An official website of the United States government
The increasing digitization of agricultural operations has introduced new cybersecurity challenges for the farming community. This paper introduces an educational intervention called Cybersecurity Improvement Initiative for Agriculture (CIIA), which aims to strengthen cybersecurity awareness and resilience among farmers and food producers. Using a case study that focuses on farmers from the Ponca Tribe of Nebraska, the research evaluates pre- and post- intervention survey data to assess participants’ cybersecurity knowledge and awareness before and after exposure to the CIIA. The findings reveal a substantial baseline deficiency in cybersecurity education among participants, however, post-intervention assessments demonstrate improvements in the comprehension of cybersecurity concepts, such as password hygiene, multi-factor authentication, and the necessity of routine data backups. These initial findings highlight the need for a continued and sustained, community-specific cybersecurity education effort to help mitigate emerging cyber threats in the agricultural sector.
more »
« less
EU Cyber Resilience Act: Socio-Technical and Research Challenges (Dagstuhl Seminar 24112)
This report documents the program and the outcomes of Dagstuhl Seminar "EU Cyber Resilience Act: Socio-Technical and Research Challenges" (24112). This timely seminar brought together experts in computer science, tech policy, and economics, as well as industry stakeholders, national agencies, and regulators to identify new research challenges posed by the EU Cyber Resilience Act (CRA), a new EU regulation that aims to set essential cybersecurity requirements for digital products to be permissible in the EU market. The seminar focused on analyzing the proposed text and standards for identifying obstacles in standardization, developer practices, user awareness, and software analysis methods for easing adoption, certification, and enforcement. Seminar participants noted the complexity of designing meaningful cybersecurity regulations and of aligning regulatory requirements with technological advancements, market trends, and vendor incentives, referencing past challenges with GDPR and COPPA adoption and compliance. The seminar also emphasized the importance of regulators, marketplaces, and both mobile and IoT platforms in eliminating malicious and deceptive actors from the market, and promoting transparent security practices from vendors and their software supply chain. The seminar showed the need for multi-disciplinary and collaborative efforts to support the CRA’s successful implementation and enhance cybersecurity across the EU.
more »
« less
- Award ID(s):
- 2217771
- PAR ID:
- 10545908
- Publisher / Repository:
- Dagstuhl Reports
- Date Published:
- Volume:
- 14
- Issue:
- 3
- Page Range / eLocation ID:
- 52-74
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The EU ePrivacy Directive requires consent before using cookies or other tracking technologies, while the EU General Data Protection Regulation (“GDPR”) sets high-level and principle-based requirements for such consent to be valid. However, the translation of such requirements into concrete design interfaces for consent banners is far from straightforward. This situation has given rise to the use of manipulative tactics in user experience (“UX”), commonly known as dark patterns, which influence users’ decision-making and may violate the GDPR requirements for valid consent. To address this problem, EU regulators aim to interpret GDPR requirements and to limit the design space of consent banners within their guidelines. Academic researchers from various disciplines address the same problem by performing user studies to evaluate the impact of design and dark patterns on users’ decision making. Regrettably, the guidelines and user studies rarely impact each other. In this Essay, we collected and analyzed seventeen official guidelines issued by EU regulators and the EU Data Protection Board (“EDPB”), as well as eleven consent-focused empirical user studies which we thoroughly studied from a User Interface (“UI”) design perspective. We identified numerous gaps between consent banner designs recommended by regulators and those evaluated in user studies. By doing so, we contribute to both the regulatory discourse and future user studies. We pinpoint EU regulatory inconsistencies and provide actionable recommendations for regulators. For academic scholars, we synthesize insights on design elements discussed by regulators requiring further user study evaluations. Finally, we recommend that EDPB and EU regulators, alongside usability, Human-Computer Interaction (“HCI”), and design researchers, engage in transdisciplinary dialogue in order to close the gap between EU guidelines and user studies.more » « less
-
Modern 5G systems are not standalone systems that come from a single vendor or supplier. In fact, it comprises an integration of complex software, hardware, and cloud services that are developed by specialist entities. Moreover, these components have a supply chain that may have linkages and relationships between different vendors. A mobile network operator relies on the functionality and integrity of all the constituent components and their suppliers to ensure the communication network’s confidentiality, integrity, and availability. While the operator can employ cybersecurity best practices itself, it does not have control over the cybersecurity practices of its immediate vendors and the wider supply chain. Recently, attackers have exploited cyber vulnerabilities in the supplier network to launch large-scale breaches and attacks. Hence, the supply chain becomes a weak link in the overall cybersecurity of the 5G system. Hence, it is becoming crucial for operators to understand the cyber risk to their infrastructure, with a particular emphasis on the supply chain risk. In this paper, we systematically break down and analyze the 5G network architecture and its complex supply chains. We present an overview of the key challenges in the cybersecurity of 5G supply chains and propose a systemic cyber risk assessment methodology to help illuminate the risk sources and use it to manage and mitigate the risk. It will guide stakeholders in establishing a secure and resilient 5G network ecosystem, safeguarding the backbone of modern digital infrastructure against potential cybersecurity threats.more » « less
-
The enormous advancement of digital technology and the Internet usage have significantly improved our lives, but have threatened our security and privacy as well. Cyberattacks may have harmful long-term implications to individuals and organizations. High school students are accessible targets for various cybercrimes due to the lack of cybersecurity knowledge and cyber-safe practices. It is important that education about cybersecurity awareness and cyber hygiene practices must begin at a young age. Offering cybersecurity knowledge through interactive tutorials and game-based techniques may increase students' interest in this domain. To develop a security mindset and improve the perception and attitude towards cybersecurity, we created an interactive cybersecurity framework for high school students. Through this framework, we attempt to effectively educate students in cybersecurity through interactive animated visualization modules developed in Unity 3D engine, enabling learning of physical, software, and mathematical aspects of cybersecurity. Each topic in the visualization tool is explained in four stages including information, interaction, explanation, and assessment. Several surveys have been conducted to determine whether this framework enhances users' cognitive abilities.more » « less
-
Modeling from the perspectives of software engineering and systems engineering have co-evolved over the last two decades as orthogonal approaches. Given the central role of software in modern cyber-physical systems and the increasing adoption of digital engineering practices in complex systems design, there is now significant opportunity for collaborative design among system users, software developers, and systems engineers. Model-based systems engineering (MBSE) and systems modeling languages can support seamless cross-domain connectivity for design, simulation, and analysis of emerging technologies such as Augmented Reality (AR). This paper presents a co-design process for extending the capability of an existing AR application referred to as a No-Code AR Systems (NCARS) framework. NCARS enables content developed by multi-domain authors to be deployed on AR devices through a software layer that bridges the content to the game engine that drives the AR system. Utilizing a software dependency diagram of the AR Annotation function, an existing MBSE model of the AR system is extended to include the structure and behavior of relevant software components. This allows a modular design of the system to address needs in integrating new requirements into the existing application. New user requirements for tracking items in motion in the user’s physical environment with virtual annotations in the augmented space are collaboratively designed and visualized through use case, block definition, internal block, and sequence diagrams. They capture the required structure and behavior of the proposed to-be system.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript
- Workshop Report:
- The DOI is not currently available.
