Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

Cyber incident response has evolved based on systems and processes developed for other types of incident response, such as response to natural hazards. Large-scale cyber incidents that would have an impact on the United States' national and homeland security, economic security, and public safety and welfare to date are rare. However, they may have additional complications that make them more complex to plan for, including challenges in distinguishing the early stages of a significant cyber incident from a more quotidian incident, and the diversity of stakeholders involved. In this report, RAND researchers compare and contrast incident response for cyber and other types of hazards, both human-caused and natural, to derive initial insights into their similarities and distinctions. The report suggests some ways to improve preparedness for cyber incident response and propose additional areas requiring further research. Recommendations include developing more rigorous and dynamic joint public-private exercises, conducting further analysis to identify how systems could fail through a cyber attack to inform early warning efforts, and developing decision mechanisms and shared understandings that will facilitate coordinated activation and execution of incident response plans.

Cyberinfrastructure --- Computer networks --- Security measures --- Evaluation.

Choose an application

• Reference Manager
• EndNote
• RefWorks (Direct export to RefWorks)

The Federal Emergency Management Agency's (FEMA's) Homeland Security Grant Program (HSGP) provides a suite of grants to help strengthen U.S. communities against terrorist attacks. To inform grant resource allocation decisions, FEMA has developed and maintains a risk-based formula to assess relative threat, vulnerability, and consequences of terrorist attacks in states and major urban areas. The formula helps FEMA decide how to use finite resources for the grant programs. As a result of the evolving threat landscape and as part of ongoing efforts to improve administration of the grant program, FEMA is performing a comprehensive review of the risk formula. As part of this review, the U.S. Department of Homeland Security (DHS) asked the Homeland Security Operational Analysis Center (HSOAC) to conduct an independent review of HSGP's risk formula and data sources. To assess the grant program's risk formula, the research team evaluated the data elements and sources in each component of the terrorism risk formula, reviewed the mathematical calculations used in the risk methodology, and considered alternative data elements and sources to account for the evolving threat environment. The evaluation framework used in this study addresses the formula's compliance with the program's authorizing language, legitimacy to stakeholders, and the validity and simplicity of the risk formula. The review suggests alternative approaches FEMA could consider to improve the risk formula and to address additional dimensions, such as community resilience and equity.

Terrorism --- Federal aid to terrorism prevention --- Terrorism --- Terrorisme --- Aide de l'État à la prévention du terrorisme --- Risk assessment --- Evaluation. --- Prevention. --- Évaluation du risque --- Évaluation. --- Homeland Security Grant Program (U.S.) --- Evaluation. --- United States