RESUMO
Demands to manage the risks of artificial intelligence (AI) are growing. These demands and the government standards arising from them both call for trustworthy AI. In response, we adopt a convergent approach to review, evaluate, and synthesize research on the trust and trustworthiness of AI in the environmental sciences and propose a research agenda. Evidential and conceptual histories of research on trust and trustworthiness reveal persisting ambiguities and measurement shortcomings related to inconsistent attention to the contextual and social dependencies and dynamics of trust. Potentially underappreciated in the development of trustworthy AI for environmental sciences is the importance of engaging AI users and other stakeholders, which human-AI teaming perspectives on AI development similarly underscore. Co-development strategies may also help reconcile efforts to develop performance-based trustworthiness standards with dynamic and contextual notions of trust. We illustrate the importance of these themes with applied examples and show how insights from research on trust and the communication of risk and uncertainty can help advance the understanding of trust and trustworthiness of AI in the environmental sciences.
RESUMO
It is important to have and use standardized terminology and develop a comprehensive common understanding of what is meant by cyber security and cyber security risk given the multidisciplinary nature of cyber security and the pervasiveness of cyber security concerns throughout society. Using expert elicitation methods, collaborating cyber researchers from multiple disciplines and two sectors (academia, government-military) were individually interviewed and asked to define cyber security and cyber security risk. Data-driven thematic analysis was used to identify the most salient themes within each definition, sector, and cyber expert group as a whole with results compared to current standards definitions. Network analysis was employed to visualize the interconnection of salient themes within and across sectors and disciplines. When examined as a whole group, "context-driven," "resilient system functionality," and "maintenance of CIA (confidentiality, integrity, availability)" were the most salient themes and influential network nodes for the definition of cyber security, while "impacts of CIA vulnerabilities," "probabilities of outcomes," and "context-driven" were the most salient themes for cyber security risk. We used this expert elicitation process to develop comprehensive definitions of cyber security (cybersecurity) and cyber security risk that encompass the contextual frameworks of all the disciplines represented in the collaboration and explicitly incorporates human factors as significant cyber security risk factors.
Assuntos
Segurança Computacional , HumanosRESUMO
The environmental management cycles for chemicals and climate change (EMC4 ) is a suggested conceptual framework for integrating climate change aspects into chemical risk management. The interaction of climate change and chemical risk brings together complex systems that are imperfectly understood by science. Making management decisions in this context is therefore difficult and often exacerbated by a lack of data. The consequences of poor decision-making can be significant for both environmental and human health. This article reflects on the ways in which existing chemicals management systems consider climate change and proposes the EMC4 conceptual framework, which is a tool for decision-makers operating at different spatial scales. Also presented are key questions raised by the tool to help the decision-maker identify chemical risks from climate change, management options, and, importantly, the different types of actors that are instrumental in managing that risk. Case studies showing decision-making at different spatial scales are also presented highlighting the conceptual framework's applicability to multiple scales. The United Nations Environment Programme's development of an intergovernmental Science Policy Panel on Chemicals and Waste has presented an opportunity to promote and generate research highlighting the impacts of chemicals and climate change interlinkages. Integr Environ Assess Manag 2024;20:433-453. © 2023 The Authors. Integrated Environmental Assessment and Management published by Wiley Periodicals LLC on behalf of Society of Environmental Toxicology & Chemistry (SETAC).
Assuntos
Mudança Climática , Conservação dos Recursos Naturais , Humanos , Medição de Risco , Gestão de Riscos , EcotoxicologiaRESUMO
Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual's intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users.