Cyberspace is notoriously vulnerable to varied and changing attacks by hackers, criminals, terrorists, and state actors. The nation’s critical infrastructure, including the electric power grid, air traffic control system, financial system, and communication networks, depends on information technology for its operation and thus is susceptible to cyberattack. Additionally, individuals need to protect themselves online as threats to technology and confidential data become more commonplace. Our publications explore the nature of cyberattacks and ways to build resilience into our networks to prepare for and defend from attack. All are free to read online or download.
Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop
In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better …[more]
Electric power is a critical infrastructure that is vital to the U.S. economy and national security. Today, the nation’s electric power infrastructure is threatened by malicious attacks, accidents, and failures, as well as disruptive natural events. As the electric grid evolves and becomes …[more]
Cybersecurity in Transit Systems
The COVID-19 pandemic is having a profound effect on every infrastructure sector in North America, including transit systems, and on the information technology and operational technology systems that are embedded in their ongoing operations.
The TRB Transit Cooperative Research Program’s …[more]
Looking Ahead at the Cybersecurity Workforce at the Federal Aviation Administration
The Federal Aviation Administration (FAA) has overseen significant upgrades to the technology used to manage aviation operations to increase the safety and efficiency of the National Airspace System (NAS). Though necessary to regular operations, these modern computing and communications systems …[more]
The Intelligence Community Studies Board (ICSB) of the National Academies of Sciences, Engineering, and Medicine convened a workshop on December 11–12, 2018, in Berkeley, California, to discuss robust machine learning algorithms and systems for the detection and mitigation of adversarial …[more]
Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop
Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a …[more]
Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop
In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious …[more]
Recoverability as a First-Class Security Objective: Proceedings of a Workshop
The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and …[more]
Securing the Vote: Protecting American Democracy
During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, assesses current technology and standards for …[more]
Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop
In 2017, researchers discovered a vulnerability in microprocessors used in computers and devices all over the world. The vulnerability, named Spectre, combines side effects from caching and speculative execution, which are techniques that have been used for many years to increase the speed at …[more]
Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions
Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …[more]
Cryptographic Agility and Interoperability: Proceedings of a Workshop
In May 2016, the National Academies of Sciences, Engineering, and Medicine hosted a workshop on Cryptographic Agility and Interoperability. Speakers at the workshop discussed the history and practice of cryptography, its current challenges, and its future possibilities. This publication …[more]
At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues
We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …[more]
The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters is the summary of a workshop convened in February 2013 as a follow-up to the release of the National Research Council report Terrorism and the Electric Power Delivery System. That …[more]
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, …[more]