Dynamic cyber-incident response

Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial purposes is granted providing that copies bear this notice and a full citation on the first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE.Traditional cyber-incident response models have not changed significantly since the early days of the Computer Incident Response with even the most recent incident response life cycle model advocated by the US National Institute of Standards and Technology (Cichonski, Millar, Grance, & Scarfone, 2012) bearing a striking resemblance to the models proposed by early leaders in the field e.g. Carnegie-Mellon University (West-Brown, et al., 2003) and the SANS Institute (Northcutt, 2003). Whilst serving the purpose of producing coherent and effective response plans, these models appear to be created from the perspectives of Computer Security professionals with no referenced academic grounding. They attempt to defend against, halt and recover from a cyber-attack as quickly as possible. However, other actors inside an organisation may have priorities which conflict with these traditional approaches and may ultimately better serve the longer-term goals and objectives of an organisation

Exploring Industry Cybersecurity Strategy in Protecting Critical Infrastructure

Successful attacks on critical infrastructure have increased in occurrence and sophistication. Many cybersecurity strategies incorporate conventional best practices but often do not consider organizational circumstances and nonstandard critical infrastructure protection needs. The purpose of this qualitative multiple case study was to explore cybersecurity strategies used by information technology (IT) managers and compliance officers to mitigate cyber threats to critical infrastructure. The population for this study comprised IT managers and compliance officers of 4 case organizations in the Pacific Northwest United States. The routine activity theory developed by criminologist Cohen and Felson in 1979 was used as the conceptual framework. Data collection consisted of interviews with 2 IT managers, 3 compliance officers, and 25 documents related to cybersecurity and associated policy governance. A software tool was used in a thematic analysis approach against the data collected from the interviews and documentation. Data triangulation revealed 4 major themes: a robust workforce training program is crucial, make infrastructure resiliency a priority, importance of security awareness, and importance of organizational leadership support and investment. This study revealed key strategies that may help improve cybersecurity strategies used by IT and compliance professionals, which can mitigate successful attacks against critical infrastructure. The study findings will contribute to positive social change through an exploration and contextual analysis of cybersecurity strategy with situational awareness of IT practices to enhance cyber threat mitigation and inform business processes

EcoBlock: Grid Impacts, Scaling, and Resilience

Widespread deployment of EcoBlocks has the potential to transform today's electricity system into one that is more resilient, flexible, efficient and sustainable. In this vision, the system will consist of self- su cient, renewable-powered, block-scale entities that can deliberately adjust their net power exchange and can optimize performance, maintain stability, support each other, or disconnect entirely from the grid as needed. This report is intended as an independent analysis of the potential relationships, both constructive and adverse, between EcoBlocks and the grid

Multi-Sensor Context-Awareness in Mobile Devices and Smart Artefacts

The use of context in mobile devices is receiving increasing attention in mobile and ubiquitous computing research. In this article we consider how to augment mobile devices with awareness of their environment and situation as context. Most work to date has been based on integration of generic context sensors, in particular for location and visual context. We propose a different approach based on integration of multiple diverse sensors for awareness of situational context that can not be inferred from location, and targeted at mobile device platforms that typically do not permit processing of visual context. We have investigated multi-sensor context-awareness in a series of projects, and report experience from development of a number of device prototypes. These include development of an awareness module for augmentation of a mobile phone, of the Mediacup exemplifying context-enabled everyday artifacts, and of the Smart-Its platform for aware mobile devices. The prototypes have been explored in various applications to validate the multi-sensor approach to awareness, and to develop new perspectives of how embedded context-awareness can be applied in mobile and ubiquitous computing

Training of Crisis Mappers and Map Production from Multi-sensor Data: Vernazza Case Study (Cinque Terre National Park, Italy)

This aim of paper is to presents the development of a multidisciplinary project carried out by the cooperation between Politecnico di Torino and ITHACA (Information Technology for Humanitarian Assistance, Cooperation and Action). The goal of the project was the training in geospatial data acquiring and processing for students attending Architecture and Engineering Courses, in order to start up a team of "volunteer mappers". Indeed, the project is aimed to document the environmental and built heritage subject to disaster; the purpose is to improve the capabilities of the actors involved in the activities connected in geospatial data collection, integration and sharing. The proposed area for testing the training activities is the Cinque Terre National Park, registered in the World Heritage List since 1997. The area was affected by flood on the 25th of October 2011. According to other international experiences, the group is expected to be active after emergencies in order to upgrade maps, using data acquired by typical geomatic methods and techniques such as terrestrial and aerial Lidar, close-range and aerial photogrammetry, topographic and GNSS instruments etc.; or by non conventional systems and instruments such us UAV, mobile mapping etc. The ultimate goal is to implement a WebGIS platform to share all the data collected with local authorities and the Civil Protectio

Negotiating the 'trading zone'. Creating a shared information infrastructure in the Dutch public safety sector

Our main concern in this article is whether nation-wide information technology (IT) infrastructures or systems in emergency response and disaster management are the solution to the communication problems the safety sector suffers from. It has been argued that implementing nation-wide IT systems will help to create shared cognition and situational awareness among relief workers. We put this claim to the test by presenting a case study on the introduction of ‘netcentric work’, an IT system-based platform aiming at the creation of situational awareness for professionals in the safety sector in the Netherlands. The outcome of our research is that the negotiation with relevant stakeholders by the Dutch government has lead to the emergence of several fragmented IT systems. It becomes clear that a top-down implementation strategy for a single nation-wide information system will fail because of the fragmentation of the Dutch safety sector it is supposed to be a solution to. As the US safety sector is at least as fragmented as its Dutch counterpart, this may serve as a caveat for the introduction of similar IT systems in the US

Social and interactional practices for disseminating current awareness information in an organisational setting.

Current awareness services are designed to keep users informed about recent developments based around user need profiles. In organisational settings, they may operate through both electronic and social interactions aimed at delivering information that is relevant, pertinent and current. Understanding these interactions can reveal the tensions in current awareness dissemination and help inform ways of making services more effective and efficient. We report an in-depth, observational study of electronic current awareness use within a large London law firm. The study found that selection, re-aggregation and forwarding of information by multiple actors gives rise to a complex sociotechnical distribution network. Knowledge management staff act as a layer of “intelligent filters” sensitive to complex, local information needs; their distribution decisions address multiple situational relevance factors in a situation fraught with information overload and restrictive time-pressures. Their decisions aim to optimise conflicting constraints of recall, precision and information quantity. Critical to this is the use of dynamic profile updates which propagate back through the network through formal and informal social interactions. This supports changes to situational relevance judgements and so allows the network to ‘self-tune’. These findings lead to design requirements, including that systems should support rapid assessment of information items against an individual’s interests; that it should be possible to organise information for different subsequent uses; and that there should be back-propagation from information consumers to providers, to tune the understanding of their information needs