An official website of the United States government
Abstract Deep uncertainty describes situations when there is either ignorance or disagreement over (1) models used to describe key system processes and (2) probability distributions used to characterize the uncertainty of key variables and parameters. Future projections of Antarctic ice sheet (AIS) mass loss remain characterized by deep uncertainty. This complicates decisions on long‐lived coastal protection projects when determining what margin of safety to implement. If the chosen margin of safety does not properly account for uncertainties in sea level rise, the effectiveness of flood protection could decrease over time, potentially putting lives and properties at a greater risk. To address this issue, we develop a flood damage allowance framework for calculating the height of a flood protection strategy needed to ensure that a given level of financial risk is maintained. The damage allowance framework considers decision maker preferences such as planning horizons, protection strategies, and subjective views of AIS stability. We use Manhattan—with the population and built environment fixed in time—to illustrate how our framework could be used to calculate a range of damage allowances based on multiple plausible scenarios of AIS melt. Under high greenhouse gas emissions, we find that results are sensitive to the selection of the upper limit of AIS contributions to sea level rise. Design metrics that specify financial risk targets, such as expected flood damage, allow for the calculation of avoided flood damages (i.e., benefits) that can be combined with estimates of construction cost and then integrated into existing financial decision‐making approaches (e.g., benefit‐cost analysis).
more »
« less
On metrics and prioritization of investments in hardware security
Abstract The security risks posed by electronics are numerous. There are typically a variety of risk‐reducing countermeasures for a given system or across an enterprise. Each countermeasure is associated with both a level of risk reduction and its lifecycle costs. Given budgetary constraints, risk managers and systems engineers must determine what combinations of countermeasures cost‐effectively maximize risk reduction, and what metrics best guide the investment process. In this paper, we seek to answer these questions through exploration of risk reduction metrics from the field of security economics, including the benefit/cost ratio, return on security investment (ROSI), expected benefit of information security (EBIS), and expected net benefit of information security (ENBIS). The results suggest that ratio‐based metrics are not strongly correlated with risk reduction, while EBIS is equivalent to risk reduction and ENBIS is equal to risk reduction minus cost.
more »
« less
- Award ID(s):
- 1916760
- PAR ID:
- 10400682
- Publisher / Repository:
- Wiley Blackwell (John Wiley & Sons)
- Date Published:
- Journal Name:
- Systems Engineering
- Volume:
- 26
- Issue:
- 4
- ISSN:
- 1098-1241
- Format(s):
- Medium: X Size: p. 425-437
- Size(s):
- p. 425-437
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Abstract Protecting sensitive logic functions in ASICs requires side-channel countermeasures. Many gate-level masking styles have been published, each with pros and cons. Some styles such as RSM, GLUT, and ISW are compact but can feature 1st-order leakage. Some other styles, such as TI, DOM, and HPC are secure at the 1st-order but incur significant overheads in terms of performance. Another requirement is that security shall be ensured even when the device is aged. Pre-silicon security evaluation is now a normatively approved method to characterize the expected resiliency against attacks ahead of time. However, in this regard, there is still a fragmentation in terms of leakage models, Points of Interest (PoI) selection, attack order, and distinguishers. Accordingly, in this paper we focus on such factors as they affect the success of side-channel analysis attacks and assess the resiliency of the state-of-the-art masking styles in various corners. Moreover, we investigate the impact of device aging as another factor and analyze its influence on the success of side-channel attacks targeting the state-of-the-art masking schemes. This pragmatic evaluation enables risk estimation in a complex PPA (Power, Performance, and Area) and security plane while also considering aging impacts into account. For instance, we explore the trade-off between low-cost secure styles attackable at 1st-order vs high-cost protection attackable only at 2nd-order.more » « less
-
We study economic incentives provided by space-time dynamics of day-ahead and real-time electricity markets. Specifically, we seek to analyze to what extent such dynamics promote decentralization of technologies for generation, consumption, and storage (which is essential to obtain a more flexible power grid). Incentives for decentralization are also of relevance given recent interest in the deployment of small-scale modular technologies (e.g., modular ammonia and biogas production systems). Our analysis is based on an asset placement problem that seeks to find optimal locations for generators and loads in the network that minimize profit risk. We show that an unconstrained version of this problem can be cast as an eigenvalue problem. Under this representation, optimal network allocations are eigenvectors of the space-time price covariance matrix while the eigenvalues are the associated profit variances. We also construct a more sophisticated placement formulation that captures different risk metrics and constraints on types of technologies to systematically analyze trade-offs in expected profit and risk. Our analysis reveals that space-time market dynamics provide significant incentives for decentralization and strategic asset placement but that full mitigation of risk is only possible through simultaneous investment in generation and loads (which can be achieved using batteries or microgrids).more » « less
-
As network services progress and mobile and IoT environments expand, numerous security concerns have surfaced for spectrum access systems (SASs). The omnipresent risk of Denial-of-Service (DoS) attacks and raising concerns about user privacy (e.g., location privacy, anonymity) are among such cyber threats. These security and privacy risks increase due to the threat of quantum computers that can compromise longterm security by circumventing conventional cryptosystems and increasing the cost of countermeasures. While some defense mechanisms exist against these threats in isolation, there is a significant gap in the state of the art on a holistic solution against DoS attacks with privacy and anonymity for spectrum management systems, especially when post-quantum (PQ) security is in mind. In this paper, we propose a new cybersecurity framework, PACDoSQ, which is the first to offer location privacy and anonymity for spectrum management with counter DoS and PQ security simultaneously. Our solution introduces the private spectrum bastion concept to exploit existing architectural features of SASs and then synergizes them with multi-server private information retrieval and PQ-secure Tor to guarantee a location-private and anonymous acquisition of spectrum information, together with hash-based client-server puzzles for counter DoS. We prove that PACDoSQ achieves its security objectives and show its feasibility via a comprehensive performance evaluation.more » « less
-
null (Ed.)This paper addresses security and risk management of hardware and embedded systems across several applications. There are three companies involved in the research. First is an energy technology company that aims to leverage electric- vehicle batteries through vehicle to grid (V2G) services in order to provide energy storage for electric grids. Second is a defense contracting company that provides acquisition support for the DOD's conventional prompt global strike program (CPGS). These systems need protections in their production and supply chains, as well as throughout their system life cycles. Third is a company that deals with trust and security in advanced logistics systems generally. The rise of interconnected devices has led to growth in systems security issues such as privacy, authentication, and secure storage of data. A risk analysis via scenario-based preferences is aided by a literature review and industry experts. The analysis is divided into various sections of Criteria, Initiatives, C-I Assessment, Emergent Conditions (EC), Criteria-Scenario (C-S) relevance and EC Grouping. System success criteria, research initiatives, and risks to the system are compiled. In the C-I Assessment, a rating is assigned to signify the degree to which criteria are addressed by initiatives, including research and development, government programs, industry resources, security countermeasures, education and training, etc. To understand risks of emergent conditions, a list of Potential Scenarios is developed across innovations, environments, missions, populations and workforce behaviors, obsolescence, adversaries, etc. The C-S Relevance rates how the scenarios affect the relevance of the success criteria, including cost, schedule, security, return on investment, and cascading effects. The Emergent Condition Grouping (ECG) collates the emergent conditions with the scenarios. The generated results focus on ranking Initiatives based on their ability to negate the effects of Emergent Conditions, as well as producing a disruption score to compare a Potential Scenario's impacts to the ranking of Initiatives. The results presented in this paper are applicable to the testing and evaluation of security and risk for a variety of embedded smart devices and should be of interest to developers, owners, and operators of critical infrastructure systems.more » « less
