Supported by the Science of Security and Privacy Program (SoS) of the National Security Agency (NSA), managed by US Department of Defense, the Third Imperative focuses on institutional and organizational challenges that impede effective policy for cybersecurity of cyber-physical systems.
Mounting concerns about the safety and security of critical infrastructure have resulted in an intricate ecosystem of cybersecurity guidelines and policies, as well as directives and compliance measures. By definition, such guidelines and policies are written in linear, sequential text form—word after word, chapter after chapter—often with different segments thereof presented in different documents.
Such a situation makes it difficult to integrate or even to understand the policy-technology-security interactions. In addition, it also impedes effective risk assessment. In short, individually or collectively, these features inevitably undermine cybersecurity initiatives.
There is a strong demand for fundamental policy analytics to support cybersecurity and reduce barriers to policy implementation. Our goal is to represent policy directives in computational terms and the to allow for alignment to target system properties.
We begin with the most fundamental feature of all policy statements, formal as well as informal, namely that they are articulated and presented in text form. Then we turn to information about the system-target of policy that is also generally put forth in text form – word after word, sentence after sentence, and sections after section.
The methods we use are content analytic, rather than linguistic and syntactic. Here we highlight three aspects of our research activities for the SoS Program:
Analytics for Cybersecurity Policy – NSA Science of Security & Privacy Program
Presents context and motivation, technical challenges and research design.
Proof of Concept – Smart Grid for Electric Power Systems
Demonstrates approach, illustrates research, and presents select results.
Contributions to Science of Security & Privacy Program
Presents analysis and results of smart grid for electric power systems.
Capturing the Value of Policy
Identifies the criteria for “Value”.
Final Report
Summarizes research, results, and links to methods and all details.