Trends in Smart City Development

This report examines the meanings and practices associated with the term 'smart cities.' Smart city initiatives involve three components: information and communication technologies (ICTs) that generate and aggregate data; analytical tools which convert that data into usable information; and organizational structures that encourage collaboration, innovation, and the application of that information to solve public problems

Evaluation of the 2015 DoD Cyber Strategy: Mild Progress in a Complex and Dynamic Military Domain

In 2011, the Department of Defense (DoD) released its Strategy for Operating in Cyberspace, which officially recognized cyberspace as an operational domain akin to the traditional military domains of land, sea, air, and space. This monograph examines the 2015 DoD Cyber Strategy to evaluate how well its five strategic goals and associated implementation objectives define an actionable strategy to achieve three primary missions in cyberspace: defend the DoD network, defend the United States and its interests, and develop cyber capabilities to support military operations. This monograph focuses on events and documents from the period of about 1 year before and 1 year after the 2015 strategy was released. This allows sufficient time to examine the key policies and guidance that influenced the development of the strategy as well as follow-on activities for the impacts from the strategy. This inquiry has five major sections that utilize different frameworks of analysis to assess the strategy: 1. Prima Facie Analysis: What is its stated purpose and key messages? 2. Historical Context Analysis: What unique contributions does it introduce into the evolution of national security cyberspace activities? 3. Traditional Strategy Analysis: Does it properly address specific DoD needs as well as broader U.S. ends in a way that is appropriate and actionable? 4. Analysis of Subsequent DoD Action: How are major military cyberspace components—joint and Service—planning to implement these goals and objectives? 5. Whole of U.S. Government Analysis: Does it integrate with the cyberspace-related activities of other U.S. Government departments and agencies? The monograph concludes with a section that integrates the individual section findings and offers recommendations to improve future cyberspace strategic planning documents.https://press.armywarcollege.edu/monographs/1401/thumbnail.jp

Distributed, Low-Cost, Non-Expert Fine Dust Sensing with Smartphones

Diese Dissertation behandelt die Frage, wie mit kostengünstiger Sensorik Feinstäube in hoher zeitlicher und räumlicher Auflösung gemessen werden können. Dazu wird ein neues Sensorsystem auf Basis kostengünstiger off-the-shelf-Sensoren und Smartphones vorgestellt, entsprechende robuste Algorithmen zur Signalverarbeitung entwickelt und Erkenntnisse zur Interaktions-Gestaltung für die Messung durch Laien präsentiert. Atmosphärische Aerosolpartikel stellen im globalen Maßstab ein gravierendes Problem für die menschliche Gesundheit dar, welches sich in Atemwegs- und Herz-Kreislauf-Erkrankungen äußert und eine Verkürzung der Lebenserwartung verursacht. Bisher wird Luftqualität ausschließlich anhand von Daten relativ weniger fester Messstellen beurteilt und mittels Modellen auf eine hohe räumliche Auflösung gebracht, so dass deren Repräsentativität für die flächendeckende Exposition der Bevölkerung ungeklärt bleibt. Es ist unmöglich, derartige räumliche Abbildungen mit den derzeitigen statischen Messnetzen zu bestimmen. Bei der gesundheitsbezogenen Bewertung von Schadstoffen geht der Trend daher stark zu räumlich differenzierenden Messungen. Ein vielversprechender Ansatz um eine hohe räumliche und zeitliche Abdeckung zu erreichen ist dabei Participatory Sensing, also die verteilte Messung durch Endanwender unter Zuhilfenahme ihrer persönlichen Endgeräte. Insbesondere für Luftqualitätsmessungen ergeben sich dabei eine Reihe von Herausforderungen - von neuer Sensorik, die kostengünstig und tragbar ist, über robuste Algorithmen zur Signalauswertung und Kalibrierung bis hin zu Anwendungen, die Laien bei der korrekten Ausführung von Messungen unterstützen und ihre Privatsphäre schützen. Diese Arbeit konzentriert sich auf das Anwendungsszenario Partizipatorischer Umweltmessungen, bei denen Smartphone-basierte Sensorik zum Messen der Umwelt eingesetzt wird und üblicherweise Laien die Messungen in relativ unkontrollierter Art und Weise ausführen. Die Hauptbeiträge hierzu sind: 1. Systeme zum Erfassen von Feinstaub mit Smartphones (Low-cost Sensorik und neue Hardware): Ausgehend von früher Forschung zur Feinstaubmessung mit kostengünstiger off-the-shelf-Sensorik wurde ein Sensorkonzept entwickelt, bei dem die Feinstaub-Messung mit Hilfe eines passiven Aufsatzes auf einer Smartphone-Kamera durchgeführt wird. Zur Beurteilung der Sensorperformance wurden teilweise Labor-Messungen mit künstlich erzeugtem Staub und teilweise Feldevaluationen in Ko-Lokation mit offiziellen Messstationen des Landes durchgeführt. 2. Algorithmen zur Signalverarbeitung und Auswertung: Im Zuge neuer Sensordesigns werden Kombinationen bekannter OpenCV-Bildverarbeitungsalgorithmen (Background-Subtraction, Contour Detection etc.) zur Bildanalyse eingesetzt. Der resultierende Algorithmus erlaubt im Gegensatz zur Auswertung von Lichtstreuungs-Summensignalen die direkte Zählung von Partikeln anhand individueller Lichtspuren. Ein zweiter neuartiger Algorithmus nutzt aus, dass es bei solchen Prozessen ein signalabhängiges Rauschen gibt, dessen Verhältnis zum Mittelwert des Signals bekannt ist. Dadurch wird es möglich, Signale die von systematischen unbekannten Fehlern betroffen sind auf Basis ihres Rauschens zu analysieren und das "echte" Signal zu rekonstruieren. 3. Algorithmen zur verteilten Kalibrierung bei gleichzeitigem Schutz der Privatsphäre: Eine Herausforderung partizipatorischer Umweltmessungen ist die wiederkehrende Notwendigkeit der Sensorkalibrierung. Dies beruht zum einen auf der Instabilität insbesondere kostengünstiger Luftqualitätssensorik und zum anderen auf der Problematik, dass Endbenutzern die Mittel für eine Kalibrierung üblicherweise fehlen. Bestehende Ansätze zur sogenannten Cross-Kalibrierung von Sensoren, die sich in Ko-Lokation mit einer Referenzstation oder anderen Sensoren befinden, wurden auf Daten günstiger Feinstaubsensorik angewendet sowie um Mechanismen erweitert, die eine Kalibrierung von Sensoren untereinander ohne Preisgabe privater Informationen (Identität, Ort) ermöglicht. 4. Mensch-Maschine-Interaktions-Gestaltungsrichtlinien für Participatory Sensing: Auf Basis mehrerer kleiner explorativer Nutzerstudien wurde empirisch eine Taxonomie der Fehler erstellt, die Laien beim Messen von Umweltinformationen mit Smartphones machen. Davon ausgehend wurden mögliche Gegenmaßnahmen gesammelt und klassifiziert. In einer großen summativen Studie mit einer hohen Teilnehmerzahl wurde der Effekt verschiedener dieser Maßnahmen durch den Vergleich vier unterschiedlicher Varianten einer App zur partizipatorischen Messung von Umgebungslautstärke evaluiert. Die dabei gefundenen Erkenntnisse bilden die Basis für Richtlinien zur Gestaltung effizienter Nutzerschnittstellen für Participatory Sensing auf Mobilgeräten. 5. Design Patterns für Participatory Sensing Games auf Mobilgeräten (Gamification): Ein weiterer erforschter Ansatz beschäftigt sich mit der Gamifizierung des Messprozesses um Nutzerfehler durch den Einsatz geeigneter Spielmechanismen zu minimieren. Dabei wird der Messprozess z.B. in ein Smartphone-Spiel (sog. Minigame) eingebettet, das im Hintergrund bei geeignetem Kontext die Messung durchführt. Zur Entwicklung dieses "Sensified Gaming" getauften Konzepts wurden Kernaufgaben im Participatory Sensing identifiziert und mit aus der Literatur zu sammelnden Spielmechanismen (Game Design Patterns) gegenübergestellt

Barriers to cyber information sharing

As our reliance on the Internet grows, our interconnected networks become more vulnerable to cyberattacks. Cyberattacks and other cyber threats can cause disastrous results, especially if a coordinated targeted attack hits multiple networks at the same time. For this reason, cyber information-sharing among public and private organizations becomes necessary and important to defend our networks. Many cyber threats are difficult to detect and identify by a single organization. Information sharing can help detect these potential risks, prevent cyberattacks, and facilitate incident response to better defend networks. Although the public and private sectors have begun to share cybersecurity information, there are still many barriers that stop agencies from sharing more. This research identifies and reviews what the barriers are to sharing cyber information and possible ways that the barriers can be overcome.http://archive.org/details/barrierstocyberi1094544574Information Technology Specialist, U.S. Department of Homeland SecurityApproved for public release; distribution is unlimited

DEDA: An algorithm for early detection of topology attacks in the internet of things

The internet of things (IoT) is used in domestic, industrial as well as mission-critical systems including homes, transports, power plants, industrial manufacturing and health-care applications. Security of data generated by such systems and IoT systems itself is very critical in such applications. Early detection of any attack targeting IoT system is necessary to minimize the damage. This paper reviews security attack detection methods for IoT Infrastructure presented in the state-of-the-art. One of the major entry points for attacks in IoT system is topology exploitation. This paper proposes a distributed algorithm for early detection of such attacks with the help of predictive descriptor tables. This paper also presents feature selection from topology control packet fields. The performance of the proposed algorithm is evaluated using an extensive simulation carried out in OMNeT++. Performance parameter includes accuracy and time required for detection. Simulation results presented in this paper show that the proposed algorithm is effective in detecting attacks ahead in time

Health Information Systems in the Digital Health Ecosystem—Problems and Solutions for Ethics, Trust and Privacy

Digital health information systems (DHIS) are increasingly members of ecosystems, collecting, using and sharing a huge amount of personal health information (PHI), frequently without control and authorization through the data subject. From the data subject's perspective, there is frequently no guarantee and therefore no trust that PHI is processed ethically in Digital Health Ecosystems. This results in new ethical, privacy and trust challenges to be solved. The authors' objective is to find a combination of ethical principles, privacy and trust models, together enabling design, implementation of DHIS acting ethically, being trustworthy, and supporting the user's privacy needs. Research published in journals, conference proceedings, and standards documents is analyzed from the viewpoint of ethics, privacy and trust. In that context, systems theory and systems engineering approaches together with heuristic analysis are deployed. The ethical model proposed is a combination of consequentialism, professional medical ethics and utilitarianism. Privacy enforcement can be facilitated by defining it as health information specific contextual intellectual property right, where a service user can express their own privacy needs using computer-understandable policies. Thereby, privacy as a dynamic, indeterminate concept, and computational trust, deploys linguistic values and fuzzy mathematics. The proposed solution, combining ethical principles, privacy as intellectual property and computational trust models, shows a new way to achieve ethically acceptable, trustworthy and privacy-enabling DHIS and Digital Health Ecosystems

Cybersecurity for Infrastructure: A Critical Analysis

Nations and their citizens rely on infrastructures. Their incapacitation or destruction could prevent nations from protecting themselves from threats, cause substantial economic harm, and even result in the loss of life. Therefore, safeguarding these infrastructures is an obvious strategic task for any sovereign state. While the need to protect critical infrastructures (CIs) is far from novel, digitization brings new challenges as well as increased cyber-risks. This need is self-evident; yet, the optimal policy regime is debatable. The United States and other nations have thus far opted for very light regulation, merely encouraging voluntary steps while choosing to intervene only in a handful of sectors. Over the past few years, several novel laws and regulations addressing this emerging issue have been legislated. Yet, the overall trajectory of limited regulatory intervention has not changed. With that, the wisdom of such a limited regulatory framework must be revisited and possibly reconsidered. This Article fills an important gap in the legal literature by contributing to and promoting this debate on cyber-risk regulation of CIs, while mapping out the relevant rights, options, and interests this ‘critical’ debate entails and setting forth a regulatory blueprint that balances the relevant factors and considerations. The Article begins in Part II by defining CIs and cyber risks and explaining why cyber risk requires a reassessment of CI protection strategies. Part III describes the means used by the United States and several other nations to address cyber risks of CIs. Part IV examines a market-based approach with minimal governmental intervention to critical infrastructure cyber-regulation, along with the various market failures, highlighting assorted minimal measures to correct these problems. It further examines these limited forms of regulation, which merely strive to bridge information and expertise barriers, assign ex post liability for security-related harms, or provide other specific incentives—and finds them all insufficient. Part V continues the normative evaluation of CI cyber-protection models, focusing on ex ante approaches, which require more intrusive government involvement in terms of setting and enforcing standards. It discusses several concerns with this regulatory strategy, including the lack of governmental expertise, regulatory capture, compromised rights, lack of transparency, and the centralization of authority. Finally, in Part VI, the Article proposes a blueprint for CI cyber protection that goes beyond the mere voluntary regulatory strategy applied today

Cybersecurity in Power Grids: Challenges and Opportunities

Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids