Advanced Search

Content Type

Topics

Publication Date

Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators

  • Author(s): The WEA Project Team
  • Publish Date:
  • Publisher: Software Engineering Institute
  • SEI Identifier: CMU/SEI-2013-SR-018
  • Type: Special Report
  • Topics: Cybersecurity Engineering
  • Description: In this report, the authors describe a cybersecurity risk management (CSRM) strategy that alert originators can use throughout WEA adoption, operations, and sustainment, as well as a set of governance activities for developing a plan to execute the CSRM.

Abstract

This material is based on work funded and supported by Department of Homeland Security and is also available at FirstResponder.gov in the Technology Documents Library.


The Wireless Emergency Alerts (WEA) service depends on computer systems and networks to convey potentially life-saving information to the public in a timely manner. However, like other cyber-enabled services, it is susceptible to risks that may enable attackers to disseminate unauthorized alerts or to delay, modify, or destroy valid alerts. Successful attacks may result in property destruction, financial loss, injury, or death and may damage WEA credibility to the extent that users ignore future alerts or disable alerting. This report describes a four-stage cybersecurity risk management (CSRM) strategy that alert originators can use throughout WEA adoption, operations, and sustainment, as well as a set of governance activities for developing a plan to execute the CSRM. In Stage 1, alert originators document mission threads, describing the process for generating WEA messages. In Stage 2, they examine the mission threads to identify threats and vulnerabilities. In Stage 3, they use the identified threats and vulnerabilities to assess and prioritize risks according to their likely impact on WEA operations. Finally, in Stage 4, they use the results of risk assessment to define cybersecurity roles and assign risk-mitigation actions. The four stages are repeated periodically and as procedures, threats, technology, and staff assignments change.


 

Cite This Report

Show Citation Formats

SEI

WEA Project Team, The. Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators (CMU/SEI-2013-SR-018). Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=70071

IEEE

WEA Project Team. The, "Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Special Report CMU/SEI-2013-SR-018, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=70071

APA

WEA Project Team, The. (2014). Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators (CMU/SEI-2013-SR-018). Retrieved October 25, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=70071

CHI

The WEA Project Team. Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators (CMU/SEI-2013-SR-018). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=70071

MLA

WEA Project Team, The. 2014. Wireless Emergency Alerts (WEA) Cybersecurity Risk Management Strategy for Alert Originators (Technical Report CMU/SEI-2013-SR-018). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=70071