Policy Issues Regarding Implementations of Cyber Attack  95


                 The author of this article has recently served as a Commissioner for
              Cybersecurity for the Commonwealth of Virginia, which, with strong sup-
              port from the Governor, has been engaged in strategy development regard-
              ing cyber security (CyberVirginia, 2015). The 11-person Cybersecurity
              Commission for Virginia, working with Virginia’s Cabinet members, has
              made strong recommendations regarding education programs, and the state
              has developed budgets to start addressing this need. This state-level initiative
              is the type of anticipatory action that will be required in order to prepare for
              the cyber attack of physical systems that could materialize.



              5.3 CYBERSECURITY ROLE AND CERTIFICATION
              OF THE OPERATORS OF PHYSICAL SYSTEMS

              An important aspect of the defense of physical systems from cyber attacks is
              that immediate system-reconfiguration responses to attack detections
              (including system shut-downs, which can be very expensive) may be nec-
              essary in order to provide the desired level of safety. This aspect calls for doc-
              trine regarding immediate responses. Doctrine must include: (1) the
              allocation of decision-making and response-control roles to specified per-
              sonnel, (2) selection criteria for and training of those people, (3) exercising
              for preparedness, and (4) addressing the possibilities of unanticipated confu-
              sion regarding operator judgments related to the possibility of missed or
              incorrect attack detections (including zero-day attacks).
                 Part of the author’s research on physical system defense included human
              involvement in cyber attack scenarios. In the UAV case, a desktop simula-
              tion environment was used to gain an initial understanding of operator
              responses to a monitoring system that detects cyber attacks and provides sug-
              gested responses to the UAV pilots. In the State Police case, a controlled
              exercise was conducted involving unsuspecting policemen being dispatched
              and their cars being attacked and failing to operate properly. The results of
              these activities highlighted the point that the doctrinal processes to be devel-
              oped must recognize the fact that cyber attacks on physical systems are an
              area where people do not and will not have practical experience to rely
              upon. Furthermore, since attacks are very unlikely to occur, responses
              may stray from what operators are trained for. The research efforts showed
              that operators, based on their past experiences, can usually imagine other
              causes for observed consequences of a cyber attack and, as a result, may
              not be as responsive to automated decision support as expected.