Resilience of Cyber Systems with Over- and Underregulation

Risk Analysis

Volumn 37, Issue 9, 2017, Pages 1644-1651

  Gisladottir, Viktoria ^a   Ganin, Alexander A ^a,b   Keisler, Jeffrey M ^c   Kepner, Jeremy ^d   Linkov, Igor ^a  

^a U S ARMY ENGINEER RESEARCH AND DEVELOPMENT CENTER   (United States)

^b UNIVERSITY OF VIRGINIA   (United States)

^c UNIVERSITY OF MASSACHUSETTS BOSTON   (United States)

^d MIT LINCOLN LABORATORY   (United States)

Author keywords

Cyber network; regulation; resilience

Indexed keywords

BEHAVIORAL RESEARCH; HUMAN ENGINEERING; NETWORK SECURITY; PERSONNEL TRAINING;

BEHAVIORAL SCIENCE; POLICY IMPLEMENTATIONS; REGULATION; REGULATORY ENVIRONMENT; REGULATORY MODEL; RESILIENCE; RULES AND REGULATIONS; STATE GOVERNMENTS;

COMPUTER CRIME;

ASSESSMENT METHOD; CRIME; DECISION MAKING; GOVERNMENT; HOLISTIC APPROACH; POLICY IMPLEMENTATION; SOCIAL POLICY; VULNERABILITY;

ARTICLE; BEHAVIORAL SCIENCE; COMPUTER SECURITY; EMPLOYEE; HUMAN; LATITUDE; STRESS;

EID: 85006760673     PISSN: 02724332     EISSN: 15396924     Source Type: Journal    
DOI: 10.1111/risa.12729     Document Type: Article

References (28)

1. National Institute of Standards and Technology. Framework for Improving Critical Infrastructure Cybersecurity, February 12, 2014. 41 p. Available at: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf, Accessed December 15, 2015.
2. U.S. Department of Homeland Security. National Cybersecurity Protection System (NCPS), October 14, 2015. Available at: http://www.dhs.gov/national-cybersecurity-protection-system-ncps, Accessed December 15, 2015.
3. Shleifer A. Understanding regulation. European Financial Management, 2005; 11(4):439–451.
4. Williams R, Adams M. Regulatory Overload. Arlington, VA: Mercatus Center at George Mason University, February 2012. 4 p. Report No.: 103. Available at: http://mercatus.org/sites/default/files/Regulatory_Overload_WilliamsAdams_MOP103.pdf, Accessed December 15, 2015.
5. Waldrop MM. How to hack the hackers: The human side of cybercrime. Nature, 2016; 533(7602):164–167.
6. U.S. Government Publishing Office. Code of Federal Regulations (Annual Edition). Washington, DC, 2015. Available at: https://www.gpo.gov/fdsys/browse/collectionCfr.action?collectionCode=CFR, Accessed December 15, 2015.
7. Gunningham N, Johnstone R. Regulating Workplace Safety: System and Sanctions. Oxford: Oxford University Press, 1999.
8. CESG, Government Communications Headquarters. Password Guidance: Simplifying Your Approach. Cheltenham, UK, March 15, 2016. Available at: https://www.cesg.gov.uk/guidance/password-guidance-simplifying-your-approach, Accessed May 31, 2016.
9. Kepner J, Gadepally V, Michaleas P. Percolation model of insider threats to assess the optimum number of rules. Environment Systems and Decisions, 2015; 35(4):504–510.
10. Magat WA, Viscusi WK, Huber J. Consumer processing of hazard warning information. Journal of Risk and Uncertainty, 1988; 1(2):201–232.
11. Obama B. Toward a 21st century regulatory system. Wall Street Journal, 2011.
12. Ogus A. Comparing Regulatory Systems: Institutions, Processes and Legal Forms in Industrialised Countries. Manchester, UK: University of Manchester, 2002. Report No.: 35/2002. Available at: http://purl.umn.edu/30609, Accessed December 15, 2015.
13. Saji G. Safety goals in “risk-informed, performance-based” regulation. Reliability Engineering & System Safety, 2003; 80(2):163–172.
14. Linkov I, Florin MV (eds). International Risk Governance Council (IRGC) Resource Guide on Resilience. Lausanne, Switzerland: EPFL International Risk Governance Center, 2016. Available at: http://www.irgc.org/irgc-resource-guide-on-resilience/.
15. Zhu Q, Basar T. Robust and Resilient Control Design for Cyber-Physical Systems with an Application to Power Systems, 2011; IEEE, pp. 4066–4071.
16. Aizenman J. Financial Crisis and the Paradox of Under- and Over-Regulation. Cambridge, MA: National Bureau of Economic Research, May 2009. Report No.: w15018. Available at: http://www.nber.org/papers/w15018.pdf, Accessed December 15, 2015.
17. Linkov I, Bridges T, Creutzig F, Decker J, Fox-Lent C, Kröger W, Lambert JH, Levermann A, Montreuil B, Nathwani J, Nyer R, Renn O, Scharte B, Scheffler A, Schreurs M, et al. Changing the resilience paradigm. Nature Climate Change, 2014; 4(6):407–409.
18. Catanzaro M, Boguñá M, Pastor-Satorras R. Generation of uncorrelated random scale-free networks. Physical Review E, 2005; 71(2):027103.
19. U.S. Census Bureau. U.S., NAICS Sectors, Larger Employment Sizes [Internet]. Washington, DC, February 9, 2016. Available at: http://www2.census.gov/econ/susb/data/2013/us_naicssector_large_emplsize_2013.xlsx, Accessed May 30, 2016.
20. Barabasi A. Emergence of scaling in random networks. Science, 1999; 286(5439):509–512.
21. Ganin AA, Massaro E, Gutfraind A, Steen N, Keisler JM, Kott A, Mangoubi R, Linkov I. Operational resilience: concepts, design and analysis. Scientific Reports, 2016; 6:19540.
22. Carroll JS. Redundancy as a design principle and an operating principle. Risk Analysis, 2004; 24(4):955–957.
23. Bunn M. Thinking about how many guards will do the job. Risk Analysis, 2004; 24(4):949–953.
24. Sagan SD. The problem of redundancy problem: Why more nuclear security forces may produce less nuclear security. Risk Analysis, 2004; 24(4):935–946.
25. Ghaffarzadegan N. How a system backfires: Dynamics of redundancy problems in security. Risk Analysis, 2008; 28(6):1669–1687.
26. Bauer JM, van Eeten MJG. Cybersecurity: Stakeholder incentives, externalities, and policy options. Telecommunications Policy, 2009; 33(10–11):706–719.
27. Milan Z. Management support systems: Towards integrated knowledge management. Human Systems Management, 1987;(1):59–70.
28. Wood MD, Thorne S, Kovacs D, Butte G, Linkov I. Mental Modeling Approach: Risk management application case studies. New York, NY: Springer-Verlag, 2017; 251 P.