Tag Archives: cyberspace

Protecting Critical Systems and Personal Data from Cyberattack

Cyberspace is notoriously vulnerable to varied and changing attacks by hackers, criminals, terrorists, and state actors. The nation’s critical infrastructure, including the electric power grid, air traffic control system, financial system, and communication networks, depends on information technology for its operation and thus is susceptible to cyberattack. Additionally, individuals need to protect themselves online as threats to technology and confidential data become more commonplace. Our publications explore the nature of cyberattacks and ways to build resilience into our networks to prepare for and defend from attack. All are free to read online or download.

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better …[more]

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Electric power is a critical infrastructure that is vital to the U.S. economy and national security. Today, the nation’s electric power infrastructure is threatened by malicious attacks, accidents, and failures, as well as disruptive natural events. As the electric grid evolves and becomes …[more]

Cybersecurity in Transit Systems

Cybersecurity in Transit Systems

The COVID-19 pandemic is having a profound effect on every infrastructure sector in North America, including transit systems, and on the information technology and operational technology systems that are embedded in their ongoing operations.

The TRB Transit Cooperative Research Program’s …[more]

Looking Ahead at the Cybersecurity Workforce at the Federal Aviation Administration

Looking Ahead at the Cybersecurity Workforce at the Federal Aviation Administration

The Federal Aviation Administration (FAA) has overseen significant upgrades to the technology used to manage aviation operations to increase the safety and efficiency of the National Airspace System (NAS). Though necessary to regular operations, these modern computing and communications systems …[more]

Robust Machine Learning Algorithms and Systems for Detection and Mitigation of Adversarial Attacks and Anomalies: Proceedings of a Workshop

Robust Machine Learning Algorithms and Systems for Detection and Mitigation of Adversarial Attacks and Anomalies: Proceedings of a Workshop

The Intelligence Community Studies Board (ICSB) of the National Academies of Sciences, Engineering, and Medicine convened a workshop on December 11–12, 2018, in Berkeley, California, to discuss robust machine learning algorithms and systems for the detection and mitigation of adversarial …[more]

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a …[more]

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious …[more]

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and …[more]

Securing the Vote: Protecting American Democracy

Securing the Vote: Protecting American Democracy

During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, assesses current technology and standards for …[more]

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

In 2017, researchers discovered a vulnerability in microprocessors used in computers and devices all over the world. The vulnerability, named Spectre, combines side effects from caching and speculative execution, which are techniques that have been used for many years to increase the speed at …[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …[more]

Cryptographic Agility and Interoperability: Proceedings of a Workshop

Cryptographic Agility and Interoperability: Proceedings of a Workshop

In May 2016, the National Academies of Sciences, Engineering, and Medicine hosted a workshop on Cryptographic Agility and Interoperability. Speakers at the workshop discussed the history and practice of cryptography, its current challenges, and its future possibilities. This publication …[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …[more]

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters: Summary of a Workshop

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters: Summary of a Workshop

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters is the summary of a workshop convened in February 2013 as a follow-up to the release of the National Research Council report Terrorism and the Electric Power Delivery System. That …[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, …[more]

Resources to Understand and Improve Cybersecurity

The SolarWinds cyberhack announced earlier this month is a potent reminder that despite considerable investments of resources and intellect, cybersecurity continues to pose serious challenges to national security, business performance, and public well-being. Cybersecurity is a dynamic process involving human attackers who continue to adapt. Responding requires sustained attention to the cybersecurity posture of individuals, firms, and government and involves both efforts to more effectively and more widely use what is known about improving cybersecurity and efforts to develop new knowledge about cybersecurity. Our titles explore preparedness, response and recovery from cyberattack. All are free to download.

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious …[more]

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Since 2009, when NCHRP’s last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of …[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …[more]

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

In 2017, researchers discovered a vulnerability in microprocessors used in computers and devices all over the world. The vulnerability, named Spectre, combines side effects from caching and speculative execution, which are techniques that have been used for many years to increase the speed at …[more]

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and …[more]

Securing the Vote: Protecting American Democracy

Securing the Vote: Protecting American Democracy

During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, assesses current technology and standards for …[more]

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a …[more]

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better …[more]

Guidebook on Best Practices for Airport Cybersecurity

Guidebook on Best Practices for Airport Cybersecurity

TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.

Traditional IT infrastructure such as servers, …[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …[more]

Professionalizing the Nation's Cybersecurity Workforce?: Criteria for Decision-Making

Professionalizing the Nation’s Cybersecurity Workforce?: Criteria for Decision-Making

Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making considers approaches to increasing the professionalization of the nation’s cybersecurity workforce. This report examines workforce requirements for cybersecurity and the segments and job functions in …[more]

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to …[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, …[more]

Take 5: Top Books for Computer Scientists

Got scientists and engineers on your holiday shopping list? Take five and check out our top gift ideas. NAP books and merchandise make thoughtful gifts for thinking people.

The Future of Computing Performance

The Future of Computing Performance: Game Over or Next Level?

The end of dramatic exponential growth in single-processor performance marks the end of the dominance of the single microprocessor in computing. The era of sequential computing must give way to a new era in which parallelism is at the forefront. Although…
Details
Biometric Recognition

Biometric Recognition: Challenges and Opportunities

Biometric recognition–the automated recognition of individuals based on their behavioral and biological characteristic–is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and…
Details
Toward a Safer and More Secure Cyberspace

Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
Details
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details
Proceedings of a Workshop on Deterring Cyberattacks

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details

Getting Personal: Balancing Privacy and Security in the Fight Against Terrorism

Recent debate over full-body scanners at airport security checkpoints once again highlights the issues we face in balancing security with privacy. We are observed at work, in stores, and on the street by security systems. By our own choice, we use online resources to bank, shop, contact friends and family, and apply for loans. In countless other ways we may unknowingly reveal personal information. Technological advances in biometric recognition, data mining, e-commerce and behavioral surveillance all raise questions about exactly how personal our personal information is.

Protecting Individual Privacy in the Struggle Against Terrorists examines existing privacy laws to assess how privacy can be protected in current and future programs. Law-abiding citizens leave extensive digital tracks, and so do criminals and terrorists. Gathering and analyzing electronic, behavioral, biological, and other information can play major roles in the prevention, detection, and mitigation of terrorist attacks, just as they do against other criminal threats. This book provides a framework for making decisions about deploying and evaluating information-based programs on the basis of their effectiveness and associated risks to personal privacy.

Released this year, Biometric Recognition: Challenges and Opportunities deals with unresolved questions about the effectiveness and management of systems for biometric recognition, as well as the appropriateness and societal impact of their use. These books and other titles from the Computer Science and Telecommunications Board can inform and guide discussion of this important issue.

Protecting Individual Privacy in the Struggle Against Terrorists Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment

All U.S. agencies with counterterrorism programs that collect or “mine” personal data — such as phone records or Web sites visited — should be required to evaluate the programs’ effectiveness, lawfulness, and impacts on privacy. A framework is…
Details
Biometric Recognition Biometric Recognition: Challenges and Opportunities

Biometric recognition–the automated recognition of individuals based on their behavioral and biological characteristic–is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and…
Details
Toward a Safer and More Secure Cyberspace Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
Details
Engaging Privacy and Information Technology in a Digital Age Engaging Privacy and Information Technology in a Digital Age

Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of business and…
Details

Herb Lin Speaks About Cyberattack and Stuxnet

Stuxnet is a quickly mutating computer worm that has been infiltrating computers in Iran. Discovered in June, Stuxnet has been found in over 45,000 computers in various countries, but the vast majority of infected systems are in Iran.

The 2009 title Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities provides insight and a context with which to view the Stuxnet situation. We asked Herb Lin, the Study Director and one of the editors of the book, for his perspective.

“Stuxnet is the first reported incident of malware aimed at computerized industrial control systems that (allegedly) seeks to cause actual damage to these systems, rather than just extracting information from them. That is, it appears to be an instrument of cyberATTACK and not just one of cyberEXPLOITATION. (The difference between cyberattack and cyberexploitation is addressed in the 2009 report on cyberattack.)

The 2009 report also provides the necessary background to understand many aspects of the Stuxnet incident, including the difficulty of attributing the source of a cyberattack, the intelligence support needed for a successful cyberattack to occur, the significance of nation state involvement, and the potential utility of cyberattack as an instrument of clandestine national policy.”

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities is available to download at no charge online at the NAP website. Links to this title and other National Academies reports that may also interest you are listed below.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…

Details
Proceedings of a Workshop on Deterring CyberAttacks Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…

Details
Toward Better Usability, Security, and Privacy of Information Technology Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,…

Details
Toward a Safer and More Secure Cyberspace Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…

Details