484 research outputs found
A systemic approach to investigate the gaps between distribution system operators need and technology developers’ perception—A case study of an intelligent low-voltage grid management system with storage
The purpose of the paper is to introduce a new bi-directional approach to assess the gapbetween the customer needs and technology developers’ perception on the value propositions ofinnovations which includes storages. The paper used two methods; the first comprehensive senseand respond analysis investigated technology developers’ perceptions using the value propositionsdefined under the EU-funded H2020 RESOLVD project. The second method focused on customersand collected a survey which covered challenges, value propositions and preparedness to adopt newtechnology. The H2020 RESOLVD project has developed an intelligent low-voltage grid managementsystem with storage. The results from the sense and respond analysis showed that most of thevalue propositions aligned with the responses from the broader survey which are needed within fiveyears (e.g., improved power quality of grid, fault detection, reduced technical loss). However, thecybersecurity perception differed between developers and distribution system operators (DSOs). Thecustomer survey highlighted that certain value propositions of technological solutions are neededmore urgently than others, and therefore, technology developers should prioritize these in furtherdevelopments. Regarding the use of flexibility to manage the LV grid, unclear regulations wereexpressed as a key barrier, thereby affecting business feasibility around battery storage.Peer ReviewedPostprint (published version
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
THREE ARTICLES ON THE BEHAVIORAL ECONOMICS OF SECURITY INFORMATION SHARING: A THEORETICAL FRAMEWORK, AN EMPIRICAL TEST, AND POLICY RECOMMENDATIONS
This thesis presents a behavioral economics contribution to the security of information systems. It focuses on security information sharing (SIS) between operators of critical infrastructures, such as systemic banks, power grids, or telecommunications. SIS is an activity by which these operators exchange cybersecurity-relevant information, for instance on vulnerabilities, malwares, data breaches, etc. Such information sharing is a low-cost and efficient way by which the defenders of such infrastructures can enhance cybersecurity. However, despite this advantage, economic (dis)incentives, such as the free-rider problem, often reduce the extent to which SIS is actually used in practice. This thesis responds to this problem with three published articles. The first article sets out a theoretical framework that proposes an association between human behavior and SIS outcomes. The second article further develops and empirically tests this proposed association, using data from a self-developed psychometric survey among all participants of the Swiss Reporting and Analysis Centre for Information Assurance (MELANI). SIS is measured by a dual approach (intensity and frequency), and hypotheses on five salient factors that are likely associated with SIS outcomes (attitude, reciprocity, executional cost, reputation, trust) are tested. In the third article, policy recommendations are presented in order to reduce executional costs, which is found to be significantly and negatively associated with SIS. In conclusion, this thesis proposes multiple scientific and practical contributions. It extends the scientific literature on the economics of cybersecurity with three contributions on the human factor in SIS. In addition, regulators will find many recommendations, particularly in the area of governance, to support SIS at the legislative level. This thesis also offers many avenues for practitioners to improve the efficiency of SIS, particularly within Information Sharing and Analysis Centers (ISACs) in charge of producing Cyber Threat Intelligence in order to anticipate and prevent cyberrisks.
Cette thèse présente une contribution de l'économie comportementale à la sécurité des systèmes d'information. Elle s’intéresse au mécanisme incitatif permettant de favoriser le partage de l’information utile à la cybersécurité (Security Information Sharing – SIS) entre opérateurs d’infrastructures critiques, telles que les banques systémiques, les réseaux électriques ou de télécommunications. Le SIS est une activité par laquelle ces opérateurs échangent des informations relatives aux cybermenaces, par exemple sur les vulnérabilités, les logiciels malveillants, les violations de données, etc. Ce partage d'informations est un moyen peu coûteux et efficace par lequel les défenseurs de ces infrastructures peuvent renforcer la cybersécurité. Toutefois, malgré ces avantages, les (mauvaises) incitations économiques, telles que le problème du passager clandestin, réduisent souvent l’utilité pratique du SIS. Cette thèse répond à ce problème avec trois articles publiés. Le premier article présente un cadre théorique qui propose une association entre le comportement humain et les résultats du SIS. Le deuxième article développe et teste empiriquement cette proposition d'association à l'aide des données d'une enquête psychométrique développée avec les participants de la Centrale d'enregistrement et d'analyse pour la sûreté de l'information (MELANI). Le SIS est mesuré avec une double approche (intensité et fréquence), et des hypothèses sur cinq facteurs importants, probablement associés aux résultats du SIS (attitude, réciprocité, coût d'exécution, réputation, confiance), sont testées. Dans le troisième article, des recommandations politiques sont présentées afin de réduire les coûts d'exécution, qui s'avèrent être associés de manière significative et négative au SIS. En conclusion, cette thèse propose de multiples contributions scientifiques et pratiques. Ses résultats élargissent la littérature scientifique sur l'économie de la cybersécurité avec trois contributions sur le facteur humain dans le SIS. En outre, les régulateurs trouveront de nombreuses recommandations, en particulier dans le domaine de la gouvernance, pour soutenir le SIS au niveau législatif. Cette thèse offre également de nombreux moyens aux praticiens pour améliorer son efficacité, notamment au sein des Information Sharing and Analysis Center (ISACs) chargés de produire du renseignement sur les cybermenaces (Cyber Threat Intelligence) afin d'anticiper et prévenir les cyberrisques
Policy Options for Improving the Resilience of US Transportation Infrastructure
Despite the vulnerability of America’s aging infrastructure to costly disruptions from man-made and natural disasters, infrastructure insurance under-utilized. On average, only 30% of catastrophic losses in the past 10 years have been covered by insurance. Most infrastructure project managers have relied instead on taxpayer-funded federal aid when disaster strikes. But it doesn’t need to be this way. In this brief, Gina Tonn, Jeffrey Czajkowski, and Howard Kunreuther use technical reports and input from infrastructure managers to outline steps that policymakers can take to help maximize the use of infrastructure insurance for providing financial protection, encouraging investment in loss mitigation measures, and limiting the current reliance on taxpayer dollars.https://repository.upenn.edu/pennwhartonppi/1058/thumbnail.jp
- …