Publications

43 Results
Skip to search filters

Why does cyber deterrence fail and when might it succeed? A framework for cyber scenario analysis

Uribe, Eva U.; Bonin, Benjamin J.; Minner, Michael F.; Reinhardt, Jason C.; Hammer, Ann H.; Teclemariam, Nerayo P.; Miller, Trisha H.; Forrest, Robert F.; Apolis, Jeffrey J.; Yang, Lynn I.

Through cyberattacks on information technology and digital communications systems, antagonists have increasingly been able to alter the strategic balance in their favor without provoking serious consequences. Conflict within and through the cyber domain is inherently different from conflict in other domains that house our critical systems. These differences result in new challenges for defending and creating resilient systems, and for deterring those who would wish to disrupt or destroy them. The purpose of this paper is to further examine the question of whether or not deterrence can be an effective strategy in cyber conflict, given our broad and varied interests in cyberspace. We define deterrence broadly as the creation of conditions that dissuade antagonists from taking unwanted actions because they believe that they will incur unacceptably high costs and/or receive insufficient benefits from taking that action. Deterrence may or may not be the most credible or effective strategy for achieving our desired end states in cybersecurity. Regardless of the answer here, however, it is important to consider why deterrence strategies might succeed under certain conditions, and to understand why deterrence is not effective within the myriad contexts that it appears fail. Deterrence remains a key component of U.S. cyber strategy, but there is little detail on how to operationalize or implement this policy, how to bring a whole-of-government and whole-of- private-sector approach to cyber deterrence, which types of antagonists can or should be deterred, and in which contexts. Moreover, discussion about how nations can and should respond to significant cyber incidents largely centers around whether or not the incident constitutes a "use of force," which would justify certain types of responses according to international law. However, we believe the "use of force" threshold is inadequate to describe the myriad interests and objectives of actors in cyberspace, both attackers and defenders. In this paper, we propose an approach to further examine if deterrence is an effective strategy and under which conditions. Our approach includes systematic analysis of cyber incident scenarios using a framework to evaluate the effectiveness of various activities in influencing antagonist behavior. While we only examine a single scenario for this paper, we propose that additional work is needed to more fully understand how various alternative thresholds constrain or unleash options for actors to influence one another's behavior in the cyber domain.

More Details

Quick start users guide for the PATH/AWARE decision support system

Tucker, Mark D.; Franco, David O.; Yang, Lynn I.

The Prioritization Analysis Tool for All-Hazards/Analyzer for Wide Area Restoration Effectiveness (PATH/AWARE) software system, developed by Sandia National Laboratories, is a comprehensive decision support tool designed to analyze situational awareness, as well as response and recovery actions, following a wide-area release of chemical, biological or radiological materials. The system provides capability to prioritize critical infrastructure assets and services for restoration. It also provides a capability to assess resource needs (e.g., number of sampling teams, laboratory capacity, decontamination units, etc.), timelines for consequence management activities, and costs. PATH/AWARE is a very comprehensive tool set with a considerable amount of database information managed through a Microsoft SQL (Structured Query Language) database engine, a Geographical Information System (GIS) engine that provides comprehensive mapping capabilities, as well as comprehensive decision logic to carry out the functional aspects of the tool set. This document covers the basic installation and operation of the PATH/AWARE tool in order to give the user enough information to start using the tool. A companion users manual is under development with greater specificity of the PATH/AWARE functionality.

More Details

Recovery from chemical, biological, and radiological incidents. Critical infrastructure and economic impact considerations

Franco, David O.; Yang, Lynn I.

To restore regional lifeline services and economic activity as quickly as possible after a chemical, biological or radiological incident, emergency planners and managers will need to prioritize critical infrastructure across many sectors for restoration. In parallel, state and local governments will need to identify and implement measures to promote reoccupation and economy recovery in the region. This document provides guidance on predisaster planning for two of the National Disaster Recovery Framework Recovery Support Functions: Infrastructure Systems and Economic Recovery. It identifies key considerations for infrastructure restoration, outlines a process for prioritizing critical infrastructure for restoration, and identifies critical considerations for promoting regional economic recovery following a widearea disaster. Its goal is to equip members of the emergency preparedness community to systematically prioritize critical infrastructure for restoration, and to develop effective economic recovery plans in preparation for a widearea CBR disaster.

More Details
43 Results
43 Results