C3E 2016 Mid-Year Worksheet: Understanding Cyber Consequences

 

The purpose of the C3E mid-year event is to take stock of the research and state of understanding about the track themes. It is also designed to help shape the participants and various activities – such as speakers, in-track activities, exercises -- that we bring to the Fall C3E event.

This worksheet helps to frame some of the questions that we’d like to hear about from all of the participants at the mid-year event. Your inputs are welcome.

Track: Understanding Cyber Dependence:

- Validating known and discovering unknown interdependencies: what analytic methods or tools inform us of our interdependencies, and at what confidence levels? What new approaches can inform our thinking about this? What capabilities are needed to delineate the degree of dependence that is acceptable for decision-making?

Question: What’s the state of the art in understanding links and nodes within systems and networks? What is the level of detail we can define and describe with a view toward decision- making (e.g., if that node is attacked, it will have bad consequences for linked systems v. if that node is attacked, 50% of linkages will degrade 25%)

Question: What are the most important lines of inquiry and discussion about this issue? Where are there gaps?

Question: Who are the top researchers working on this this issue in government, academia, industry?

Question: Who might be a good speaker on this topic to catalyze C3E discussions?

Question: Are there any specific vetted activities outside the normal C3E activities that might be helpful in catalyzing discussion?

Track: Improving Analytic Frameworks for Resilience:

The Federal Cyber R&D Strategy (2016) defines resilience as “the ability to prepare for and adjust to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.”

- In order to achieve resilience and agility in cyberspace, we have to better understand the context of actions by others. How can analytic frameworks — such as the pursuit of enhanced context — be applied in order to maximize courses of action? How can we formalize context in order to improve insights about risk of action to decision-makers? What tools are available and/or needed that can help us to tailor investments so that risk can be more easily managed?

Question: what precisely do you consider analytic context in the cyber realm? What kinds of data are potentially helpful as contextual data? What are the best practices of capturing, measuring, evaluating these kinds of data?

Question: What are the most important lines of inquiry and discussion about this issue? Where are there gaps?

Question: Who are the top people following this issue in government, academia, industry?

Question: Who might be a good speaker on this topic to catalyze C3E discussions?

Question: Are there any specific vetted activities outside the normal C3E activities that might be helpful in catalyzing discussion?