Accession Number:

ADA609839

Title:

Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators

Descriptive Note:

Final rept.

Corporate Author:

CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST

Personal Author(s):

Report Date:

2014-03-01

Pagination or Media Count:

183.0

Abstract:

The Wireless Emergency Alerts WEA service depends on computer systems and networks to convey potentially life-saving information to the public in a timely manner. However, like other cyber-enabled services, it is susceptible to risks that may enable attackers to disseminate unauthorized alerts or to delay, modify, or destroy valid alerts. Successful attacks may result in property destruction, financial loss, injury, or death and may damage WEA credibility to the extent that users ignore future alerts or disable alerting. This report describes a four-stage cybersecurity risk management CSRM strategy that alert originators can use throughout WEA adoption, operations, and sustainment, as well as a set of governance activities for developing a plan to execute the CSRM. In Stage 1, alert originators document mission threads, describing the process for generating WEA messages. In Stage 2, they examine the mission threads to identify threats and vulnerabilities. In Stage 3, they use the identified threats and vulnerabilities to assess and prioritize risks according to their likely impact on WEA operations. Finally, in Stage 4, they use the results of risk assessment to define cybersecurity roles and assign risk-mitigation actions. The four stages are repeated periodically and as procedures, threats, technology, and staff assignments change.

Subject Categories:

  • Computer Systems
  • Civil Defense
  • Radio Communications

Distribution Statement:

APPROVED FOR PUBLIC RELEASE