28 Matching Annotations
  1. Nov 2019
    1. Availability refers to whether supply and demand are available and can meet the need each other


    2. Acceptability refers to whether the scheme is acceptable to most people in the target group


    1. In a written response, FERC officials said that the agency did not conduct an assessment to determine how the leading practices identified in the NIST Cybersecurity Framework could be applied to the cybersecurity standards.


    2. Risk assessment◕Risk management strategy○Supply chain risk management◑

      okay, answer to previous question above.

    3. Risk assessment

      Note the differences between risk assessment and risk management. The project would look towards risk assessment and then migrate its focus to risk management potentially, but what then? and how will this transition be smooth/original?

    4. none of them analyzed the threat of, and vulnerabilities to, a cyberattack spanning all three interconnections.


    5. However, the discussion of the quality of data available regarding DOE’s assessment is inaccurate. According to the assessment, the potential range of load loss resulting from four cyberattack scenarios was based on rigorous modeling and analysis from multiple DOE national laboratory experts. However, these results were based on the 2017 Electricity Subsector Risk Characterization Study, which as previously described, has significant limitations affecting the quality of data.

      The stance here is that the quality of data limits the effectiveness of the risk assessment model

    6. Problem definition and risk assessment

      nice nice

    7. The two plans and the assessment do not fully address all of the key characteristics needed for a national strategy.

      On what basis?

    8. Problem definition and risk assessment.Addresses the particular national problems, assesses the risks to critical assets and operations—including the threats to, and vulnerabilities of, critical operations—and discusses the quality of data available regarding the risk assessment.

      This is the crux of what I should be looking at I guess This is in regards to national strategies. Is this what I need to do?

    9. DOE and DHS also offer services aimed at helping grid owners and operators assess cybersecurity risks and perform forensic analysis.

      Look into what these services are. Evaluating how effective these risk assessments are?

    10. Further, federal agencies have performed three assessments of the potential impacts of cyberattacks on the industrial control systems supporting the grid.

      Risk assessment or assessment of impact?

    11. Even though cyber incidents involving the grid reportedly have not caused power outages in the United States, cyberattacks on foreign industrial control systems have resulted in power outages.

      and just because it happened elsewhere doesn't mean we are insulated from any attack.

    12. Specifically, the researchers found that malicious threat actors could compromise a large number of high-wattage IoT devices (e.g., air conditioners and heaters) and turn them into a botnet—a network of devices infected with malicious software and controlled as a group without the owners’knowledge

      Reminds me of the Target HVAC attack

    13. supply chains for industrial control systems can introduce vulnerabilities that could be exploited for a cyberattack.

      Supply chain is a whooooole other thing man

    14. vulnerabilities in industrial control system devices before patches can be applied.

      Unsure about this. There are various threat detection methods... unless there are APT actors using things like zero days. ... Or I guess really anyone acquiring zero-days on darknet?

    15. The electric grid is becoming more vulnerable to cyberattacks via (1) industrial control systems, (2) consumer Internet of Things (IoT)45devices connected to the grid’s distribution network, and (3) the global positioning system (GPS).

      1) ICS 2) IOT 3) GPS

      worthwhile to assess one or all? Followed up question later

    16. These reliability standards include critical infrastructure protection standards for protecting electric utility-critical and cyber-critical assets from cyberattacks. FERC has approved 11 such cybersecurity standards, 10 of which are currently enforced.

      One standard is not enforced. Why is it a standard then?

    17. information sharing and collaboratively developing and implementing risk-based standards.

      Interested particularly in these risk-based standards....

    18. he National Infrastructure Protection Plan, updated by DHS in December 2013, among other things, further integrates critical infrastructure protection efforts between government and private sectors.

      Private and public work together to NIPP it in the bud

    19. protecting critical infrastructure against terrorism to protecting and securing critical infrastructure and increasing its resilience against all hazards

      The focus shifted from threat of terrorism to threat of all hazards. Terrorism then is included in all hazards.

    20. ndustrial control systems are typically network-based systems that monitor and control sensitive processes and physical functions, such as the opening and closing of circuit breakers on the grid.


    21. The grid is generally considered to be resilient.

      Good to know

  2. Oct 2018
  3. s3.us-east-1.amazonaws.com s3.us-east-1.amazonaws.com
    1. However, we are now over 50 years from the end of western colonialism in Africa, and Africans have had time to forge their own institutions and build true national identities. In this effort they have often failed even when the former colonial power has remained substantially engaged financially and militarily, as in the case of the French.


  4. Sep 2018
    1. Much of the research on economic stratification at selective colleges relies on data with limitations that tend to restrict how comprehensively or accurately studies can assess the incomes of students enrolled at selective universities, particularly over time.

      because that really does seem weird

  5. Mar 2017
  6. Feb 2017
    1. should be able to be in-cluded in that change.

      The disparity in the statements between "prepare to participate" and "I should be able to be included in that change" signifies something went very wrong. Dr. Martin Luther King, Jr. hoped and spoke to spark change. Change happened. THe change that happened, however, wasn't the change that was sought after.


    1. ols function as additional forms of regulation.33These include norms,34markets,35and architecture.36Whilemany legal scholars have begun to consider both norms and markets in