IEEE International Workshop on Cyber Resiliency: Technologies, Economics and Strategy (CRE 2021)


Description


A combination of cyber technological feasibility and economic viability drives many of the decisions related to cybersecurity by both the defenders and attackers. In this context, technological feasibility is defined as any cyber resiliency technology that has the potential to be developed, fielded, and operationally controlled. In the case of economic viability, the resources required to defend or attack must be available. We define resources in its broadest sense to include but not limited to the people, equipment, training, required funding, and asset value. On the defensive side, these technological and economic factors determine the cyber security and resiliency policies, procedures and technologies implemented to prevent and respond to cyber-attacks. On the offensive side, they not only determine the type of attack but also the effort expended to ensure its success. In short, these and other factors determine the asymmetric balance between the attackers and defenders.

The CRE21 Workshop on Cyber Resiliency: Technologies, Economics and Strategy will explore foundational and applied advances in cyber resiliency strategies, policies and technologies to shift the asymmetric balance in favor of the defender, and identify and quantify the effect economic realities have on the decision processes. At the top level, national and organizational strategies and policies are required to understand what is to be achieved and the resources to be made available. These strategies and policies must be support by security and resiliency technologies. As a result, in addition to exploring various strategies, the workshop will seek to understand the capabilities, strengths/weaknesses, and benefits of various resiliency technologies whether existing or in research. The workshop will examine the parameters needed to accurately quantify asymmetric imbalance from both the offensive and defensive perspective; examine technical and non-technical approaches to shifting that balance, including the full range of costs/benefits of each approach; and explore and evaluate a range of options for defining and achieving optimality. It will bring together a diverse group of experts from multiple fields to advance the above concepts. This will serve to accelerate the recognition, adoption and application of cyber resilience within industry, government and academia by addressing the key concerns of how these techniques and technologies can be realized within the practical constraints of cost, risk, and benefit.

Topics


The list of topics includes, but is not limited to:

  • National and organizational cyber resiliency strategies and policies related to the development, deployment and use of cyber resiliency technologies
  • Existing technologies to achieve cyber resilience
  • Research activities in cyber resilience
  • Benefits and weaknesses of cyber resiliency technologies
  • Foundations of asymmetric cyber advantage
  • Integrated analyses of cyber resiliency & asymmetry within cyber environments
  • Metrics, measurements, and economics of cyber resiliency & asymmetry
  • Barriers to the implementation of cyber resiliency technologies
  • Defining practical cyber resiliency
  • Technical & architectural approaches to gaining asymmetric advantage
  • Relationship between resiliency and security
  • Adversary economics: assessing the impact of defender capabilities and actions to the attacker
  • Frameworks for ROI analysis (cost, risk, benefit) to guide technology investment (research, development, and utilization)
  • Cyber-resiliency related tools that are guided by economic factors for defender and/or adversary
  • Use cases or case studies for defender and/or adversary that include economic factors

Cyber resiliency is applicable to any system/component that can fail or be attacked. As a result, this workshop is interested in the above topics as they relate across the entire software stack for both Information Technology (IT) and Operational Technology (OT).

Submission


Authors are invited to submit original unpublished research papers as well as industrial practice papers. Simultaneous submissions to other conferences are not permitted. Detailed instructions for electronic paper submission, panel proposals, and review process can be found at https://qrs21.techconf.org/submission.

The length of a camera ready paper will be limited to eight pages, including the title of the paper, the name and affiliation of each author, a 150-word abstract, and up to 6 keywords. Shorter version papers (up to four pages) are also allowed.

All papers must conform to the QRS Conference Proceedings Format and Submission Guideline set in advance by QRS 2021 co-located workshops. At least one of the authors of each accepted paper is required to pay full registration fee and present the paper at the workshop. Arrangements are being made to publish selected accepted papers in reputable journals. Submissions must be in PDF format and uploaded to the conference submission site.

Submission

Program Chairs


Nick Multari's avatar
Nick Multari

Pacific Northwest National Laboratory

Jeffrey Picciotto's avatar
Jeffrey Picciotto

MITRE

Steering Committee


NameAffiliation
Christopher Oehmen                    Pacific Northwest National Laboratory
Rosalie McQuaidMITRE

Program Committee


NameAffiliation
Michael AtighetchiRaytheon Corp, BBN
Octavian CarareFederal Communications Commission
Peter ChenCarnegie Mellon University/SEI
Yung Ryn ChoeSandia National Laboratory
Herve DebarTelecom SudParis
Sabrina De Capitani di VimercatiUniversita degli Studi di Milano
Anurag DwivediJohn Hopkins University APL
Meghan GaliardiSandia National Laboratory
Arlette HartLeidos
Chad HeitzenraterAir Force Research Laboratory
Craig JacksonIndiana University
Doug JacobsonIowa State University
Volkmar LotzSAP
Luigi ManciniUniversita di Roma Sapienza
Al MokUniversity of Texas at Austin
Luis Munoz-GonzalezImperial University
Takashi NanyaUniversity of Tokyo
Nuno NevesUniversity of Lisbon
Mohammad RahmanFlorida International University
Indrajit RayColorado State University
Craig RiegerIdaho National Laboratory
Luigi RomanoUniversity of Naples
O. Sami SaydjariCyber Defense Agency
Nabil SchearMIT Lincoln Laboratory
Neeraj SuriTechnical University Darmstadt
Reginald SawillaGovernment of Canada
Marco VieiraUniversity of Coimbra
Eric VugrinSandia National Laboratory
Chris WalterWW Technology Group
Ian WelchVictoria University of Wellington

Previous CRE