. Currently, the regulatory structure is incapable of providing uniform security. Federal standards protect only the transmission portion of the grid, leaving the distribution section vulnerable to attack due to varying regulations from state to state, or county to county. The regulations cannot adapt quickly enough to meet dynamic threats, rendering them less effective. Cyber threats can be so agile that protectors are unaware of vulnerabilities, and patching requirements are too lengthy, which increases the risk exposure. No current weather mitigation or standard is capable of protecting the grid despite regular natural disasters that cause power shutdowns. The thesis concludes that bridging these gaps requires not increasing protection standards, but redundancy. Redundancy, mirrored after the UK's infrastructure policy, is more likely to reduce failure risk through layered components and systems. Microgrids are proven effective in disasters to successfully deliver such redundancy and should be implemented across all critical infrastructure sectors.Civilian, Department of Homeland SecurityApproved for public release. Distribution is unlimited