A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity

Oil and gas drilling is based, increasingly, on operational technology, whose cybersecurity is complicated by several challenges. We propose a graphical model for cybersecurity risk assessment based on Adversarial Risk Analysis to face those challenges. We also provide an example of the model in the context of an offshore drilling rig. The proposed model provides a more formal and comprehensive analysis of risks, still using the standard business language based on decisions, risks, and value.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

WE ARE ALL GONNA DIE: HOW THE WEAK POINTS OF THE POWER GRID LEAVE THE UNITED STATES WITH AN UNACCEPTABLE RISK

Federal regulations aim to ensure grid reliability and harden it against outages; however, widespread outages continue. This thesis examines the spectrum of regulations to evaluate them. It outlines their structure, the regulations’ intent, and weighs them against evolving cyber and physical threats and natural disaster risks. Currently, the regulatory structure is incapable of providing uniform security. Federal standards protect only the transmission portion of the grid, leaving the distribution section vulnerable to attack due to varying regulations from state to state, or county to county. The regulations cannot adapt quickly enough to meet dynamic threats, rendering them less effective. Cyber threats can be so agile that protectors are unaware of vulnerabilities, and patching requirements are too lengthy, which increases the risk exposure. No current weather mitigation or standard is capable of protecting the grid despite regular natural disasters that cause power shutdowns. The thesis concludes that bridging these gaps requires not increasing protection standards, but redundancy. Redundancy, mirrored after the UK's infrastructure policy, is more likely to reduce failure risk through layered components and systems. Microgrids are proven effective in disasters to successfully deliver such redundancy and should be implemented across all critical infrastructure sectors.Civilian, Department of Homeland SecurityApproved for public release. Distribution is unlimited

Organizational resilience: state of the art and new future cyber inquiries

Contemporary societies, and the organizational systems on which they rely, are increasingly exposed to unexpected disruptive events, such as the recent health or geo-political crises. Organizations therefore need a certain level of Organizational Resilience (OR). Since OR is a multifaceted concept, a first aim of this article is to find a trait d’union among many studies and conceptualizations of OR, stimulating academic debate, critical thinking, and further research. An additional goal is to propose a specific direction for future research leading to a better understanding of the characteristics that make organizations more resilient to an increasing relevant adverse phenomenon, namely cybersecurity and related cyberattacks. The authors develop a systematic literature review about the concept of OR in the Management and Organization science fields. A second facet is the authors’ proposed three-stage conceptual framework of OR, which is consistent with the relevant ideas emerging from the systematic literature review. A third section focuses on the exploration of relationships between cybersecurity and organizational domains, going beyond a purely technical focus. Results show that there is a need to address many unresolved research gaps, and to systematize the fragmentation of current Organization and Management research. It is clear that many critical areas still lack a solid and more comprehensive operationalization of OR, including cyber OR

Chapter 5- Lessons from Anticipatory Intelligence: Resilient Pedagogy in the Face of Future Disruptions

The COVID-19 pandemic has disrupted universities across the globe in unprecedented ways, requiring many teaching faculty to reexamine and transform approaches to pedagogy. As higher-education institutions have grappled with various methods of hybrid and remote delivery in an effort to best preserve student instruction through the pandemic, most have fervently looked ahead for a more satisfying “new normal.” Yet this moment of unease and transformation is one of critical opportunity for universities and their teaching faculty. Educators are seeing in vivid form how an unexpected “threat”—in this case, a global health challenge—can profoundly disrupt pedagogy, and the immense adaptive innovation necessary to preserve universities’ most important functions through a sustained period of difficulty. Equally important are lessons concerning the varying degrees of success experienced between institutions based on different levels of proactive planning and the quality of resilience-building strategies

On the Definition of Cyber-Physical Resilience in Power Systems

In recent years, advanced sensors, intelligent automation, communication networks, and information technologies have been integrated into the electric grid to enhance its performance and efficiency. Integrating these new technologies has resulted in more interconnections and interdependencies between the physical and cyber components of the grid. Natural disasters and man-made perturbations have begun to threaten grid integrity more often. Urban infrastructure networks are highly reliant on the electric grid and consequently, the vulnerability of infrastructure networks to electric grid outages is becoming a major global concern. In order to minimize the economic, social, and political impacts of power system outages, the grid must be resilient. The concept of a power system cyber-physical resilience centers around maintaining system states at a stable level in the presence of disturbances. Resilience is a multidimensional property of the electric grid, it requires managing disturbances originating from physical component failures, cyber component malfunctions, and human attacks. In the electric grid community, there is not a clear and universally accepted definition of cyber-physical resilience. This paper focuses on the definition of resilience for the electric grid and reviews key concepts related to system resilience. This paper aims to advance the field not only by adding cyber-physical resilience concepts to power systems vocabulary, but also by proposing a new way of thinking about grid operation with unexpected disturbances and hazards and leveraging distributed energy resources.Comment: 20 pages. This is a modified versio

THE ELECTROMAGNETIC THREAT TO THE UNITED STATES: RECOMMENDATIONS FOR CONSEQUENCE MANAGEMENT

This thesis analyzes the threat of both electromagnetic pulse (EMP) and geomagnetic disturbances (GMD) to the U.S. Department of Homeland Security. EMP/GMD events are classified as low-probability/high-impact events that have potential catastrophic consequences to all levels of government as well as the civilian population of the United States. By reviewing current literature and conducting two thought experiments, this thesis determined that various critical infrastructure sectors and modern society are at risk of the effects of EMP/GMD events. Some of the most serious consequences of a large-scale EMP/GMD event include long-term power loss to large geographic regions, loss of modern medical services, and severe communication blackouts that could make recovery from these events extremely difficult. In an attempt to counteract and mitigate the risks of EMP/GMD events, resilience engineering concepts introduced several recommendations that could be utilized by policymakers to mitigate the effects of EMP or GMD events. Some of the recommendations include utilizing hardened micro-grid systems, black start options, and various changes to government agency organizations that would provide additional resilience and recovery to American critical infrastructure systems in a post-EMP/GMD environment.Captain, United States ArmyApproved for public release. Distribution is unlimited

Countering Terrorism on Tomorrow’s Battlefield: Critical Infrastructure Security and Resiliency (NATO COE-DAT Handbook 2)

Every day, malicious actors target emerging technologies and medical resilience or seek to wreak havoc in the wake of disasters brought on by climate change, energy insecurity, and supply-chain disruptions. Countering Terrorism on Tomorrow’s Battlefield is a handbook on how to strengthen critical infrastructure resilience in an era of emerging threats. The counterterrorism research produced for this volume is in alignment with NATO’s Warfighting Capstone Concept, which details how NATO Allies can transform and maintain their advantage despite new threats for the next two decades. The topics are rooted in NATO’s Seven Baseline requirements, which set the standard for enhancing resilience in every aspect of critical infrastructure and civil society. As terrorists hone their skills to operate lethal drones, use biometric data to target innocents, and take advantage of the chaos left by pandemics and natural disasters for nefarious purposes, NATO forces must be prepared to respond and prevent terrorist events before they happen. Big-data analytics provides potential for NATO states to receive early warning to prevent pandemics, cyberattacks, and kinetic attacks. NATO is perfecting drone operations through interoperability exercises, and space is being exploited by adversaries. Hypersonic weapons are actively being used on the battlefield, and satellites have been targeted to take down wind farms and control navigation. This handbook is a guide for the future, providing actionable information and recommendations to keep our democracies safe today and in the years to come.https://press.armywarcollege.edu/monographs/1953/thumbnail.jp

Global Risks 2014, Ninth Edition.

The Global Risks 2014 report highlights how global risks are not only interconnected but also have systemic impacts. To manage global risks effectively and build resilience to their impacts, better efforts are needed to understand, measure and foresee the evolution of interdependencies between risks, supplementing traditional risk-management tools with new concepts designed for uncertain environments. If global risks are not effectively addressed, their social, economic and political fallouts could be far-reaching, as exemplified by the continuing impacts of the financial crisis of 2007-2008

Digitalisation For Sustainable Infrastructure: The Road Ahead

In today’s tumultuous and fast-changing times, digitalisation and technology are game changers in a wide range of sectors and have a tremendous impact on infrastructure. Roads, railways, electricity grids, aviation, and maritime transport are deeply affected by the digital and technological transition, with gains in terms of competitiveness, cost-reduction, and safety. Digitalisation is also a key tool for fostering global commitment towards sustainability, but the race for digital infrastructure is also a geopolitical one. As the world’s largest economies are starting to adopt competitive strategies, a level playing field appears far from being agreed upon. Why are digitalisation and technology the core domains of global geopolitical competition? How are they changing the way infrastructure is built, operated, and maintained? To what extent will road, rail, air, and maritime transport change by virtue of digitalisation, artificial intelligence, and the Internet of Things? How to enhance cyber protection for critical infrastructure? What are the EU’s, US’ and China’s digital strategies?Publishe