@BOOK{NAP author = "Transportation Research Board and National Academies of Sciences, Engineering, and Medicine", editor = "Countermeasures Assessment and Security Experts LLC and Western Management and Consulting LLC", title = "Protection of Transportation Infrastructure from Cyber Attacks: A Primer", abstract = "TRB's Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is categorized as Transit Cooperative Research Program (TCRP) Web-Only Document 67 and National Cooperative Highway Research Program (NCHRP) Web-Only Document 221.The Primer delivers strategic, management, and planning information associated with cybersecurity and its applicability to transit and state DOT operations. It includes definitions and rationales that describe the principles and practices that enable effective cybersecurity risk management. The primer provides transportation managers and employees with greater context and information regarding the principles of information technology and operations systems security planning and procedures.The report is supplemented with an Executive Briefing for use as a 20-minute presentation to senior executives on security practices for transit and DOT cyber and industrial control systems. A PowerPoint summary of the project is also available.", url = "https://nap.nationalacademies.org/catalog/23516/protection-of-transportation-infrastructure-from-cyber-attacks-a-primer", year = 2016, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "Transportation Research Board and National Academies of Sciences, Engineering, and Medicine", editor = "Countermeasures Assessment and Security Experts LLC and Western Management and Consulting LLC", title = "Protection of Transportation Infrastructure from Cyber Attacks: A Primer", abstract = "TRB's Protection of Transportation Infrastructure from Cyber Attacks: A Primer provides transportation organizations with reference materials concerning cybersecurity concepts, guidelines, definitions, and standards. The primer is a joint product of two TRB Cooperative Research Programs, and is categorized as Transit Cooperative Research Program (TCRP) Web-Only Document 67 and National Cooperative Highway Research Program (NCHRP) Web-Only Document 221.The Primer delivers strategic, management, and planning information associated with cybersecurity and its applicability to transit and state DOT operations. It includes definitions and rationales that describe the principles and practices that enable effective cybersecurity risk management. The primer provides transportation managers and employees with greater context and information regarding the principles of information technology and operations systems security planning and procedures.The report is supplemented with an Executive Briefing for use as a 20-minute presentation to senior executives on security practices for transit and DOT cyber and industrial control systems. A PowerPoint summary of the project is also available.", url = "https://nap.nationalacademies.org/catalog/23520/protection-of-transportation-infrastructure-from-cyber-attacks-a-primer", year = 2016, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Academies of Sciences, Engineering, and Medicine", title = "Looking Ahead at the Cybersecurity Workforce at the Federal Aviation Administration", isbn = "978-0-309-39150-4", abstract = "The Federal Aviation Administration (FAA) has overseen significant upgrades to the technology used to manage aviation operations to increase the safety and efficiency of the National Airspace System (NAS). Though necessary to regular operations, these modern computing and communications systems provide a greater attack surface for criminals, terrorists, or nation-states to exploit and thereby increase the potential for cybersecurity threats to the NAS and its constituents.\nThe future safety and security of air travel will rely in part on the ability of the FAA to build a workforce capable of addressing the evolving cybersecurity threat landscape. Securing the computers, networks, and data that underpin modern aviation depends in part on the FAA having enough cybersecurity professionals (capacity) with the right knowledge, skills, and abilities (capability)). It also depends on the FAA's workforce having sufficient diversity of backgrounds and experience. Such diversity is critical in analyzing cybersecurity problems and widely understood to be a \"functional imperative\" for effective cybersecurity programs.\nAt the request of Congress, the publication examines the FAA's cybersecurity workforce challenges, reviews the current strategy for meeting those challenges, and recommends ways to strengthen the FAA's cybersecurity workforce.", url = "https://nap.nationalacademies.org/catalog/26105/looking-ahead-at-the-cybersecurity-workforce-at-the-federal-aviation-administration", year = 2021, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Academies of Sciences, Engineering, and Medicine", editor = "Anne Johnson and Lynette I. Millett", title = "Data Breach Aftermath and Recovery for Individuals and Institutions: Proceedings of a Workshop", isbn = "978-0-309-44505-4", abstract = "In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better protecting and helping consumers in the wake of a breach. Speakers were asked to focus on data breach aftermath and recovery and to discuss ways to remediate harms from breaches. This publication summarizes the presentations and discussions from the workshop.", url = "https://nap.nationalacademies.org/catalog/23559/data-breach-aftermath-and-recovery-for-individuals-and-institutions-proceedings", year = 2016, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", editor = "Richard Celeste and Dick Thornburgh and Herbert Lin", title = "Asking the Right Questions About Electronic Voting", isbn = "978-0-309-10024-3", abstract = "Many election officials look to electronic voting systems as a means for improving their ability to more effectively conduct and administer elections. At the same time, many information technologists and activists have raised important concerns regarding the security of such systems. Policy makers are caught in the midst of a controversy with both political and technological overtones. The public debate about electronic voting is characterized by a great deal of emotion and rhetoric.\nAsking the Right Questions About Electronic Voting describes the important questions and issues that election officials, policy makers, and informed citizens should ask about the use of computers and information technology in the electoral process\u2014focusing the debate on technical and policy issues that need resolving. The report finds that while electronic voting systems have improved, federal and state governments have not made the commitment necessary for e-voting to be widely used in future elections. More funding, research, and public education are required if e-voting is to become viable.", url = "https://nap.nationalacademies.org/catalog/11449/asking-the-right-questions-about-electronic-voting", year = 2006, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Academies of Sciences, Engineering, and Medicine", editor = "Anne Frances Johnson and Lynette I. Millett", title = "Software Update as a Mechanism for Resilience and Security: Proceedings of a Workshop", isbn = "978-0-309-46288-4", abstract = "Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a workshop featuring invited speakers from government, the private sector, and academia. This publication summarizes the presentations and discussions from the workshop.", url = "https://nap.nationalacademies.org/catalog/24833/software-update-as-a-mechanism-for-resilience-and-security-proceedings", year = 2017, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", editor = "William A. Owens and Kenneth W. Dam and Herbert S. Lin", title = "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities", isbn = "978-0-309-13850-5", abstract = "The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. \n\nCyberattacks--actions intended to damage adversary computer systems or networks--can be used for a variety of military purposes. But they also have application to certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. This report considers all of these applications from an integrated perspective that ties together technology, policy, legal, and ethical issues.\n\nFocusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores important characteristics of cyberattack. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights. Of special interest to the military, intelligence, law enforcement, and homeland security communities, this report is also an essential point of departure for nongovernmental researchers interested in this rarely discussed topic.", url = "https://nap.nationalacademies.org/catalog/12651/technology-policy-law-and-ethics-regarding-us-acquisition-and-use-of-cyberattack-capabilities", year = 2009, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", editor = "David Clark and Thomas Berson and Herbert S. Lin", title = "At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues", isbn = "978-0-309-30318-7", abstract = "We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-based networks. Cybersecurity is vital to protecting all of these functions. Cyberspace is vulnerable to a broad spectrum of hackers, criminals, terrorists, and state actors. Working in cyberspace, these malevolent actors can steal money, intellectual property, or classified information; impersonate law-abiding parties for their own purposes; damage important data; or deny the availability of normally accessible services. Cybersecurity issues arise because of three factors taken together - the presence of malevolent actors in cyberspace, societal reliance on IT for many important functions, and the presence of vulnerabilities in IT systems. What steps can policy makers take to protect our government, businesses, and the public from those would take advantage of system vulnerabilities?\nAt the Nexus of Cybersecurity and Public Policy offers a wealth of information on practical measures, technical and nontechnical challenges, and potential policy responses. According to this report, cybersecurity is a never-ending battle; threats will evolve as adversaries adopt new tools and techniques to compromise security. Cybersecurity is therefore an ongoing process that needs to evolve as new threats are identified. At the Nexus of Cybersecurity and Public Policy is a call for action to make cybersecurity a public safety priority. For a number of years, the cybersecurity issue has received increasing public attention; however, most policy focus has been on the short-term costs of improving systems. In its explanation of the fundamentals of cybersecurity and the discussion of potential policy responses, this book will be a resource for policy makers, cybersecurity and IT professionals, and anyone who wants to understand threats to cyberspace.", url = "https://nap.nationalacademies.org/catalog/18749/at-the-nexus-of-cybersecurity-and-public-policy-some-basic", year = 2014, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Academies of Sciences, Engineering, and Medicine", editor = "Anne Johnson and Emily Grumbling", title = "Implications of Artificial Intelligence for Cybersecurity: Proceedings of a Workshop", isbn = "978-0-309-49450-2", abstract = "In recent years, interest and progress in the area of artificial intelligence (AI) and machine learning (ML) have boomed, with new applications vigorously pursued across many sectors. At the same time, the computing and communications technologies on which we have come to rely present serious security concerns: cyberattacks have escalated in number, frequency, and impact, drawing increased attention to the vulnerabilities of cyber systems and the need to increase their security. In the face of this changing landscape, there is significant concern and interest among policymakers, security practitioners, technologists, researchers, and the public about the potential implications of AI and ML for cybersecurity.\nThe National Academies of Sciences, Engineering, and Medicine convened a workshop on March 12-13, 2019 to discuss and explore these concerns. This publication summarizes the presentations and discussions from the workshop.", url = "https://nap.nationalacademies.org/catalog/25488/implications-of-artificial-intelligence-for-cybersecurity-proceedings-of-a-workshop", year = 2019, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "Transportation Research Board and National Academies of Sciences, Engineering, and Medicine", editor = "Countermeasures Assessment & Security Experts, LLC and Western Management and Consulting, LLC", title = "Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies", abstract = "Since 2009, when NCHRP's last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of transportation systems as well as ensured their resiliency.Hazards and threats to the system have also continued to evolve since 2009. While the incidence of large-scale terrorist attacks has remained small, transportation agencies are at increasingly greater risk from system-disrupting events due to natural causes, unintentional human intervention, and intentional criminal acts, such as active-shooter incidents. Cyber risks also are increasing and can impact not only data, but the control systems\u2014like tunnel-ventilation systems\u2014operated by transportation agencies.>The TRB National Cooperative Highway Research Program's NCHRP Research Report 930: Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies provides valuable information about current and accepted practices associated with both physical and cyber security and its applicability to surface transportation.The report is accompanied by a PowerPoint for the project and NCHRP Web-Only Document 266: Developing a Physical and Cyber Security Primer for Transportation Agencies.", url = "https://nap.nationalacademies.org/catalog/25554/update-of-security-101-a-physical-security-and-cybersecurity-primer-for-transportation-agencies", year = 2020, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", title = "Making the Nation Safer: The Role of Science and Technology in Countering Terrorism", isbn = "978-0-309-08481-9", abstract = "Vulnerabilities abound in U.S. society. The openness and efficiency of our key infrastructures \u2014 transportation, information and telecommunications systems, health systems, the electric power grid, emergency response units, food and water supplies, and others \u2014 make them susceptible to terrorist attacks. Making the Nation Safer discusses technical approaches to mitigating these vulnerabilities.\nA broad range of topics are covered in this book, including:\n\n Nuclear and radiological threats, such as improvised nuclear devices and \"dirty bombs;\"\n Bioterrorism, medical research, agricultural systems and public health;\n Toxic chemicals and explosive materials;\n Information technology, such as communications systems, data management, cyber attacks, and identification and authentication systems;\n Energy systems, such as the electrical power grid and oil and natural gas systems;\n Transportation systems;\n Cities and fixed infrastructures, such as buildings, emergency operations centers, and tunnels;\n The response of people to terrorism, such as how quality of life and morale of the population can be a target of terrorists and how people respond to terrorist attacks; and\n Linked infrastructures, i.e. the vulnerabilities that result from the interdependencies of key systems.\n\nIn each of these areas, there are recommendations on how to immediately apply existing knowledge and technology to make the nation safer and on starting research and development programs that could produce innovations that will strengthen key systems and protect us against future threats. The book also discusses issues affecting the government's ability to carry out the necessary science and engineering programs and the important role of industry, universities, and states, counties, and cities in homeland security efforts.\nA long term commitment to homeland security is necessary to make the nation safer, and this book lays out a roadmap of how science and engineering can assist in countering terrorism.", url = "https://nap.nationalacademies.org/catalog/10415/making-the-nation-safer-the-role-of-science-and-technology", year = 2002, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", editor = "Stephen T. Kent and Lynette I. Millett", title = "Who Goes There?: Authentication Through the Lens of Privacy", isbn = "978-0-309-08896-1", abstract = "Who Goes There?: Authentication Through the Lens of Privacy explores authentication\ntechnologies (passwords, PKI, biometrics, etc.) and their implications for the privacy\nof the individuals being authenticated. As authentication becomes ever more ubiquitous,\nunderstanding its interplay with privacy is vital. The report examines numerous\nconcepts, including authentication, authorization, identification, privacy, and security.\nIt provides a framework to guide thinking about these issues when deciding whether\nand how to use authentication in a particular context. The book explains how privacy\nis affected by system design decisions. It also describes government\u2019s unique role\nin authentication and what this means for how government can use authentication\nwith minimal invasions of privacy. In addition, Who Goes There? outlines usability and\nsecurity considerations and provides a primer on privacy law and policy.", url = "https://nap.nationalacademies.org/catalog/10656/who-goes-there-authentication-through-the-lens-of-privacy", year = 2003, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "Transportation Research Board and National Academies of Sciences, Engineering, and Medicine", editor = "Randall J. Murphy and Michael Sukkarieh and Jon Haass and Paul Hriljac", title = "Guidebook on Best Practices for Airport Cybersecurity", abstract = "TRB\u2019s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.Traditional IT infrastructure such as servers, desktops, and network devices are covered along with increasingly sophisticated and interconnected industrial control systems, such as baggage handling, temperature control, and airfield lighting systems.The guidebook also includes a CD-ROM of multimedia material that may be used to educate all staff at airports about the need, and how, to be diligent against cybersecurity threats.The CD-ROM is also available for download from TRB\u2019s website as an ISO image. Links to the ISO image and instructions for burning a CD-ROM from an ISO image are provided below.Help on Burning an .ISO CD-ROM ImageDownload the .ISO CD-ROM Image(Warning: This is a large file and may take some time to download using a high-speed connection.)CD-ROM Disclaimer - This software is offered as is, without warranty or promise of support of any kind either expressed or implied. Under no circumstance will the National Academy of Sciences or the Transportation Research Board (collectively \"TRB\") be liable for any loss or damage caused by the installation or operation of this product. TRB makes no representation or warranty of any kind, expressed or implied, in fact or in law, including without limitation, the warranty of merchantability or the warranty of fitness for a particular purpose, and shall not in any case be liable for any consequential or special damages.", url = "https://nap.nationalacademies.org/catalog/22116/guidebook-on-best-practices-for-airport-cybersecurity", year = 2015, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council", title = "Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy", isbn = "978-0-309-16035-3", abstract = "In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. \n\nThe first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. \n\nThe second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. \n\nAlthough the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed.", url = "https://nap.nationalacademies.org/catalog/12997/proceedings-of-a-workshop-on-deterring-cyberattacks-informing-strategies-and", year = 2010, publisher = "The National Academies Press", address = "Washington, DC" } @BOOK{NAP author = "National Research Council and National Academy of Engineering", editor = "Seymour E. Goodman and Herbert S. Lin", title = "Toward a Safer and More Secure Cyberspace", isbn = "978-0-309-10395-4", abstract = "Given the growing importance of cyberspace to nearly all aspects of national life, a secure cyberspace is vitally important to the nation, but cyberspace is far from secure today. The United States faces the real risk that adversaries will exploit vulnerabilities in the nation\u2019s critical information systems, thereby causing considerable suffering and damage. Online e-commerce business, government agency files, and identity records are all potential security targets.\n\nToward a Safer and More Secure Cyberspace examines these Internet security vulnerabilities and offers a strategy for future research aimed at countering cyber attacks. It also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated, and considers the human resource base needed to advance the cybersecurity research agenda. \nThis book will be an invaluable resource for Internet security professionals, information technologists, policy makers, data stewards, e-commerce providers, consumer protection advocates, and others interested in digital security and safety.\n", url = "https://nap.nationalacademies.org/catalog/11925/toward-a-safer-and-more-secure-cyberspace", year = 2007, publisher = "The National Academies Press", address = "Washington, DC" }