Framework for Evaluating the Readiness of Cyber First Responders Responsible for Critical Infrastructure Protection

First responders go through rigorous training and evaluation to ensure they are adequately prepared for an emergency. As an example, firefighters continually evaluate the readiness of their personnel using a defined set of criteria to measure performance for fire suppression and rescue procedures. From a cyber security standpoint, however, this same set of criteria and rigor is severely lacking for the professionals that must detect, respond to and recover from a cyber-based attack against the nation\u27s critical infrastructure. This research provides a framework for evaluating the readiness of cyber first responders responsible for critical infrastructure protection. The framework demonstrates the development of evaluation environment, criteria and scenarios that are modeled from NFPA 1410 standards concept that is used for assessing the readiness of firefighters. The utility of framework is exhibited during a military cyber training exercise and demonstrates the ability to evaluate the readiness of cyber first responders for industrial control systems when responding to the cyber-based attacks in the scenarios. Although successful, the results and analysis provide a context to develop a physical processes simulation tool, called Y-Box. The Y-Box creates more accessible, representational, realistic and evaluation-friendly environment to enhance the framework. The Y-Box demonstrates its application through the simulation of the first two stages in a wastewater treatment plant. Its performance test demonstrates its ability to interface with different types of signals from multiple programmable logic controllers with an acceptable range of error. The utility of simulation is extended with the development of potential attacks that can be used in a cyber exercise involving industrial control systems

Framework for Evaluating the Readiness of Cyber First Responders Responsible for Critical Infrastructure Protection

First responders go through rigorous training and evaluation to ensure they are adequately prepared for an emergency. As an example, firefighters continually evaluate the readiness of their personnel using a defined set of criteria to measure performance for fire suppression and rescue procedures. From a cyber security standpoint, however, this same set of criteria and rigor is severely lacking for the professionals that must detect, respond to and recover from a cyber-based attack against the nation\u27s critical infrastructure. This research provides a framework for evaluating the readiness of cyber first responders responsible for critical infrastructure protection. The framework demonstrates the development of evaluation environment, criteria and scenarios that are modeled from NFPA 1410 standards concept that is used for assessing the readiness of firefighters. The utility of framework is exhibited during a military cyber training exercise and demonstrates the ability to evaluate the readiness of cyber first responders for industrial control systems when responding to the cyber-based attacks in the scenarios. Although successful, the results and analysis provide a context to develop a physical processes simulation tool, called Y-Box. The Y-Box creates more accessible, representational, realistic and evaluation-friendly environment to enhance the framework. The Y-Box demonstrates its application through the simulation of the first two stages in a wastewater treatment plant. Its performance test demonstrates its ability to interface with different types of signals from multiple programmable logic controllers with an acceptable range of error. The utility of simulation is extended with the development of potential attacks that can be used in a cyber exercise involving industrial control systems

Airports’ Crisis Management Processes and Stakeholders Involved

Airports are exposed to various physical incidents that can be classified as aviation and non-aviation related incidents, including terrorist attacks, bombings, natural disasters (e.g. earthquake or tsunami and man-made disasters such as terrorist attacks) etc. (Kanyi, Kamau, &amp; Mireri, 2016). In addition to this, cyber-attacks to airport operations are emerging especially with the increasing use of Information Systems (IS), such as electronic tags for baggage handling and tracking, remote check-in, smart boarding gates, faster and more reliable security screening technologies and biometric immigration controls etc. Any physical or cyber incident that causes loss of infrastructure or massive patient surge, such as natural disasters, terrorist acts, or chemical, biological, radiological, nuclear, or explosive hazards could affect the airports’ services provision and could cause overwhelming pressure. During the crisis management, several stakeholders that have different needs and requirements, get involved in the process, trying to cooperate, respond and support recovery and impact mitigation. The aim of this paper is to present a holistic security agenda that defines the stakeholders involved in the respective processes followed during the crisis management cycle. This agenda is based both on normative literature, such as relevant standards, guidelines, and practices and on knowledge and feedback extrapolated from a case study conducted in the context of the SATIE project (H2020-GA832969). &nbsp;In meeting paper’s aim, initially the normative review of the phases of the crisis management cycle (preparedness, response, recovery and mitigation) in the context of airports as well as general practices applied, are presented. Moreover, the key airport stakeholders and operation centres involved in airports operations, as well as during the crisis management are analysed. By combining the information collected, a holistic cyber and physical crisis management cycle including the stakeholders and the relevant processes are proposed. The crisis management process is taken into consideration into the SATIE project, which aims to build a security toolkit in order to protect critical air transport infrastructures against combined cyber-physical threats. This toolkit will rely on a complete set of semantic rules that will improve the interoperability between existing systems and enhanced security solutions, in order to ensure more efficient threat prevention, threat and anomaly detection, incident response and impact mitigation, across infrastructures, populations and environment.</p

Modeling Homeland Security: A Value Focused Thinking Approach

The events of September 11, 2001 have propelled the topic of homeland security to the forefront of national concern. The threat of terrorism within the United States has reached an unprecedented level. The pervasive vulnerabilities of the nation\u27s critical infrastructure coupled with the destructive capabilities and deadly intentions of modern terrorists pose extraordinary risks. The United States must mitigate these risks while at the same time balancing the associated costs and impact on civil liberties. Currently, the United States lacks effective methods and measure for assessing the security of the homeland from acts of terrorism. This study outlines a first cut decision analysis methodology for identifying and structuring key homeland security objectives and facilitating the measurement of the United States\u27 capability to execute these objectives

Department of Homeland Security Science and Technology Directorate: Developing Technology to Protect America

In response to a congressional mandate and in consultation with Department of Homeland Security's (DHS) Science and Technology Directorate (S&T), the National Academy conducted a review of S&T's effectiveness and efficiency in addressing homeland security needs. This review included a particular focus that identified any unnecessary duplication of effort, and opportunity costs arising from an emphasis on homeland security-related research. Under the direction of the National Academy Panel, the study team reviewed a wide variety of documents related to S&T and homeland security-related research in general. The team also conducted interviews with more than 200 individuals, including S&T officials and staff, officials from other DHS component agencies, other federal agencies engaged in homeland security-related research, and experts from outside government in science policy, homeland security-related research and other scientific fields.Key FindingsThe results of this effort indicated that S&T faces a significant challenge in marshaling the resources of multiple federal agencies to work together to develop a homeland security-related strategic plan for all agencies. Yet the importance of this role should not be underestimated. The very process of working across agencies to develop and align the federal homeland security research enterprise around a forward-focused plan is critical to ensuring that future efforts support a common vision and goals, and that the metrics by which to measure national progress, and make changes as needed, are in place

Contested Deployment

As indicated in the 2018 National Defense Strategy and evolving Multi-Domain Operations doctrine, the assumption the homeland will provide a secure space for mobilization and deployment is no longer valid. This integrated research project goes beyond affirming this assumption and contributes to efforts to mitigate the concerns a contested deployment entails. Following the introductory chapter, Chapter 2, “Army Deployments in a Contested Homeland: A Framework for Protection,” explores how current coordination and cooperation mechanisms between the DoD and state and local government may need realignment, with civil authorities preparing themselves to support military mobilization. Chapter 3, “Strategic Seaports and National Defense in a Contested Environment,” examines the 22 strategic seaports across the United States, identifying issues with throughput, structural integrity, security, readiness, funding, and authorities. Chapter 4, “Single Point of Failure,” identifies how strict adherence to a business efficiency model for munition production and distribution may jeopardize the successful employment of military forces. Chapter 5, “The Interstate Highway System: Reinvestment Needed before a Contested Deployment,” provides the status of the deteriorating road network and explains how associated vulnerabilities could be exploited by an adversary. The two appendices provide points for consideration on cyberattacks and defense and the impacts a full mobilization of reserve forces would have on the homeland.https://press.armywarcollege.edu/monographs/1944/thumbnail.jp

State of Iowa Cybersecurity Strategy, July 2016

On December 21, 2015, Governor Branstad issued Executive Order 87 (EO87); a cybersecurity initiative for the State of Iowa. The executive order establishes a multi-agency partnership, the EO87 Leadership Team, with the Office of the Chief Information Officer, Iowa National Guard, Department of Public Safety, Iowa Communications Network, and the Iowa Homeland Security and Emergency Management Department. The order directs these agencies to develop a comprehensive cybersecurity strategy which addresses lifeline critical infrastructure, risk assessments, best practices, awareness training, public education and communication, collaboration, K-12 and higher education, data breach notifications, and incident response planning to protect the citizens of Iowa and Iowa businesses. The EO87 Leadership Team, along with several key partners, worked diligently over the last six months to prepare recommendations that will have a direct and sustainable impact on protecting lifeline critical infra-structure, reducing risk to government operations, and creating sustainable partnerships in cybersecurity

Jack Voltaic 3.0 Cyber Research Report

The Jack Voltaic (JV) Cyber Research project is an innovative, bottom-up approach to critical infrastructure resilience that informs our understanding of existing cybersecurity capabilities and identifies gaps. JV 3.0 contributed to a repeatable framework cities and municipalities nationwide can use to prepare. This report on JV 3.0 provides findings and recommendations for the military, federal agencies, and policy makers

Concurrent Biological, Electromagnetic Pulse, And Cyber Attacks - A Challenge To The Interagency Response

The U.S. including its military depends on an electrical grid and electricity-based critical infrastructure. An electromagnetic pulse (EMP) and cyber attack can disable not just a significant portion of the electrical grid and critical infrastructure, but also the networkcentric military response to such an attack. There is a large range of actors that might attempt EMP attacks against the U.S.. Health surveillance systems are network-centric, and if mass destruction is the goal of an adversary, launching a biological attack concurrently with EMP and cyber attacks may achieve this goal. Current agency response plans focus on one WMD attack at a time but combined attacks without emergency management plans may compromise a timely response. An EMP and cyber attack could amplify the effects of a biological attack because the loss of the electrical grid and electricity-based critical infrastructure could disable detection and response efforts as well as disrupt interagency efforts to coordinate a medical response. EMP is often perceived as science fiction because the immediate effect does not result in loss of life, but the cascading failures of critical infrastructure will affect civilian and military capabilities to support survival and recovery. Key steps to mitigate the catastrophic effects of an EMP attack should be taken and include: prevent an attack in the first place, prepare so personnel can respond after an attack, protect the critical infrastructure to limit the impact, and recover after an attack to restore power and critical infrastructure