Pragmatic Decision Support Tools for Cyber Consequence and Risk Analysis
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Through cyberattacks on information technology and digital communications systems, antagonists have increasingly been able to alter the strategic balance in their favor without provoking serious consequences. Conflict within and through the cyber domain is inherently different from conflict in other domains that house our critical systems. These differences result in new challenges for defending and creating resilient systems, and for deterring those who would wish to disrupt or destroy them. The purpose of this paper is to further examine the question of whether or not deterrence can be an effective strategy in cyber conflict, given our broad and varied interests in cyberspace. We define deterrence broadly as the creation of conditions that dissuade antagonists from taking unwanted actions because they believe that they will incur unacceptably high costs and/or receive insufficient benefits from taking that action. Deterrence may or may not be the most credible or effective strategy for achieving our desired end states in cybersecurity. Regardless of the answer here, however, it is important to consider why deterrence strategies might succeed under certain conditions, and to understand why deterrence is not effective within the myriad contexts that it appears fail. Deterrence remains a key component of U.S. cyber strategy, but there is little detail on how to operationalize or implement this policy, how to bring a whole-of-government and whole-of- private-sector approach to cyber deterrence, which types of antagonists can or should be deterred, and in which contexts. Moreover, discussion about how nations can and should respond to significant cyber incidents largely centers around whether or not the incident constitutes a "use of force," which would justify certain types of responses according to international law. However, we believe the "use of force" threshold is inadequate to describe the myriad interests and objectives of actors in cyberspace, both attackers and defenders. In this paper, we propose an approach to further examine if deterrence is an effective strategy and under which conditions. Our approach includes systematic analysis of cyber incident scenarios using a framework to evaluate the effectiveness of various activities in influencing antagonist behavior. While we only examine a single scenario for this paper, we propose that additional work is needed to more fully understand how various alternative thresholds constrain or unleash options for actors to influence one another's behavior in the cyber domain.
Abstract not provided.
This report describes application of architecture concepts to the chemical-biological defense space, as requested by the Chemical & Biological Defense (CBD) Program at the Science and Technology Office, U.S. Department of Homeland Security, for purposes of 1) understanding and characterizing system interdependencies and 2) prioritizing program development and allocation of resources. A series of graphical Operational Views (OVs) are presented, characterizing a notional chem-bio architecture at increasing levels of detail. Development best practices are highlighted, as well as potential analytical applications.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Global nuclear energy has reached a critical juncture. The footprint of nuclear energy is growing and will continue to grow in coming decades to meet increasing global energy demands, desires for energy security, and mounting concerns about climate change. This growth includes construction of reactors in countries new to the nuclear energy enterprise, in addition to expansion of existing programs. The lack of operational experience coupled with weak regulatory systems in some countries raises the potential of a nuclear accident. The expansion of nuclear energy is also met with an increasingly complex threat environment, with threats to nuclear security from non-state actors as well as the continued risks of state proliferation. The trend towards increasingly digitized and networked nuclear facilities significantly expands operational uncertainty and adds complexity to implementing safeguards and security. These factors merit fresh consideration of potential safety, safeguards, security, and cyber (3SC) risks, as well as approaches for managing those risks in an integrated, sustainable, and internationally cooperative manner. In an effort to explore the emerging challenges and cooperative solutions to the global expansion of nuclear energy The George Washington University Elliott School of International Affairs and Sandia National Laboratories convened a group of more than thirty experts from government, national laboratories, non-government organizations, and academia on May 5th, 2016 at George Washington University to discuss these issues in a not-for-attribution environment.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Proposed for publication in Academic Peace Orchestra Middle East Policy Briefs.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.