Introduction  7


              interdependence among the members of a team, predicting that optimal
              decisions made by a team are reflected in its actions by seeking its lowest level
              of free energy. They test their idea with a mathematical model of a team and
              have provided one of the first manuscripts to tackle the challenges associated
              with the rational management of teams.
                 Written by Barry M. Horowitz, a former Cybersecurity Commissioner for
              the Commonwealth of Virginia, Chapter 5 is titled “Policy Issues Regarding
              Implementations of Cyber Attack. Resilience Solutions for Cyber-physical
              Systems.” Horowitz is presently the Munster Professor of Systems and Infor-
                                                                          8
              mation Engineering at the University of Virginia in Charlottesville, VA. He
              is primarily interested in the policy implications of cyber security; in building
              cyber-security prototype and standards focused on achieving cyber-attack
              resilience; and in the education of future cybersecurity engineers. From his
              perspective, IoT is dramatically increasing complexity in cities, with com-
              merce, and in homes across the country. This complexity is increasing vulner-
              ability to cyber threats (e.g., see Zakrzewski’s, 2017, interview of John Carlin,
              the chairman of the global risk and crisis management group at Morrison &
              Foerster LLP and a former assistant attorney general in the national security
              division of the U.S. Justice Department). To reduce these risks, resilient
              cyber-physical systems must be able to respond to different types of distur-
              bances (errors; cyber attacks). He has written that risks to organization, system,
              and infrastructure security systems challenge existing policies, indicating
              that new ones must be crafted that reduce cyber risks instead of focusing
              on reaction to the damage caused by a cyber attack. The author argues that
              these new policies require responses that anticipate attacks yet are able to dis-
              tinguish anomalies caused by human error from those driven by the malicious
              cyber attackers who intend to cause significant damage to infrastructure and
              even to human health and life, or hope to control systems to achieve these or
              other malevolent purposes (e.g., Stuxnet). He concludes that anticipatory
              resilience solutions for cyber-physical systems will require teams of govern-
              ment and commercial organizations to work together to address the conse-
              quences of cyber attacks, to detect them, and to defend against them. The
              author offers a long-term view of cyber-security policies, operational stan-
              dards, and the education of cyber-security professionals, especially engineers.
              The overview of cyber security provided by this chapter lets the reader
              know how much more work needs to be done to make cyber security a pro-
              fession with standards.


              8
               Corresponding author: bh8e@virginia.edu.