Cyber Resilience Adaptive Virtual Reality Experiences (CRAVRE)
Primary Investigator:
Mesut Akdere
Dr. Mesut Akdere, Dr. Umit Karabiyik, Dr. Jason Moats, Dr. Jin Kocsis, Miloš Stanković, Flavio Lobo, Mututhanthrige Fernando, Elizabeth Marie Rakes
Abstract
Cyber Resilience Adaptive Virtual Reality Experiences (CRAVRE)
As the IoT technologies continue to permeate communities of all sizes, the nation’s cyber and cyber-physical assets are vulnerable in proportion to the increase in connectedness. Critical infrastructures, including the national power grid, health care systems, transportation systems, are highly vulnerable to cyberattacks[1,2]. So are the technologies that make cities SMART. As one author stated, “…the Internet of Things (IoT), the technology underpinning these complex and interconnected urban networks, offers a considerably expanded attack surface for cyber adversaries of all kind…”[3]. Perhaps the greatest source of vulnerability is with the workers. Researchers agree that the human factor plays a crucial role in preventing and limiting the impact of a cyber incident, even when the security of other categories is satisfied. Recent reports from various cybersecurity and data analysis firms[4,5] clearly show that human error causes up to 90% of the data breaches for corporations. Despite this, more than 40% of employees do not get regular cybersecurity training[6]. This lack of training and the result inadequate awareness of the connectedness is an individual gap that we aim to lessen. Even more startling, cybersecurity experts agree that there has been an exponential increase in cybercrime during the ongoing COVID-19 crisis. While, government agencies and the private sector have implemented available security frameworks[7,8], an organizational gap exists as many state, local, and critical private sector organizations continue to face deficiencies in their ability to prevent cyberattacks on their IoT technologies.
The U.S. Government Accountability Office highlighted that information security is the nation’s one of the top challenges that are persistent and posing a high risk to the government as a whole[9], and has made over 3,000 recommendations for agencies to address cybersecurity issues. However, as of 2018, nearly 1,000 of the recommendations were not implemented, leaving agencies vulnerable to cyber threats. Novel training methods for cyber protection and response is highly needed. Simply put, the current methods of training all stakeholder on cybersecurity are inadequate given the magnitude and complexity of cyber domain, especially during times of disaster. Despite these efforts, training incident managers, elected officials, and emergency managers to be effective decision makers in the face of hostile cyberattacks initiated following natural or manmade disasters still remains as a significant gap. Furthermore, these stakeholders must currently perform a risk assessment and implement proactive measures before any disaster occurs[10].They must also attend available training for such preparedness which is delivered in traditional classroom-style courses (web-based or instructor-led).
We propose a ground-breaking paradigm by developing and distributing an adaptive, immersive learning environment that distributed through web-based, mobile, and, virtual reality (VR) platforms, providing multiple access options to learners. Through this approach, both participants and organizations do not need to invest extensive time in physical exercise during work hours because they can participate in training whenever and where they desire. Second, participants will receive immediate feedback when they fail or succeed during the training which results in reinforced learning, higher level cognition, and increased learning retention. Third, this approach is resilient making by providing the learning experiences before a natural disaster which will ultimately reduce the strain on the federal government later on after being affected by a natural disaster, which is well aligned with the FEMA mission to lead America to prepare for, prevent, respond to and recover from disasters with a vision of "A Nation Prepared”.
“This material is based upon work supported by the U.S. Department of Homeland Security under Grant EMW-2020-CA-00061-S01.”
1- L. Stanaland, R. Baldick, A. A. Cardenas, and J. Holmes, “Protecting the Texas Electric Grid: A Cybersecurity Strategy for ERCOT and the PUCT,” in 2019 Resilience Week (RWS), Nov. 2019, vol. 1, pp. 219–225, doi: 10.1109/RWS47064.2019.8972002.
2- H. I. Kure and S. Islam, “Assets focus risk management framework for critical infrastructure cybersecurity risk management,” IET Cyber-Phys. Syst. Theory Appl., vol. 4, no. 4, pp. 332–340, 2019, doi: 10.1049/iet-cps.2018.5079.
3- Digital14, “Digital14 Report: Smart Cities Unlock Business Potential but Are Increasingly Vulnerable.” https://www.prnewswire.com/ae/news-releases/digital14-report-smart-cities-unlock-business-potential-but-are-increasingly-vulnerable-818572518.html (accessed Jul. 09, 2020).
4- M. Hill, “90% of UK Data Breaches Due to Human Error in 2019,” Infosecurity Magazine, Feb. 06, 2020. https://www.infosecurity-magazine.com:443/news/90-data-breaches-human-error/ (accessed Jul. 01, 2020).
5- A. S. May 08 and 2019, “90 percent of data breaches are caused by human error,” TechRadar. https://www.techradar.com/news/90-percent-of-data-breaches-are-caused-by-human-error (accessed Jul. 01, 2020).
6- M. G. I. T. Trends 1, “43% of Employees Lack Regular Cyber Security Training,” Small Business Trends, Oct. 10, 2019. https://smallbiztrends.com/2019/10/employee-vulnerabilities-cybersecurity.html (accessed Jul. 09, 2020).
7- M. P. Barrett, “Framework for Improving Critical Infrastructure Cybersecurity Version 1.1,” Apr. 2018, Accessed: Jul. 01, 2020. [Online]. Available: https://www.nist.gov/publications/framework-improving-critical-infrastructure-cybersecurity-version-11.
8- nicole.keller@nist.gov, “Cybersecurity Framework,” NIST, Nov. 12, 2013. https://www.nist.gov/cyberframework (accessed Jul. 01, 2020).
9- U. S. G. A. Office, “High-Risk Series: Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation,” no. GAO-18-622, Sep. 2018, Accessed: Jun. 30, 2020. [Online]. Available: https://www.gao.gov/products/GAO-18-622.
10- “How cybercriminals prey on victims of natural disasters,” Journal of Accountancy, Sep. 14, 2018. https://www.journalofaccountancy.com/news/2018/sep/cyber-criminals-prey-on-natural-disaster-victims-201819720.html (accessed Jul. 02, 2020).