A combination of cyber technological feasibility and economic viability drives many of the decisions related to cybersecurity and cyber resiliency by both the defenders and attackers. In this context, technological feasibility is defined as any cyber resiliency technology that has the potential to be developed, fielded, and operationally controlled. In the case of economic viability, the resources required to defend, or attack must be available. We define resources in its broadest sense to include but not limited to the people, equipment, training, required funding, and asset value. On the defensive side, these technological and economic factors determine the cyber security and resiliency policies, procedures and technologies implemented to prevent and respond to cyber- attacks. On the offensive side, they not only determine the type of attack but also the effort expended to ensure its success. In short, these and other factors determine the asymmetric balance between the attackers and defenders.

The CRE 2022 Workshop, focusing on Cyber Resiliency: Strategies, Technologies, and Economics, will continue the exploration of foundational and applied advances in cyber resiliency strategies, policies, and technologies to shift the asymmetric balance in favour of the defender and identify and quantify the effect economic realities have on the decision processes. At the top level, national and organizational strategies and policies are required to understand what is to be achieved and the resources to be made available to protect critical resources and infrastructures. These strategies and policies must be supported by security and resiliency technologies. As a result, in addition to exploring various strategies, the workshop will seek to understand the capabilities, strengths/weaknesses, and benefits of various resiliency technologies whether existing or in research. The workshop will examine the parameters needed to accurately quantify asymmetric imbalance from both the offensive and defensive perspective; examine technical and non-technical approaches to shifting that balance, including the full range of costs/benefits of each approach; and explore and evaluate a range of options for defining and achieving optimality. It will bring together a diverse group of experts from multiple fields to advance the above concepts.

The CRE Workshop directly complements the conference’s objectives by serving to accelerate the recognition, adoption and application of cyber resilience of critical resources and infrastructures within industry, government and academia by addressing the key concerns of how these techniques and technologies can be realized within the practical constraints of cost, risk, and benefit.

Topics of Interest
Prospective authors are encouraged to submit previously unpublished contributions from a broad range of topics, which include but are not limited to the following:

› National and organizational cyber resiliency strategies and policies related to the development, deployment and use of cyber resiliency technologies.
› Existing IT/OT (and their interfaces) to achieve cyber resilience of CPS environments.
› Research activities in cyber resilience focused on IT and OT solutions, alignment of technical and mission resiliency, and preemptive resilience.
› Benefits and weaknesses of cyber resiliency technologies in CPS environments.
› Metrics, measurements, and economics of cyber resiliency & asymmetry.

› Technical and Economic barriers to the implementation of cyber resiliency technologies.
› Defining practical cyber resiliency and potential use cases and case studies.
› Relationship between resiliency and security in protecting CPS environments.
› Adversary and defender economics: assessing the impact of defender capabilities and actions to the attacker and vice versa.
› Frameworks for ROI analysis (cost, risk, benefit) to guide technology investment (research, development, and utilization).

Important Dates
Paper submission deadline: April 22, 2022 AoE
Authors’ notification: May 13, 2022 AoE
Camera-ready submission: May 27, 2022 AoE
Early registration deadline: June 3, 2022 AoE
Workshop date: July 27–29, 2022

Submission Guidelines
The workshop’s proceedings will be published by IEEE and will be included in IEEE Xplore. The guidelines for authors, manuscript preparation guidelines, and policies of the IEEE CSR conference are applicable to CRE 2022 workshop. Please visit the authors’ instructions page for more details. When submitting your manuscript via the conference management system, please make sure that the workshop’s track 2T3 CRE is selected in the Topic Areas drop down list.

Workshop Committees
Workshop chairs

Nicholas J. Multari, Pacific Northwest National Lab (US)
Rosalie McQuaid, MITRE Corporation (US)

Organizing committee

Nicholas J. Multari, Pacific Northwest National Lab (US)
Rosalie McQuaid, MITRE Corporation (US)
George Sharkov, European Software Inst CEE; Cybersecurity Lab (BG)
Volkmar Lotz, SAP Labs (FR)
Elena Peterson, Pacific Northwest National Lab (US)
Jeffrey Picciotto, MITRE Corporation (US)

Publicity chairs

Elena Peterson, Pacific Northwest National Lab (US)
Paul Rowe, MITRE Corporation (US)

Contact us

nick.multari@pnnl.gov
rmcquaid@mitre.org

Program committee

Steve Borbash, US Department of Defense (US)
Thomas Carroll, Pacific Northwest National Laboratory (US)
Andrea Ceccarelli, Universita degli Studi di Firenze (IT)
Peter Chen, Carnegie Mellon University/SEI (US)
Yung Ryn Choe, Sandia National Laboratory (US)
Herve Debar, Telecom Sud, Paris (FR)
Sabrina De Capitani di Vimercati, Universita degli Studi di Milano (IT)
Erich Devendorf, Air Force Research Laboratory (US)
Anurag Dwivedi, John Hopkins University APL (US)
Meghan Galiardi, Sandia National Laboratory (US)
Arlette Hart, Leidos (US)
Gernot Heiser, University of New South Wales (AU)
Chad Heitzenrater, Air Force Research Laboratory (US)
Doug Jacobson, Iowa State University (US)
Dong Seong Kim, University of Canterbury (NZ)
Richard Kuhn, Nat’l Inst of Standard and Technology (US)
Volkmar Lotz, SAP Labs (FR)
Emil Lupu, Imperial University (UK)
Henrique Madeira, University of Coimbra (PT)
Luigi Mancini, Universita di Roma Sapienza (IT)
Al Mok, University of Texas at Austin (US)
Takashi Nanya, University of Tokyo (JP)
Nuno Neves, University of Lisbon (PT)
Rui Oliveira, University of Miniho (PT)
Mohammad Rahman, Florida International University (US)
Indrajit Ray, Colorado State University (US)
Craig Rieger, Idaho National Laboratory (US)
Luigi Romano, University of Naples (IT)
O Sami Saydjari, Cyber Defense Agency (US)
Nabil Schear, MIT Lincoln Laboratory (US)
Neeraj Suri, Technical University Darmstadt (GE)
Reginald Sawilla, Government of Canada (CA)
Kishor S Trivedi, Duke University (US)
Paulo Verissimo, University of Luxembourg (LU)
Marco Vieira, University of Coimbra (PT)
Eric Vugrin, Sandia National Laboratory (US)
Chris Walter, WW Technology Group (US)
Ian Welch, Victoria University of Wellington (NZ)