Cyber-mitigation: Cybersecurity emergency management

Jeremy Straub, PhD

doi:10.5055/jem.2020.0517

Authors

Jeremy Straub, PhD

DOI:

https://doi.org/10.5055/jem.2020.0517

Keywords:

mitigation, cybersecurity, emergency management, cyber

Abstract

Cybersecurity is within the realm of emergency management, as cyber-attacks can generate both virtual and real world issues that emergency responders may be called upon to deal with. However, it has a skillset and other characteristics that are distinct from the types of emergency management that most practitioners commonly—and are prepared—to deal with. This paper compares the two disciplines, discusses areas where cybersecurity professionals and researchers can learn from the emergency management discipline and proposes new research directions within the emergency management domain.

Author Biography

Jeremy Straub, PhD

Department of Computer Science North Dakota State University Fargo, North Dakota

References

Weinberger M: The Equifax security breach in 2017 was worse than we thought—Business Insider; 2018. Available at http://www.businessinsider.com/equifax-breach-check-details-update-2018-5. Accessed May 8, 2018.

Straub J: Artificial intelligence cyber attacks are coming—but what does that mean?—Chicago Tribune. Chicago Tribune; 2017. Available at http://www.chicagotribune.com/sns-artificialintelligence-cyber-attacks-are-coming-but-what-does-that-mean-82035-20170828-story.html. Accessed May 8, 2018.

Bajpai P, Enbody R: Cryptojacking spreads across the web. TechXplore; 2018. Available at https://techxplore.com/news/2018-05-cryptojacking-web.html. Accessed May 8, 2018.

Smith M: Cyber attacks cost U.S. enterprises $1.3 million on average in 2017 | CSO Online. Privacy and Security Fanatic; 2017. Available at https://www.csoonline.com/article/3227065/security/cyber-attacks-cost-us-enterprises-13-million-on-average-in-2017.html. Accessed May 8, 2018.

Morgan S: Top 5 cybersecurity facts, figures and statistics for 2018 | CSO Online. Cybersecurity Business Report; 2018. Available at https://www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html. Accessed May 8, 2018.

Cipriani J: How your phone can save your life in an emergency. c|net; 2019. Available at https://www.cnet.com/how-to/how-yourphone-can-save-your-life-in-an-emergency/. Accessed September 15, 2019.

Godschalk DR, Beatley T, Berke P, et al.: Natural Hazard Mitigation: Recasting Disater Policy and Planning. Washington, D.C.: Island Press; 1999.

Dempsey KL, Chawla NS, Johnson LA, et al.: SP 800-137. Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. 2011. Available at https://dl.acm.org/citation.cfm?id=2206219. Accessed May 8, 2018.

Cyber Security Statistics for 2019. Cyber Defense Magazine. 2019. Available at https://www.cyberdefensemagazine.com/cybersecurity-statistics-for-2019/. Accessed September 15, 2019.

Winder D: Data Breaches Expose 4.1 Billion Records in First Six Months of 2019. Forbes; 2019. Available at https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/#2c8f09c6bd54. Accessed September 8, 2019.

Grimes RA: 9 types of malware and how to recognize them | CSO Online. CSO Magazine; 2019. Available at https://www.csoonline.com/article/2615925/security-your-quick-guide-to-malware-types.html. Accessed September 15, 2019.

Yadav T, Rao AM: Technical Aspects of Cyber Kill Chain. Cham, Switzerland: Springer; 2015: 438-452. doi:10.1007/978-3-319-22915-7_40

Council NR: Reducing Coastal Risk on the East and Gulf Coasts. Washington, D.C.: National Academies Press; 2014.

Gordon LA, Loeb M: Managing cybersecurity resources: A cost-benefit analysis. Available at www.rhsmith.umd.edu/faculty/lgordon/cybersecuritybook.htm. Accessed May 8, 2018.

Carin L: Quantitative evaluation of risk for investment efficient strategies in cybersecurity: The QuERIES methodology. 2007. Available at https://securitymetrics.org/attachments/Metricon-3-Cybenko-Article.pdf. Accessed May 8, 2018.

Giacomello G: Bangs for the buck: A cost-benefit analysis of cyberterrorism. Stud Confl Terror. 2004; 27(5): 387-408. doi:10.1080/10576100490483660

Prater CS, Lindell MK: Politics of hazard mitigation. Nat Hazards Rev. 2000; 1(2): 73-82. doi:10.1061/(ASCE)1527-6988(2000)1:2(73)

Michel-Kerjan EO: Catastrophe economics: The National Flood Insurance Program. J Econ Perspect. 2010; 24(4): 165-186. doi:10.1257/jep.24.4.165

Perrin C: The CIA Triad. TechRepublic; 2008. Available at https://www.techrepublic.com/blog/it-security/the-cia-triad/. Accessed May 8, 2018.

Kshetri N: Cybercrime and cyber-security issues associated with China: Some economic and institutional considerations. Electron Commer Res. 2013; 13(1): 41-69.

Lindsay JR, Cheung TM, Reveron DS: China and Cybersecurity: Espionage, Strategy, and Politics in the Digital Domain. New York: Oxford University Press; 2015. Available at https://books.google.com/books?hl=en&lr=&id=wQN1BgAAQBAJ&oi=fnd&pg=PP1&dq=cybersecurity+politics&ots=g_05rmtnOB&sig=_HUdTguIxpq8CQJsyW4ZZK6Vj5c#v=onepage&q=cybersecuritypolitics&f=false. Accessed May 8, 2018.

Mgrditchian G, Yazzetti EA: 2013 National Lawyers Convention International: Cybersecurity—The Policy and Politics of a Leading National Security Threat. Rutgers Comput Technol Law J. 2015;

Available at https://heinonline.org/HOL/Page?handle=hein.journals/rutcomt41&id=205&div=&collection=. Accessed May 8, 2018.

Mueller ML: Networks and States: The Global Politics of Internet Governance. Boston, Massachusetts: MIT Press; 2010. Available at https://books.google.com/books/about/Networks_and_States.html?id=qH3TAvkAtsEC&printsec=frontcover&source=kp_read_button#v=onepage&q&f=false. Accessed May 8, 2018.

Associated Press: Cyberattacks steadily growing in intensity, scope—CBS News. CBS News; 2016. Available at https://www.cbsnews.com/news/cyberattacks-steadily-growing-in-intensityscope/. Accessed May 8, 2018.

Straub J: Artificial intelligence is the weapon of the next Cold War—Chicago Tribune. Chicago Tribune; 2018. Available at http://www.chicagotribune.com/sns-artificial-intelligence-is-the-weaponof-the-next-cold-war-86086-20180129-story.html. Accessed May 8, 2018.

Cybersecurity threats—Can we predict them? Research Features; 2018. Available at https://researchfeatures.com/2018/07/09/cybersecurity-threats-can-we-predict-them/. Accessed September 15, 2019.

Predicting cyberattacks: The need for new cyber security tools. Army Technology; 2018. Available at https://www.army-technology.com/features/predicting-cyberattacks-cyber-security/. Accessed September 15, 2019.

Gandotra E, Bansal D, Sofat S: Computational Techniques for Predicting Cyber Threats. New Delhi: Springer; 2015: 247-253. doi:10.1007/978-81-322-2012-1_26

Ten C-W, Liu C-C, Manimaran G: Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans Power Syst. 2008; 23(4): 1836-1846. doi:10.1109/TPWRS.2008.2002298

Negrete-Pincetic M, Yoshida F, Gross G: Towards quantifying the impacts of cyber attacks in the competitive electricity market environment. In: 2009 IEEE Bucharest PowerTech. IEEE; 2009: 1-8. doi:10.1109/PTC.2009.5282237

Lentile LB, Holden ZA, Smith AMS, et al.: Remote sensing techniques to assess active fire characteristics and post-fire effects. Int J Wildl Fire. 2006; 15(3): 319. doi:10.1071/WF05097

San-Miguel-Ayanz J, Ravail N: Active fire detection for fire emergency management: Potential and limitations for the operational use of remote sensing. Nat Hazards. 2005; 35(3): 361-376. doi:10.1007/s11069-004-1797-2

Joyce KE, Belliss SE, Samsonov SV, et al.: A review of the status of satellite remote sensing and image processing techniques for mapping natural hazards and disasters. Prog Phys Geogr. 2009; 33(2): 183-207. doi:10.1177/0309133309339563

Eguchi RT, Goltz JD, Seligson HA, et al.: Real-time loss estimation as an emergency response decision support system: The early post-earthquake damage assessment tool (EPEDAT). Earthq Spectra. 1997; 13(4): 815-832. doi:10.1193/1.1585982

Fiedrich F, Gehbauer F, Rickers U: Optimized resource allocation for emergency response after earthquake disasters. Saf Sci. 2000; 35(1-3): 41-57. doi:10.1016/S0925-7535(00)00021-7

Rainieri C, Fabbrocino G, Manfredi G, et al.: Robust output-only modal identification and monitoring of buildings in the presence of dynamic interactions for rapid post-earthquake emergency management. Eng Struct. 2012; 34: 436-446. doi:10.1016/J.ENGSTRUCT.2011.10.001

Sanyal J, Lu XX: Application of remote sensing in flood management with special reference to Monsoon Asia: A review. Nat Hazards. 2004; 33(2): 283-301. doi:10.1023/B:NHAZ.0000037035.65105.95

Dewan AM, Islam MM, Kumamoto T, et al.: Evaluating flood hazard for land-use planning in greater dhaka of bangladesh using remote sensing and GIS techniques. Water Resour Manag. 2007; 21(9): 1601-1612. doi:10.1007/s11269-006-9116-1

Bendovschi A: Cyber-attacks—Trends, patterns and security countermeasures. Procedia Econ Financ. 2015; 28: 24-31. doi:10.1016/S2212-5671(15)01077-1

Lupovici A: Cyber warfare and deterrence: Trends and challenges in research. Mil Strateg Aff. 2011; 3(3): 49-62.

Rosenzweig MR, Binswanger HP: Wealth, Weather Risk, and the Composition and Profitability of Agricultural Investments. Washington, D.C.; 1992. Available at https://books.google.com/books?hl=en&lr=&id=355IElAZekEC&oi=fnd&pg=PA4&dq=weather+risk+models&ots=KwYKznp1AD&sig=bdF1fsMPH096QH3pOofcBL8kHwk#v=onepage&q=weatherriskmodels&f=false. Accessed May 8, 2018.

De Wolf ED, Madden LV, Lipps PE: Risk assessment models for wheat fusarium head blight epidemics based on within-season weather data. Phytopathology. 2003; 93(4): 428-435. doi:10.1094/PHYTO.2003.93.4.428

Cao M, Wei J: Weather derivatives valuation and market price of weather risk. J Futur Mark. 2004; 24(11): 1065-1089. doi:10.1002/fut.20122

Schultz CA, Nitao JJ, Starr JM, et al.: Probabilistic model for cyber risk forecasting. 2017.

Ten C-W, Manimaran G, Liu C-C: Cybersecurity for critical infrastructures: Attack and defense modeling. IEEE Trans Syst Man, Cybern—Part A Syst Humans. 2010; 40(4): 853-865. doi:10.1109/TSMCA.2010.2048028

Rees LP, Deane JK, Rakes TR, et al.: Decision support for cybersecurity risk planning. Decis Support Syst. 2011; 51(3): 493-505. doi:10.1016/J.DSS.2011.02.013

Allodi L, Massacci F: Security events and vulnerability data for cybersecurity risk estimation. Risk Anal. 2017; 37(8): 1606-1627. doi:10.1111/risa.12864

West J, Dean T, Andrews J: Network + Guide to Networks. New York: Cengage Learning; 2019.

Denning DE, Neumann PG, Parker DB: Social aspects of computer security. In: Proceedings of the 10th National Computer Security Conference. Baltimore, Maryland; 1987. Available at http://faculty.nps.edu/dedennin/publications/SocialAspectsComputerSecurity.pdf. Accessed September 15, 2019.

Stanton B, Theofanos MF, Prettyman SS, et al.: Security fatigue. IT Prof. 2016; 18(5): 26-32. doi:10.1109/MITP.2016.84

Rhee H-S, Kim C, Ryu YU: Self-efficacy in information security: Its influence on end users’ information security practice behavior. Comput Secur. 2009; 28(8): 816-826. doi:10.1016/J.COSE.2009.05.008

Brechbühl H, Bruce R, Dynes S, et al.: Protecting critical information infrastructure: Developing cybersecurity policy. Inf Technol Dev. 2010; 16(1): 83-91. doi:10.1002/itdj.20096

Chávez-García FJ, Faccioli E: Complex site effects and building codes: Making the leap. J Seismol. 2000; 4(1): 23-40. doi:10.1023/A:1009830201929

Laustsen J: Energy efficiency requirements in building codes, energy efficiency policies for New Buildings International Energy Agency Organisation for economic co-operation and development. 2008. Available at http://indiaenvironmentportal.org.in/files/Building_Codes.pdf. Accessed May 8, 2018.

Oster SM, Quigley JM. Regulatory barriers to the diffusion of innovation: Some evidence from building codes. Bell J Econ. 1977; 8(2): 361. doi:10.2307/3003292

Cohen L, Noll R: The economics of building codes to resist seismic shock. Public Policy. 1981; 29. Available at https://authors.library.caltech.edu/83458/. Accessed May 8, 2018.

Xu M, Hua L: Cybersecurity insurance: Modeling and pricing. North Am Actuar J. 2019; 23(2): 220-249. doi:10.1080/10920277.2019.1566076

Department of Homeland Security: Cybersecurity Insurance | Homeland Security. DHS Website; 2016. Availbale at https://www.dhs.gov/cybersecurity-insurance. Accessed May 8, 2018.

Sanger DE, Perlroth N, Thrush G, et al.: Marriott data breach is traced to Chinese hackers as U.S. readies crackdown on Beijing. New York Times; 2018. Available at https://www.nytimes.com/2018/12/11/us/politics/trump-china-trade.html. Accessed September 2, 2019.

Gai K, Qiu M, Elnagdy SA: A novel secure big data cyber incident analytics framework for cloud-based cybersecurity insurance. In: 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS). IEEE; 2016: 171-176. doi:10.1109/BigDataSecurity-HPSC-IDS.2016.65

Brown S: Ten things you need to know about cybersecurity insurance—The Data Center Journal. Available at http://www.datacenterjournal.com/ten-things-need-know-cybersecurity-insurance/. Accessed May 8, 2018.

Greenberg A: Russia’s Cyberwar on Ukraine is a blueprint for what’s to come. Wired; 2017. Available at https://www.wired.com/story/russian-hackers-attack-ukraine/. Accessed September 4, 2019.

Freitas PJ: Aviation war risk insurance and its impacts on US passenger aviation. J Transp Lit. 2013; 7(2): 268-283. doi:10.1590/S2238-10312013000200014

Gibbs M: A cyber-attack costs a lot more than you think. ITSP Magazine; 2017. Available at https://www.itspmagazine.com/from-the-newsroom/a-cyber-attack-costs-a-lot-more-than-you-think. Accessed September 16, 2019.

Bohrer J: How to make the CFO your best cybersecurity friend. Help Net Security. 2018. Available at https://www.helpnetsecurity.com/2018/10/23/cfo-cybersecurity/. Accessed September 16, 2019.

Kunreuther H: Disaster mitigation and insurance: Learning from Katrina. Ann Am Acad Pol Soc Sci. 2006; 604(1): 208-227. doi:10.1177/0002716205285685

Berke PR, Kartez J, Wenger D: Recovery after disaster: Achieving sustainable development, mitigation and equity. Disasters. 1993; 17(2): 93-109. doi:10.1111/j.1467-7717.1993.tb01137.x

Choi H, Park J, Jung Y: The role of privacy fatigue in online privacy behavior. Comput Human Behav. 2018; 81: 42-51. doi:10.1016/J.CHB.2017.12.001

Tankard C: What the GDPR means for businesses. Netw Secur. 2016; (6): 5-8.

Albrecht JP: How the GDPR will change the world. Eur Data Prot Law Rev. 2016; 2. Available at https://heinonline.org/HOL/Page?handle=hein.journals/edpl2&id=313&div=54&collection=journals. Accessed September 16, 2019.

Zarsky TZ: Incompatible: The GDPR in the age of big data. Seton Hall Law Rev. 2016; 47. Available at https://heinonline.org/HOL/Page?handle=hein.journals/shlr47&id=1019&div=37&collection=journals. Accessed September 16, 2019.