TY - BOOK AU - National Research Council A2 - David Clark A2 - Thomas Berson A2 - Herbert S. Lin TI - At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues SN - DO - 10.17226/18749 PY - 2014 UR - https://nap.nationalacademies.org/catalog/18749/at-the-nexus-of-cybersecurity-and-public-policy-some-basic PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology AB - We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities? At the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace. ER - TY - BOOK AU - National Academies of Sciences, Engineering, and Medicine TI - Decrypting the Encryption Debate: A Framework for Decision Makers SN - DO - 10.17226/25010 PY - 2018 UR - https://nap.nationalacademies.org/catalog/25010/decrypting-the-encryption-debate-a-framework-for-decision-makers PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology AB - Encryption protects information stored on smartphones, laptops, and other devices - in some cases by default. Encrypted communications are provided by widely used computing devices and services - such as smartphones, laptops, and messaging applications - that are used by hundreds of millions of users. Individuals, organizations, and governments rely on encryption to counter threats from a wide range of actors, including unsophisticated and sophisticated criminals, foreign intelligence agencies, and repressive governments. Encryption on its own does not solve the challenge of providing effective security for data and systems, but it is an important tool. At the same time, encryption is relied on by criminals to avoid investigation and prosecution, including criminals who may unknowingly benefit from default settings as well as those who deliberately use encryption. Thus, encryption complicates law enforcement and intelligence investigations. When communications are encrypted "end-to-end," intercepted messages cannot be understood. When a smartphone is locked and encrypted, the contents cannot be read if the phone is seized by investigators. Decrypting the Encryption Debate reviews how encryption is used, including its applications to cybersecurity; its role in protecting privacy and civil liberties; the needs of law enforcement and the intelligence community for information; technical and policy options for accessing plaintext; and the international landscape. This book describes the context in which decisions about providing authorized government agencies access to the plaintext version of encrypted information would be made and identifies and characterizes possible mechanisms and alternative means of obtaining information. ER - TY - BOOK AU - National Research Council TI - Professionalizing the Nation's Cybersecurity Workforce?: Criteria for Decision-Making SN - DO - 10.17226/18446 PY - 2013 UR - https://nap.nationalacademies.org/catalog/18446/professionalizing-the-nations-cybersecurity-workforce-criteria-for-decision-making PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology KW - Education KW - Industry and Labor AB - Professionalizing the Nation's Cybersecurity Workforce? Criteria for Decision-Making considers approaches to increasing the professionalization of the nation's cybersecurity workforce. This report examines workforce requirements for cybersecurity and the segments and job functions in which professionalization is most needed; the role of assessment tools, certification, licensing, and other means for assessing and enhancing professionalization; and emerging approaches, such as performance-based measures. It also examines requirements for the federal (military and civilian) workforce, the private sector, and state and local government. The report focuses on three essential elements: (1) understanding the context for cybersecurity workforce development, (2) considering the relative advantages, disadvantages, and approaches to professionalizing the nation's cybersecurity workforce, and (3) setting forth criteria that can be used to identify which, if any, specialty areas may require professionalization and set forth criteria for evaluating different approaches and tools for professionalization. Professionalizing the Nation's Cybersecurity Workforce? Criteria for Decision-Making characterizes the current landscape for cybersecurity workforce development and sets forth criteria that the federal agencies participating in the National Initiative for Cybersecurity Education—as well as organizations that employ cybersecurity workers—could use to identify which specialty areas may require professionalization and to evaluate different approaches and tools for professionalization. ER - TY - BOOK AU - Transportation Research Board AU - National Academies of Sciences, Engineering, and Medicine A2 - Countermeasures Assessment & Security Experts, LLC A2 - Western Management and Consulting, LLC TI - Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies DO - 10.17226/25554 PY - 2020 UR - https://nap.nationalacademies.org/catalog/25554/update-of-security-101-a-physical-security-and-cybersecurity-primer-for-transportation-agencies PB - The National Academies Press CY - Washington, DC LA - English KW - Transportation and Infrastructure AB - Since 2009, when NCHRP's last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of transportation systems as well as ensured their resiliency.Hazards and threats to the system have also continued to evolve since 2009. While the incidence of large-scale terrorist attacks has remained small, transportation agencies are at increasingly greater risk from system-disrupting events due to natural causes, unintentional human intervention, and intentional criminal acts, such as active-shooter incidents. Cyber risks also are increasing and can impact not only data, but the control systems—like tunnel-ventilation systems—operated by transportation agencies.>The TRB National Cooperative Highway Research Program's NCHRP Research Report 930: Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies provides valuable information about current and accepted practices associated with both physical and cyber security and its applicability to surface transportation.The report is accompanied by a PowerPoint for the project and NCHRP Web-Only Document 266: Developing a Physical and Cyber Security Primer for Transportation Agencies. ER - TY - BOOK AU - National Research Council A2 - John L. Hennessy A2 - David A. Patterson A2 - Herbert S. Lin TI - Information Technology for Counterterrorism: Immediate Actions and Future Possibilities SN - DO - 10.17226/10640 PY - 2003 UR - https://nap.nationalacademies.org/catalog/10640/information-technology-for-counterterrorism-immediate-actions-and-future-possibilities PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology KW - Conflict and Security Issues AB - Information technology (IT) is essential to virtually all of the nation’s critical infrastructures making them vulnerable by a terrorist attack on their IT system. An attack could be on the system itself or use the IT system to launch or exacerbate another type of attack. IT can also be used as a counterterrorism tool. The report concludes that the most devastating consequences of a terrorist attack would occur if it were on or used IT as part of a broader attack. The report presents two recommendations on what can be done in the short term to protect the nation’s communications and information systems and several recommendations about what can be done over the longer term. The report also notes the importance of considering how an IT system will be deployed to maximize protection against and usefulness in responding to attacks. ER - TY - BOOK AU - Transportation Research Board AU - National Research Council TI - Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 DO - 10.17226/10730 PY - 2003 UR - https://nap.nationalacademies.org/catalog/10730/cybersecurity-of-freight-information-systems-a-scoping-study-special-report PB - The National Academies Press CY - Washington, DC LA - English KW - Transportation and Infrastructure KW - Computers and Information Technology AB - TRB Special Report 274 - Cybersecurity of Freight Information Systems: A Scoping Study reviews trends in the use of information technology in the freight transportation industry and assesses potential vulnerabilities to a cyberattack. Special Report 274 Summary ER - TY - BOOK AU - Transportation Research Board AU - National Academies of Sciences, Engineering, and Medicine A2 - Countermeasures Assessment and Security Experts LLC A2 - Western Management and Consulting LLC TI - Protection of Transportation Infrastructure from Cyber Attacks: A Primer DO - 10.17226/23516 PY - 2016 UR - https://nap.nationalacademies.org/catalog/23516/protection-of-transportation-infrastructure-from-cyber-attacks-a-primer PB - The National Academies Press CY - Washington, DC LA - English KW - Transportation and Infrastructure AB - TRB's Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is categorized as Transit Cooperative Research Program (TCRP) Web-Only Document 67 and National Cooperative Highway Research Program (NCHRP) Web-Only Document 221.The Primer delivers strategic, management, and planning information associated with cybersecurity and its applicability to transit and state DOT operations. It includes definitions and rationales that describe the principles and practices that enable effective cybersecurity risk management. The primer provides transportation managers and employees with greater context and information regarding the principles of information technology and operations systems security planning and procedures.The report is supplemented with an Executive Briefing for use as a 20-minute presentation to senior executives on security practices for transit and DOT cyber and industrial control systems. A PowerPoint summary of the project is also available. ER - TY - BOOK AU - Transportation Research Board AU - National Academies of Sciences, Engineering, and Medicine A2 - Countermeasures Assessment and Security Experts LLC A2 - Western Management and Consulting LLC TI - Protection of Transportation Infrastructure from Cyber Attacks: A Primer DO - 10.17226/23520 PY - 2016 UR - https://nap.nationalacademies.org/catalog/23520/protection-of-transportation-infrastructure-from-cyber-attacks-a-primer PB - The National Academies Press CY - Washington, DC LA - English KW - Transportation and Infrastructure AB - TRB's Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is categorized as Transit Cooperative Research Program (TCRP) Web-Only Document 67 and National Cooperative Highway Research Program (NCHRP) Web-Only Document 221.The Primer delivers strategic, management, and planning information associated with cybersecurity and its applicability to transit and state DOT operations. It includes definitions and rationales that describe the principles and practices that enable effective cybersecurity risk management. The primer provides transportation managers and employees with greater context and information regarding the principles of information technology and operations systems security planning and procedures.The report is supplemented with an Executive Briefing for use as a 20-minute presentation to senior executives on security practices for transit and DOT cyber and industrial control systems. A PowerPoint summary of the project is also available. ER - TY - BOOK AU - National Academies of Sciences, Engineering, and Medicine A2 - Anne Johnson A2 - Emily Grumbling TI - Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop SN - DO - 10.17226/25488 PY - 2019 UR - https://nap.nationalacademies.org/catalog/25488/implications-of-artificial-intelligence-for-cybersecurity-proceedings-of-a-workshop PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology AB - In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious security concerns: cyberattacks have escalated in number, frequency, and impact, drawing increased attention to the vulnerabilities of cyber systems and the need to increase their security. In the face of this changing landscape, there is significant concern and interest among policymakers, security practitioners, technologists, researchers, and the public about the potential implications of AI and ML for cybersecurity. The National Academies of Sciences, Engineering, and Medicine convened a workshop on March 12-13, 2019 to discuss and explore these concerns. This publication summarizes the presentations and discussions from the workshop. ER - TY - BOOK AU - National Research Council A2 - Joseph N. Pato A2 - Lynette I. Millett TI - Biometric Recognition: Challenges and Opportunities SN - DO - 10.17226/12720 PY - 2010 UR - https://nap.nationalacademies.org/catalog/12720/biometric-recognition-challenges-and-opportunities PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology KW - Engineering and Technology KW - Conflict and Security Issues AB - Biometric recognition--the automated recognition of individuals based on their behavioral and biological characteristic--is promoted as a way to help identify terrorists, provide better control of access to physical facilities and financial accounts, and increase the efficiency of access to services and their utilization. Biometric recognition has been applied to identification of criminals, patient tracking in medical informatics, and the personalization of social services, among other things. In spite of substantial effort, however, there remain unresolved questions about the effectiveness and management of systems for biometric recognition, as well as the appropriateness and societal impact of their use. Moreover, the general public has been exposed to biometrics largely as high-technology gadgets in spy thrillers or as fear-instilling instruments of state or corporate surveillance in speculative fiction. Now, as biometric technologies appear poised for broader use, increased concerns about national security and the tracking of individuals as they cross borders have caused passports, visas, and border-crossing records to be linked to biometric data. A focus on fighting insurgencies and terrorism has led to the military deployment of biometric tools to enable recognition of individuals as friend or foe. Commercially, finger-imaging sensors, whose cost and physical size have been reduced, now appear on many laptop personal computers, handheld devices, mobile phones, and other consumer devices. Biometric Recognition: Challenges and Opportunities addresses the issues surrounding broader implementation of this technology, making two main points: first, biometric recognition systems are incredibly complex, and need to be addressed as such. Second, biometric recognition is an inherently probabilistic endeavor. Consequently, even when the technology and the system in which it is embedded are behaving as designed, there is inevitable uncertainty and risk of error. This book elaborates on these themes in detail to provide policy makers, developers, and researchers a comprehensive assessment of biometric recognition that examines current capabilities, future possibilities, and the role of government in technology and system development. ER - TY - BOOK AU - National Research Council TI - Making the Nation Safer: The Role of Science and Technology in Countering Terrorism SN - DO - 10.17226/10415 PY - 2002 UR - https://nap.nationalacademies.org/catalog/10415/making-the-nation-safer-the-role-of-science-and-technology PB - The National Academies Press CY - Washington, DC LA - English KW - Conflict and Security Issues AB - Vulnerabilities abound in U.S. society. The openness and efficiency of our key infrastructures — transportation, information and telecommunications systems, health systems, the electric power grid, emergency response units, food and water supplies, and others — make them susceptible to terrorist attacks. Making the Nation Safer discusses technical approaches to mitigating these vulnerabilities. A broad range of topics are covered in this book, including: Nuclear and radiological threats, such as improvised nuclear devices and "dirty bombs;" Bioterrorism, medical research, agricultural systems and public health; Toxic chemicals and explosive materials; Information technology, such as communications systems, data management, cyber attacks, and identification and authentication systems; Energy systems, such as the electrical power grid and oil and natural gas systems; Transportation systems; Cities and fixed infrastructures, such as buildings, emergency operations centers, and tunnels; The response of people to terrorism, such as how quality of life and morale of the population can be a target of terrorists and how people respond to terrorist attacks; and Linked infrastructures, i.e. the vulnerabilities that result from the interdependencies of key systems. In each of these areas, there are recommendations on how to immediately apply existing knowledge and technology to make the nation safer and on starting research and development programs that could produce innovations that will strengthen key systems and protect us against future threats. The book also discusses issues affecting the government's ability to carry out the necessary science and engineering programs and the important role of industry, universities, and states, counties, and cities in homeland security efforts. A long term commitment to homeland security is necessary to make the nation safer, and this book lays out a roadmap of how science and engineering can assist in countering terrorism. ER - TY - BOOK AU - National Research Council TI - Improving State Voter Registration Databases: Final Report SN - DO - 10.17226/12788 PY - 2010 UR - https://nap.nationalacademies.org/catalog/12788/improving-state-voter-registration-databases-final-report PB - The National Academies Press CY - Washington, DC LA - English KW - Policy for Science and Technology KW - Industry and Labor KW - Behavioral and Social Sciences AB - Improving State Voter Registration Databases outlines several actions that are needed to help make voter registration databases capable of sharing information within state agencies and across state lines. These include short-term changes to improve education, dissemination of information, and administrative processes, and long-term changes to make improvements in data collection and entry, matching procedures, and ensure privacy and security. ER - TY - BOOK AU - National Research Council A2 - Stephen T. Kent A2 - Lynette I. Millett TI - Who Goes There?: Authentication Through the Lens of Privacy SN - DO - 10.17226/10656 PY - 2003 UR - https://nap.nationalacademies.org/catalog/10656/who-goes-there-authentication-through-the-lens-of-privacy PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology AB - Who Goes There?: Authentication Through the Lens of Privacy explores authentication technologies (passwords, PKI, biometrics, etc.) and their implications for the privacy of the individuals being authenticated. As authentication becomes ever more ubiquitous, understanding its interplay with privacy is vital. The report examines numerous concepts, including authentication, authorization, identification, privacy, and security. It provides a framework to guide thinking about these issues when deciding whether and how to use authentication in a particular context. The book explains how privacy is affected by system design decisions. It also describes government’s unique role in authentication and what this means for how government can use authentication with minimal invasions of privacy. In addition, Who Goes There? outlines usability and security considerations and provides a primer on privacy law and policy. ER - TY - BOOK AU - National Research Council TI - Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy SN - DO - 10.17226/12997 PY - 2010 UR - https://nap.nationalacademies.org/catalog/12997/proceedings-of-a-workshop-on-deterring-cyberattacks-informing-strategies-and PB - The National Academies Press CY - Washington, DC LA - English KW - Conflict and Security Issues KW - Computers and Information Technology AB - In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed. ER - TY - BOOK AU - National Academies of Sciences, Engineering, and Medicine TI - Securing the Vote: Protecting American Democracy SN - DO - 10.17226/25120 PY - 2018 UR - https://nap.nationalacademies.org/catalog/25120/securing-the-vote-protecting-american-democracy PB - The National Academies Press CY - Washington, DC LA - English KW - Behavioral and Social Sciences AB - During the 2016 presidential election, America's election infrastructure was targeted by actors sponsored by the Russian government. Securing the Vote: Protecting American Democracy examines the challenges arising out of the 2016 federal election, assesses current technology and standards for voting, and recommends steps that the federal government, state and local governments, election administrators, and vendors of voting technology should take to improve the security of election infrastructure. In doing so, the report provides a vision of voting that is more secure, accessible, reliable, and verifiable. ER - TY - BOOK AU - Transportation Research Board AU - National Academies of Sciences, Engineering, and Medicine A2 - Randall J. Murphy A2 - Michael Sukkarieh A2 - Jon Haass A2 - Paul Hriljac TI - Guidebook on Best Practices for Airport Cybersecurity DO - 10.17226/22116 PY - 2015 UR - https://nap.nationalacademies.org/catalog/22116/guidebook-on-best-practices-for-airport-cybersecurity PB - The National Academies Press CY - Washington, DC LA - English KW - Transportation and Infrastructure AB - TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.Traditional IT infrastructure such as servers, desktops, and network devices are covered along with increasingly sophisticated and interconnected industrial control systems, such as baggage handling, temperature control, and airfield lighting systems.The guidebook also includes a CD-ROM of multimedia material that may be used to educate all staff at airports about the need, and how, to be diligent against cybersecurity threats.The CD-ROM is also available for download from TRB’s website as an ISO image. Links to the ISO image and instructions for burning a CD-ROM from an ISO image are provided below.Help on Burning an .ISO CD-ROM ImageDownload the .ISO CD-ROM Image(Warning: This is a large file and may take some time to download using a high-speed connection.)CD-ROM Disclaimer - This software is offered as is, without warranty or promise of support of any kind either expressed or implied. Under no circumstance will the National Academy of Sciences or the Transportation Research Board (collectively "TRB") be liable for any loss or damage caused by the installation or operation of this product. TRB makes no representation or warranty of any kind, expressed or implied, in fact or in law, including without limitation, the warranty of merchantability or the warranty of fitness for a particular purpose, and shall not in any case be liable for any consequential or special damages. ER - TY - BOOK AU - National Research Council AU - National Academy of Engineering A2 - Seymour E. Goodman A2 - Herbert S. Lin TI - Toward a Safer and More Secure Cyberspace SN - DO - 10.17226/11925 PY - 2007 UR - https://nap.nationalacademies.org/catalog/11925/toward-a-safer-and-more-secure-cyberspace PB - The National Academies Press CY - Washington, DC LA - English KW - Computers and Information Technology KW - Conflict and Security Issues AB - Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation’s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets. Toward a Safer and More Secure Cyberspace examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. This book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety. ER -