Browsing by Subject "Cybersecurity"
Now showing 1 - 7 of 7
Results Per Page
Sort Options
Item 21st Annual Freight and Logistics Symposium: Freight and Cybersecurity(Center for Transportation Studies, University of Minnesota, 2018-12-07) Center for Transportation StudiesThis report summarizes the 21st Annual Freight and Logistics Symposium, held in Minneapolis on December 7, 2018: Keynote titled "Using New Technology to Build Trust Across Supply-Chain Networks for Improved Transparency, Efficiency, and Security" presented by Leo Janus; a panel titled Cybersecurity and the Implications for Freight moderated by Meg Duncan with panelists Brett Cooksey, Rob Fischer, Mike Johnson, and Augustine Moore; a panel titled "Cybersecurity and Data Privacy Considerations for Connected and Automated Vehicles" with Jay Hietpas and Josh Root. There is an inset titled "Minnesota focuses on truck platooning as next step for freight."Item Adulterating More Than Food: The Cyber Risk to Food Processing and Manufacturing(Food Protection and Defense Institute, 2019-09) Streng, StephenThis report illustrates the mounting cybersecurity risk facing the food industry and provides industry-specific guidance to keep operations safe and secure. The potential consequences of an attack on the industrial control systems used in the food industry include contaminated food that threatens public health, physical harm to workers, destroyed equipment, environmental damage, and massive financial losses for companies. While cybersecurity is rarely recognized as a food safety issue, the systems companies use for processing and manufacturing food contain many vulnerabilities that experts believe will soon present a more appealing target for cyberattacks than industries that are more commonly affected by, and therefore better prepared for, such attacks. The vulnerabilities are present in a wide variety of components from different vendors, making them difficult for companies to avoid. Many systems were designed before cybersecurity was a concern and use outdated operating systems and hard-coded passwords that allow attackers easier access to the system. In addition to vulnerabilities in the systems themselves, many other factors contribute to the heightened risk of cyberattacks. Companies often lack knowledge about how their industrial control systems and IT systems interact and lack awareness about cyber risks and threats. Further, there is poor coordination and information-sharing among food system stakeholders. Meanwhile, the tools required to carry out a cyberattack are becoming more powerful and requiring less skill to use. Recommendations for mitigating the risk include fostering stronger communications between food industry operations technology and information technology (IT) staff, conducting risk assessments that include inventories of both industrial control and IT systems, involving staff with cybersecurity expertise in procuring and deploying new industrial control systems, and extending the existing culture of food safety and defense to include cybersecurity.Item Developing a Concept Inventory and Active Learning for Common Computer Security Misconceptions(2021-01) Geraci, BrandonCybersecurity incidents are on the rise. Tracing these security breaches back, we linked them to people making an error due to a commonsense misconception. There is no one standard tool that gauges a student's understanding of security topics. In this research, we surveyed 75 security experts about security novices' misconceptions, coded the results, and identified 17 top misconceptions. We created open-ended questions and labs/active learning to identify and remediate those misconceptions. After revising the open-ended questions, we gave them to undergraduate students and successfully extracted real-world instances of the misconceptions in practice. We created a ten-question multiple-choice exam by converting the open-ended questions into multiple-choice with many distractors drawn from students' misconceptions. We then conducted "think-aloud interviews" with students to make sure that the questions were clear. After integrating their feedback, we administered multiple-choice exams to two groups of students; 114 CS 1 students with no formal security education and 28 students from a security course. Almost 30% of CS 1 students failed to answer more than one question correctly, and only 3.5% of CS 1 students passed with a score of 60 (a D-). However, only 21.4% of the security students passed, and no individual student got more than seven out of ten correct. Our results show that both groups of students have these common security misconceptions. While security students earned markedly higher scores, our test unequivocally shows that students are leaving the security course retaining significant misconceptions, pointing the way for improvements in teaching.Item Essays in Applied and Computational Game Theory(2019-06) Canann, TaylorThis dissertation considers computational and applied aspects of cooperative and non-cooperative game theory. The first chapter discusses a novel applied game theory approach within the field of vulnerability disclosure policy. I introduce a three-player game between software vendors, software users, and a hacker in which software vendors attempt to protect software users by releasing updates, i.e. disclosing a vulnerability, and the hacker is attempting to exploit vulnerabilities in the software package to attack the software users. The software users must determine whether the protection offered by the update outweighs the cost of installing the update. Following the model set up, I describe why low-type software users, software users that do not get much value out of the software and are thus not very damaged by an attack, prefer Non-Disclosure, and Disclosure can only be an optimal policy in cases when the cost to the hacker of searching for a zero-day vulnerability is small. Many economic problems are inherently non-linear, so in the second chapter we introduce the MGBA, the Modular Groebner Basis Approach, which is a solution technique from Algebraic Geometry that can be used to ``triangularize'' polynomial systems. The MGBA is a computational tool that overcomes the typical computational problems of intermediate coefficient swell and solving for lucky primes that can limit the ability to compute Groebner bases. The Groebner basis is an all-solution computational technique that can be applied to many fields in economics. This chapter focuses on applying the MGBA to Bertrand games with multiple equilibria and a manifold approach to solving dynamic programming problems. Advances in computational power and techniques have greatly benefited both economic theory, in allowing economists to solve more realistic models, and data analysis, such as machine learning. However, the field of cooperative game theory has fallen behind. Therefore, in the final chapter, I introduce the compression value, a computationally efficient approximation technique for the non-transferable utility (NTU) Shapley value. This algorithm gives a reasonable approximation of the NTU Shapley value if the initial guess of Pareto weights is near the actual solution.Item Food Industry Cybersecurity Summit Meeting Report(National Center for Food Protection and Defense, 2016-05-26) Streng, StephenThis report summarizes the activities and findings of the Food Industry Cybersecurity Summit (March 15–16, 2016 Washington, D.C.) a convening of nearly 40 experts from the food industry, government, and academia who gathered for presentations, robust discussions, and brainstorming and ranking exercises to 1) improve understanding of the cyber threats and risks facing the food industry, 2) identify knowledge gaps, and 3) determine actions the industry and companies can take to address them.Item Oral history interview with Lance Hoffman by Rebecca Slayton(Charles Babbage Institute, 2014-07-01) Hoffman, LanceThis interview with security pioneer Lance Hoffman discusses his entrance into the field of computer security and privacy—including earning a B.S. in math at the Carnegie Institute of Technology, interning at SDC, and earning a PhD at Stanford University—before turning to his research on computer security risk management at as a Professor at the University of California–Berkeley and George Washington University. He also discusses the relationship between his PhD research on access control models and the political climate of the late 1960s, and entrepreneurial activities ranging from the creation of a computerized dating service to the starting of a company based upon the development of a decision support tool, RiskCalc. Hoffman also discusses his work with the Association for Computing Machinery and IEEE Computer Society, including his role in helping to institutionalize the ACM Conference on Computers, Freedom, and Privacy. The interview concludes with some reflections on the current state of the field of cybersecurity and the work of his graduate students. This interview is part of a project conducted by Rebecca Slayton and funded by an ACM History Committee fellowship on “Measuring Security: ACM and the History of Computer Security Metrics.”Item Silha Bulletin(University of Minnesota, 2015-05) University of Minnesota: Silha Center for the Study of Media Ethics and Law; Kirtley, Jane E.; Carmody, Casey; Wiley, Sarah; Vlisides, Alex; Hargrove, Elaine