Tag Archives: cyberattacks

Protecting Critical Systems and Personal Data from Cyberattack

Cyberspace is notoriously vulnerable to varied and changing attacks by hackers, criminals, terrorists, and state actors. The nation’s critical infrastructure, including the electric power grid, air traffic control system, financial system, and communication networks, depends on information technology for its operation and thus is susceptible to cyberattack. Additionally, individuals need to protect themselves online as threats to technology and confidential data become more commonplace. Our publications explore the nature of cyberattacks and ways to build resilience into our networks to prepare for and defend from attack. All are free to read online or download.

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better …[more]

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Electric power is a critical infrastructure that is vital to the U.S. economy and national security. Today, the nation’s electric power infrastructure is threatened by malicious attacks, accidents, and failures, as well as disruptive natural events. As the electric grid evolves and becomes …[more]

Cybersecurity in Transit Systems

Cybersecurity in Transit Systems

The COVID-19 pandemic is having a profound effect on every infrastructure sector in North America, including transit systems, and on the information technology and operational technology systems that are embedded in their ongoing operations.

The TRB Transit Cooperative Research Program’s …[more]

Looking Ahead at the Cybersecurity Workforce at the Federal Aviation Administration

Looking Ahead at the Cybersecurity Workforce at the Federal Aviation Administration

The Federal Aviation Administration (FAA) has overseen significant upgrades to the technology used to manage aviation operations to increase the safety and efficiency of the National Airspace System (NAS). Though necessary to regular operations, these modern computing and communications systems …[more]

Robust Machine Learning Algorithms and Systems for Detection and Mitigation of Adversarial Attacks and Anomalies: Proceedings of a Workshop

Robust Machine Learning Algorithms and Systems for Detection and Mitigation of Adversarial Attacks and Anomalies: Proceedings of a Workshop

The Intelligence Community Studies Board (ICSB) of the National Academies of Sciences, Engineering, and Medicine convened a workshop on December 11–12, 2018, in Berkeley, California, to discuss robust machine learning algorithms and systems for the detection and mitigation of adversarial …[more]

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a …[more]

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious …[more]

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and …[more]

Securing the Vote: Protecting American Democracy

Securing the Vote: Protecting American Democracy

During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, assesses current technology and standards for …[more]

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

In 2017, researchers discovered a vulnerability in microprocessors used in computers and devices all over the world. The vulnerability, named Spectre, combines side effects from caching and speculative execution, which are techniques that have been used for many years to increase the speed at …[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …[more]

Cryptographic Agility and Interoperability: Proceedings of a Workshop

Cryptographic Agility and Interoperability: Proceedings of a Workshop

In May 2016, the National Academies of Sciences, Engineering, and Medicine hosted a workshop on Cryptographic Agility and Interoperability. Speakers at the workshop discussed the history and practice of cryptography, its current challenges, and its future possibilities. This publication …[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …[more]

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters: Summary of a Workshop

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters: Summary of a Workshop

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters is the summary of a workshop convened in February 2013 as a follow-up to the release of the National Research Council report Terrorism and the Electric Power Delivery System. That …[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, …[more]

Increasing Resilience to Prevent and Respond to Cyberattacks

A strong defense against ransomware and other forms of cyberattack is critical for the efficient operation and delivery our nation’s computer, infrastructure, and communications services and networks. Our reports explain the importance of increasing the usability of security technologies, recommend strategies for future research aimed at countering cyberattacks, and consider how information technology systems can be used to maximize protection against attacks and respond to threats. All are free to read or download.

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Electric power is a critical infrastructure that is vital to the U.S. economy and national security. Today, the nation’s electric power infrastructure is threatened by malicious attacks, accidents, and failures, as well as disruptive natural events. As the electric grid evolves and becomes …[more]

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Since 2009, when NCHRP’s last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of …[more]

Developing a Physical and Cyber Security Primer for Transportation Agencies

Developing a Physical and Cyber Security Primer for Transportation Agencies

Small events pose threats of great consequences since the impact of any incident is magnified when a transportation network is operating at or past its capacity—as is the case in portions of many states as travel demand on their transportation networks grows.

The TRB National …[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …[more]

A 21st Century Cyber-Physical Systems Education

A 21st Century Cyber-Physical Systems Education

Cyber-physical systems (CPS) are “engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components.” CPS can be small and closed, such as an artificial pancreas, or very large, complex, and interconnected, such as a regional …[more]

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

TRB’s Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is …[more]

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

TRB’s Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is …[more]

Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum

Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum

Individuals, businesses, governments, and society at large have tied their future to information technologies, and activities carried out in cyberspace have become integral to daily life. Yet these activities – many of them drivers of economic development – are under constant attack from …[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, …[more]

Resources to Understand and Improve Cybersecurity

The SolarWinds cyberhack announced earlier this month is a potent reminder that despite considerable investments of resources and intellect, cybersecurity continues to pose serious challenges to national security, business performance, and public well-being. Cybersecurity is a dynamic process involving human attackers who continue to adapt. Responding requires sustained attention to the cybersecurity posture of individuals, firms, and government and involves both efforts to more effectively and more widely use what is known about improving cybersecurity and efforts to develop new knowledge about cybersecurity. Our titles explore preparedness, response and recovery from cyberattack. All are free to download.

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop

In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious …[more]

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Since 2009, when NCHRP’s last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of …[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …[more]

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

In 2017, researchers discovered a vulnerability in microprocessors used in computers and devices all over the world. The vulnerability, named Spectre, combines side effects from caching and speculative execution, which are techniques that have been used for many years to increase the speed at …[more]

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and …[more]

Securing the Vote: Protecting American Democracy

Securing the Vote: Protecting American Democracy

During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, assesses current technology and standards for …[more]

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a …[more]

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better …[more]

Guidebook on Best Practices for Airport Cybersecurity

Guidebook on Best Practices for Airport Cybersecurity

TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.

Traditional IT infrastructure such as servers, …[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …[more]

Professionalizing the Nation's Cybersecurity Workforce?: Criteria for Decision-Making

Professionalizing the Nation’s Cybersecurity Workforce?: Criteria for Decision-Making

Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making considers approaches to increasing the professionalization of the nation’s cybersecurity workforce. This report examines workforce requirements for cybersecurity and the segments and job functions in …[more]

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to …[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, …[more]

Becoming Cyber Resilient – What You Need to Know

Individuals, public utilities, corporations, election systems, institutions, and social media are all vulnerable to cyberattacks and data breaches. As the number of and damage from these kinds of activities increase, how can we become more cyber resilient? Our reports examine the threats that cyberattacks pose and make recommendations to prevent, respond to, and recover from future incursions. All are free to download.

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they …

[more]

Securing the Vote: Protecting American Democracy

During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, …

[more]

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations …

[more]

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape …

[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic …

[more]

Guidebook on Best Practices for Airport Cybersecurity

TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based …

[more]

Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum

Individuals, businesses, governments, and society at large have tied their future to information technologies, and activities carried out in cyberspace have become integral to daily life. Yet these activities – many of them drivers of economic …

[more]

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

TRB’s Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product …

[more]

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters: Summary of a Workshop

The Resilience of the Electric Power Delivery System in Response to Terrorism and Natural Disasters is the summary of a workshop convened in February 2013 as a follow-up to the release of the National Research Council report Terrorism …

[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, …

[more]

Cybersecurity: Prevention and Recovery

In a world growing increasingly dependent on technology, the prevention of cyberattacks is more critical than ever. Our reports explain the importance of increasing the usability of security technologies, recommend strategies for future research aimed at countering cyberattacks, and consider how information technology systems can be used to not only maximize protection against attacks, but also respond to threats.

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they …

[more]

Legal Issues Concerning Transit Agency Use of Electronic Customer Data

TRB’s Transit Cooperative Research Program (TCRP) Legal Research Digest (LRD) 48: Legal Issues Concerning Transit Agency Use of Electronic Customer Data explores the advantages, disadvantages, risks, and benefits for transit agencies moving to …

[more]

Federal Statistics, Multiple Data Sources, and Privacy Protection: Next Steps

The environment for obtaining information and providing statistical data for policy makers and the public has changed significantly in the past decade, raising questions about the fundamental survey paradigm that underlies federal statistics. New …

[more]

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

TRB’s Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product …

[more]

Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum

Individuals, businesses, governments, and society at large have tied their future to information technologies, and activities carried out in cyberspace have become integral to daily life. Yet these activities – many of them drivers of economic …

[more]

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to …

[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, …

[more]

Engaging Privacy and Information Technology in a Digital Age

Privacy is a growing concern in the United States and around the world. The spread of the Internet and the seemingly boundaryless options for collecting, saving, sharing, and comparing information trigger consumer worries. Online practices of …

[more]

Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit …

[more]

Sony Hack Emphasizes Need for Improved Cybersecurity

Last month’s hacking of Sony Pictures Entertainment has highlighted the vulnerability of companies to cyberattack. The hackers stole confidential documents, deleted the originals, and left threatening messages. With the computers unusable even days after the attack, employees resorted to using white boards to do their work. Meanwhile, the hackers released the confidential documents to journalists, and five Sony movies to the public at large.

The Sony hack clearly demonstrates a need for improved cybersecurity. Governments are not the only ones vulnerable, and state secrets are not the only targets. To learn more about how we can prevent future cyberattacks with improved security, check out our Cybersecurity Collection:

 

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of …

[more]

Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all …

[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. …

[more]

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use, configure, or operate systems in ways that are inadvertently insecure. Moreover, security and privacy technologies originally were developed in a context in which system administrators had …

[more]

Gauss Malware – Cyberattack or Cyber Exploitation? NRC Reports Explain.

The recent Gauss malware attack has been the hot topic of the cyber community and several technology magazines have dedicated lengthy articles about the seriousness of the virus. We asked Dr. Herbert Lin, cyber attack expert and chief scientist at the Computer Science and Telecommunications Board of the National Research Council, to weigh in and explain the significance of the Gauss malware virus currently affecting the Middle East. Here’s what he had to say:

“A number of public reports have asserted that Gauss is state-sponsored malware directed against customers of Middle Eastern banks for the purpose of gathering intelligence on those banks and customers. If this is its only purpose (and no reports have yet surfaced indicating that Gauss is an agent intended to steal money), then Gauss is an agent of cyber exploitation rather than cyber attack. But even if Gauss is state-sponsored, it would be just one more example of how nations conduct espionage operations against entities of interest with all the tools at their disposal.

The details of financial transactions in the Middle East are clearly interesting to those who follow the development of weapons of mass destruction, the evasion of sanctions, and terrorist activities, and it would not be surprising if nations use cyber espionage to obtain information that they could not otherwise obtain from the banking systems in question.”

The National Research Council has produced a number of significant reports on cyber security and related subjects, which are all free to download from www.NAP.edu.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Download Free PDF

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities390 pages | Paperback | Price: $44.10The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal… [more]
Proceedings of a Workshop on Deterring Cyberattacks

Download Free PDF

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy400 pages | Paperback | Price: $70.65In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity… [more]
Toward a Safer and More Secure Cyberspace

Download Free PDF

Toward a Safer and More Secure Cyberspace328 pages | Paperback | Price: $51.30Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit… [more]
Critical Code

Download Free PDF

Critical Code: Software Producibility for Defense160 pages | Paperback | Price: $31.27Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books–Summary of a Workshop on Software Intensive Systems and… [more]
Toward Better Usability, Security, and Privacy of Information Technology

Download Free PDF

Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop70 pages | Paperback | Price: $18.90Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,… [more]

Take 5: Top Books for Computer Scientists

Got scientists and engineers on your holiday shopping list? Take five and check out our top gift ideas. NAP books and merchandise make thoughtful gifts for thinking people.

The Future of Computing Performance

The Future of Computing Performance: Game Over or Next Level?

The end of dramatic exponential growth in single-processor performance marks the end of the dominance of the single microprocessor in computing. The era of sequential computing must give way to a new era in which parallelism is at the forefront. Although…
Details

Biometric Recognition

Biometric Recognition: Challenges and Opportunities

Biometric recognition–the automated recognition of individuals based on their behavioral and biological characteristic–is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and…
Details

Toward a Safer and More Secure Cyberspace

Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
Details

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details

Proceedings of a Workshop on Deterring Cyberattacks

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details

Cybersecurity: Issues in Defending Networks and Systems from Cyberattack and Cyberespionage

Last week the International Monetary Fund (IMF) reported that it was a target of a cyber break-in, an attack designed to infiltrate the IMF in order to gain sensitive insider privileged information. Intrusions into secure networks of organizations such as the IMF focus the public’s attention on the subject of cybersecurity. We asked Herb Lin, Chief Scientist at NRC’s Computer Science and Telecommunications Board, for his perspective.

“The IMF incident is troubling in the same way that many other break-ins are troubling—they point to weaknesses in the cybersecurity of organizations important to national and international economies, national security, and economic prosperity. Cyberattacks destroy or damage computer systems or the information in them; cyber exploitations (or cyber espionage) obtain from computers information that should be kept confidential. These kinds of operations are the threats against which effective cybersecurity measures need to be taken by everyone, but especially by organizations that play key roles in society.”

Toward a Safer and More Secure Cyberspace discusses cybersecurity from a defensive perspective. It explores the nature of online threats and examines security vulnerabilities of the Internet and in computer systems and networks. In addition, it considers why organizations have failed to adopt measures that could make them more secure against cyberthreats.

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities focuses on the policy and operational dimensions of cyberattack and cyberexploitation and distinguishes between the two. This book also discusses policy and legal frameworks for the use of cyberattack as an instrument of national policy. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights.

Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy is a collection of papers by experts in the field about various aspects of cyberattack. This book is phase two of a project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government.

These books can inform debate and contribute to decision-making. PDFs of these and others titles from the Computer Science and Telecommunications Board are free to download.

Toward a Safer and More Secure Cyberspace
Toward a Safer and More Secure Cyberspace

Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit…
Details

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details

Proceedings of a Workshop on Deterring CyberAttacks
Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details

Science and the Future of Computing: Parallel Processing to Meet Tomorrow’s Challenges

Fast, inexpensive computers are now essential for nearly all human endeavors and have been a critical factor in increasing economic productivity, enabling new defense systems, and advancing the frontiers of science. For the last half-century, computers have been doubling in performance and capacity every couple of years. For example, the raw performance of a 1970s supercomputer is now available in a typical modern cell phone. The remarkable growth in computing throughout the lifetimes of most people has resulted in the expectation that such phenomenal progress will continue well into the future. As our demand for increased technology performance shows no signs of slowing, it becomes apparent that we need to find ways to sustain increasing performance.

In their efforts to make faster computers, scientists have concentrated on reductions in transistor size, enabling more transistors to be packed onto computer chips. Current chips range from several complex processors to hundreds of simpler processors. To use chip multiprocessors, applications must use a parallel programming model, which divides a program into parts that are then executed in parallel on distinct processors. However, much software today is written according to a sequential programming model, and applications written this way cannot easily be sped up by using parallel processors. The Future of Computing Performance: Game Over or Next Level? recommends that our nation place a much greater emphasis on IT and computer-science research and development focused on improvements and innovations in parallel processing, and on making the transition to computing centered on parallelism.

This book also discusses the need for research and development on much more power-efficient computing systems at all levels of technology, including devices, hardware architecture, and software. The Future of Computing Performance makes recommendations aimed at supporting and focusing research, development, and education in parallel computing. It sets a path forward to sustain growth in computer performance so that we can enjoy the next level of benefits to society.

This book and others from the Computer Science and Telecommunications Board can inform discussion and guide decision-making.

The Future of Computing Performance The Future of Computing Performance: Game Over or Next Level?

The end of dramatic exponential growth in single-processor performance marks the end of the dominance of the single microprocessor in computing. The era of sequential computing must give way to a new era in which parallelism is at the forefront. Although…
Details

 

Wireless Technology Prospects and Policy Options Wireless Technology Prospects and Policy Options

The use of radio-frequency communication–commonly referred to as wireless communication–is becoming more pervasive as well as more economically and socially important. Technological progress over many decades has enabled the deployment of several successive…
Details

 

Transforming Combustion Research through Cyberinfrastructure Transforming Combustion Research through Cyberinfrastructure

Combustion has provided society with most of its energy needs for millennia, from igniting the fires of cave dwellers to propelling the rockets that traveled to the Moon. Even in the face of climate change and the increasing availability of alternative energy…
Details

 

Biometric Recognition Biometric Recognition: Challenges and Opportunities

Biometric recognition–the automated recognition of individuals based on their behavioral and biological characteristic–is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and…
Details

 

Critical Code Critical Code: Software Producibility for Defense

Critical Code contemplates Department of Defense (DoD) needs and priorities for software research and suggests a research agenda and related actions. Building on two prior books–Summary of a Workshop on Software Intensive Systems and…
Details

 

Toward Better Usability, Security, and Privacy of Information Technology Toward Better Usability, Security, and Privacy of Information Technology: Report of a Workshop

Despite many advances, security and privacy often remain too complex for individuals or enterprises to manage effectively or to use conveniently. Security is hard for users, administrators, and developers to understand, making it all too easy to use,…
Details

 

Proceedings of a Workshop on Deterring CyberAttacks Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation’s important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity…
Details

 

Report of a Workshop on The Scope and Nature of Computational Thinking Report of a Workshop on The Scope and Nature of Computational Thinking

Report of a Workshop on the Scope and Nature of Computational Thinking presents a number of perspectives on the definition and applicability of computational thinking. For example, one idea expressed during the workshop is that computational thinking is a…
Details

 

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations.  Although there is a substantial literature on the potential impact of a cyberattack on the societal…
Details