Articles

36 Items

teaser image

Journal Article - IEEE Internet of Things

IIoT Cybersecurity Risk Modeling for SCADA Systems

| Apr. 06, 2018

Abstract:

Urban critical infrastructure such as electric grids, water networks and transportation systems are prime targets for cyberattacks. These systems are composed of connected devices which we call the Industrial Internet of Things (IIoT). An attack on urban critical infrastructure IIoT would cause considerable disruption to society. Supervisory Control and Data Acquisition (SCADA) systems are typically used to control IIoT for urban critical infrastructure. Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices. In this paper, we compare non-SCADA and SCADA systems and establish, using cosine similarity tests, that SCADA as a software subclass holds unique risk attributes for IIoT. We then disprove the commonly accepted notion that the Common Vulnerability Scoring System (CVSS) risk metrics of Exploitability and Impact are not correlated with attack for the SCADA subclass of software. A series of statistical models are developed to identify SCADA risk metrics that can be used to evaluate the risk that a SCADA-related vulnerability is exploited. Based on our findings, we build a customizable SCADA risk prioritization schema that can be used by the security community to better understand SCADA-specific risk. Considering the distinct properties of SCADA systems, a data-driven prioritization schema will help researchers identify security gaps specific to this software subclass that is essential to our society’s operations.

Andrew Wakefield arrives at the General Medical Council in London to face a disciplinary panel investigating allegations of serious professional misconduct.

AP

Journal Article - Science

The Science of Fake News

    Authors:
  • David Lazer
  • Matthew A Baum
  • Yochai Benkler
  • Adam J Berinsky
  • Filippo Menczer
  • Miriam J Metzger
  • Brendan Nyhan
  • Gordon Pennycook
  • David Rothschild
  • Michael Schudson
  • Steven A Sloman
  • Cass R. Sunstein
  • Emily A Thorson
  • Duncan J Watts
| Mar. 08, 2018

The rise of fake news highlights the erosion of long-standing institutional bulwarks against misinformation in the internet age. Concern over the problem is global. However, much remains unknown regarding the vulnerabilities of individuals, institutions, and society to manipulations by malicious actors. A new system of safeguards is needed.

teaser image

Journal Article - Georgetown Journal of International Affairs

Campaign Planning with Cyber Operations

| Dec. 28, 2017

The military not only plans for operations, it also plans to plan. Yet there is no current plan or process in place to integrate cyber initiatives into campaign planning. The US government must determine how to integrate offensive and defensive cybercapabilities into campaign planning in order to leverage these capabilities and pair them with the military’s broad array of tools.

teaser image

Journal Article - Journal of Conflict Resolution

Invisible Digital Front

| Nov. 10, 2017

Recent years have seen growing concern over the use of cyber attacks in wartime, but little evidence that these new tools of coercion can change battlefield events. We present the first quantitative analysis of the relationship between cyber activities and physical violence during war. Using new event data from the armed conflict in Ukraine—and additional data from Syria’s civil war—we analyze the dynamics of cyber attacks and find that such activities have had little or no impact on fighting.

University of Michigan Journal of Law Reform

University of Michigan Journal of Law Reform

Journal Article - University of Michigan Journal of Law Reform

Making Democracy Harder to Hack

| Spring 2017 (Volume 50, Issue 3)

With the Russian government hack of the Democratic National Convention email servers and related leaks, the drama of the 2016 U.S. presidential race highlights an important point: nefarious hackers do not just pose a risk to vulnerable companies; cyber attacks can potentially impact the trajectory of democracies.

teaser image

Journal Article - Journal of Cybersecurity

Rules of Engagement for Cyberspace Operations: A View From the USA

| March 2017

As cyber weapons are incorporated into US military planning, policy makers and field commanders will increasingly confront a core issue: How to formulate the rules of engagement (ROEs) for US forces with regard to military operations that may use such weapons. Michael Sulmeyer, Herbert Lin, and C. Robert Kehler address ROEs from the perspective of US military operators. 

Journal Article - Strife

A Beginner's Guide to the Musical Scales of Cyberwar

| Dec. 28, 2016

"Whether you are a cybersecurity professional, policymaker, or student, this article is a beginner's guide to understanding the 'musical scales' of cyberwar. Using the analogy of a piano keyboard, it aims to promote an understanding of what constitutes a use of force in cyberspace and how a state may lawfully respond."

Journal Article - Small Wars Journal

Twilight Zone Conflicts: Employing Gray Tactics in Cyber Operations

| October 27, 2016

"...[A]ctors that employ gray tactics in cyber operations need not be successful in actually infiltrating a system to further their revisionist ambitions. Rather, the sheer ramifications from the cyber action itself, has the power to disturb a nation's psyche and challenge the geopolitical status quo."