ItemA Crowded Sky: New Threats and Opportunities for Homeland Security in the Cislunar Economy(Institute for Homeland Security, 2023-10-15) Reese, NickHomeland security has not traditionally been thought of as a mission area supporting space activities. Homeland security organizations, however, have been long time consumers of space data and services. Today, the space domain has opened for commercial activity and geopolitical competition alike. The security of the homeland is closely tied to the security of the space domain across multiple risk factors. The homeland security field faces an opportunity to pivot to be more involved in government and commercial space activities by bringing its unique capabilities and authorities to bear against challenges that did not exist a decade ago. This paper will study the evolution of the space economy and the role it now plays in the security of the homeland. ItemConvergence of Mission and Moment: Imagining the Emerging Technology Analyst(Institute for Homeland Security, 2023-10-15) Reese, NickThe Department of Homeland Security (DHS) was built to prevent terror attacks in the homeland and its culture and structure reflect its birth in 2002. Unlike the world changing event that created DHS, the gradual fading of the terror threat has left it misaligned to respond to new nation-state sponsored threats. The homeland security mission is at a true inflection point as it looks for new ways to use its capabilities and authorities while the central force driving global competition is being established. Just as the field of cyber was being established in the late 1990s and early 2000s in response to new threats, so too must the field of emerging technology be developed today. Examining the realities of the world today, we see the need for professionals who specialize in how emerging technologies create risks and opportunities in a way that is distinct from how cyber professionals do the same for the cyber domain. This work examines the geopolitical reality and how it reflects on the homeland. It goes a step further by conducting a comparative analysis between current cyber analyst requirements and skills and what would be required for an equivalent emerging technology analyst. This analysis informs governments, academia, and industry by creating a baseline from which emerging technology professionals can be created and evaluated with direct application on practitioners in critical infrastructure. ItemExamining Use Cases for Drones (UAS/RPAS) at the Texas Medical Center(Institute for Homeland Security, 2023-10-15) Allen, Bryce SThe Texas Medical Center (TMC) is the largest medical center in the world, with over 50 million square feet of developed land. With that size and notoriety come unique threats and challenges. As the TMC continues growth in size, and in technological advancement, an emphasis should be placed on how to utilize technologies already being integrated effectively in other critical sectors to support the growth of the TMC. One area of potential is the use of unmanned/un-crewed aircraft systems (UAS), more commonly known as drones, in supporting critical infrastructure inspection, testing, and preventative maintenance. Further, drone use for security of facilities, people, and high-risk areas is examined. This paper focuses on expanding on these potential use cases by exploring drone use in other industries that support the TMC (i.e., energy), and how to effectively integrate drone technologies while mitigating common concerns for safety and privacy. ItemComparative Analysis of NLP Model for Detecting Depression on Twitter(Institute for Homeland Security, 2023-10-15) Gupta, Khushi; Jinad, Razaq; Liu, QingzhongDepression is a serious mental health issue affecting a significant portion of the world’s population. With the widespread use of social media platforms, researchers have explored the possibility of utilizing natural language processing (NLP) techniques to detect signs of depression in users’ posts. In this paper, we present a comparative analysis of six different NLP models, namely BERT, RoBERTa, DistilBERT, ALBERT, Electra, and XLNet, for depression detection on Twitter data. The experiments compare the performance of different models, and the results reveal that the highest-performing models include XLNet, DistilBERT, and RoBERTa with accuracies of over 99%. ItemCountering Workplace Violence in Healthcare: Voices from the Field(Institute for Homeland Security, 2023-10-15) Denham, Magdalena A; Denham, Mark VOverall, the U.S. healthcare system has the highest workplace violence (WPV) rates of any occupational setting in the United States. Specifically, among 25,000 incidents of WPV reported annually, 75% percent occur in the healthcare system. Workers in healthcare are four times more likely to be victimized than workers in other private industries. ItemEnsuring the Cybersecurity of Texas’ Critical Infrastructures(Institute for Homeland Security, 2023-10-15) Nodeland, BrookeThe daily threat of cyber-attacks on Texas’ critical infrastructure present significant challenges for public and private critical infrastructure providers. COVID-19 related supply chain issues provided insight into the catastrophic effects that could be caused by a cyber-attack on the transportation sector. These disruptions effect our ability to distribute products and medical necessities as well as essential personnel in times of crisis. Protecting the state’s transportation, energy, and chemical cyber networks is imperative in ensuring the sustainability of daily life and business continuity in the event of a cyber-attack. Of additional concern is a growing reliance on cyber-based control, navigation, tracking, positioning, and communications systems creating ample opportunities for exploitation of the transportation cyber systems on which industry have become dependent (Transportation Systems Sector-Specific Plan, 2015). The cyber security of the energy sector ensures the health and welfare of Texans by ensuring steady energy is supplied via electricity, oil and other natural gas resources. The energy infrastructure is primarily owned in the private sector, supplies fuel to the transportation industry, and electricity to businesses and households. Recent ransomware attacks aimed at Western targets, including the energy sector, continue to pose challenges in cybersecurity (Montague, 2023). The recent accidental chemical spill in Ohio also provides insight into the possible outcomes of an intentional cyber-attack against this infrastructure. The regular operations of the chemical sector are imperative to the economic and manufacturing health of state and often involves transporting dangerous chemicals on which other critical infrastructures are dependent (Introduction to the Chemical Sector Risk Management Agency, n.d.). Cyber threats are of particular concern in Texas, where large corporations continue to relocate, and the population continues to climb. It is imperative industry leaders are able to recognize and identify their cyber risks to develop prevention strategies and respond to cyberattacks more quickly and effectively. Disruptions to critical infrastructures could lead to theft of intellectual property; supply chain disruption; electricity disruption; loss of operations capacity; or chemical theft, diversion, or release (Introduction to the Chemical Sector Risk Management Agency, n.d.). Texas’ industrial vulnerability to cyber-attacks through phishing, ransomware, and malware pose significant threats to the security of critical infrastructures. Securing networks against internal and external cyber-attacks requires industry leaders to be proactive and reactive in their approach. The proposed paper seeks to present a translational synthesis of the existing literature regarding best cybersecurity practices for securing critical infrastructure in Texas. In doing so, agencies will be able to better align and prioritize cybersecurity initiatives with industry missions, risk tolerance, and resources (Cybersecurity, C.I., 2018). This review will also include recommendations for improving risk readiness for the transportation, energy, and chemical industry in the state moving forward. ItemCyber-Security Threat: Benchmarking Cybersecurity Response Procedure for Hospitals in Texas(Institute for Homeland Security, 2023-10-15) Shashidhar, Narasimha K; Varol, Cihan; Gupta, Khushi ItemDetecting Deepfakes under Anti-forensics Attacks(Institute for Homeland Security, 2023-10-15) Liu, Qingzhong; Celebi, Naciye; Zhou, BingWhile AI is vastly evolving, wherein deepfake techniques may be used to generate more realistic faces, voices, and videos, many deepfake-based fraudulent cases are increasingly occurring. To combat deepfake-based forgery, several methods have been proposed wherein the most astonishing methods are based on convolution neural network (CNN). However, most intelligent detection systems are underrepresenting in exposing the deepfake images under anti-forensics attacks, e.g., rescaling the image, inserting noises, and compressing the image again. To our knowledge, it still falls short of an intelligent detection system being able to detect deepfake and other advanced image forgery together. Additionally, it falls short of a comprehensive comparison study on the latest deep learning models for the deepfake detection. In this study, we apply the latest deep learning models for deepfake detection under pos anti-forensics processing mixed with seam-carving and copy-move forgery images in JPEG. Our study shows that different deep learning models have different distinction capability. Experimental results show that some latest deep learning models are effective in detecting deepfake images under post anti-forensics processing in JPEG images, they are also performing well in detecting seam-carving and copy-move forgery. Our study also shows that it is relatively easy to detect deepfake compared to the detection of seam carving forgery detection under antiforensics processing in JPEG images. ItemDeepGray: A Novel Approach to Malware Classification Using Grayscale Images with Deep Learning(Institute for Homeland Security, 2023-10-15) Polsani, Harshitha; Jiang, HaodiIn the ever-evolving landscape of cybersecurity, the threat posed by malware continues to loom large, necessitating innovative and robust approaches for its effective detection and classification. In this paper, we introduce a novel method, DeepGray, for multi-class malware classification utilizing grayscale images and the power of deep learning. Our dataset combines the malware sample from the BODMAS dataset and the benign sample from the DikeDataset. Our approach involves transforming executable files into a format suitable for deep learning by converting them into grayscale images while retaining the essentialdata characteristics. During the data preprocessing step, applied Principal Component Analysis (PCA) was applied to distill the most significant features. To achieve state-of-the-art results in multi-class malware classification, we harnessed the power of deep learning and transfer learning, employing well-established neural network architectures such as a customized Convolutional Neural (CNN), VGG16, EfficientNet, and Vision Transformers (ViT). The models were meticulously trained and rigorously evaluated using a 5-fold cross-validation methodology. Notably, our approach yielded remarkable results, with ViT achieved an impressive accuracy of 0.95. This research underscores the potential of grayscale image analysis and deep learning within the domain of multi-class malware classification. The insights derived from this study contribute significantly to the field of cybersecurity and pave the way for further advancements in the realm of malware detection and classification. ItemImproving Texas Homeland Security: A Practical Framework for Joint Hospital-Chemical Industry Emergency Planning(Institute for Homeland Security, 2023-10-15) Mastrangelo, MikeGiven the high concentration of petroleum and chemical industry in Texas, a new approach to joint industry/hospital planning for the healthcare response to chemical accidents is needed. The novel aspect of this framework is that it applies the concepts of a chemical risk assessment – and a risk prioritization to readiness - and adds to the risk assessment process the need and availability of medical countermeasures. In treating chemical incidents, it is imperative that the patient get to the right hospital as quickly as possible. The right hospital means that the hospital has conducted joint planning and exercises with the industry. The hospital knows what chemicals are used at the plant, they know how to treat the injuries, and they have the correct medical countermeasures for the chemicals involved. To illustrate the importance of this concept, in a 1986 incident a plant worker was exposed to hydrogen fluoride gas. He was first transported to a nearby nursing home for oxygen. When this was not effective, he was transported to a small community hospital. When they realized they could not care for him he was again transported to a regional hospital that had the ability to treat the patient, but unfortunately too much time had passed, and the patient died shortly after arrival. If taken to the right hospital first, he would have survived. The proposed framework for joint industry/hospital planning will be described and can be used in a practical way for planning, training, and exercise development at any Texas location that includes chemical industry and a nearby hospital. The basic process is: • Conduct an inventory of toxic industrial chemicals in use and do a risk prioritization of those chemicals (based on volume and toxicity) • Determine if specific medical countermeasures (MCM) are required for medical treatment for priority risk chemicals • Model release scenarios to estimate the volume of medical countermeasures that might be needed • Inventory the volume of that MCMs available in the region, if sufficient supplies are not available – work with Industry on contingencies • Conduct joint planning and exercises with industry for occupational exposures and community exposures guided by modeled scenarios The work presented is based on work done with a gasoline refinery in Texas. The plant uses large volumes of Hydrogen Fluoride in their process. Calcium Gluconate is the medical countermeasure needed for treatment, but it had been on the National Pharmaceutical Shortage list and generally is not held by hospitals in large volumes. Joint readiness would benefit workers at the plant that might suffer occupational exposure, but it would also be applicable to a larger release that could affect the fence-line community. An incentive to the Chemical Sector to collaborate with the Healthcare Public Health Sector would be the potential for better healthcare treatment for either occupational or community exposures and therefore the possible mitigation of damage from a release incident. While cross-sector planning and exercises between the 6 Chemical Sector and Healthcare Public Health Sector would make sense, a search for examples provides no specific examples. ItemMitigating Cybersecurity Threats to Hospitals and Healthcare Facilities(Institute for Homeland Security, 2023-10-15) Lehmann, Peter S; Kinney, Alexander BHealthcare facilities rely heavily on digital information systems to deliver patient care and manage confidential patient information. However, healthcare networks and medical devices are highly vulnerable to attackers, who can use the information to victimize medical facilities as well as the patients themselves. The functioning of healthcare systems can be seriously impeded by cyberattacks, restricting information sharing among hospital personnel and delaying or preventing patient care. Although federal legislation and regulatory guidelines have been put forth to improve responses to cyberattacks and enhance patient information protections, the cybersecurity measures in place in many hospitals can be easily bypassed by motivated offenders via entry points in the facilities’ cybersecurity systems. In response to these threats to critical infrastructure, experts have proposed several risk mitigation strategies that healthcare facilities can employ to improve information technology systems and mitigate vulnerabilities associated with human factors. This report provides a summary of (1) the literature on the types and characteristics of cyberattacks most often perpetrated against healthcare providers, (2) the theory and research from criminology and criminal justice on the factors associated with cybercrime victimization risk, and (3) the best practices proposed by experts to help inform policymakers and healthcare professionals in Texas and nationwide. ItemDeep Learning Approaches for Fingerprint Verification(Institute for Homeland Security, 2023-10-15) Dalvi, Nikita; Pham, Van VungFingerprint verification is vital because it provides a unique and permanent way to identify individuals. This technology is widely used in various areas like law enforcement, access control, and identity verification processes. Existing approaches for fingerprint verification tasks suffer from low accuracy due to training directly on low-quality and latent fingerprints. Therefore, this work proposes to utilize recent advancements in deep learning and computer vision to (1) enhance fingerprint image quality; (2) extract and verify that the minutiae are retained after enhancement; and (3) perform fingerprint verification tasks. Specifically, this work experiments with (1) Super-Resolution Convolutional Neural Network (SRCNN), Fast SRCNN, and Very Deep Super Resolution (VDSR) for fingerprint image enhancement; (2) Finger-Flow for minutia extraction; and (3) Siamese neural network for fingerprint verification. The experiment results indicate that among the experimented super resolution approaches, VDSR outperforms the others. Additionally, it can retain minutiae in the enhanced version and shows great potential to enhance latent fingerprints, which are less visible. Most importantly, the verification performances improve on the enhanced fingerprints versus low-resolution counterparts. ItemSupply Chain Mapping for Emergency Management Decision-Making(Institute for Homeland Security, 2023-10-15) Scott, MarkSupply chain issues are a growing concern for public sector emergency managers because communities rely on these privately-owned and operated systems to deliver goods needed for daily life and survival. Recent events have highlighted the many ways supply chains can be disrupted. Knowing how these systems are configured and how they operate is essential to making more effective operational decisions during emergencies and to support supply chain owners/operators restore flow following a disruption. Mapping the supply chain is a proven private sector practice for gaining visibility into these systems that may have application in the public sector. This paper describes why mapping helps improve emergency preparedness, how mapping has been done, and two case studies of its application for lifeline commodity supply chains in the National Capital Region. The paper concludes with a path forward for emergency managers seeking to use mapping to strengthen supply chain resilience in their communities, regardless of scale. ItemMobile Emergency Power During and After Natural Disasters and Shortages(Institute for Homeland Security, 2023-10-15) Karan, EbrahimThis study explores the potential utilization of electric school buses as an alternative emergency power source during power outages. With the increasing adoption of electric vehicles and advancements in energy storage technologies, repurposing electric school buses for emergency power generation presents a novel approach to addressing critical energy needs in times of crisis. This research investigates the technical feasibility, economic viability, and operational effectiveness of integrating electric school buses into emergency power systems. Through simulations and scenario analyses, the study examines the capacity of electric school buses to provide backup power over various durations, considering factors such as battery degradation, energy demand, and vehicle availability. Furthermore, the research evaluates the economic implications, including the cost-effectiveness of retrofitting and upgrading existing school bus fleets, and the potential revenue streams from participating in demand response programs and grid services. The findings of this study reveal that electric school buses have the potential to significantly enhance emergency preparedness and response capabilities. Although this alternative is technically feasible, it may not be financially justifiable for several reasons such as higher upfront costs, charging infrastructures, operational complexity, and the complexity of the policies and regulations involved in running the grid. ItemSafe and Secure Addressing Workplace Violence(Institute for Homeland Security, 2023-10-15) Muñoz, GriseldaWorkplace violence entails any act or threat of violence, verbal abuse, or physical assaults towards individuals at work. This could arise from criminal intent, customer/client interactions, worker-on-worker disputes, or personal relationships. Industries dealing with the public, money handling, lone work, or operating in high-crime areas face elevated risk. It is critical for organizations to have preventive policies for workplace violence that include risk assessments, enhanced security measures, and employee training for recognizing and addressing potential violence. A culture of open communication, respect, and confidential incident reporting should be promoted. Workplace violence response plans must be comprehensive, encompassing support for affected employees, incident investigations, law enforcement engagement, and suitable disciplinary actions. Regular training should focus on prevention, recognition of warning signs, situation deescalation, and incident reporting. Special training should be provided for management and HR to handle sensitive situations and support affected staff. Post-incident support, including counseling, flexible work arrangements, and trauma coping resources, is crucial. Regular policy review and update are necessary for legal compliance and interdepartmental collaboration. Thorough background checks for potential hires are recommended. Early detection of warning signs, such as aggressive behavior, verbal threats, weapon possession, substance abuse, or sudden behavioral changes, can prevent violence and promote a safer workplace. Prevention and response strategies involve fostering a safe environment through conflict resolution, employee assistance programs, and active employee participation. Emphasis should be on zero-tolerance for violence, regular training, and policy communication to all staff. Emergency preparedness requires response plans for violent incidents, regular drills, physical security assessments, and updates. Constant evaluation of implemented strategies, promotion of diversity and inclusivity, collaboration with external agencies, and ongoing communication with employees are key. It's beneficial to recognize and reward employees for maintaining safety, promoting overall wellbeing, adapting measures for remote employees, monitoring social media, and conducting post incident analysis. Benchmarking, implementing visible security measures, promoting open communication, involving employees in strategy development, providing whistleblower protection, and offering customized training are also necessary. 5 The strategy should encompass mental health support, clear behavior expectations, policy reviews, awareness campaigns, and exit interviews. Cross-functional teams should be established, external consultants engaged, incidents tracked, a crisis management plan developed, communication channels established, educational materials provided, safety drills conducted, and partnerships with community organizations formed. Organizational leadership must promote a safety culture and be accountable for implementing initiatives. A proactive approach to workplace violence prevention can enhance organizational performance, reputation, employee satisfaction, and retention rates, while building trust and credibility, reducing legal risks, fostering engagement, and boosting overall resilience. ItemEnhanced Decision-Making Framework for the Southern States to Comply with the New Federal Retroreflectivity Pavement Rule(Institute for Homeland Security, 2023-10-15) Mousa, MomenRetroreflectivity plays a crucial role in pavement markings as it enhances nighttime visibility for drivers. Yet, due to budget constraints, many state U.S agencies including the Texas Department of Transportation (TxDOT) rarely monitor the retroreflectivity of their markings, and instead, restripe their markings based on visual inspection or fixed schedule (every two years). Such a strategy is questionable in terms of safety as markings are usually restriped after the end of their service life. To address this issue, in August 2022, the Federal Highway Administration (FHWA) announced a new final rule that requires state agencies to implement a method within four years for maintaining pavement marking retroreflectivity at or above minimum levels. Hence, the key objective of this study was to develop a simple tool for TxDOT and other Southern state and local agencies to help them comply with the new federal rule. To do so, pavement marking data from the National Transportation Product Evaluation Program (NTPEP) were retrieved and analyzed. Results indicated that the service life of standard water-borne paints varies significantly from 0 to 3.9 years according to the project conditions. Hence, a performance prediction model was developed with superior accuracy to predict the expected service life of standard waterborne paints based on the initial retroreflectivity value, traffic level, and marking color. This model can be used by TxDOT and other southern state agencies to determine the expected restriping time before the retroreflectivity drop below the minimum threshold, and hence, comply with the new federal rule. ItemSocial Network Analysis Using Machine Learning(Institute for Homeland Security, 2023-10-15) ABM Rezbaul Islam, PhD; Islam, Ahsan UlElectronic Mail (Email) has emerged as a widespread technique for exchanging messages through electronic devices, becoming an indispensable and universal communication medium. Its significance cannot be overstated, as an email address is vital for swift interactions in business, government, trade, entertainment, and various other aspacts of daily life. This mode of communication has progressively replaced traditional written methods for important correspondences, including personal and business trans- actions, where an email is given the same weight as a signed document. In social net- work analysis, a significant challenge lies in identifying essential and influential nodes within a network based on its structure. These nodes can be critical in information dissemination, decision-making processes, and network dynamics. Sentiment Analysis (SA) in text mining has emerged as an automated process to discern subjective information from textual data, such as opinions, attitudes, emotions, and feelings. While many existing approaches treat SA as a text classification problem, requiring labeled data for training machine learning models, obtaining such labeled data can be laborious and time-consuming, often requiring manual annotation efforts. Additionally, the need for transferability across different domains hinders using the same labeled data in diverse applications, necessitating the creation of unique labeled datasets for each part. Overcoming these challenges is crucial for sentiment analysis’s wider adoption and effectiveness in various realworld applications. The objective of the research is to analyze the Enron email dataset by creating a directed graph that represents the email communication network. Two important graph theory metrics are used to find out the number of direct connections (emails sent) for each sender and the influence of each sender as a bridge or critical point of communication in the network. On the other hand, we will use sentiment analysis to analyze the Enron email dataset using different type of pre-trained deep learning models to find the communication type for top ten email sender which we will find using graph theory. ItemSupply Chain Risks of Illicit Trade in Counterfeit Pharmaceuticals(Institute for Homeland Security, 2023-10-15) Kennedy, Jay PNearly every type of product that has ever been produced has been counterfeited. While the most counterfeited goods tend to be footwear, luxury items, watches, and jewelry, in recent years there has been a dramatic increase in the prevalence of pharmaceutical counterfeits. The World Health Organization (WHO) defines counterfeit medicines as “medicines that are mislabeled deliberately and fraudulently”, yet counterfeit medicines are generally discussed alongside other forms of harmful medical products such as adulterated, expired, substandard, stolen, and falsified medicines. Each of these products moves through a mix of illegitimate and legitimate intermediaries and distribution channels before making their way into healthcare systems and ultimately to patients. Counterfeit pharmaceuticals harm patients, the healthcare system, legitimate companies, and society. While their presence within the legitimate supply chain is increasing, the threats posed by these illicit goods can be countered through focused action and collaboration amongst industry, healthcare, and law enforcement. This paper discusses three primary risks to consumers and the healthcare infrastructure of Texas: (1) the infiltration of counterfeit drugs into the legitimate supply chain; (2) the direct threat posed by counterfeit pharmaceuticals; and (3) the risks posed by counterfeit drugs to national security and the legitimate supply chain. The paper concludes with a discussion of policy and anti-counterfeiting strategy recommendations aimed at addressing each of the identified risks and protecting Texans, Americans, and the healthcare supply chain. ItemToward a More Effective Policy Model for Responding to Workplace Violence in the Texas Healthcare System(Institute for Homeland Security, 2023-10-15) Kinney, Alexander B.; Lehmann, Peter S.Workplace violence is a growing social problem that that has caught the attention of public stakeholders and policymakers. Likewise, industry observers have pushed for more attention to be paid to how violence in the workplace uniquely impacts healthcare professionals. Recently, Texas legislators responded to these calls by passing the Workplace Violence Prevention Act. This new law represents a significant milestone in the effort to develop durable protections for employees in the healthcare Texas system and prevent future incidents of workplace violence. The aim of this technical paper is to provide policymakers and corporate stakeholders with an introduction to this issue and to suggest future improvements to this landmark piece of legislation. In what follows, we will provide a brief overview of the background and significance of workplace violence as a challenging issue that uniquely impacts the healthcare system, outline a working definition of workplace violence that respects the healthcare context, and review existing regulatory and corporate policies that have emerged to combat workplace violence in practice. We will then provide an overview of this new legislation and suggest several ways that this law can be strengthened in light of existing research. ItemDrones and Port Security at the Port of Brownsville(Institute for Homeland Security, 2023-10-15) Sullivan, John PThis technical paper recounts a geospatial drone security assessment for the Port of Brownsville, Texas (Brownsville Navigation District). The Port of Brownsville is a major intermodal transportation center and is expanding into a major venue for industrial development. The Port of Brownsville is the only deep-water port directly on the US-Mexico Border. The drone assessment will evaluate the threats posed by aerial drones/unmanned or uncrewed aerial systems (UAS) to the port; assess the potential effects of drones on port operations and port security; suggest potential counter measures (counter-UAS); provide an introduction to emerging drone threats, including unmanned/uncrewed vessels and ground vehicles; and drone swarms (or swarming attacks). The impact of various drone threats with port operations is discussed. Mechanisms for enhancing indications and warning, detection, and response to drone threats on the Port of Brownsville, and potential vehicles for sharing these threat data with other ports, port security personnel, law enforcement, and emergency responders will be discussed.