7 Items

 In this Feb. 27, 2013, file photo illustration, hands type on a computer keyboard in Los Angeles

Damian Dovarganes/ AP

Journal Article - American Association for the Advancement of Science

Cyber Risk Research Impeded by Disciplinary Barriers

| November 2019

Cyber risk encompasses a broad spectrum of risks to digital systems, such as data breaches or full-fledged cyber attacks on the electric grid. Efforts to systematically advance the science of cyber risk must draw on not only computer science but also fields such as behavioral science, economics, law, management science, and political science.

teaser image

Analysis & Opinions - WBUR

How Greater Boston Could Benefit From A Space Force

| Oct. 19, 2018

The U.S. government is currently working on creating a so called Space Force. Legislation to establish the branch is expected to be included in the Pentagon's budget proposal next year, but it would still need approval from Congress.

If the Space Force branch is established, tech companies and defense contractors in Massachusetts stand to make millions — if not billions — in new contracts.

teaser image

Analysis & Opinions - San Francisco Chronicle

Invaders from space — hacks against satellites threaten our critical infrastructure

| Aug. 24, 2018

You may not realize it, but you probably interact with some space object every day. Maybe it’s your car, your television or even your internet — each relies on some space-orbiting satellite to function. Satellites are accessed by millions of devices a day and are robust providers of service. But trusting these satellites as much as we do is risky as they are all extremely vulnerable to cyberattacks.

Job One for Space Force

NASA

Report - Cyber Security Project, Belfer Center

Job One for Space Force: Space Asset Cybersecurity

| July 12, 2018

When we think about critical infrastructure, the first assets that come to mind include the electric grid, water networks and transportation systems. Further unpacking the definition of critical infrastructure, we consider industries such as agriculture, defense or the financial sector. However, we rarely think about where the underlying systems that enable technology functionality across these sectors physically reside, who developed the technology, and who can access and manage that technology.

Atlanta Cyber Attack

John Spink / Atlanta Journal-Constitution

Analysis & Opinions - San Francisco Chronicle

To defend cities from cyberattack, think like a hacker

| Apr. 06, 2018

Our cities are under attack. In the past two months, two major cyberattacks have targeted urban critical infrastructure and services. In February, Colorado’s Department of Transportation had to shut down 2,000 employee workstations after an attack. The department website reported issues for more than a week after the attack. In late March, 8,000 city employees in Atlanta resorted to using pen and paper for work after a cyberattack compromised their computers. Both attacks caused havoc.

teaser image

Journal Article - IEEE Internet of Things

IIoT Cybersecurity Risk Modeling for SCADA Systems

| Apr. 06, 2018

Abstract:

Urban critical infrastructure such as electric grids, water networks and transportation systems are prime targets for cyberattacks. These systems are composed of connected devices which we call the Industrial Internet of Things (IIoT). An attack on urban critical infrastructure IIoT would cause considerable disruption to society. Supervisory Control and Data Acquisition (SCADA) systems are typically used to control IIoT for urban critical infrastructure. Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices. In this paper, we compare non-SCADA and SCADA systems and establish, using cosine similarity tests, that SCADA as a software subclass holds unique risk attributes for IIoT. We then disprove the commonly accepted notion that the Common Vulnerability Scoring System (CVSS) risk metrics of Exploitability and Impact are not correlated with attack for the SCADA subclass of software. A series of statistical models are developed to identify SCADA risk metrics that can be used to evaluate the risk that a SCADA-related vulnerability is exploited. Based on our findings, we build a customizable SCADA risk prioritization schema that can be used by the security community to better understand SCADA-specific risk. Considering the distinct properties of SCADA systems, a data-driven prioritization schema will help researchers identify security gaps specific to this software subclass that is essential to our society’s operations.