The Internet Under Crisis Conditions

This report presents findings of a workshop featuring representatives of Internet Service Providers and others with access to data and insights about how the Internet performed on and immediately after the September 11 attacks. People who design and operate networks were asked to share data and their own preliminary analyses among participants in a closed workshop. They and networking researchers evaluated these inputs to synthesize lessons learned and derive suggestions for improvements in technology, procedures, and, as appropriate, policy.

This book explores the management of information in crises, particularly the interconnectedness of information, people, and technologies during crises. Natural disasters, such as the Haiti earthquake and Hurricane Katrina, and 9/11 and human-made crises, such as the recent political disruption in North Africa and the Middle East, have demonstrated that there is a great need to understand how individuals, government, and non-government agencies create, access, organize, communicate, and disseminate information within communities during crisis situations. This edited book brings together papers written by researchers and practitioners from a variety of information perspectives in crisis preparedness, response and recovery. Edited by the author who coined the term crisis informatics Provides new technological insights into crisis management information Contributors are from information science, information management, applied information technology, informatics, computer science, telecommunications, and libraries

All critical infrastructures are increasingly dependent on the information infrastructure for information management, communications, and control functions. Protection of the critical information infrastructure (CIIP), therefore, is of prime concern. To help with this step, the National Academy of Engineering asked the NRC to assess the various legal issues associated with CIIP. These issues include incentives and disincentives for information sharing between the public and private sectors, and the role of FOIA and antitrust laws as a barrier or facilitator to progress. The report also provides a preliminary analysis of the role of criminal law, liability law, and the establishment of best practices, in encouraging various stakeholders to secure their computer systems and networks.

In the past few years, the concept of robustness has been the subject of growing interest in the natural and engineering sciences. Building on traditional fields such as stability, reliability, and control theory, the study of robustness focuses on the ability of a system to maintain specified features when subject to assemblages of perturbations either internal or external. In most cases, the system of interest is not in equilibrium, and the perturbations are typically such that it is unrealistic to attempt estimations of their supports and distributions.

"This book explores the latest empirical research and best real-world practices for preventing, weathering, and recovering from disasters such as earthquakes or tsunamis to nuclear disasters and cyber terrorism"--Provided by publisher.

The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. Current contributions build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. Economics of Information Security and Privacy III addresses the following questions: how should information risk be modeled given the constraints of rare incidence and high interdependence; how do individuals' and organizations' perceptions of privacy and security color their decision making; how can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders?

The focus of Software for Dependable Systems is a set of fundamental principles that underlie software system dependability and that suggest a different approach to the development and assessment of dependable software. Unfortunately, it is difficult to assess the dependability of software. The field of software engineering suffers from a pervasive lack of evidence about the incidence and severity of software failures; about the dependability of existing software systems; about the efficacy of existing and proposed development methods; about the benefits of certification schemes; and so on. There are many anecdotal reports, which-although often useful for indicating areas of concern or highlighting promising avenues of research-do little to establish a sound and complete basis for making policy decisions regarding dependability. The committee regards claims of extraordinary dependability that are sometimes made on this basis for the most critical of systems as unsubstantiated, and perhaps irresponsible. This difficulty regarding the lack of evidence for system dependability leads to two conclusions: (1) that better evidence is needed, so that approaches aimed at improving the dependability of software can be objectively assessed, and (2) that, for now, the pursuit of dependability in software systems should focus on the construction and evaluation of evidence. The committee also recognized the importance of adopting the practices that are already known and used by the best developers; this report gives a sample of such practices. Some of these (such as systematic configuration management and automated regression testing) are relatively easy to adopt; others (such as constructing hazard analyses and threat models, exploiting formal notations when appropriate, and applying static analysis to code) will require new training for many developers. However valuable, though, these practices are in themselves no silver bullet, and new techniques and methods will be required in order to build future software systems to the level of dependability that will be required.