A Novel Cyber Resilience Framework – Strategies and Best Practices for Today's Organizations

Cyber resilience refers to an organization's ability to maintain its essential functions, services despite cyber-attacks and swiftly recover from any disruptions. It involves proactive measures like gathering threat intelligence and managing risks, as well as reactive measures such as incident response planning, data backup and recovery. To achieve cyber resilience, organizations must implement robust cyber security measures, regularly update their incident response plans, and educate employees on safe online practices. Furthermore, having a comprehensive backup and recovery strategy in place is crucial to swiftly restore critical systems and data in the event of an attack. Overall, the proposed framework emphasizes cyber resilience as a continuous and proactive approach for managing cyber security risks and safeguarding against the growing threat of cyber-attacks

THE ELECTROMAGNETIC THREAT TO THE UNITED STATES: RECOMMENDATIONS FOR CONSEQUENCE MANAGEMENT

This thesis analyzes the threat of both electromagnetic pulse (EMP) and geomagnetic disturbances (GMD) to the U.S. Department of Homeland Security. EMP/GMD events are classified as low-probability/high-impact events that have potential catastrophic consequences to all levels of government as well as the civilian population of the United States. By reviewing current literature and conducting two thought experiments, this thesis determined that various critical infrastructure sectors and modern society are at risk of the effects of EMP/GMD events. Some of the most serious consequences of a large-scale EMP/GMD event include long-term power loss to large geographic regions, loss of modern medical services, and severe communication blackouts that could make recovery from these events extremely difficult. In an attempt to counteract and mitigate the risks of EMP/GMD events, resilience engineering concepts introduced several recommendations that could be utilized by policymakers to mitigate the effects of EMP or GMD events. Some of the recommendations include utilizing hardened micro-grid systems, black start options, and various changes to government agency organizations that would provide additional resilience and recovery to American critical infrastructure systems in a post-EMP/GMD environment.Captain, United States ArmyApproved for public release. Distribution is unlimited

A quantitative approach for applied resilience assessment audits

Today’s infrastructural systems are expected to be safe and resilient. In this context, assessment of such systems faces two principal challenges: common approaches in risk assessment have reached their limits in methodology and feasibility in assessing complex and interconnected systems. On the other hand, resilience assessment is in its beginnings and lacks, e.g., a commonly accepted resilience metric. The paper starts to specify a practical definition of resilience and assigned metric: Resilience is characterised by influencing recovery properties of a socio-technical system. Actors and actions are carriers of these properties. This corresponds to the views of system representation by Use Case Diagrams (UCD). In order to quantify an UCD, actions are validated by assessing their compliance level L. Actors are associated with their abilities to respond, monitor, learning, and to anticipate developments. The result is given by the Resilience Priority Value REPV = L ⋅ I of actors and overall system. The resilience assessment process is exemplified by a case study of a car park guidance system

Contending European agendas for agricultural innovation

Amid expectations for a European ‘transition to sustainable agriculture’, there are competing transitional processes. Given the widely acknowledged harm from agro-industrial systems, ‘unsustainable agriculture’ has divergent diagnoses and innovative solutions. This rivalry can be analysed as contending innovation agendas; the analysis here combines theoretical paradigms of agricultural innovation. In an EU policy context of a Knowledge-Based Bio-Economy (KBBE), there are divergent accounts of its key terms: biological resources, economy, relevant knowledge and knowledge-producers. Likewise, divergent accounts are found of innovation, intensification, resource efficiency, resilience, bio-energy, horizontal integration, etc. These divergent agendas are promoted by distinct stakeholder networks. The dominant agenda favours laboratory-based techno-scientific innovation as a source of ‘efficient’ inputs, which can use renewable resources more efficiently for competitive advantage in global value chains. By contrast, other agendas promote farmers’ knowledge of natural resources, especially via agro-ecological methods which can reduce energy inputs, increase productivity and add value through quality. With those contending agendas, rival stakeholder networks seek to influence R&D priorities. From the standpoint of multifunctional agriculture, such contending agendas can play complementary roles in different rural spaces. Some agro-food practices may combine aspects of different paradigms. As a concept, Agricultural Knowledge Systems may provide a common space for interchanges between divergent agendas and their research priorities. However, these innovation agendas promote conflicting visions of the future

A holistic resilience framework development for rural power systems in emerging economies

Infrastructure and services within urban areas of developed countries have established reliable definitions of resilience and its dependence on various factors as an important pathway for achieving sustainability in these energy systems. However, the assessment, design, building and maintenance of power systems situated in rural areas in emerging economies present further difficulties because there is no a clear framework for such circumstances. Aiming to address this issue, this paper combines different visions of energy-related resilience both in general and under rural conditions in order to provide a robust practical framework for local and international stakeholders to derive the right actions in the rural context of emerging economies. An in-depth review is implemented to recompile information of resilience in general, in energy systems and in rural areas in particular, and a number of existing frameworks is also consulted. In order to acknowledge the particular circumstances and identify the important factors influencing the resilience of rural electrification in emerging economies, a holistic rural power system resilience framework is developed and presented. This consists of twenty-one indicators for technical resilience, eight indicators for social resilience, and thirteen indicators for economic resilience. This framework can be used by system owners and operators, policy makers, NGOs and communities to ensure the longevity of power systems. This work also paves the way for the creation of appropriate and effective resilience standards specifically targeted for application in these regions - aiming to achieve the delivery of global and local sustainability goals

The Electromagnetic Threat to the US: Resilience Strategy Recommendations

The article of record as published may be located at https://doi.org/10.18278/jcip.3.2.10https://www.jcip1.org/the-electromagnetic-threat-to-the-us-recommendations-for-resilience-strategies.htmlThis work is based on a master’s thesis completed by the lead author: Samuel Averitt, “The Electromagnetic Threat To The United States: Recommendations For Consequence Management” (Monterey, CA, Naval Postgraduate School, 2021), https://calhoun.nps.edu/handle/10945/68695This article analyzes the threat of both electromagnetic pulse (EMP) and geomagnetic disturbances (GMD) to various federal agencies and the civilian population of the United States. EMP/GMD events are classified as low-probability/high-impact events that have potential for catastrophic consequences to all levels of government as well as the country's civilian population. By reviewing current literature and conducting two thought experiments, we determined that specific critical infrastructure sectors and modern society are at substantial risk from the effects of these events. Some of the most serious consequences of a large-scale EMP/GMD include longterm power loss to large geographic regions, loss of modern medical services, and severe communication blackouts that could make recovery from these events extremely difficult. In an attempt to counteract and mitigate the risks of EMP/GMD events, resilience engineering concepts prescribe several recommendations that could be utilized by policymakers to mitigate the effects of EMP or GMD. Some of the recommendations include utilizing hardened micro-grid systems, fast tracking available black start options, and various changes to government agency organizations that would provide additional resilience and recovery to American critical infrastructure systems in the post-EMP/GMD environment

Impacts of climate change on public health in Australia

Provides information, opinions and recommendations relevant to assessing the potential impacts of climate change on public health in Australia, as well as guidelines for decision-making in responding to these impacts. It aims to: draw attention to the potential impacts of climate change on health in Australia; discuss the policies and issues related to the impacts of climate change on health; present prioritised recommendations to decision-makers on policies and practices which may assist mitigation of and adaptation to the most serious of the identified impacts; provide guidance which will assist appropriate people and agencies to allocate resources to the highest priority problems; and provide a comprehensive list of references which provide reliable evidence about the potential impacts of climate change on health in Australia. The immediate and longer-term impacts of climate change have the potential to affect Australian health and social environments seriously, and as such, demand and deserve attention by Federal and State Governments and agencies within the Australian public health sector. Policymakers are faced with pressing issues of funding and delivering health services for an ageing society with an ever increasing burden of chronic disease and expectations of access to high-technology, high cost interventions. However, the impacts of future climate change on public health may potentially generate very large healthcare costs if current strategies for healthcare are inadequate. Successful advocacy of new policies and practices by credible and influential groups must use language which can be understood by the people who are to be influenced. This advocacy must be supported by reliable evidence. Climate-related catastrophes (droughts, floods, cyclones, other storms, bush fires) occur frequently in Australia. The demonstrably high variability in the incidence and severity of such phenomena present a challenge to scientists to discover and demonstrate any correlations between the catastrophes and the slow changes of climatic indices due to climate change. Public health organisations must start to develop alternative, more effective, practices to manage the complex issues related to climate change while continuing to implement their traditional primary, secondary and tertiary preventive models. A new approach, based on ecological principles, will be required to navigate through the complex and interrelating health causes. The public health sector must strengthen existing approaches for effective climate change adaptation strategies, including assessing regional health risks to identify vulnerable and resilient populations, collecting enhanced surveillance data and developing monitoring indicators. This approach must be based on: providing sound scientific evidence for predicting the likely outcomes and thus to take preventive or responsive action; and reorienting the public health sector towards greater comprehension and use of ecological understandings and approaches. Recommendations Politicians, health bureaucrats and other interested parties must formulate comprehensive, coherent policies to address the direct and indirect impacts of climate change on public health, including allocation of appropriate financial resources as part of a National Plan for Health in Responding to Climate Change. The National Health and Medical Research Council should be tasked with ensuring coordinated, comprehensive funding to support research into the health impacts of climate change. Research organisations and health institutions must collaborate to develop cost-effective, long-term, longitudinal studies on the impacts of climate change on the physical, biological and social environments that will affect Australian’s public health. Advocates must develop proposals which demonstrate cost savings to government over three to six years, or one or two electoral cycles. Little will be achieved in the current fiscal environment if proposed policies and practices will incur significant new budgetary expenses to governments or their agencies. Managing the impacts of climate change on public health will also involve several other sectors, such as water, planning, building, housing and transport infrastructure. Appropriate institutions should work towards a multi-level, interdisciplinary and integrated response to raise the importance of the impacts of climate change on public health. A comprehensive surveillance system would monitor the inter-relationship of environmental, social and health factors. Observational studies are important to monitor recent and present disease patterns and incidence to inform modelling of future disease patterns. They could also provide baselines for environmental health indicators, which can periodically be monitored and measured in order to inform program evaluation. The public health sector must integrate planned, evidence-based adaptations into existing preventive activities. Useful methodologies might include: a risk assessment approach such as Health Impact Assessment (HIA); an appropriate range of Environmental Health Indicators (EHIs); a “Driving force-Pressure-State-Exposure-Effect-Action (DPSEEA) framework”; and a systematic ecological health framework. The opposite of vulnerability is resilience – our capacity to respond to challenging or new circumstances. The factors which encourage resilience needs to be better understood. The public health sector must communicate concepts of risk, and develop strategies to encourage greater resilience. To understand how we can minimise vulnerability of individuals and communities to climate change we must identify those populations which are most at risk, including those for whom climate change will act as a stress multiplier for existing public health problems. The health sector must communicate climate change as a human health issue rather than just an “environmental problem”. The focus should be on effective, realistic and sustainable solutions rather than problems characterised as bleak and unresolvable

Learning from safety science: A way forward for studying cybersecurity incidents in organizations

In the aftermath of cybersecurity incidents within organizations, explanations of their causes often revolve around isolated technical or human events such as an Advanced Persistent Threat or a “bad click by an employee.” These explanations serve to identify the responsible parties and inform efforts to improve security measures. However, safety science researchers have long been aware that explaining incidents in socio-technical systems and determining the role of humans and technology in incidents is not an objective procedure but rather an act of social constructivism: what you look for is what you find, and what you find is what you fix. For example, the search for a technical “root cause” of an incident might likely result in a technical fix, while from a sociological perspective, cultural issues might be blamed for the same incident and subsequently lead to the improvement of the security culture. Starting from the insights of safety science, this paper aims to extract lessons on what general explanations for cybersecurity incidents can be identified and what methods can be used to study causes of cybersecurity incidents in organizations. We provide a framework that allows researchers and practitioners to proactively select models and methods for the investigation of cybersecurity incidents