Cybersecurity and Government Minitrack

Permanent URI for this collection

This mintrack explores the pressing issues surrounding the intersection of cybersecurity and government spheres of influence. Whether technical or policy, from information sharing to new analytical methods of detection of threats, this minitrack casts a wide net to cross disciplinary thinking to problems with far-reaching implications. The cybersecurity aspects of critical infrastructure systems has become a hot topic for countries all across the globe. Information Technology has become pervasive in all aspects of our lives and this includes elements referred to as critical infrastructures.

This minitrack examines aspects associated with the security of information technology (IT) and operational technology (OT) used by governments and critical infrastructures and explores ways that IT can enhance the ability of governments to ensure the safety and security of its citizens. Governments have embraced IT to interface with citizens in a more efficient manner. Security issues have risen to the forefront as a result of data disclosures and identity theft incidents discussed in mainstream media. Other critical issues include intellectual property theft and criminal acts involving computers. Many foreign governments have more control over their infrastructure, but in the end, security is still an important topic that needs to be addressed. Information security is an area where policy has not kept up with technology, placing nations and their relations over this topic into uncharted territories.

This is a wide focus minitrack, if your research involves security associated with IT or OT, and has a government component, then this is its home. Topics include, but are not limited to:

  • Systems for governments to respond to security events
  • Critical Infrastructure Protection (CIP)
  • Cyber physical systems security
  • Supervisory Control and Data Acquisition (SCADA) and control systems
  • Information assurance and trusted Computing
  • Information sharing
  • Information security economics
  • Information warfare
  • Incident response
  • New threats, including insider and nation states
  • Digital forensics
  • Privacy and freedom of information
  • Security management
  • Laws and regulation of IT security
  • Security concerns of new technologies, e.g. social media, mobile computing
  • Government disaster recovery and business continuity
  • Case reports related to security experiences within government

Minitrack Co-Chairs:

Greg White (Primary Contact)
The University of Texas at San Antonio
Email: greg.white@utsa.edu

Wm. Arthur Conklin
University of Houston
Email: waconklin@uh.edu

Keith B. Harrison
The University of Texas at San Antonio
Email: keith.harrison@utsa.edu

Browse

Recent Submissions

Now showing 1 - 6 of 6
  • Item
    State and Community Information Sharing and Analysis Organizations
    (2017-01-04) White, Gregory; Harrison, Keith
    For many years the importance of sharing information on cybersecurity risks, vulnerabilities, and incidents has been understood. Organizations working in isolation are at a disadvantage when facing the types of threats existing in today’s Internet environment. Informal information sharing has been conducted for many years. More formal information sharing organizations were created in response to the 1998 Presidential Decision Directive-63. More recently, Executive Order 13691 called for the creation of information sharing and analysis organizations beyond the critical infrastructures and led to the creation of a standards organization to create standards, guidelines, and other documents to assist in the creation of information sharing organizations. This paper will discuss the history of information sharing in the United States and will explain the potential impact for states and communities. The importance of developing state and community information sharing organizations will be discussed along with the challenges in establishing them.
  • Item
    Securing Birth Certificate Documents with DNA Profiles
    (2017-01-04) Tannian, Mark; Schweikert, Christina; Liu, Ying
    The birth certificate is a document used by a person to obtain identification and licensing documents throughout their lifetime. For identity verification, the birth certificate provides limited information to support a person’s claim of identity. Authentication to the birth certificate is strictly a matter of possession. DNA profiling is becoming a commodity analysis that can be done accurately in under two hours with little human intervention. The DNA profile is a superior biometric to add to a birth record because it is stable throughout a person’s life and beyond. Acceptability of universal DNA profiling will depend heavily on privacy and safety concerns. This paper uses the U.S. FBI CODIS profile as a basis to discuss the effectiveness of DNA profiling and to provide a practical basis for a discussion of potential privacy and authenticity controls. As is discussed, adopting DNA profiles to improve document security should be done cautiously.
  • Item
    Proper Incentives for Proper IT Security Management – A System Dynamics Approach
    (2017-01-04) Gonzalez, Jose J.; Trcek, Denis
    Abstract \ It has been known for many years that security failures are caused at least as often by bad incentives as by bad design. However, the regulatory correction of bad incentives is not easy in practice and it is still lacking. In the meantime, system dynamics models of security systems can improve the situation by increasing the awareness that misaligned incentives can backfire as long-term consequences of security failures hit back the principal. We illustrate our argument using system archetypes and concept simulation models revealing the impact of two different security strategies, viz. misaligned incentives (the customer having the burden of proof in case of alleged fraud) vs the bank having the burden of proof. From this we argue that online system dynamics could be used in eGovernment to educate principals and the public. Also, legal measures could become more effective when supported with forensic evidence from simulation models. \
  • Item
    An Optimization Framework for Generalized Relevance Learning Vector Quantization with Application to Z-Wave Device Fingerprinting
    (2017-01-04) Bihl, Trevor; Temple, Michael; Bauer, Kenneth
    Z-Wave is low-power, low-cost Wireless Personal Area Network (WPAN) technology supporting Critical Infrastructure (CI) systems that are interconnected by government-to-internet pathways. Given that Z-wave is a relatively unsecure technology, Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting is considered here to augment security by exploiting statistical features from selected signal responses. Related RF-DNA efforts include use of Multiple Discriminant Analysis (MDA) and Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifiers, with GRLVQI outperforming MDA using empirically determined parameters. GRLVQI is optimized here for Z-Wave using a full factorial experiment with spreadsheet search and response surface methods. Two optimization measures are developed for assessing Z-Wave discrimination: 1) Relative Accuracy Percentage (RAP) for device classification, and 2) Mean Area Under the Curve (AUCM) for device identity (ID) verification. Primary benefits of the approach include: 1) generalizability to other wireless device technologies, and 2) improvement in GRLVQI device classification and device ID verification performance.
  • Item
    An Evolution Roadmap for Community Cyber Security Information Sharing Maturity Model
    (2017-01-04) Zhao, Wanying; White, Gregory
    Cyber security has become one of the most important challenges, which is especially true for communities. A community generally consists of all of the entities within a geographical region, including both public and private infrastructures. Cyber attacks and other cyber threats can result in disruption and destruction of critical services and cause potentially devastating impacts in a community. \ \ An effective information collection, sharing and incident collaboration and coordination process is needed in communities to detect potential risks, prevent cyber attacks at an early stage, and facilitate incident response and preparedness activities. In this paper, an expanded collaborative information sharing framework that aims to improve community cyber security is presented. An Information Sharing Maturity Model is developed as a roadmap with evolutionary procedures and incremental steps for community organizations to advance in information sharing maturity.
  • Item
    Introduction to Cybersecurity and Government Minitrack
    (2017-01-04) White, Gregory; Conklin, Wm. Arther; Harrison, Keith