Visible to the public January 2014 Computational CyberSecurity In Compromised Environments (C3E) Workshop

Welcome to C3E2013!

Now in our fifth year, we'll gather again at West Point in January 2014 to continue our exploration of work begun during the April 2013 mid-year event by focusing in two areas:

  • Navigating cyberspace - what analytic methods and tools are available to help analysts understand what is going on in cyberspace? and;
  • Cyberspace consequences - how do we help understand and describe the priorities and consequences of actions taken in cyberspace, especially those in response to threat?

In addition to these two areas of focus we will also plan to build on the success of the 2012 C3E Workshop through the introduction of a new challenge problem to aid in catalyzing our thinking around a specific example involving domain name system (DNS) attacks.

While the Fall Workshop agenda is still in development, we want to organize and continue our investigations around the two tracks, described in greater detail below.

Track One: Information processing and other techniques to help navigate cyberspace

--Models: What kind of techniques are emerging to help analysts and practitioners navigate cyberspace? What kind of information processing models (i.e. working memory) can help analysts become more efficient during analysis?

--Anchors: Our ability to navigate the environment in cyber is largely dependent upon our ability to reconstruct and store information in our own minds. What are approaches that help analysts reconstruct an invisible environment in their mind to the degree that it can be navigated? What "anchors" do we need in order to reconstruct and process this information? What are techniques in visualization that empower analysts to do this? What are techniques outside of visualization?

Track Two: Understanding the Consequences of Action in Cyberspace

--Prioritization: what kind of techniques can we use to prioritize incidents so that we know which incidents are "safe" or "safe for now" to ignore?

--Understanding timeframes: how should we think about short-term and long-term in cyberspace? Is that even a meaningful construct, given time horizons for attack and attack planning? Is there an effective way to push off the consequence of action?

--Developing a meaningful taxonomy: Suppose we break down the consequences of our actions in terms of those that we avoid, transfer, and accept. What is the role of Avoidance, Transference and Acceptance in our understanding of the consequences of our actions? What methods for understanding consequences incurred by avoiding, or ignoring, an incident? How do we grasp the consequences of transferring the responsibility of decision making to another party? And then, finally, how do we understand the variety of consequences that could incur from accepting responsibility and confronting the incident ourselves? What is our understanding of how these consequences influence how we approach an incident?

Thank you for your continuing interest in C3E.