Cyber Resilience as a Deterrence Strategy
Abstract not provided.
Abstract not provided.
Abstract not provided.
Through cyberattacks on information technology and digital communications systems, antagonists have increasingly been able to alter the strategic balance in their favor without provoking serious consequences. Conflict within and through the cyber domain is inherently different from conflict in other domains that house our critical systems. These differences result in new challenges for defending and creating resilient systems, and for deterring those who would wish to disrupt or destroy them. The purpose of this paper is to further examine the question of whether or not deterrence can be an effective strategy in cyber conflict, given our broad and varied interests in cyberspace. We define deterrence broadly as the creation of conditions that dissuade antagonists from taking unwanted actions because they believe that they will incur unacceptably high costs and/or receive insufficient benefits from taking that action. Deterrence may or may not be the most credible or effective strategy for achieving our desired end states in cybersecurity. Regardless of the answer here, however, it is important to consider why deterrence strategies might succeed under certain conditions, and to understand why deterrence is not effective within the myriad contexts that it appears fail. Deterrence remains a key component of U.S. cyber strategy, but there is little detail on how to operationalize or implement this policy, how to bring a whole-of-government and whole-of- private-sector approach to cyber deterrence, which types of antagonists can or should be deterred, and in which contexts. Moreover, discussion about how nations can and should respond to significant cyber incidents largely centers around whether or not the incident constitutes a "use of force," which would justify certain types of responses according to international law. However, we believe the "use of force" threshold is inadequate to describe the myriad interests and objectives of actors in cyberspace, both attackers and defenders. In this paper, we propose an approach to further examine if deterrence is an effective strategy and under which conditions. Our approach includes systematic analysis of cyber incident scenarios using a framework to evaluate the effectiveness of various activities in influencing antagonist behavior. While we only examine a single scenario for this paper, we propose that additional work is needed to more fully understand how various alternative thresholds constrain or unleash options for actors to influence one another's behavior in the cyber domain.
Abstract not provided.
This report describes application of architecture concepts to the chemical-biological defense space, as requested by the Chemical & Biological Defense (CBD) Program at the Science and Technology Office, U.S. Department of Homeland Security, for purposes of 1) understanding and characterizing system interdependencies and 2) prioritizing program development and allocation of resources. A series of graphical Operational Views (OVs) are presented, characterizing a notional chem-bio architecture at increasing levels of detail. Development best practices are highlighted, as well as potential analytical applications.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
The need for metrics for planning and response measures was identified as key gap to be addressed in the National Hurricane Program's (NHP) Technology Modernization effort. This document proposes a framework for defining a set of metrics for planning and response that will be implemented in the NHP products of hurricane evacuation studies (HES) and post-storm assessments (PSA). To determine the feasibility of this framework, a survey of current HES and PSAs was carried out followed by and then used to determine if the proposed metrics are currently captured. While there is a wide variety in data availability and detail, the implementation of these metrics is not only feasible but presents an opportunity to improve on current practices. The final implementation of this framework shall require the ongoing feedback from local, state, tribal, and federal stakeholders.
The Hurricane Evacuation Study (HES) Tool prototype is a key component of the Federal Emergency Management Agency (FEMA) National Hurricane Program (NHP) Technology Modernization (TM) effort. To ensure the HES Tool captured the necessary capabilities and functionality, engagement with potential end-users and key stakeholders was considered a priority throughout development. Pilot studies with representatives from North Carolina and New York City were done to validate the HES Tool process with their current HES undertaking. These pilot studies let the development of additional capabilities and feedback on the needs of diverse regions. A usability study was carried out with key stakeholders identified by NHP leadership through individualized sessions with identified personnel. The results showed the value of the HES Tool compared to the current process as well as key issues that must be addressed to ensure a final transition.
The Federal Emergency Management Agency's (FEMA) National Hurricane Program (NHP), helps protect communities and residents from hurricane hazards by providing evacuation preparedness technical assistance to State, local, and tribal governments. The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and FEMA are co- sponsoring an effort to modernize technology components of the NHP, including the Hurricane Evacuation Study (HES), which addresses planning and impact assessments for coastal regions. The current HES process is manual, financially costly, and can take up to several years to complete. To streamline this process, the NHP Technology Modernization Program is developing an automated HES Tool that will reduce the cost and time requirements of the HES process by up to 70%. This document outlines the requirements of the current HES process and explains how the HES Tool can be used to fulfill those requirements. It also contains a detailed list of the modeling and simulation capabilities available within the HES tool.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Throughout history, as new chemical threats arose, strategies for the defense against chemical attacks have also evolved. As a part of an Early Career Laboratory Directed Research and Development project, a systems analysis of past, present, and future chemical terrorism scenarios was performed to understand how the chemical threats and attack strategies change over time. For the analysis, the difficulty in executing chemical attack was evaluated within a framework of three major scenario elements. First, historical examples of chemical terrorism were examined to determine how the use of chemical threats, versus other weapons, contributed to the successful execution of the attack. Using the same framework, the future of chemical terrorism was assessed with respect to the impact of globalization and new technologies. Finally, the efficacy of the current defenses against contemporary chemical terrorism was considered briefly. The results of this analysis justify the need for continued diligence in chemical defense.
Abstract not provided.
The Defense Threat Reduction Agency (DTRA) commissioned an assessment of the Consequence Management (CM) plans in place on military bases for response to a chemical attack. The effectiveness of the CM plans for recovering from chemical incidents was modeled using a multiple Decision Support Tools (DSTs). First, a scenario was developed based on an aerial dispersion of a chemical agent over a wide-area of land. The extent of contamination was modeled with the Hazard Prediction and Assessment Capability (HPAC) tool. Subsequently, the Analyzer for Wide Area Restoration Effectiveness (AWARE) tool was used to estimate the cost and time demands for remediation based on input of contamination maps, sampling and decontamination resources, strategies, rates and costs. The sampling strategies incorporated in the calculation were designed using the Visual Sample Plan (VSP) tool. Based on a gaps assessment and the DST remediation analysis, an Enhanced Chemical Incident Response Plan (ECIRP) was developed.