{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T23:11:31Z","timestamp":1781046691632,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":85,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,5,11]],"date-time":"2024-05-11T00:00:00Z","timestamp":1715385600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Department of Energy?s Office of Cybersecurity, Energy Security, and Emergency Response"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,5,11]]},"DOI":"10.1145\/3613904.3642493","type":"proceedings-article","created":{"date-parts":[[2024,5,11]],"date-time":"2024-05-11T08:38:25Z","timestamp":1715416705000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Interdisciplinary Approaches to Cybervulnerability Impact Assessment for Energy Critical Infrastructure"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-2422-1256","authenticated-orcid":false,"given":"Andrea","family":"Gallardo","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, United States and Idaho National Laboratory, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3872-1466","authenticated-orcid":false,"given":"Robert","family":"Erbes","sequence":"additional","affiliation":[{"name":"Idaho National Laboratory, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9480-3263","authenticated-orcid":false,"given":"Katya","family":"Le Blanc","sequence":"additional","affiliation":[{"name":"Idaho National Laboratory, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8209-6792","authenticated-orcid":false,"given":"Lujo","family":"Bauer","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2125-0124","authenticated-orcid":false,"given":"Lorrie Faith","family":"Cranor","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, United States"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,5,11]]},"reference":[{"key":"e_1_3_3_2_1_1","volume-title":"Perspectives on Security Alarms. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Alahmadi A.","year":"2022","unstructured":"Bushra\u00a0A. Alahmadi, Louise Axon, and Ivan Martinovic. 2022. 99% False Positives: A Qualitative Study of SOC Analysts\u2019 Perspectives on Security Alarms. In 31st USENIX Security Symposium (USENIX Security 22) (Boston, MA). USENIX Association, 2783\u20132800. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/alahmadi"},{"key":"e_1_3_3_2_2_1","doi-asserted-by":"publisher","DOI":"10.3390\/en15010218"},{"key":"e_1_3_3_2_3_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1539-6924.2005.00595.x"},{"key":"e_1_3_3_2_4_1","doi-asserted-by":"publisher","DOI":"10.1177\/1541931218621161"},{"key":"e_1_3_3_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3421254"},{"key":"e_1_3_3_2_6_1","unstructured":"Kate Behncken. 2022. Closing the cybersecurity skills gap \u2013 Microsoft expands efforts to 23 countries. https:\/\/blogs.microsoft.com\/blog\/2022\/03\/23\/closing-the-cybersecurity-skills-gap-microsoft-expands-efforts-to-23-countries\/."},{"key":"e_1_3_3_2_7_1","volume-title":"A 6-Part Tool for Ranking and Assessing Risks. Harvard Business Review (Sept","author":"Bencie Luke","year":"2018","unstructured":"Luke Bencie and Sami Araboghli. 2018. A 6-Part Tool for Ranking and Assessing Risks. Harvard Business Review (Sept. 2018). https:\/\/hbr.org\/2018\/09\/a-6-part-tool-for-ranking-and-assessing-risks."},{"key":"e_1_3_3_2_8_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Binkhorst Veroniek","year":"2022","unstructured":"Veroniek Binkhorst, Tobias Fiebig, Katharina Krombholz, Wolter Pieters, and Katsiaryna Labunets. 2022. Security at the End of the Tunnel: The Anatomy of VPN Mental Models Among Experts and Non-Experts in a Corporate Context. In 31st USENIX Security Symposium (USENIX Security 22) (Boston, MA). USENIX Association, 3433\u20133450. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/binkhorst"},{"key":"e_1_3_3_2_9_1","doi-asserted-by":"publisher","DOI":"10.3390\/en15093237"},{"key":"e_1_3_3_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280693"},{"key":"e_1_3_3_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2492007.2492018"},{"key":"e_1_3_3_2_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.09.009"},{"key":"e_1_3_3_2_13_1","unstructured":"CISA. 2023. US-CERT and ICS-CERT Transition to CISA | CISA. https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/02\/24\/us-cert-and-ics-cert-transition-cisa."},{"key":"e_1_3_3_2_14_1","volume-title":"Accessed","author":"CISA.","year":"2024","unstructured":"CISA. 2024. Cybersecurity Alerts & Advisories | CISA. https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories. Accessed February 22, 2024."},{"key":"e_1_3_3_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2016.331"},{"key":"e_1_3_3_2_16_1","volume-title":"Accessed","author":"The\u00a0MITRE Corporation","year":"2024","unstructured":"The\u00a0MITRE Corporation. 2024. CWE - Common Weakness Enumeration. https:\/\/cwe.mitre.org\/. Accessed February 22, 2024."},{"key":"e_1_3_3_2_17_1","volume-title":"Accessed","author":"The\u00a0MITRE Corporation","year":"2024","unstructured":"The\u00a0MITRE Corporation. 2024. Home | CVE. https:\/\/www.cve.org\/. Accessed February 22, 2024."},{"key":"e_1_3_3_2_18_1","volume-title":"Accessed","author":"The\u00a0MITRE Corporation","year":"2024","unstructured":"The\u00a0MITRE Corporation. 2024. MITRE ATT&CK. https:\/\/attack.mitre.org\/. Accessed February 22, 2024."},{"key":"e_1_3_3_2_19_1","volume-title":"Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business. The New York Times (June","author":"Creswell Julie","year":"2021","unstructured":"Julie Creswell, Nicole Perlroth, and Noam Scheiber. 2021. Ransomware Disrupts Meat Plants in Latest Attack on Critical U.S. Business. The New York Times (June 2021). https:\/\/www.nytimes.com\/2021\/06\/01\/business\/meat-plant-cyberattack-jbs.html."},{"key":"e_1_3_3_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966959"},{"key":"e_1_3_3_2_21_1","volume-title":"Cyber-physical security assessment (CYPSA) for electric power systems","author":"Davis K","year":"2016","unstructured":"K Davis, R Berthier, S Zonouz, G Weaver, R Bobba, E Rogers, P Sauer, and D Nicol. 2016. Cyber-physical security assessment (CYPSA) for electric power systems. IEEE-HKN: THE BRIDGE (2016)."},{"key":"e_1_3_3_2_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-65004-2_4"},{"key":"e_1_3_3_2_23_1","volume-title":"Are Hackable Farms","author":"Dhar Payal","year":"2021","unstructured":"Payal Dhar. 2021. Cybersecurity Report: \u201cSmart Farms\u201d Are Hackable Farms. IEEE Spectrum (March 2021). https:\/\/spectrum.ieee.org\/cybersecurity-report-how-smart-farming-can-be-hacked."},{"key":"e_1_3_3_2_24_1","volume-title":"Energy secretary says adversaries have capability of shutting down US power grid | CNN Politics. CNN (June","author":"Duster Chandelis","year":"2021","unstructured":"Chandelis Duster. 2021. Energy secretary says adversaries have capability of shutting down US power grid | CNN Politics. CNN (June 2021). https:\/\/www.cnn.com\/2021\/06\/06\/politics\/us-power-grid-jennifer-granholm-cnntv\/index.html."},{"key":"e_1_3_3_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00043"},{"key":"e_1_3_3_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1358628.1358905"},{"key":"e_1_3_3_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-65004-2_7"},{"key":"e_1_3_3_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3538969.3543814"},{"key":"e_1_3_3_2_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-98015-3_59"},{"key":"e_1_3_3_2_30_1","volume-title":"Comparing Expert and Non-Expert Security Practices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)","author":"Ion Iulia","year":"2015","unstructured":"Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. \u201c...No one Can Hack My Mind\u201d: Comparing Expert and Non-Expert Security Practices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (Ottawa, Canada). USENIX Association, 327\u2013346. https:\/\/www.usenix.org\/conference\/soups2015\/proceedings\/presentation\/ion"},{"key":"e_1_3_3_2_31_1","volume-title":"ISC2 Cybersecurity Workforce Study","author":"Inc","year":"2023","unstructured":"Inc ISC2. 2023. ISC2 Cybersecurity Workforce Study 2023. https:\/\/media.isc2.org\/-\/media\/Project\/ISC2\/Main\/Media\/documents\/research\/ISC2_Cybersecurity_Workforce_Study_2023.pdf."},{"key":"e_1_3_3_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/FSKD.2014.6980976"},{"key":"e_1_3_3_2_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833713"},{"key":"e_1_3_3_2_34_1","volume-title":"Department of Energy opens $9 million in competitive cyber funding to small electric utilities. SC Media (Aug","author":"Johnson B.","year":"2023","unstructured":"Derek\u00a0B. Johnson. 2023. Department of Energy opens $9 million in competitive cyber funding to small electric utilities. SC Media (Aug. 2023). https:\/\/www.scmagazine.com\/news\/department-of-energy-opens-9-million-in-competitive-cyber-funding-to-small-electric-utilities."},{"key":"e_1_3_3_2_35_1","doi-asserted-by":"publisher","DOI":"10.1177\/154193120304701202"},{"key":"e_1_3_3_2_36_1","doi-asserted-by":"publisher","unstructured":"Josephine Lamp Carlos\u00a0E. Rubio-Medrano Ziming Zhao and Gail-Joon Ahn. 2019. ExSol: Collaboratively Assessing Cybersecurity Risks for Protecting Energy Delivery Systems. In 2019 7th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). 1\u20136. https:\/\/doi.org\/10.1109\/MSCPES.2019.8738791","DOI":"10.1109\/MSCPES.2019.8738791"},{"key":"e_1_3_3_2_37_1","volume-title":"And Hardware May Give Them An Open Door. Forbes (Feb.","author":"Layton Roslyn","year":"2021","unstructured":"Roslyn Layton. 2021. Hackers Are Targeting U.S. Banks, And Hardware May Give Them An Open Door. Forbes (Feb. 2021). https:\/\/www.forbes.com\/sites\/roslynlayton\/2021\/03\/17\/hackers-are-targeting-us-banks-and-hardware-may-give-them-an-open-door\/."},{"key":"e_1_3_3_2_38_1","volume-title":"The Cybersecurity Workforce Gap","author":"Lewis James\u00a0Andrew","year":"2019","unstructured":"James\u00a0Andrew Lewis and William Crumpler. 2019. The Cybersecurity Workforce Gap. Center for Strategic and International Studies (Jan. 2019). https:\/\/www.csis.org\/analysis\/cybersecurity-workforce-gap."},{"key":"e_1_3_3_2_39_1","doi-asserted-by":"publisher","DOI":"10.7249\/RR430"},{"key":"e_1_3_3_2_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/2667190.2667192"},{"key":"e_1_3_3_2_41_1","doi-asserted-by":"publisher","DOI":"10.1049\/cp.2016.0856"},{"key":"e_1_3_3_2_42_1","volume-title":"Business Blackout: The insurance implications of a cyber attack on the US power grid. https:\/\/www.lloyds.com\/news-and-insights\/risk-reports\/library\/business-blackout\/.","year":"2015","unstructured":"Lloyd\u2019s. 2015. Business Blackout: The insurance implications of a cyber attack on the US power grid. https:\/\/www.lloyds.com\/news-and-insights\/risk-reports\/library\/business-blackout\/."},{"key":"e_1_3_3_2_43_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Mantovani Alessandro","year":"2022","unstructured":"Alessandro Mantovani, Simone Aonzo, Yanick Fratantonio, and Davide Balzarotti. 2022. RE-Mind: a First Look Inside the Mind of a Reverse Engineer. In 31st USENIX Security Symposium (USENIX Security 22) (Boston, MA). USENIX Association, 2727\u20132745. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/mantovani"},{"key":"e_1_3_3_2_44_1","volume-title":"Cyber security: Global food supply chain at risk from malicious hackers. BBC News (May","author":"Marshall Claire","year":"2022","unstructured":"Claire Marshall and Malcom Prior. 2022. Cyber security: Global food supply chain at risk from malicious hackers. BBC News (May 2022). https:\/\/www.bbc.com\/news\/science-environment-61336659."},{"key":"e_1_3_3_2_45_1","doi-asserted-by":"publisher","DOI":"10.1177\/20539517221108369"},{"key":"e_1_3_3_2_46_1","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020","author":"Michalec Ola\u00a0Aleksandra","year":"2020","unstructured":"Ola\u00a0Aleksandra Michalec, Dirk van\u00a0der Linden, Sveta Milyaeva, and Awais Rashid. 2020. Industry Responses to the European Directive on Security of Network and Information Systems (NIS): Understanding policy implementation practices across critical infrastructures. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 301\u2013317. https:\/\/www.usenix.org\/conference\/soups2020\/presentation\/michalec"},{"key":"e_1_3_3_2_47_1","volume-title":"The mounting death toll of hospital cyberattacks. POLITICO (Dec","author":"Miller Maggie","year":"2022","unstructured":"Maggie Miller. 2022. The mounting death toll of hospital cyberattacks. POLITICO (Dec. 2022). https:\/\/www.politico.com\/news\/2022\/12\/28\/cyberattacks-u-s-hospitals-00075638."},{"key":"e_1_3_3_2_48_1","volume-title":"Adversarial Machine Learning Defenses in Industry. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Mink Jaron","year":"2023","unstructured":"Jaron Mink, Harjot Kaur, Juliane Schm\u00fcser, Sascha Fahl, and Yasemin Acar. 2023. \u201cSecurity is not my field, I\u2019m a stats guy\u201d: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry. In 32nd USENIX Security Symposium (USENIX Security 23) (Anaheim, CA). USENIX Association, 3763\u20133780. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/mink"},{"key":"e_1_3_3_2_49_1","doi-asserted-by":"publisher","DOI":"10.4225\/75"},{"key":"e_1_3_3_2_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/IEEM.2011.6118180"},{"key":"e_1_3_3_2_51_1","volume-title":"Accessed","author":"North American Electric Reliability Corporation","year":"2023","unstructured":"North American Electric Reliability Corporation. 2023. Reliability Standards. https:\/\/www.nerc.com\/pa\/Stand\/Pages\/ReliabilityStandards.aspx. Accessed February 22, 2024."},{"key":"e_1_3_3_2_52_1","volume-title":"Accessed","author":"Federation of American Scientists Intelligence Resource\u00a0Program.","year":"1991","unstructured":"Federation of American Scientists Intelligence Resource\u00a0Program. 1991. FM 34-36 Appendix D: Target Analysis Practice. https:\/\/irp.fas.org\/doddir\/army\/fm34-36\/appd.htm. Accessed February 22, 2024."},{"key":"e_1_3_3_2_53_1","volume-title":"Accessed","author":"Incident\u00a0Response Forum","year":"2023","unstructured":"Forum of Incident\u00a0Response and Security Teams. 2023. CVSS v3.1 Specification Document. https:\/\/www.first.org\/cvss\/specification-document. Accessed February 22, 2024."},{"key":"e_1_3_3_2_54_1","volume-title":"Accessed","author":"National\u00a0Institute of Standards and Technology. [n. d.]. NVD -","year":"2024","unstructured":"National\u00a0Institute of Standards and Technology. [n. d.]. NVD - CVEs and the NVD Process. https:\/\/nvd.nist.gov\/general\/cve-process. Accessed February 22, 2024."},{"key":"e_1_3_3_2_55_1","volume-title":"Accessed","author":"National\u00a0Institute of Standards and Technology.","year":"2018","unstructured":"National\u00a0Institute of Standards and Technology. 2018. Cybersecurity Framework | NIST. https:\/\/www.nist.gov\/cyberframework. Accessed February 22, 2024."},{"key":"e_1_3_3_2_56_1","volume-title":"Accessed","author":"National\u00a0Institute of Standards and Technology.","year":"2019","unstructured":"National\u00a0Institute of Standards and Technology. 2019. Vulnerability - Glossary CSRC. https:\/\/csrc.nist.gov\/glossary\/term\/vulnerability. Accessed February 22, 2024."},{"key":"e_1_3_3_2_57_1","volume-title":"Accessed","author":"National\u00a0Institute of Standards and Technology.","year":"2023","unstructured":"National\u00a0Institute of Standards and Technology. 2023. NVD - Vulnerability Metrics. https:\/\/nvd.nist.gov\/vuln-metrics. Accessed February 22, 2024."},{"key":"e_1_3_3_2_58_1","unstructured":"U.\u00a0S. Government\u00a0Accountability Office. 2019. Preparing for Evolving Cybersecurity Threats Facing the U.S. Electric Grid. https:\/\/www.gao.gov\/blog\/2019\/10\/16\/preparing-for-evolving-cybersecurity-threats-facing-the-u-s-electric-grid."},{"key":"e_1_3_3_2_59_1","volume-title":"The Life and Times of Cybersecurity Professionals 2021","author":"Oltsik Jon","year":"2021","unstructured":"Jon Oltsik and Bill Lundell. 2021. The Life and Times of Cybersecurity Professionals 2021 Volume V. https:\/\/www.issa.org\/wp-content\/uploads\/2021\/07\/ESG-ISSA-Research-Report-Life-of-Cybersecurity-Professionals-Jul-2021.pdf."},{"key":"e_1_3_3_2_60_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.isatra.2007.04.003"},{"key":"e_1_3_3_2_61_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.10.007"},{"key":"e_1_3_3_2_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-78105-1_15"},{"key":"e_1_3_3_2_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300663"},{"key":"e_1_3_3_2_64_1","volume-title":"Council Post: Why Overcoming The Cybersecurity Labor Shortage Matters To Company Success. Forbes (March","author":"Rende Justin","year":"2023","unstructured":"Justin Rende. 2023. Council Post: Why Overcoming The Cybersecurity Labor Shortage Matters To Company Success. Forbes (March 2023). https:\/\/www.forbes.com\/sites\/forbestechcouncil\/2023\/03\/01\/why-overcoming-the-cybersecurity-labor-shortage-matters-to-company-success\/."},{"key":"e_1_3_3_2_65_1","volume-title":"Bank of Canada says cyber attack could threaten overall financial stability","year":"2023","unstructured":"Reuters. 2023. Bank of Canada says cyber attack could threaten overall financial stability. Reuters (May 2023). https:\/\/www.reuters.com\/article\/idUSBCLIGEJ5H\/."},{"key":"e_1_3_3_2_66_1","volume-title":"Apparent cyberattack forces Florida hospital system to divert some emergency patients to other facilities | CNN Politics. CNN (Feb","author":"Rind David","year":"2023","unstructured":"David Rind, Sean\u00a0Lyngaas. 2023. Apparent cyberattack forces Florida hospital system to divert some emergency patients to other facilities | CNN Politics. CNN (Feb 2023). https:\/\/www.cnn.com\/2023\/02\/03\/politics\/cyberattack-hospital-tallahassee-memorial-florida\/index.html."},{"key":"e_1_3_3_2_67_1","volume-title":"Big Ag Scrambles To Address Cyber Risk. Forbes (June","author":"Roberts F.","year":"2021","unstructured":"Paul\u00a0F. Roberts. 2021. Under Scrutiny, Big Ag Scrambles To Address Cyber Risk. Forbes (June 2021). https:\/\/www.forbes.com\/sites\/paulfroberts\/2021\/06\/20\/under-scrutiny-big-ag-scrambles-to-address-cyber-risk\/."},{"key":"e_1_3_3_2_68_1","unstructured":"Ax Sharma. 2021. $5.9 million ransomware attack on farming co-op may cause food shortage. Ars Technica (Sept. 2021). https:\/\/arstechnica.com\/information-technology\/2021\/09\/5-9-million-ransomware-attack-on-farming-co-op-may-cause-food-shortage\/."},{"key":"e_1_3_3_2_69_1","volume-title":"Secure IoT. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Sombatruang Nissy","year":"2023","unstructured":"Nissy Sombatruang, Tristan Caulfield, Ingolf Becker, Akira Fujita, Takahiro Kasama, Koji Nakao, and Daisuke Inoue. 2023. Internet Service Providers\u2019 and Individuals\u2019 Attitudes, Barriers, and Incentives to Secure IoT. In 32nd USENIX Security Symposium (USENIX Security 23) (Anaheim, CA). USENIX Association, 1541\u20131558. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/sombatruang"},{"key":"e_1_3_3_2_70_1","volume-title":"Analysis | A presidential critical infrastructure protection order is getting a badly needed update, officials say. Washington Post (May","author":"Starks Tim","year":"2023","unstructured":"Tim Starks. 2023. Analysis | A presidential critical infrastructure protection order is getting a badly needed update, officials say. Washington Post (May 2023). https:\/\/www.washingtonpost.com\/politics\/2023\/05\/11\/presidential-critical-infrastructure-protection-order-is-getting-badly-needed-update-officials-say\/."},{"key":"e_1_3_3_2_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3569958"},{"key":"e_1_3_3_2_72_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.2326634"},{"key":"e_1_3_3_2_73_1","volume-title":"The financial system is alarmingly vulnerable to cyber attack. Financial Times (Feb","author":"Tett Gillian","year":"2023","unstructured":"Gillian Tett. 2023. The financial system is alarmingly vulnerable to cyber attack. Financial Times (Feb. 2023). https:\/\/www.ft.com\/content\/03507666-aad7-4dc3-a836-658750b880ce."},{"key":"e_1_3_3_2_74_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2017.23006"},{"key":"e_1_3_3_2_75_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJRAM.2011.042113"},{"key":"e_1_3_3_2_76_1","volume-title":"Fix It. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Votipka Daniel","year":"2020","unstructured":"Daniel Votipka, Kelsey\u00a0R. Fulton, James Parker, Matthew Hou, Michelle\u00a0L. Mazurek, and Michael Hicks. 2020. Understanding security mistakes developers make: Qualitative analysis from Build It, Break It, Fix It. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 109\u2013126. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/votipka-understanding"},{"key":"e_1_3_3_2_77_1","volume-title":"Testers: A Comparison of Software Vulnerability Discovery Processes. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 374\u2013391","author":"Votipka Daniel","year":"2018","unstructured":"Daniel Votipka, Rock Stevens, Elissa Redmiles, Jeremy Hu, and Michelle Mazurek. 2018. Hackers vs. Testers: A Comparison of Software Vulnerability Discovery Processes. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 374\u2013391."},{"key":"e_1_3_3_2_78_1","volume-title":"\u201cmalicious","author":"Walton Robert","year":"2021","unstructured":"Robert Walton. 2021. A month after \u201cmalicious\u201d cyberattack, a small Colorado utility still doesn\u2019t have all systems back online. Utility Dive (Dec. 2021). https:\/\/www.utilitydive.com\/news\/a-month-after-malicious-cyberattack-a-small-colorado-utility-still-doesn\/610983\/."},{"key":"e_1_3_3_2_79_1","volume-title":"Cyberattack delays patient care at major US hospital chain. The Verge (Oct","author":"Wetsman Nicole","year":"2022","unstructured":"Nicole Wetsman. 2022. Cyberattack delays patient care at major US hospital chain. The Verge (Oct. 2022). https:\/\/www.theverge.com\/2022\/10\/11\/23398707\/cyberattack-hospital-system-patient-care-issues."},{"key":"e_1_3_3_2_80_1","volume-title":"Perspective. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Wolf Flynn","year":"2021","unstructured":"Flynn Wolf, Adam\u00a0J. Aviv, and Ravi Kuber. 2021. Security Obstacles and Motivations for Small Businesses from a CISO\u2019s Perspective. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 1199\u20131216. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/wolf"},{"key":"e_1_3_3_2_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2017.2781198"},{"key":"e_1_3_3_2_82_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Wu Qiushi","year":"2022","unstructured":"Qiushi Wu, Yue Xiao, Xiaojing Liao, and Kangjie Lu. 2022. OS-Aware Vulnerability Prioritization via Differential Severity Analysis. In 31st USENIX Security Symposium (USENIX Security 22) (Boston, MA). USENIX Association, 395\u2013412. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/wu-qiushi"},{"key":"e_1_3_3_2_83_1","volume-title":"Cyberattacks on health care are increasing. Inside one hospital\u2019s fight to recover. NPR (May","author":"Yousry Farah","year":"2023","unstructured":"Farah Yousry. 2023. Cyberattacks on health care are increasing. Inside one hospital\u2019s fight to recover. NPR (May 2023). https:\/\/www.npr.org\/sections\/health-shots\/2023\/05\/08\/1172569347\/cyberattacks-on-health-care-are-increasing-inside-one-hospitals-fight-to-recover."},{"key":"e_1_3_3_2_84_1","volume-title":"Hacking Wall Street. The New York Times (July","author":"Zetter Kim","year":"2021","unstructured":"Kim Zetter. 2021. Hacking Wall Street. The New York Times (July 2021). https:\/\/www.nytimes.com\/2021\/07\/03\/business\/dealbook\/hacking-wall-street.html."},{"key":"e_1_3_3_2_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3058403"}],"event":{"name":"CHI '24: CHI Conference on Human Factors in Computing Systems","location":"Honolulu HI USA","acronym":"CHI '24","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction","SIGACCESS ACM Special Interest Group on Accessible Computing"]},"container-title":["Proceedings of the CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3613904.3642493","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3613904.3642493","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:56:48Z","timestamp":1750291008000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3613904.3642493"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,11]]},"references-count":85,"alternative-id":["10.1145\/3613904.3642493","10.1145\/3613904"],"URL":"https:\/\/doi.org\/10.1145\/3613904.3642493","relation":{},"subject":[],"published":{"date-parts":[[2024,5,11]]},"assertion":[{"value":"2024-05-11","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}