skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: EU Cyber Resilience Act: Socio-Technical and Research Challenges (Dagstuhl Seminar 24112)
This report documents the program and the outcomes of Dagstuhl Seminar "EU Cyber Resilience Act: Socio-Technical and Research Challenges" (24112). This timely seminar brought together experts in computer science, tech policy, and economics, as well as industry stakeholders, national agencies, and regulators to identify new research challenges posed by the EU Cyber Resilience Act (CRA), a new EU regulation that aims to set essential cybersecurity requirements for digital products to be permissible in the EU market. The seminar focused on analyzing the proposed text and standards for identifying obstacles in standardization, developer practices, user awareness, and software analysis methods for easing adoption, certification, and enforcement. Seminar participants noted the complexity of designing meaningful cybersecurity regulations and of aligning regulatory requirements with technological advancements, market trends, and vendor incentives, referencing past challenges with GDPR and COPPA adoption and compliance. The seminar also emphasized the importance of regulators, marketplaces, and both mobile and IoT platforms in eliminating malicious and deceptive actors from the market, and promoting transparent security practices from vendors and their software supply chain. The seminar showed the need for multi-disciplinary and collaborative efforts to support the CRA’s successful implementation and enhance cybersecurity across the EU.  more » « less
Award ID(s):
2217771
PAR ID:
10545908
Author(s) / Creator(s):
; ; ; ; ;
Publisher / Repository:
Dagstuhl Reports
Date Published:
Volume:
14
Issue:
3
Page Range / eLocation ID:
52-74
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, Harvard Journal of Law & Technology)
    The EU ePrivacy Directive requires consent before using cookies or other tracking technologies, while the EU General Data Protection Regulation (“GDPR”) sets high-level and principle-based requirements for such consent to be valid. However, the translation of such requirements into concrete design interfaces for consent banners is far from straightforward. This situation has given rise to the use of manipulative tactics in user experience (“UX”), commonly known as dark patterns, which influence users’ decision-making and may violate the GDPR requirements for valid consent. To address this problem, EU regulators aim to interpret GDPR requirements and to limit the design space of consent banners within their guidelines. Academic researchers from various disciplines address the same problem by performing user studies to evaluate the impact of design and dark patterns on users’ decision making. Regrettably, the guidelines and user studies rarely impact each other. In this Essay, we collected and analyzed seventeen official guidelines issued by EU regulators and the EU Data Protection Board (“EDPB”), as well as eleven consent-focused empirical user studies which we thoroughly studied from a User Interface (“UI”) design perspective. We identified numerous gaps between consent banner designs recommended by regulators and those evaluated in user studies. By doing so, we contribute to both the regulatory discourse and future user studies. We pinpoint EU regulatory inconsistencies and provide actionable recommendations for regulators. For academic scholars, we synthesize insights on design elements discussed by regulators requiring further user study evaluations. Finally, we recommend that EDPB and EU regulators, alongside usability, Human-Computer Interaction (“HCI”), and design researchers, engage in transdisciplinary dialogue in order to close the gap between EU guidelines and user studies. 
    more » « less
  2. ; ; (, IEEE Network)
    Modern 5G systems are not standalone systems that come from a single vendor or supplier. In fact, it comprises an integration of complex software, hardware, and cloud services that are developed by specialist entities. Moreover, these components have a supply chain that may have linkages and relationships between different vendors. A mobile network operator relies on the functionality and integrity of all the constituent components and their suppliers to ensure the communication network’s confidentiality, integrity, and availability. While the operator can employ cybersecurity best practices itself, it does not have control over the cybersecurity practices of its immediate vendors and the wider supply chain. Recently, attackers have exploited cyber vulnerabilities in the supplier network to launch large-scale breaches and attacks. Hence, the supply chain becomes a weak link in the overall cybersecurity of the 5G system. Hence, it is becoming crucial for operators to understand the cyber risk to their infrastructure, with a particular emphasis on the supply chain risk. In this paper, we systematically break down and analyze the 5G network architecture and its complex supply chains. We present an overview of the key challenges in the cybersecurity of 5G supply chains and propose a systemic cyber risk assessment methodology to help illuminate the risk sources and use it to manage and mitigate the risk. It will guide stakeholders in establishing a secure and resilient 5G network ecosystem, safeguarding the backbone of modern digital infrastructure against potential cybersecurity threats. 
    more » « less
  3. ; ; ; ; ; ; (, IEEE)
    The enormous advancement of digital technology and the Internet usage have significantly improved our lives, but have threatened our security and privacy as well. Cyberattacks may have harmful long-term implications to individuals and organizations. High school students are accessible targets for various cybercrimes due to the lack of cybersecurity knowledge and cyber-safe practices. It is important that education about cybersecurity awareness and cyber hygiene practices must begin at a young age. Offering cybersecurity knowledge through interactive tutorials and game-based techniques may increase students' interest in this domain. To develop a security mindset and improve the perception and attitude towards cybersecurity, we created an interactive cybersecurity framework for high school students. Through this framework, we attempt to effectively educate students in cybersecurity through interactive animated visualization modules developed in Unity 3D engine, enabling learning of physical, software, and mathematical aspects of cybersecurity. Each topic in the visualization tool is explained in four stages including information, interaction, explanation, and assessment. Several surveys have been conducted to determine whether this framework enhances users' cognitive abilities. 
    more » « less
  4. ; ; ; (, Journal of Environmental Quality)
    Abstract Increasing the resilience of agricultural landscapes requires fundamental changes to the dominant commodity production model, including incorporating practices such as reduced tillage, cover cropping, and extended rotations that reduce soil disturbance while increasing biological diversity. Increasing farmer adoption of these conservation systems offers the potential to transform agriculture to a more vibrant, resilient system that protects soil, air, and water quality. Adoption of these resilience practices is not without significant challenges. This paper presents findings from a participatory effort to better understand these challenges and to develop solutions to help producers overcome them. Through repeated, facilitated discussions with farmers and agricultural and conservation professionals across the U.S. state of Michigan, we confronted the policy, economic, and structural barriers that are inhibiting broader adoption of conservation systems, as well as identified policies, programs, and markets that can support their adoption. What emerged was a complex picture and dynamic set of challenges at multiple spatial scales and across multiple domains. The primary themes emerging from these discussions were barriers and opportunities, including markets, social networks, human capital, and conservation programs. Exacerbating the technical, agronomic, and economic challenges farmers face at the farm level, there are a host of community constraints, market access and availability problems, climatic and environmental changes, and policies (governmental and corporate) that cross‐pressure farmers when it comes to making conservation decisions. Understanding these constraints is critical to developing programs, policies, and state and national investments that can drive adoption of conservation agriculture. 
    more » « less
  5. ; ; ; ; ; ; (, Annual IEEE Systems Conference)
    Modeling from the perspectives of software engineering and systems engineering have co-evolved over the last two decades as orthogonal approaches. Given the central role of software in modern cyber-physical systems and the increasing adoption of digital engineering practices in complex systems design, there is now significant opportunity for collaborative design among system users, software developers, and systems engineers. Model-based systems engineering (MBSE) and systems modeling languages can support seamless cross-domain connectivity for design, simulation, and analysis of emerging technologies such as Augmented Reality (AR). This paper presents a co-design process for extending the capability of an existing AR application referred to as a No-Code AR Systems (NCARS) framework. NCARS enables content developed by multi-domain authors to be deployed on AR devices through a software layer that bridges the content to the game engine that drives the AR system. Utilizing a software dependency diagram of the AR Annotation function, an existing MBSE model of the AR system is extended to include the structure and behavior of relevant software components. This allows a modular design of the system to address needs in integrating new requirements into the existing application. New user requirements for tracking items in motion in the user’s physical environment with virtual annotations in the augmented space are collaboratively designed and visualized through use case, block definition, internal block, and sequence diagrams. They capture the required structure and behavior of the proposed to-be system. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email