96    Artificial Intelligence for the Internet of Everything


             Consider the case in which a Sentinel detects a cyber attack that consists
          of an improper digital control message preventing a car from operating prop-
          erly. From the operator’s perspective there can be many different causes for
          the car not operating properly (e.g., a failed battery), and these are typically
          causes they have previously experienced. Consequently, under the imme-
          diate pressure of needing to take decisive action, the operator may be more
          likely to assume these causes of failure, rather than a never-experienced
          cyber attack. Research results showed that even when an operator accepts
          a Sentinel’s input as being correct, uncertainty remains regarding the possi-
          bility for additional elements of the cyber attack having yet to emerge. This
          element of uncertainty is escalated when there are high consequences asso-
          ciated with an operator’s decisions, and the operator’s accountability for
          those decisions can impact behavior, including asking for access to cyber-
          security experts before making a critical decision. Of course, such calls for
          help can potentially delay decision making to an undesirable degree. As a
          result of these scenarios actually emerging during our research experiments,
          a significant effort has been initiated to better understand human behavior in
          uncertain circumstances that are likely to exist in scenarios regarding cyber
          attacks on physical systems. From a policy vantage point, research efforts are
          needed to address questions regarding selection, certification, and readiness
          training requirements for operators of physical systems for which cyber
          attacks could have serious consequences.


          5.4 DATA CURATION

          Data curation can be defined as the active and ongoing management of data
          through its lifecycle of interest and usefulness. If one assumes that a critical
          step in vigorously addressing cyber security for physical systems is the need
          for early evidence that cyber attacks are actually occurring, significant issues
          emerge regarding curation of the data that would provide the needed evi-
          dence. Based on the automobile-focused State Police project referred to
          above, an important next step would be the development of accepted pol-
          icies and processes regarding the collection, storage, security, sharing, anal-
          ysis, and supplementation of data. For example, consider the case of
          distribution of specific data that were to be collected at the scene of an auto-
          mobile incident and, based upon analysis, indicated a possible cyber attack.
          Recognizing the international manufacturing base for automobiles and the
          international sales of automobiles, information would need to be shared
          across the world. It would be important that worldwide law-enforcement