Monday, May 23, 2016

Earthquake Risk and US Highway Infrastructure

Thanks to our friends at the Federation of American Scientists (FAS) a recent Congressional Research Service report entitled Earthquake Risk and U.S. Highway Infrastructure: Frequently Asked Questions was posted.  This 11-page report is an excellent overview of the current state of natural and man-made (read - "Fracking") earthquake impact on the US highway system.



Two figures in the report are very telling as to the concentration of earthquakes and implications on "Shaking expected for Tall Structures Like Bridges" (below)...


as well as a graphic showing the chance of human-induced and natural earthquakes.  (Look at the concentration around Oklahoma presumably due to Fracking.)


Key Comments in the Report

The report approaches these issues in a FAQ approach...so, here are some quick highlights:

Q:  What Are the Components of Seismic Risk?

A:  Seismic risk to a highway system is determined by three factors:

  • Likelihood of seismic events of varying magnitudes, and related physical events, often referred to as the hazard;
  • Vulnerability of highway structures to damage from such events; and
  • Potential consequences of that vulnerability (e.g., lives lost, economic disruption, etc.)
Q: How Vulnerable Is the U.S. Highway System?

A:  "No national database exists on the seismic design and retrofit status of highway system components; thus, a perspective on vulnerability at the national level is unavailable.  However, many states with large seismic hazards have compiled data on the vulnerability of highway components within their borders..."

Q:  How Vulnerable are Highway Bridges?

A: Basically many of the most vulnerable older bridges -- particularly in the West Coast States -- have been retrofitted to improve seismic resilience; however, many older bridges (around 13,000) in the New Madrid seismic zone (AR, IL, IN, KY, MO, MS, TN) have not been retrofitted.

Q: How Costly is Retrofitting Highway Infrastructure?

A:  Because no national data exist on the status of retrofitting existing highway bridges or other infrastructure (e.g.,tunnels, highway systems), no national estimates exist.  


Conclusion

If you are involved in transportation policy or a student of infrastructure, this is a useful starting point to give you a sense of the daunting task of improving the resilience of highway structures against earthquakes.


Thursday, May 19, 2016

"The Business of Hacking" -- Recommended Reading for CEOs, Boards of Directors, Governance Leadership

What is your view of the "hacking community?"  Is it one of masked computer operators working in a darkened room or that of a white-coated laboratory technician?  Well, your views of the hackers working on new products and "services" to steal your information may be substantially changed after your read the most recent document from Hewlett Packard Enterprise entitled The Business of Hacking:  Business Innovation Meets the Business of Hacking.

http://www8.hp.com/us/en/software-solutions/hacking-report/index.html?jumpid=va_gpnq3t2xdw  
This document is an easy and compelling read for Chief Executive Officers, Chief Information Officers, Boards of Directors, Risk Analysts and cyber security students.  The article does an excellent job giving a straight-forward discussion regarding the "reality" of the cybercrime community and their "business models."

The HP whitepaper does a nice job clearly identifying "who" the "Bad Guys" are with a simple chart (shown below):


This is extremely helpful to those trying to understand cybercrime and cyber "hacking" because it shows there are different types of hackers with different motivations and capabilities.

The article almost reads like a Gartner report with a "Magic Quadrant" depiction of where the attackers are working relative to Payout and Effort/Risk to their "business."  The quadrant analysis is shown below:


Although the report doesn't go into details on how organized cyber crime is used by Nation-States, analysis has shown that some countries may be using organized cyber crime to do their cyber attacks thus giving the Nation-State the ability to offer "plausible deniability."

Finally, this report will reinforce to the CEO's, et al that the cyber crime business is just that...a business...where the hackers want to maximize profit and minimize risk...where the hackers need to do research and development and they need to have a finance minister to run their economic shop.

On a parenthetical note, in 2006 I wrote Chapter 1A, "Cybercrime's Impact on Information Security,"  in Cybercrime & Security edited by Pauline C. Reich.  In my article I discussed cybercrime as a business -- albeit nefarious - but with a CEO, COO, HR manager, VP of R&D, CFO, etc. and that their motives are focused on "....profit maximization and risk management..."

Key Take-Aways

This white paper from HP is a great educational piece to get to your Board of Directors, CEO, COO, CFO, CIO and cyber security students who need to realize that one way to hamper cyber crime is to alter the criminal's business operations .... raise their expenses and increase their risk.

###