On December 9, 2020, Sandia National Laboratories (SNL) convened a diverse set of voices from across the federal government, the United States (U.S.) military, the private sector, and national laboratories to understand current and future trends affecting our national cyber strategy, and to illuminate the role of Federally Funded Research and Development Centers (FFRDCs) in contributing to national cyber strategy objectives.
Since even before its establishment as an independent national security laboratory in 1949, Sandia has been devoted to an overarching mission of developing advanced technologies for global peace. These technologies have taken a variety of forms, and they exist in and must address an ever-changing global security environment. An understanding of that global security environment and its possible or likely evolution is therefore critical to ensuring that Sandia can maintain its focus on strategic technology investments that will benefit the nation in the next 20- 30 years. Sandia sustains multiple Systems Analysis organizations whose responsibility includes maintaining an understanding of the global security environment as it applies across multiple mission domains. The topics below include two from Sandia's emerging threats and biodefense mission, three with relevance to Sandia's cyber defense mission, and four of particular but not exclusive relevance to Sandia's nuclear deterrence mission. All are intended to spur independent academic thought that could assist Sandia as well as the broader national security community in anticipating and adapting to a continually changing world. Sandia anticipates periodic interactions between Sandia Systems Analysis staff and SciPol Scholars Program faculty and students who choose to expand upon these topics in order to provide opportunities for feedback and communication throughout 2020-2021.
Through cyberattacks on information technology and digital communications systems, antagonists have increasingly been able to alter the strategic balance in their favor without provoking serious consequences. Conflict within and through the cyber domain is inherently different from conflict in other domains that house our critical systems. These differences result in new challenges for defending and creating resilient systems, and for deterring those who would wish to disrupt or destroy them. The purpose of this paper is to further examine the question of whether or not deterrence can be an effective strategy in cyber conflict, given our broad and varied interests in cyberspace. We define deterrence broadly as the creation of conditions that dissuade antagonists from taking unwanted actions because they believe that they will incur unacceptably high costs and/or receive insufficient benefits from taking that action. Deterrence may or may not be the most credible or effective strategy for achieving our desired end states in cybersecurity. Regardless of the answer here, however, it is important to consider why deterrence strategies might succeed under certain conditions, and to understand why deterrence is not effective within the myriad contexts that it appears fail. Deterrence remains a key component of U.S. cyber strategy, but there is little detail on how to operationalize or implement this policy, how to bring a whole-of-government and whole-of- private-sector approach to cyber deterrence, which types of antagonists can or should be deterred, and in which contexts. Moreover, discussion about how nations can and should respond to significant cyber incidents largely centers around whether or not the incident constitutes a "use of force," which would justify certain types of responses according to international law. However, we believe the "use of force" threshold is inadequate to describe the myriad interests and objectives of actors in cyberspace, both attackers and defenders. In this paper, we propose an approach to further examine if deterrence is an effective strategy and under which conditions. Our approach includes systematic analysis of cyber incident scenarios using a framework to evaluate the effectiveness of various activities in influencing antagonist behavior. While we only examine a single scenario for this paper, we propose that additional work is needed to more fully understand how various alternative thresholds constrain or unleash options for actors to influence one another's behavior in the cyber domain.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
The need for metrics for planning and response measures was identified as key gap to be addressed in the National Hurricane Program's (NHP) Technology Modernization effort. This document proposes a framework for defining a set of metrics for planning and response that will be implemented in the NHP products of hurricane evacuation studies (HES) and post-storm assessments (PSA). To determine the feasibility of this framework, a survey of current HES and PSAs was carried out followed by and then used to determine if the proposed metrics are currently captured. While there is a wide variety in data availability and detail, the implementation of these metrics is not only feasible but presents an opportunity to improve on current practices. The final implementation of this framework shall require the ongoing feedback from local, state, tribal, and federal stakeholders.
The Hurricane Evacuation Study (HES) Tool prototype is a key component of the Federal Emergency Management Agency (FEMA) National Hurricane Program (NHP) Technology Modernization (TM) effort. To ensure the HES Tool captured the necessary capabilities and functionality, engagement with potential end-users and key stakeholders was considered a priority throughout development. Pilot studies with representatives from North Carolina and New York City were done to validate the HES Tool process with their current HES undertaking. These pilot studies let the development of additional capabilities and feedback on the needs of diverse regions. A usability study was carried out with key stakeholders identified by NHP leadership through individualized sessions with identified personnel. The results showed the value of the HES Tool compared to the current process as well as key issues that must be addressed to ensure a final transition.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
Abstract not provided.
2009 IEEE Conference on Technologies for Homeland Security, HST 2009
This paper presents Sandia National Laboratories' Out-door Weapons of Mass Destruction Decision Analysis Center (Out-DAC) and, through an example case study, derives lessons for its use. This tool, related to similar capabilities at Sandia, can be used to determine functional requirements for a detection system of aerosol-released threats outdoors. Essential components of OutDAC are a population database, a meteorological dataset, an atmospheric transport and dispersion model and an optimization toolkit. Detector placement is done through optimization against a library of hypothe-sized attack scenarios by minimizing either the mean or value-at-risk of undetected infections. These scenarios are the product of a Monte Carlo simulation intended to characterize the uncertainty associated with the threat. An example case study illustrates that Monte Carlo convergence is dependent on the statistic of interest. Furthermore, the quality of the detector placement optimization may be tied to the convergence level of the Monte Carlo simulation. © 2009 IEEE.
Proceedings of SPIE - The International Society for Optical Engineering
Effective defense against chemical and biological threats requires an "end-to-end" strategy that encompasses the entire problem space, from threat assessment and target hardening to response planning and recovery. A key element of the strategy is the definition of appropriate system requirements for surveillance and detection of threat agents. Our end-toend approach to venue chem/bio defense is captured in the Facilities Weapons of Mass Destruction Decision Analysis Capability (FacDAC), an integrated system-of-systems toolset that can be used to generate requirements across all stages of detector development. For example, in the early stage of detector development the approach can be used to develop performance targets (e.g., sensitivity, selectivity, false positive rate) to provide guidance on what technologies to pursue. In the development phase, after a detector technology has been selected, the approach can aid in determining performance trade-offs and down-selection of competing technologies. During the application stage, the approach can be employed to design optimal defensive architectures that make the best use of available technology to maximize system performance. This presentation will discuss the end-to-end approach to defining detector requirements and demonstrate the capabilities of the FacDAC toolset using examples from a number of studies for the Department of Homeland Security. © 2009 SPIE.
Abstract not provided.
Abstract not provided.