Tag Archives: ransomware

Increasing Resilience to Prevent and Respond to Cyberattacks

A strong defense against ransomware and other forms of cyberattack is critical for the efficient operation and delivery our nation’s computer, infrastructure, and communications services and networks. Our reports explain the importance of increasing the usability of security technologies, recommend strategies for future research aimed at countering cyberattacks, and consider how information technology systems can be used to maximize protection against attacks and respond to threats. All are free to read or download.

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Communications, Cyber Resilience, and the Future of the U.S. Electric Power System: Proceedings of a Workshop

Electric power is a critical infrastructure that is vital to the U.S. economy and national security. Today, the nation’s electric power infrastructure is threatened by malicious attacks, accidents, and failures, as well as disruptive natural events. As the electric grid evolves and becomes …[more]

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies

Since 2009, when NCHRP’s last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of …[more]

Developing a Physical and Cyber Security Primer for Transportation Agencies

Developing a Physical and Cyber Security Primer for Transportation Agencies

Small events pose threats of great consequences since the impact of any incident is magnified when a transportation network is operating at or past its capacity—as is the case in portions of many states as travel demand on their transportation networks grows.

The TRB National …[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …[more]

A 21st Century Cyber-Physical Systems Education

A 21st Century Cyber-Physical Systems Education

Cyber-physical systems (CPS) are “engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components.” CPS can be small and closed, such as an artificial pancreas, or very large, complex, and interconnected, such as a regional …[more]

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

TRB’s Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is …[more]

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

Protection of Transportation Infrastructure from Cyber Attacks: A Primer

TRB’s Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is …[more]

Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum

Cybersecurity Dilemmas: Technology, Policy, and Incentives: Summary of Discussions at the 2014 Raymond and Beverly Sackler U.S.-U.K. Scientific Forum

Individuals, businesses, governments, and society at large have tied their future to information technologies, and activities carried out in cyberspace have become integral to daily life. Yet these activities – many of them drivers of economic development – are under constant attack from …[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …[more]

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, …[more]

Data Breach and Ransomware Attacks: Enhancing Resiliency and Safety

This week, a third-party medical billing collections company, American Medical Collection Agency, announced that they had experienced a data breach, exposing the personal and financial information of nearly 20 million LabCorp and Quest Diagnostics customers. At the same time, the City of Baltimore and the Philadelphia city court online system are struggling to respond and recover from ransomware attacks.

Breaches and attacks can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Beyond financial loss, the impacts of these actions can threaten personal reputations, national security, and even the safety of children.

Our publications discuss urgent issues related to the resilience of the nation’s computing and communications systems, including the Internet, commercial systems, and other critical infrastructures. All are free to read online or download.

Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better …

[more]

Beyond Spectre: Confronting New Technical and Policy Challenges: Proceedings of a Workshop

In 2017, researchers discovered a vulnerability in microprocessors used in computers and devices all over the world. The vulnerability, named Spectre, combines side effects from caching and speculative execution, which are techniques that have been used for many years to increase the speed at …

[more]

Recoverability as a First-Class Security Objective: Proceedings of a Workshop

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and …

[more]

Enhancing the Resilience of the Nation’s Electricity System

Americans’ safety, productivity, comfort, and convenience depend on the reliable supply of electric power. The electric power system is a complex “cyber-physical” system composed of a network of millions of components spread out across the continent. These components are owned, operated, …

[more]

Securing the Vote: Protecting American Democracy

During the 2016 presidential election, America’s election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, assesses current technology and standards for …

[more]

Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop

Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a …

[more]

Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions

Attaining meaningful cybersecurity presents a broad societal challenge. Its complexity and the range of systems and sectors in which it is needed mean that successful approaches are necessarily multifaceted. Moreover, cybersecurity is a dynamic process involving human attackers who continue to …

[more]

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. …

[more]

Professionalizing the Nation’s Cybersecurity Workforce?: Criteria for Decision-Making

Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making considers approaches to increasing the professionalization of the nation’s cybersecurity workforce. This report examines workforce requirements for cybersecurity and the segments and job functions in …

[more]