The report of the President's Commission on Critical Infrastructure Protection [PCCIP, Executive Order 13010, The White House, Washington, DC, 1997] which was issued in October 1997 set in motion a revolutionary and expensive national homeland security initiative under the rubric of critical infrastructure protection. The PCCIP addressed a plethora of sources of risk to the nation's critical infrastructures, along with numerous risk management options. For simplicity, we partition solution possibilities into two major types: protecting system assets and adding resilience to systems. Much of government research efforts focus on analyzing component systems and their assets. Systems engineers are particularly interested in characteristics that emerge from the system design, which are affected by changes to component systems, but also by changes that reflect the way systems are constructed and integrated. Adding resilience to a system expands the focus beyond component systems to include a study of emergent, system-level attributes for homeland security consideration. Balancing protective and resilience actions through system-level analysis will provide a means to improve the overall efficiency of regional and national preparedness. This paper explores concepts of emergence, resilience, and preparedness as a foundation for establishing a framework to assess the balance between the two areas of infrastructure risk mitigation. We propose several considerations that must be included in a framework to assess protection
As exemplified in the 2010 Stuxnet attack on an Iranian nuclear facility, attackers have the capabilities to embed infections in equipment that is employed in nuclear power systems. In this paper, a new systems engineering focused approach for mitigating such risks is described. This approach involves the development of a security architectural formulation that integrates a set of reusable security services as an architectural solution that is an embedded component of the system to be protected. The System‐Aware architectural approach embeds security components into the system to be protected. The architecture includes services that (1) collect and assess real‐time security relevant measurements from the system being protected, (2) perform security analysis on those measurements, and (3) execute system security control actions as required. This architectural formulation results in a defense that is referred to as System‐Aware Cyber Security. This includes (1) the integration of a diverse set of dynamically interchangeable redundant subsystems involving hardware and software components provided from multiple vendors to significantly increase the difficulty for adversaries by avoiding a monoculture environment, (2) the development of subsystems that are capable of rapidly changing their attack surface through hardware and software reconfiguration (configuration hopping) in response to perceived threats, (3) data consistency checking services (e.g., intelligent voting mechanisms) for isolating faults and permitting moving surface control actions to avoid operations in a compromised configuration, and (4) forensic analysis techniques for rapid post‐attack categorization of whether a given fault is more likely the result of an infected embedded hardware or software component (i.e., cyber attack) or a natural failure. In this paper we present these key elements of the System‐Aware Cyber Security architecture and show, including an application example, how they can be integrated to mitigate the risks of insider and supply chain attacks. In addition, this paper outlines an initial vision for a security analysis framework to compare alternative System‐Aware security architectures. Finally, we summarize future research that is necessary to facilitate implementation across additional domains critical to the nation's interest. © 2012 Wiley Periodicals, Inc. Syst Eng
The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.
Background: Point-of-care (POC) hemoglobin A1c (HbA1c) testing has advantages over laboratory testing, but some questions have remained regarding the accuracy and precision of these methods. The accuracy and the precision of the POC Afinion™ HbA1c Dx test were investigated. Methods: Samples spanning the assay range were collected from prospectively enrolled subjects at three clinical sites. The accuracy of the POC test using fingerstick and venous whole blood samples was estimated via correlation and bias with respect to values obtained by an NGSP secondary reference laboratory (SRL). The precision of the POC test using fingerstick samples was estimated from duplicate results by calculating the coefficient of variation (CV) and standard deviation (SD), and separated into its components using analysis of variance (ANOVA). The precision of the POC test using venous blood was evaluated from samples run in four replicates on each of three test cartridge lots, twice per day for 10 consecutive days. The SD and CV by study site and overall were calculated. Results: Across the assay range, POC test results from fingerstick and venous whole blood samples were highly correlated with results from the NGSP SRL ( r = .99). The mean bias was −0.021% HbA1c (−0.346% relative) using fingerstick samples and −0.005% HbA1c (−0.093% relative) using venous samples. Imprecision ranged from 0.62% to 1.93% CV for fingerstick samples and 1.11% to 1.69% CV for venous samples. Conclusions: The results indicate that the POC test evaluated here is accurate and precise using both fingerstick and venous whole blood.
This paper discusses important shortcomings of current approaches to systems security engineering. The value and limitations of perimeter security designs are examined. An architectural approach to systems security engineering is introduced as a complementary means for strengthening current approaches. Accordingly, this paper outlines a methodology to identify classes of new reusable system security solutions and an architectural framework based on reuse of the patterns of solutions. It also introduces a new methodology for security metrics intended to stimulate critical solution design tradeoff analyses as part of security design reuse considerations. Examples of problems, potential architectural solutions, and corresponding security metrics are provided.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.