Biblio

This paper is a conceptual paper that explores how the sensemaking process by intelligence analysts completed within a cognitive immersive environment might be impacted by the inclusion of a progressive dialog system. The tools enabled in the sensemaking room (a specific instance within the cognitive immersive environment) were informed by tools from the intelligence analysis domain. We explore how a progressive dialog system would impact the use of tools such as the collaborative brainstorming exercise [1]. These structured analytic techniques are well established in intelligence analysis training literature, and act as ways to access the intended users' cognitive schema as they use the cognitive immersive room and move through the sensemaking process. A prior user study determined that the sensemaking room encouraged users to be more concise and representative with information while using the digital brainstorming tool. We anticipate that addition of the progressive dialog function will enable a more cohesive link between information foraging and sensemaking behaviors for analysts.

This paper considers network protection games for a heterogeneous network system with N nodes against cyber-attackers of two different types of intentions. The first type tries to maximize damage based on the value of each net-worked node, while the second type only aims at successful infiltration. A defender, by applying defensive resources to networked nodes, can decrease those nodes' vulnerabilities. Meanwhile, the defender needs to balance the cost of using defensive resources and potential security benefits. Existing literature shows that, in a Nash equilibrium, the defender should adopt different resource allocation strategies against different types of attackers. However, it could be difficult for the defender to know the type of incoming cyber-attackers. A Bayesian game is investigated considering the case that the defender is uncertain about the attacker's type. We demonstrate that the Bayesian equilibrium defensive resource allocation strategy is a mixture of the Nash equilibrium strategies from the games against the two types of attackers separately.

Guidelines, directives, and policy statements are usually presented in “linear” text form - word after word, page after page. However necessary, this practice impedes full understanding, obscures feedback dynamics, hides mutual dependencies and cascading effects and the like-even when augmented with tables and diagrams. The net result is often a checklist response as an end in itself. All this creates barriers to intended realization of guidelines and undermines potential effectiveness. We present a solution strategy using text as “data”, transforming text into a structured model, and generate network views of the text(s), that we then can use for vulnerability mapping, risk assessments and note control point analysis. For proof of concept we draw on NIST conceptual model and analysis of guidelines for smart grid cybersecurity, more than 600 pages of text.

As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800–171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This paper presents the most commonly identified Security-Control-Deficiencies (SCD) faced, the attacks mitigated by addressing these SCD, and remediations applied to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. An analysis is done on what vulnerabilities are most prominent in the companies, and remediations applied to ensure these vulnerabilities are better avoided and the DoD supply-chain is more secure from attacks.

Childcare, a critical infrastructure, played an important role to create community resiliency during the COVID-19 pandemic. By finding pathways to remain open, or rapidly return to operations, the adaptive capacity of childcare providers to offer care in the face of unprecedented challenges functioned to promote societal level mitigation of the COVID-19 pandemic impacts, to assist families in their personal financial recoveries, and to provide consistent, caring, and meaningful educational experiences for society's youngest members. This paper assesses the operational adaptations of childcare centers as a key resource and critical infrastructure during the COVID-19 pandemic in the Greater Rochester, NY metropolitan region. Our findings evaluate the policy, provider mitigation, and response actions documenting the challenges they faced and the solutions they innovated. Implications for this research extend to climate-induced disruptions, including fires, water shortages, electric grid cyberattacks, and other disruptions where extended stay-at-home orders or service critical interventions are implemented.

The Department of Energy seeks to modernize the U.S. electric grid through the SmartGrid initiative, which includes the use of Global Positioning System (GPS)-timing dependent electric phasor measurement units (PMUs) for continual monitoring and automated controls. The U.S. Department of Homeland Security is concerned with the associated risks of increased utilization of GPS timing in the electricity subsector, which could in turn affect a large number of electricity-dependent Critical Infrastructure (CI) sectors. Exploiting the vulnerabilities of GPS systems in the electricity subsector can result to large-scale and costly blackouts. This paper seeks to analyze the risks of increased dependence of GPS into the electric grid through the introduction of PMUs and provides a systems engineering perspective to the GPS-dependent System of Systems (S-o-S) created by the SmartGrid initiative. The team started by defining and modeling the S-o-S followed by usage of a risk analysis methodology to identify and measure risks and evaluate solutions to mitigating the effects of the risks. The team expects that the designs and models resulting from the study will prove useful in terms of determining both current and future risks to GPS-dependent CIs sectors along with the appropriate countermeasures as the United States moves towards a SmartGrid system.