Issue link: https://industrialmanagement.epubxp.com/i/656209
Cyber as an emerging area for industrial engineers One of the most exciting aspects of being an industrial engineer is the ability to enact real change through continuous improvement initiatives, especially when opportunities arise in emerging areas such as cyberse- curity. Although computer science and network infrastructure research have dominated this realm, IEs are ready to make their contributions. Science of Security (SoS), sponsored by the National Security Agency, is a transdisciplinary open access research initiative that aims to provide scientific understanding and predictive principles to make the cyber world more trustworthy and secure. SoS organizes cybersecurity policy and research into "The Five Hard Problems": scalability and compos- ability, policy-governed secure collaboration, resilience, human behavior and metrics. Each problem has risk, optimization and decision analysis components where IEs can contribute solutions. For example, researchers at the U.S. Military Academy's Army Cyber Institute are performing a within-domain (offensive and defense cyber- space operations) and cross-domain (social sciences, privacy, behavioral sciences, engineering, medical) study of the strengths, weaknesses and gaps within the domain of big data research. Data analytics, decision analysis and optimization play a role in this research. In particular, Col. Paul Goethals is using the findings to challenge the current state of intrusion detection systems, where IE tools and techniques could enhance performance or improve their capability. Examples from industry include the Cyber Risk Assessment Foresight Tool (CRAFT) in development by Innovative Decisions Inc. CRAFT will help banks field a network during design and acquisition with a reduced probability of being exploited. It also will provide regulators with a tool to support board-level discussions with regulated institutions on cyberse- curity and the critical importance of cyber resilience to financial services. Another example is the Cyber Risk Index Model sponsored by the Carnegie Mellon University Software Engineering Institute Computer Emergency Response Team. This model can be used as an objective measure to determine cybersecurity event/data loss protection premiums, as well as an internal measure to gauge cyber risk posture. I am part of a research team examining metrics and best practices indexed by the SoS initiative. We are developing a value model to enable organizations to identify preferred metrics and best practices based on current cyber posture, operating environment, workforce savvy, etc. Engineering managers can apply the model framework with values from their organizations to identify a ranked list of metrics and best practices for their firms. My team is looking for subject matter experts from a variety of industries; please contact me if you are interested. This is an exciting time for IEs to get involved in cyber applications. — Natalie Scala is an assistant professor in the Department of e-Business and Technology Management at Towson University. You can reach her at nscala@ towson.edu. waters to cybersecurity march/april 2016 9