With pervasive reliance on information technology, the robustness and security of these systems are critical to diverse infrastructure systems and particularly to resilience of industry, military, society, community, etc. As safeguards evolve and are implemented, adversaries develop novel ways to breach information technology systems, access sensitive data, and disrupt critical infrastructure. While significant advances in the field of cybersecurity have been achieved, solutions have focused more on the technical issues at component levels such as threat detection, encryption, and other mitigation procedures and technologies and less on how to address overall cyber-influenced risk and to support decisions at level of large-scale systems.This issue explores the theory, methods, and applications of systems analysis for cybersecurity (including software and hardware and other perspectives) with linkages to other subject areas such as risk management, systems engineering, and strategic decision-making. In particular, there is a need to approach cybersecurity risks from a multi-scale, systems perspective, recognizing the diverse interactions among cyber, physical, and human systems (Lambert et al. 2013). In this direction, our first paper frames the rest of the issue in terms of cyber-resilience, wherein Linkov et al. (2013) discuss how decision-makers require the ability to plan for threats and absorb, recover, and adapt to threats after they occur along the physical, information, cognitive, and social domains in which these systems exist. The remaining articles are organized by these domains respecting that several of the articles cross domains.
Physical domainThe physical domain includes hardware and software and networks as building blocks of cyber infrastructure. Gilmore et al. (2013) outline the risks posed by counterfeit electronic parts in the context of hardware security. They discuss a validation strategy based on infrared analysis and blind source separation to authenticate suspected counterfeit parts and stop counterfeits from moving downstream in the supply chain.
Information domainMonitoring, information storage, and visualization are features of the information domain. The issue features several articles that focus on risks within the information domain. First, Baiardi and Sgandurra (2013) discuss a simulation-based risk assessment methodology that models adaptive threat agents as well as identifies effective countermeasures. Cam and Mouallem (2013) then describe a model that dynamically models mission assurance through monitoring of cyber assets and includes a risk management scheme to mitigate risks to acceptable levels. Finally, Ezell et al. (2013) describe a framework to model the risks and impacts of cyber attacks on traffic control systems.
Cognitive domainInformation should be properly analyzed and sensed as well as used for decision-making in the cognitive domain.