Barry M. Horowitz scite author profile

The report of the President's Commission on Critical Infrastructure Protection [PCCIP, Executive Order 13010, The White House, Washington, DC, 1997] which was issued in October 1997 set in motion a revolutionary and expensive national homeland security initiative under the rubric of critical infrastructure protection. The PCCIP addressed a plethora of sources of risk to the nation's critical infrastructures, along with numerous risk management options. For simplicity, we partition solution possibilities into two major types: protecting system assets and adding resilience to systems. Much of government research efforts focus on analyzing component systems and their assets. Systems engineers are particularly interested in characteristics that emerge from the system design, which are affected by changes to component systems, but also by changes that reflect the way systems are constructed and integrated. Adding resilience to a system expands the focus beyond component systems to include a study of emergent, system-level attributes for homeland security consideration. Balancing protective and resilience actions through system-level analysis will provide a means to improve the overall efficiency of regional and national preparedness. This paper explores concepts of emergence, resilience, and preparedness as a foundation for establishing a framework to assess the balance between the two areas of infrastructure risk mitigation. We propose several considerations that must be included in a framework to assess protection

show abstract

Inoperability Input-Output Model for Interdependent Infrastructure Sectors. II: Case Studies

Haimes

Horowitz

Lambert

et al. 2005

J. Infrastruct. Syst.

151

View full text Add to dashboard Cite

A System‐Aware Cyber Security architecture

Jones¹,

Horowitz²

2012

Systems Engineering

View full text Add to dashboard Cite

As exemplified in the 2010 Stuxnet attack on an Iranian nuclear facility, attackers have the capabilities to embed infections in equipment that is employed in nuclear power systems. In this paper, a new systems engineering focused approach for mitigating such risks is described. This approach involves the development of a security architectural formulation that integrates a set of reusable security services as an architectural solution that is an embedded component of the system to be protected. The System‐Aware architectural approach embeds security components into the system to be protected. The architecture includes services that (1) collect and assess real‐time security relevant measurements from the system being protected, (2) perform security analysis on those measurements, and (3) execute system security control actions as required. This architectural formulation results in a defense that is referred to as System‐Aware Cyber Security. This includes (1) the integration of a diverse set of dynamically interchangeable redundant subsystems involving hardware and software components provided from multiple vendors to significantly increase the difficulty for adversaries by avoiding a monoculture environment, (2) the development of subsystems that are capable of rapidly changing their attack surface through hardware and software reconfiguration (configuration hopping) in response to perceived threats, (3) data consistency checking services (e.g., intelligent voting mechanisms) for isolating faults and permitting moving surface control actions to avoid operations in a compromised configuration, and (4) forensic analysis techniques for rapid post‐attack categorization of whether a given fault is more likely the result of an infected embedded hardware or software component (i.e., cyber attack) or a natural failure. In this paper we present these key elements of the System‐Aware Cyber Security architecture and show, including an application example, how they can be integrated to mitigate the risks of insider and supply chain attacks. In addition, this paper outlines an initial vision for a security analysis framework to compare alternative System‐Aware security architectures. Finally, we summarize future research that is necessary to facilitate implementation across additional domains critical to the nation's interest. © 2012 Wiley Periodicals, Inc. Syst Eng

show abstract

A Macro‐Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property

Andrijcic¹,

Horowitz²

2006

Risk Analysis

View full text Add to dashboard Cite

The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

show abstract

Adaptive Two-Player Hierarchical Holographic Modeling Game for Counterterrorism Intelligence Analysis

Haimes¹,

Horowitz²

2004

View full text Add to dashboard Cite

Accuracy and Precision of a Point-of-Care HbA1c Test

Arnold

Küpfer

Little

et al. 2019

J Diabetes Sci Technol

View full text Add to dashboard Cite

Background: Point-of-care (POC) hemoglobin A1c (HbA1c) testing has advantages over laboratory testing, but some questions have remained regarding the accuracy and precision of these methods. The accuracy and the precision of the POC Afinion™ HbA1c Dx test were investigated. Methods: Samples spanning the assay range were collected from prospectively enrolled subjects at three clinical sites. The accuracy of the POC test using fingerstick and venous whole blood samples was estimated via correlation and bias with respect to values obtained by an NGSP secondary reference laboratory (SRL). The precision of the POC test using fingerstick samples was estimated from duplicate results by calculating the coefficient of variation (CV) and standard deviation (SD), and separated into its components using analysis of variance (ANOVA). The precision of the POC test using venous blood was evaluated from samples run in four replicates on each of three test cartridge lots, twice per day for 10 consecutive days. The SD and CV by study site and overall were calculated. Results: Across the assay range, POC test results from fingerstick and venous whole blood samples were highly correlated with results from the NGSP SRL ( r = .99). The mean bias was −0.021% HbA1c (−0.346% relative) using fingerstick samples and −0.005% HbA1c (−0.093% relative) using venous samples. Imprecision ranged from 0.62% to 1.93% CV for fingerstick samples and 1.11% to 1.69% CV for venous samples. Conclusions: The results indicate that the POC test evaluated here is accurate and precise using both fingerstick and venous whole blood.

show abstract

An architectural systems engineering methodology for addressing cyber security

Bayuk

Horowitz

2011

Systems Engineering

View full text Add to dashboard Cite

This paper discusses important shortcomings of current approaches to systems security engineering. The value and limitations of perimeter security designs are examined. An architectural approach to systems security engineering is introduced as a complementary means for strengthening current approaches. Accordingly, this paper outlines a methodology to identify classes of new reusable system security solutions and an architectural framework based on reuse of the patterns of solutions. It also introduces a new methodology for security metrics intended to stimulate critical solution design tradeoff analyses as part of security design reuse considerations. Examples of problems, potential architectural solutions, and corresponding security metrics are provided.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Barry M. Horowitz

Inoperability Input-Output Model for Interdependent Infrastructure Sectors. I: Theory and Methodology

Homeland security preparedness: Balancing protection with resilience in emergent systems

Inoperability Input-Output Model for Interdependent Infrastructure Sectors. II: Case Studies

A System‐Aware Cyber Security architecture

A Macro‐Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property

Adaptive Two-Player Hierarchical Holographic Modeling Game for Counterterrorism Intelligence Analysis

Accuracy and Precision of a Point-of-Care HbA1c Test

An architectural systems engineering methodology for addressing cyber security

Contact Info

Product

Resources

About