File #2525: "2018_Book_SecurityByDesign.pdf"

2018_Book_SecurityByDesign.pdf

Text

1|Contents|6
1|1 Introduction|8
2|1 Introduction|8
2|2 Designing Security|9
2|3 Content|9
2|References|15
1|2 Design Thinking and Design Doing: Describing a Process of People-Centred Innovation|17
2|Abstract|17
2|1 Design Thinking|17
3|1.1 Creating a Bridge Between Business and Design|20
3|1.2 Developing Focus Beyond Business|22
2|2 Principles of Design Thinking|24
3|2.1 Involve People|25
3|2.2 Translate Design Thinking into Design Doing|28
3|2.3 Create Value and Capture Value|30
3|2.4 Follow the Arc of Design Thinking|34
3|2.5 Navigate Complexity|38
2|3 Case Studies|40
3|3.1 Redesigning the Emergency Ambulance|40
3|3.2 Using DT to Understand ‘Hopes’ and ‘Fears’ Around Driverless Vehicles|41
2|4 Conclusion|44
2|Acknowledgements|45
2|References|46
1|3 An Integral Futures Lens on Future Security Issues|49
2|Abstract|49
2|1 Literature Review|49
2|2 A Brief Overview of Integral Futures Analysis|52
2|3 How Integral Futures Might Be Applied to Security Issues|56
2|4 Conclusion|58
2|References|59
1|4 Innovations in Active Shooting Emergency Medical Response and Triage|61
2|Abstract|61
2|1 Introduction|62
2|2 Triage in Context|63
2|3 Case Study Vignettes|63
2|4 Discussion|64
2|5 Innovations in Mass Casualty Triage|65
2|6 “Battlefield Fallacy”: Wounding Patterns Differ from Battlefield|65
2|7 Scene Management|66
2|8 Ineffective Triage|67
2|9 Triage Solution Space|68
2|10 Zones of Care and Care Under Fire|69
2|11 Active Shooter Contextual Treatment Protocols|71
3|11.1 Hemorrhage Control|71
3|11.2 Tourniquet|72
3|11.3 Wound Packing|72
3|11.4 Tension Pneumothorax|73
3|11.5 Basic Airway Control|73
2|12 Scene Management Techniques|73
3|12.1 Minimal Equipment|73
2|13 Innovation in Triage: RAMP Triage Technique|74
2|14 Triage Tape|76
2|15 Conclusion|76
2|References|77
1|5 Mass Migration, Humanitarian Assistance and Crisis Management: Embracing Social Innovation and Organizational Learning|79
2|Abstract|79
2|1 Introduction|80
2|2 Overview of Migration and the Humanitarian Crisis|81
3|2.1 Wicked Problems|83
2|3 Framing the Problem and Systems Thinking|83
3|3.1 Social Innovation|85
2|4 Discussion|85
3|4.1 A Systems View: Why Has This Crisis Developed Now?|86
3|4.2 Applying Social Innovation|87
2|5 Self-organizing Organizations|90
2|6 Fuelling Social Innovation: Self-organized Civil Society|90
2|7 Organizational Learning|91
2|8 Reflection on the Migration Crisis and Social Innovation|92
2|9 Conclusion|93
2|References|94
1|6 Complexity and Unintended Consequences in a Human Security Crisis: A System Dynamic Model of the Refugee Migration to Europe|98
2|Abstract|98
2|1 Introduction|99
2|2 System Dynamics|100
3|2.1 Feedback|100
3|2.2 Influence Diagrams|100
3|2.3 Simulation Models|101
3|2.4 Mathematical Implementation of the System Dynamics Model|101
3|2.5 Application to the Refugee Crisis|102
3|2.6 Discussion|102
2|3 Influence Diagrams|105
3|3.1 Allocation of Investment in Humanitarian Relief|106
3|3.2 Discussion|108
2|4 Stock and Flow Diagrams|109
3|4.1 The Allocation of Investment Towards the Relief Effort|110
3|4.2 The Movement of Refugees|113
3|4.3 The Food Supply|116
3|4.4 Disease|117
3|4.5 The Safe Havens|117
3|4.6 Violence|118
3|4.7 Peacekeepers|119
3|4.8 Economic Activity|119
3|4.9 Border Crossing Resources|121
3|4.10 Unconventional Border Crossings|121
3|4.11 Avoidable Deaths|123
3|4.12 Results from the Baseline Run|123
3|4.13 Discussion|126
2|5 Fortran Version of the Model|127
3|5.1 Sensitivity Analysis|127
3|5.2 Optimization of the Model|127
2|6 Design of Experiments|127
3|6.1 Changes to the Fortran Program|128
3|6.2 The R Commands|128
3|6.3 Interpreting the Preliminary Results|128
3|6.4 Discussion|131
2|7 Optimization of the Model|131
3|7.1 Results of the Optimization|131
2|8 Unintended Consequences and the Need for Further Work|136
3|8.1 Unintended Consequences|136
2|9 Summary and Conclusions|139
2|References|140
1|7 Cyber-Physical Systems Governance: A Framework for (Meta)CyberSecurity Design|142
2|Abstract|142
2|1 Introduction|143
2|2 Literature Review|146
2|3 Foundations of CSG Governance Framework|154
2|4 Cyber-Physical Systems Governance Framework|162
2|5 Research Implications and Directions|166
2|References|169
1|8 To Feel Secure or to Be Secure, That Is the Question|175
2|Abstract|175
2|1 The Meaning of Security|175
3|1.1 The Lack of Security|176
3|1.2 The Meaning of Safety|177
3|1.3 The Difference Between Security and Safety|178
2|2 The Limitations of Design|178
3|2.1 Requisite Imagination|179
3|2.2 Elimination, Prevention, and Protection|180
2|3 Resilience to the Rescue?|182
2|References|184
1|9 Clustering Heterogeneous Semi-structured Social Science Datasets for Security Applications|185
2|Abstract|185
2|1 Introduction|185
2|2 Technical Approach|186
2|3 Datasets|188
2|4 Results|189
3|4.1 Global Terrorism Database|189
3|4.2 Chicago Drug Incidents|191
3|4.3 Hezbollah Group|193
2|5 Discussion|195
2|References|195
1|10 Critical Infrastructure Protection and Resilience—Integrating Interdependencies|196
2|Abstract|196
2|1 Introduction|197
2|2 Policies|198
3|2.1 North America|199
3|2.2 Europe|202
3|2.3 Oceania|203
3|2.4 Intergovernmental Organizations|204
3|2.5 Common Elements|205
2|3 Characterization and Analysis of Critical Infrastructure Interdependencies|206
2|4 Analysis of Interdependencies|208
2|5 Example|212
3|5.1 Florida|215
3|5.2 North Dakota|216
3|5.3 Northeastern Polar Vortex|216
2|6 Future Developments|217
2|7 Conclusion|217
2|References|218
1|11 The Application of Warden’s Concentric Ring Theory to Applegate’s Offensive Cyber Manoeuvre Strategy in Modern Conflicts|223
2|Abstract|223
2|1 Introduction|223
2|2 Warden Applied to Cyber|226
3|2.1 Early Cyber Warfare|226
3|2.2 Russia Versus Estonia|227
3|2.3 Israel Versus Syria|227
2|3 Russia Versus Georgia|228
3|3.1 Stuxnet Virus|229
3|3.2 United States Versus Islamic State|230
3|3.3 Russia and the 2016 American Election|232
3|3.4 Applegate’s Cyber Maneuver Theory|232
3|3.5 Warden and Cyber|235
3|3.6 Warden and Applegate’s Exploitive Maneuver Strategy|237
3|3.7 Warden and Applegate’s Influencing Maneuver Strategy|239
3|3.8 Warden and Applegate’s Positional Maneuver Strategy|242
3|3.9 Summary|242
2|4 Generic Cyber Strategy|243
3|4.1 Warden Applied to Applegate’s Exploitive Cyber Maneuver|243
3|4.2 Warden Applied to Applegate’s Influencing Cyber Maneuver|245
3|4.3 Warden Applied to Applegate’s Positional Cyber Maneuver|246
3|4.4 Comparison with Other Models|246
3|4.5 Cyber Warfare as Part of a Larger Military Campaign|246
3|4.6 Summary|249
2|5 Conclusion|250
2|Acknowledgements|253
2|References|253
1|12 Fentanyl Crisis: A National Security Matter|255
2|Abstract|255
2|1 Introduction|256
2|2 Landscape of the Opioid Crisis: Fentanyl|256
2|3 Pharmacology|257
2|4 Pharmacokinetics and Formulations|258
2|5 Indications and Regulations|259
2|6 Current Prescribing|260
2|7 Abuse and Mitigation Strategies|260
2|8 Discussion|261
2|9 Law Enforcement|262
2|10 Criminal Business Model|262
2|11 Social Innovation|268
2|12 Conclusion|271
2|References|272
1|13 Risk-Based Aviation Security—Designing-Out Terror?|275
2|Abstract|275
2|1 Introduction|276
2|2 Definition of Terms|277
3|2.1 Terrorism|277
3|2.2 Risk-Based Security|278
2|3 Methodology|278
2|4 A Model for Risk-Based Security?|278
2|5 Risk-Based Security—A Critique|280
3|5.1 Civil Liberties|280
3|5.2 Prejudice|281
3|5.3 Soldiering and Satisficing|282
3|5.4 False Negatives|283
3|5.5 Capital and Revenue Costs|284
3|5.6 Markers Perceived to Be Discriminatory or Unlawful|284
4|Reaction|285
2|6 Discussion and Conclusions|287
2|References|290
1|14 Customizing Web-EOC Crisis Management Software to Facilitate Collaboration and Increase Situational Awareness: Advances in Business Resource Center (BRC) Design for Business Continuity Management|293
2|Abstract|293
2|1 Disaster Resilience and Business Continuity Planning in Hawaii|294
2|2 Business Recovery and Information Dissemination|296
3|2.1 Disaster Preparedness Training and Financial Incentives|297
3|2.2 Business Recovery and Information Dissemination|298
3|2.3 Credentialing and Tiered/Phased System of Re-entry|298
2|3 State Legislative Action to Change a Statute or Ordinance, or Appropriate Funding (NDERS Poll Results)|300
3|3.1 State/City or County Agencies and Large Business Breakout Group Responses|300
3|3.2 Federal/State/City or County Agencies Breakout Group Responses|302
2|4 State or County Government Agency Action to Change Administrative Rules, Policies, or Programs (NDERS Poll Results)|303
3|4.1 Federal/State/City or County Agencies and Small/Large Businesses|304
3|4.2 Federal/State/City or County Agencies|305
2|5 Public-Private Partnerships (NDERS Poll Results)|306
3|5.1 Federal/State/City or County Agencies and Small/Large Businesses|308
3|5.2 Federal/State/City or County Agencies|309
2|6 Private Sector Initiatives (NDERS Poll Results)|311
3|6.1 Federal/State/City or County Agencies and Small/Large Businesses|311
3|6.2 Federal/State/City or County Agencies|313
2|7 WebEOC Data Fields to Support Private Sector Recovery|314
3|7.1 Transportation Issues|315
3|7.2 School Issues|315
3|7.3 Critical Infrastructure Issues|315
3|7.4 Business Access Issues|315
3|7.5 Donations|316
3|7.6 Waivers|316
3|7.7 Re-entry Protocols|316
3|7.8 Credentialing/Re-entry Identification|316
2|8 Conclusions|317
2|References|318
1|15 Advances in Cybersecurity Design: An Integrated Framework to Quantify the Economic Impacts of Cyber-Terrorist Behavior|319
2|Abstract|319
2|1 Introduction|320
2|2 The Economic Impact of Cyberattacks|324
2|3 Game Theory and the Economic Impact Model|325
3|3.1 The Competitive and Cooperative Game Process|328
3|3.2 A Competitive Game Example|329
3|3.3 The National Interstate Economic Model (NIEMO)|331
2|4 Game Theoretic NIEMO: G-NIEMO|335
2|5 Conclusions|337
2|Acknowledgements|338
2|References|338
1|16 Operationalizing ‘Deliverology’ for Humanitarian Aid and Disaster Risk Reduction: Accelerating Improvement in Delivery|342
2|Abstract|342
2|1 Introduction|343
2|2 Deliverology|345
2|3 Research Context|346
2|4 Discussion|347
2|5 Complex Humanitarian Problem Space|348
2|6 Intervention Strategy and Design Considerations: Understanding Fragility and Vulnerability|348
2|7 From Analysis to Strategy to Delivery|350
2|8 Timescales|351
2|9 Needs Assessment: Problem Framing|351
2|10 Impact Evaluation|352
2|11 Deliverology and Goals|353
2|12 Operationalizing Deliverology Model|353
2|13 Deliverology Design Challenges and Opportunities|357
3|13.1 Focusing on Outcomes|357
2|14 Measuring the Unmeasurable|358
2|15 Conclusion|358
2|References|359
1|17 Nuclear Waste Management: Security and Safety Implications|361
2|Abstract|361
2|1 Introduction|362
2|2 Theoretical Lens: Beck Risk Society; Risk Perception/Communication|363
2|3 Context: Asia/Pacific Region|364
2|4 China|365
2|5 Japan|365
2|6 South Korea|366
2|7 ROC (Taiwan)|366
2|8 Discussion|367
3|8.1 Risk Perception and Communication|367
2|9 Conclusion|371
2|References|371
1|18 Building Effective Emergency Management Public-Private Partnerships (PPP) for Information Sharing|375
2|Abstract|375
2|1 Introduction: The Whole Community Approach to Disasters|375
2|2 Information Sharing and Public-Private Sector Partnerships During Disasters|376
2|3 Introduction to Private Public Sector Partnerships (PPPs) and Business Emergency Operations Centers (BEOCs)|379
2|4 BEOCs Begin to Emerge at All Levels|381
2|5 BEOC/PPP Case Studies|381
3|5.1 FEMA Region VII’s BEOC|383
3|5.2 Missouri Public Private Partnership (MOP3)|385
3|5.3 Safeguard Iowa Partnership (SIP)|386
3|5.4 North Carolina BEOC|386
3|5.5 Maryland Emergency Management Agency’s (MEMA) Private Sector Integration Program (PSIP)|387
3|5.6 New York City Office of Emergency Management (OEM): The City of New York EOC, The Partners in Preparedness Program and the Division of Public Private Initiatives|390
2|6 Types of BEOCs: Physical, Virtual, Integrated, Mobile and Hybrid|390
3|6.1 Virtual BEOCs|391
3|6.2 Physical BEOCs|394
3|6.3 Other BEOCs|394
2|7 Selecting the Optimal BEOC|394
2|8 Conclusions|397
2|Appendix 1: Sensitivity Analysis for Costs|398
2|Appendix 2: Sensitivity Analysis for Effort|398
2|Appendix 3: Sensitivity Analysis for Transferability|399
2|Appendix 4: Sensitivity Analysis for Collaboration|399
2|Appendix 5: Sensitivity Analysis for Operations|400
2|Appendix 6: Sensitivity Analysis for Communications|400
2|References|401