assignment

cyber security research paper docx

Cyber risk and cybersecurity: a systematic review of data availability

  • Open access
  • Published: 17 February 2022
  • Volume 47 , pages 698–736, ( 2022 )

Cite this article

You have full access to this open access article

cyber security research paper docx

  • Frank Cremer 1 ,
  • Barry Sheehan   ORCID: orcid.org/0000-0003-4592-7558 1 ,
  • Michael Fortmann 2 ,
  • Arash N. Kia 1 ,
  • Martin Mullins 1 ,
  • Finbarr Murphy 1 &
  • Stefan Materne 2  

72k Accesses

43 Altmetric

Explore all metrics

Cybercrime is estimated to have cost the global economy just under USD 1 trillion in 2020, indicating an increase of more than 50% since 2018. With the average cyber insurance claim rising from USD 145,000 in 2019 to USD 359,000 in 2020, there is a growing necessity for better cyber information sources, standardised databases, mandatory reporting and public awareness. This research analyses the extant academic and industry literature on cybersecurity and cyber risk management with a particular focus on data availability. From a preliminary search resulting in 5219 cyber peer-reviewed studies, the application of the systematic methodology resulted in 79 unique datasets. We posit that the lack of available data on cyber risk poses a serious problem for stakeholders seeking to tackle this issue. In particular, we identify a lacuna in open databases that undermine collective endeavours to better manage this set of risks. The resulting data evaluation and categorisation will support cybersecurity researchers and the insurance industry in their efforts to comprehend, metricise and manage cyber risks.

Similar content being viewed by others

cyber security research paper docx

Data breaches in healthcare: security mechanisms for attack mitigation

cyber security research paper docx

Applications of Explainable Artificial Intelligence in Finance—a systematic review of Finance, Information Systems, and Computer Science literature

cyber security research paper docx

Cyber Security Threats and Vulnerabilities: A Systematic Mapping Study

Avoid common mistakes on your manuscript.

Introduction

Globalisation, digitalisation and smart technologies have escalated the propensity and severity of cybercrime. Whilst it is an emerging field of research and industry, the importance of robust cybersecurity defence systems has been highlighted at the corporate, national and supranational levels. The impacts of inadequate cybersecurity are estimated to have cost the global economy USD 945 billion in 2020 (Maleks Smith et al. 2020 ). Cyber vulnerabilities pose significant corporate risks, including business interruption, breach of privacy and financial losses (Sheehan et al. 2019 ). Despite the increasing relevance for the international economy, the availability of data on cyber risks remains limited. The reasons for this are many. Firstly, it is an emerging and evolving risk; therefore, historical data sources are limited (Biener et al. 2015 ). It could also be due to the fact that, in general, institutions that have been hacked do not publish the incidents (Eling and Schnell 2016 ). The lack of data poses challenges for many areas, such as research, risk management and cybersecurity (Falco et al. 2019 ). The importance of this topic is demonstrated by the announcement of the European Council in April 2021 that a centre of excellence for cybersecurity will be established to pool investments in research, technology and industrial development. The goal of this centre is to increase the security of the internet and other critical network and information systems (European Council 2021 ).

This research takes a risk management perspective, focusing on cyber risk and considering the role of cybersecurity and cyber insurance in risk mitigation and risk transfer. The study reviews the existing literature and open data sources related to cybersecurity and cyber risk. This is the first systematic review of data availability in the general context of cyber risk and cybersecurity. By identifying and critically analysing the available datasets, this paper supports the research community by aggregating, summarising and categorising all available open datasets. In addition, further information on datasets is attached to provide deeper insights and support stakeholders engaged in cyber risk control and cybersecurity. Finally, this research paper highlights the need for open access to cyber-specific data, without price or permission barriers.

The identified open data can support cyber insurers in their efforts on sustainable product development. To date, traditional risk assessment methods have been untenable for insurance companies due to the absence of historical claims data (Sheehan et al. 2021 ). These high levels of uncertainty mean that cyber insurers are more inclined to overprice cyber risk cover (Kshetri 2018 ). Combining external data with insurance portfolio data therefore seems to be essential to improve the evaluation of the risk and thus lead to risk-adjusted pricing (Bessy-Roland et al. 2021 ). This argument is also supported by the fact that some re/insurers reported that they are working to improve their cyber pricing models (e.g. by creating or purchasing databases from external providers) (EIOPA 2018 ). Figure  1 provides an overview of pricing tools and factors considered in the estimation of cyber insurance based on the findings of EIOPA ( 2018 ) and the research of Romanosky et al. ( 2019 ). The term cyber risk refers to all cyber risks and their potential impact.

figure 1

An overview of the current cyber insurance informational and methodological landscape, adapted from EIOPA ( 2018 ) and Romanosky et al. ( 2019 )

Besides the advantage of risk-adjusted pricing, the availability of open datasets helps companies benchmark their internal cyber posture and cybersecurity measures. The research can also help to improve risk awareness and corporate behaviour. Many companies still underestimate their cyber risk (Leong and Chen 2020 ). For policymakers, this research offers starting points for a comprehensive recording of cyber risks. Although in many countries, companies are obliged to report data breaches to the respective supervisory authority, this information is usually not accessible to the research community. Furthermore, the economic impact of these breaches is usually unclear.

As well as the cyber risk management community, this research also supports cybersecurity stakeholders. Researchers are provided with an up-to-date, peer-reviewed literature of available datasets showing where these datasets have been used. For example, this includes datasets that have been used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems. This reduces a time-consuming search for suitable datasets and ensures a comprehensive review of those available. Through the dataset descriptions, researchers and industry stakeholders can compare and select the most suitable datasets for their purposes. In addition, it is possible to combine the datasets from one source in the context of cybersecurity or cyber risk. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks.

Cyber risks are defined as “operational risks to information and technology assets that have consequences affecting the confidentiality, availability, and/or integrity of information or information systems” (Cebula et al. 2014 ). Prominent cyber risk events include data breaches and cyberattacks (Agrafiotis et al. 2018 ). The increasing exposure and potential impact of cyber risk have been highlighted in recent industry reports (e.g. Allianz 2021 ; World Economic Forum 2020 ). Cyberattacks on critical infrastructures are ranked 5th in the World Economic Forum's Global Risk Report. Ransomware, malware and distributed denial-of-service (DDoS) are examples of the evolving modes of a cyberattack. One example is the ransomware attack on the Colonial Pipeline, which shut down the 5500 mile pipeline system that delivers 2.5 million barrels of fuel per day and critical liquid fuel infrastructure from oil refineries to states along the U.S. East Coast (Brower and McCormick 2021 ). These and other cyber incidents have led the U.S. to strengthen its cybersecurity and introduce, among other things, a public body to analyse major cyber incidents and make recommendations to prevent a recurrence (Murphey 2021a ). Another example of the scope of cyberattacks is the ransomware NotPetya in 2017. The damage amounted to USD 10 billion, as the ransomware exploited a vulnerability in the windows system, allowing it to spread independently worldwide in the network (GAO 2021 ). In the same year, the ransomware WannaCry was launched by cybercriminals. The cyberattack on Windows software took user data hostage in exchange for Bitcoin cryptocurrency (Smart 2018 ). The victims included the National Health Service in Great Britain. As a result, ambulances were redirected to other hospitals because of information technology (IT) systems failing, leaving people in need of urgent assistance waiting. It has been estimated that 19,000 cancelled treatment appointments resulted from losses of GBP 92 million (Field 2018 ). Throughout the COVID-19 pandemic, ransomware attacks increased significantly, as working from home arrangements increased vulnerability (Murphey 2021b ).

Besides cyberattacks, data breaches can also cause high costs. Under the General Data Protection Regulation (GDPR), companies are obliged to protect personal data and safeguard the data protection rights of all individuals in the EU area. The GDPR allows data protection authorities in each country to impose sanctions and fines on organisations they find in breach. “For data breaches, the maximum fine can be €20 million or 4% of global turnover, whichever is higher” (GDPR.EU 2021 ). Data breaches often involve a large amount of sensitive data that has been accessed, unauthorised, by external parties, and are therefore considered important for information security due to their far-reaching impact (Goode et al. 2017 ). A data breach is defined as a “security incident in which sensitive, protected, or confidential data are copied, transmitted, viewed, stolen, or used by an unauthorized individual” (Freeha et al. 2021 ). Depending on the amount of data, the extent of the damage caused by a data breach can be significant, with the average cost being USD 392 million Footnote 1 (IBM Security 2020 ).

This research paper reviews the existing literature and open data sources related to cybersecurity and cyber risk, focusing on the datasets used to improve academic understanding and advance the current state-of-the-art in cybersecurity. Furthermore, important information about the available datasets is presented (e.g. use cases), and a plea is made for open data and the standardisation of cyber risk data for academic comparability and replication. The remainder of the paper is structured as follows. The next section describes the related work regarding cybersecurity and cyber risks. The third section outlines the review method used in this work and the process. The fourth section details the results of the identified literature. Further discussion is presented in the penultimate section and the final section concludes.

Related work

Due to the significance of cyber risks, several literature reviews have been conducted in this field. Eling ( 2020 ) reviewed the existing academic literature on the topic of cyber risk and cyber insurance from an economic perspective. A total of 217 papers with the term ‘cyber risk’ were identified and classified in different categories. As a result, open research questions are identified, showing that research on cyber risks is still in its infancy because of their dynamic and emerging nature. Furthermore, the author highlights that particular focus should be placed on the exchange of information between public and private actors. An improved information flow could help to measure the risk more accurately and thus make cyber risks more insurable and help risk managers to determine the right level of cyber risk for their company. In the context of cyber insurance data, Romanosky et al. ( 2019 ) analysed the underwriting process for cyber insurance and revealed how cyber insurers understand and assess cyber risks. For this research, they examined 235 American cyber insurance policies that were publicly available and looked at three components (coverage, application questionnaires and pricing). The authors state in their findings that many of the insurers used very simple, flat-rate pricing (based on a single calculation of expected loss), while others used more parameters such as the asset value of the company (or company revenue) or standard insurance metrics (e.g. deductible, limits), and the industry in the calculation. This is in keeping with Eling ( 2020 ), who states that an increased amount of data could help to make cyber risk more accurately measured and thus more insurable. Similar research on cyber insurance and data was conducted by Nurse et al. ( 2020 ). The authors examined cyber insurance practitioners' perceptions and the challenges they face in collecting and using data. In addition, gaps were identified during the research where further data is needed. The authors concluded that cyber insurance is still in its infancy, and there are still several unanswered questions (for example, cyber valuation, risk calculation and recovery). They also pointed out that a better understanding of data collection and use in cyber insurance would be invaluable for future research and practice. Bessy-Roland et al. ( 2021 ) come to a similar conclusion. They proposed a multivariate Hawkes framework to model and predict the frequency of cyberattacks. They used a public dataset with characteristics of data breaches affecting the U.S. industry. In the conclusion, the authors make the argument that an insurer has a better knowledge of cyber losses, but that it is based on a small dataset and therefore combination with external data sources seems essential to improve the assessment of cyber risks.

Several systematic reviews have been published in the area of cybersecurity (Kruse et al. 2017 ; Lee et al. 2020 ; Loukas et al. 2013 ; Ulven and Wangen 2021 ). In these papers, the authors concentrated on a specific area or sector in the context of cybersecurity. This paper adds to this extant literature by focusing on data availability and its importance to risk management and insurance stakeholders. With a priority on healthcare and cybersecurity, Kruse et al. ( 2017 ) conducted a systematic literature review. The authors identified 472 articles with the keywords ‘cybersecurity and healthcare’ or ‘ransomware’ in the databases Cumulative Index of Nursing and Allied Health Literature, PubMed and Proquest. Articles were eligible for this review if they satisfied three criteria: (1) they were published between 2006 and 2016, (2) the full-text version of the article was available, and (3) the publication is a peer-reviewed or scholarly journal. The authors found that technological development and federal policies (in the U.S.) are the main factors exposing the health sector to cyber risks. Loukas et al. ( 2013 ) conducted a review with a focus on cyber risks and cybersecurity in emergency management. The authors provided an overview of cyber risks in communication, sensor, information management and vehicle technologies used in emergency management and showed areas for which there is still no solution in the literature. Similarly, Ulven and Wangen ( 2021 ) reviewed the literature on cybersecurity risks in higher education institutions. For the literature review, the authors used the keywords ‘cyber’, ‘information threats’ or ‘vulnerability’ in connection with the terms ‘higher education, ‘university’ or ‘academia’. A similar literature review with a focus on Internet of Things (IoT) cybersecurity was conducted by Lee et al. ( 2020 ). The review revealed that qualitative approaches focus on high-level frameworks, and quantitative approaches to cybersecurity risk management focus on risk assessment and quantification of cyberattacks and impacts. In addition, the findings presented a four-step IoT cyber risk management framework that identifies, quantifies and prioritises cyber risks.

Datasets are an essential part of cybersecurity research, underlined by the following works. Ilhan Firat et al. ( 2021 ) examined various cybersecurity datasets in detail. The study was motivated by the fact that with the proliferation of the internet and smart technologies, the mode of cyberattacks is also evolving. However, in order to prevent such attacks, they must first be detected; the dissemination and further development of cybersecurity datasets is therefore critical. In their work, the authors observed studies of datasets used in intrusion detection systems. Khraisat et al. ( 2019 ) also identified a need for new datasets in the context of cybersecurity. The researchers presented a taxonomy of current intrusion detection systems, a comprehensive review of notable recent work, and an overview of the datasets commonly used for assessment purposes. In their conclusion, the authors noted that new datasets are needed because most machine-learning techniques are trained and evaluated on the knowledge of old datasets. These datasets do not contain new and comprehensive information and are partly derived from datasets from 1999. The authors noted that the core of this issue is the availability of new public datasets as well as their quality. The availability of data, how it is used, created and shared was also investigated by Zheng et al. ( 2018 ). The researchers analysed 965 cybersecurity research papers published between 2012 and 2016. They created a taxonomy of the types of data that are created and shared and then analysed the data collected via datasets. The researchers concluded that while datasets are recognised as valuable for cybersecurity research, the proportion of publicly available datasets is limited.

The main contributions of this review and what differentiates it from previous studies can be summarised as follows. First, as far as we can tell, it is the first work to summarise all available datasets on cyber risk and cybersecurity in the context of a systematic review and present them to the scientific community and cyber insurance and cybersecurity stakeholders. Second, we investigated, analysed, and made available the datasets to support efficient and timely progress in cyber risk research. And third, we enable comparability of datasets so that the appropriate dataset can be selected depending on the research area.

Methodology

Process and eligibility criteria.

The structure of this systematic review is inspired by the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) framework (Page et al. 2021 ), and the search was conducted from 3 to 10 May 2021. Due to the continuous development of cyber risks and their countermeasures, only articles published in the last 10 years were considered. In addition, only articles published in peer-reviewed journals written in English were included. As a final criterion, only articles that make use of one or more cybersecurity or cyber risk datasets met the inclusion criteria. Specifically, these studies presented new or existing datasets, used them for methods, or used them to verify new results, as well as analysed them in an economic context and pointed out their effects. The criterion was fulfilled if it was clearly stated in the abstract that one or more datasets were used. A detailed explanation of this selection criterion can be found in the ‘Study selection’ section.

Information sources

In order to cover a complete spectrum of literature, various databases were queried to collect relevant literature on the topic of cybersecurity and cyber risks. Due to the spread of related articles across multiple databases, the literature search was limited to the following four databases for simplicity: IEEE Xplore, Scopus, SpringerLink and Web of Science. This is similar to other literature reviews addressing cyber risks or cybersecurity, including Sardi et al. ( 2021 ), Franke and Brynielsson ( 2014 ), Lagerström (2019), Eling and Schnell ( 2016 ) and Eling ( 2020 ). In this paper, all databases used in the aforementioned works were considered. However, only two studies also used all the databases listed. The IEEE Xplore database contains electrical engineering, computer science, and electronics work from over 200 journals and three million conference papers (IEEE 2021 ). Scopus includes 23,400 peer-reviewed journals from more than 5000 international publishers in the areas of science, engineering, medicine, social sciences and humanities (Scopus 2021 ). SpringerLink contains 3742 journals and indexes over 10 million scientific documents (SpringerLink 2021 ). Finally, Web of Science indexes over 9200 journals in different scientific disciplines (Science 2021 ).

A search string was created and applied to all databases. To make the search efficient and reproducible, the following search string with Boolean operator was used in all databases: cybersecurity OR cyber risk AND dataset OR database. To ensure uniformity of the search across all databases, some adjustments had to be made for the respective search engines. In Scopus, for example, the Advanced Search was used, and the field code ‘Title-ABS-KEY’ was integrated into the search string. For IEEE Xplore, the search was carried out with the Search String in the Command Search and ‘All Metadata’. In the Web of Science database, the Advanced Search was used. The special feature of this search was that it had to be carried out in individual steps. The first search was carried out with the terms cybersecurity OR cyber risk with the field tag Topic (T.S. =) and the second search with dataset OR database. Subsequently, these searches were combined, which then delivered the searched articles for review. For SpringerLink, the search string was used in the Advanced Search under the category ‘Find the resources with all of the words’. After conducting this search string, 5219 studies could be found. According to the eligibility criteria (period, language and only scientific journals), 1581 studies were identified in the databases:

Scopus: 135

Springer Link: 548

Web of Science: 534

An overview of the process is given in Fig.  2 . Combined with the results from the four databases, 854 articles without duplicates were identified.

figure 2

Literature search process and categorisation of the studies

Study selection

In the final step of the selection process, the articles were screened for relevance. Due to a large number of results, the abstracts were analysed in the first step of the process. The aim was to determine whether the article was relevant for the systematic review. An article fulfilled the criterion if it was recognisable in the abstract that it had made a contribution to datasets or databases with regard to cyber risks or cybersecurity. Specifically, the criterion was considered to be met if the abstract used datasets that address the causes or impacts of cyber risks, and measures in the area of cybersecurity. In this process, the number of articles was reduced to 288. The articles were then read in their entirety, and an expert panel of six people decided whether they should be used. This led to a final number of 255 articles. The years in which the articles were published and the exact number can be seen in Fig.  3 .

figure 3

Distribution of studies

Data collection process and synthesis of the results

For the data collection process, various data were extracted from the studies, including the names of the respective creators, the name of the dataset or database and the corresponding reference. It was also determined where the data came from. In the context of accessibility, it was determined whether access is free, controlled, available for purchase or not available. It was also determined when the datasets were created and the time period referenced. The application type and domain characteristics of the datasets were identified.

This section analyses the results of the systematic literature review. The previously identified studies are divided into three categories: datasets on the causes of cyber risks, datasets on the effects of cyber risks and datasets on cybersecurity. The classification is based on the intended use of the studies. This system of classification makes it easier for stakeholders to find the appropriate datasets. The categories are evaluated individually. Although complete information is available for a large proportion of datasets, this is not true for all of them. Accordingly, the abbreviation N/A has been inserted in the respective characters to indicate that this information could not be determined by the time of submission. The term ‘use cases in the literature’ in the following and supplementary tables refers to the application areas in which the corresponding datasets were used in the literature. The areas listed there refer to the topic area on which the researchers conducted their research. Since some datasets were used interdisciplinarily, the listed use cases in the literature are correspondingly longer. Before discussing each category in the next sections, Fig.  4 provides an overview of the number of datasets found and their year of creation. Figure  5 then shows the relationship between studies and datasets in the period under consideration. Figure  6 shows the distribution of studies, their use of datasets and their creation date. The number of datasets used is higher than the number of studies because the studies often used several datasets (Table 1 ).

figure 4

Distribution of dataset results

figure 5

Correlation between the studies and the datasets

figure 6

Distribution of studies and their use of datasets

Most of the datasets are generated in the U.S. (up to 58.2%). Canada and Australia rank next, with 11.3% and 5% of all the reviewed datasets, respectively.

Additionally, to create value for the datasets for the cyber insurance industry, an assessment of the applicability of each dataset has been provided for cyber insurers. This ‘Use Case Assessment’ includes the use of the data in the context of different analyses, calculation of cyber insurance premiums, and use of the information for the design of cyber insurance contracts or for additional customer services. To reasonably account for the transition of direct hyperlinks in the future, references were directed to the main websites for longevity (nearest resource point). In addition, the links to the main pages contain further information on the datasets and different versions related to the operating systems. The references were chosen in such a way that practitioners get the best overview of the respective datasets.

Case datasets

This section presents selected articles that use the datasets to analyse the causes of cyber risks. The datasets help identify emerging trends and allow pattern discovery in cyber risks. This information gives cybersecurity experts and cyber insurers the data to make better predictions and take appropriate action. For example, if certain vulnerabilities are not adequately protected, cyber insurers will demand a risk surcharge leading to an improvement in the risk-adjusted premium. Due to the capricious nature of cyber risks, existing data must be supplemented with new data sources (for example, new events, new methods or security vulnerabilities) to determine prevailing cyber exposure. The datasets of cyber risk causes could be combined with existing portfolio data from cyber insurers and integrated into existing pricing tools and factors to improve the valuation of cyber risks.

A portion of these datasets consists of several taxonomies and classifications of cyber risks. Aassal et al. ( 2020 ) propose a new taxonomy of phishing characteristics based on the interpretation and purpose of each characteristic. In comparison, Hindy et al. ( 2020 ) presented a taxonomy of network threats and the impact of current datasets on intrusion detection systems. A similar taxonomy was suggested by Kiwia et al. ( 2018 ). The authors presented a cyber kill chain-based taxonomy of banking Trojans features. The taxonomy built on a real-world dataset of 127 banking Trojans collected from December 2014 to January 2016 by a major U.K.-based financial organisation.

In the context of classification, Aamir et al. ( 2021 ) showed the benefits of machine learning for classifying port scans and DDoS attacks in a mixture of normal and attack traffic. Guo et al. ( 2020 ) presented a new method to improve malware classification based on entropy sequence features. The evaluation of this new method was conducted on different malware datasets.

To reconstruct attack scenarios and draw conclusions based on the evidence in the alert stream, Barzegar and Shajari ( 2018 ) use the DARPA2000 and MACCDC 2012 dataset for their research. Giudici and Raffinetti ( 2020 ) proposed a rank-based statistical model aimed at predicting the severity levels of cyber risk. The model used cyber risk data from the University of Milan. In contrast to the previous datasets, Skrjanc et al. ( 2018 ) used the older dataset KDD99 to monitor large-scale cyberattacks using a cauchy clustering method.

Amin et al. ( 2021 ) used a cyberattack dataset from the Canadian Institute for Cybersecurity to identify spatial clusters of countries with high rates of cyberattacks. In the context of cybercrime, Junger et al. ( 2020 ) examined crime scripts, key characteristics of the target company and the relationship between criminal effort and financial benefit. For their study, the authors analysed 300 cases of fraudulent activities against Dutch companies. With a similar focus on cybercrime, Mireles et al. ( 2019 ) proposed a metric framework to measure the effectiveness of the dynamic evolution of cyberattacks and defensive measures. To validate its usefulness, they used the DEFCON dataset.

Due to the rapidly changing nature of cyber risks, it is often impossible to obtain all information on them. Kim and Kim ( 2019 ) proposed an automated dataset generation system called CTIMiner that collects threat data from publicly available security reports and malware repositories. They released a dataset to the public containing about 640,000 records from 612 security reports published between January 2008 and 2019. A similar approach is proposed by Kim et al. ( 2020 ), using a named entity recognition system to extract core information from cyber threat reports automatically. They created a 498,000-tag dataset during their research (Ulven and Wangen 2021 ).

Within the framework of vulnerabilities and cybersecurity issues, Ulven and Wangen ( 2021 ) proposed an overview of mission-critical assets and everyday threat events, suggested a generic threat model, and summarised common cybersecurity vulnerabilities. With a focus on hospitality, Chen and Fiscus ( 2018 ) proposed several issues related to cybersecurity in this sector. They analysed 76 security incidents from the Privacy Rights Clearinghouse database. Supplementary Table 1 lists all findings that belong to the cyber causes dataset.

Impact datasets

This section outlines selected findings of the cyber impact dataset. For cyber insurers, these datasets can form an important basis for information, as they can be used to calculate cyber insurance premiums, evaluate specific cyber risks, formulate inclusions and exclusions in cyber wordings, and re-evaluate as well as supplement the data collected so far on cyber risks. For example, information on financial losses can help to better assess the loss potential of cyber risks. Furthermore, the datasets can provide insight into the frequency of occurrence of these cyber risks. The new datasets can be used to close any data gaps that were previously based on very approximate estimates or to find new results.

Eight studies addressed the costs of data breaches. For instance, Eling and Jung ( 2018 ) reviewed 3327 data breach events from 2005 to 2016 and identified an asymmetric dependence of monthly losses by breach type and industry. The authors used datasets from the Privacy Rights Clearinghouse for analysis. The Privacy Rights Clearinghouse datasets and the Breach level index database were also used by De Giovanni et al. ( 2020 ) to describe relationships between data breaches and bitcoin-related variables using the cointegration methodology. The data were obtained from the Department of Health and Human Services of healthcare facilities reporting data breaches and a national database of technical and organisational infrastructure information. Also in the context of data breaches, Algarni et al. ( 2021 ) developed a comprehensive, formal model that estimates the two components of security risks: breach cost and the likelihood of a data breach within 12 months. For their survey, the authors used two industrial reports from the Ponemon institute and VERIZON. To illustrate the scope of data breaches, Neto et al. ( 2021 ) identified 430 major data breach incidents among more than 10,000 incidents. The database created is available and covers the period 2018 to 2019.

With a direct focus on insurance, Biener et al. ( 2015 ) analysed 994 cyber loss cases from an operational risk database and investigated the insurability of cyber risks based on predefined criteria. For their study, they used data from the company SAS OpRisk Global Data. Similarly, Eling and Wirfs ( 2019 ) looked at a wide range of cyber risk events and actual cost data using the same database. They identified cyber losses and analysed them using methods from statistics and actuarial science. Using a similar reference, Farkas et al. ( 2021 ) proposed a method for analysing cyber claims based on regression trees to identify criteria for classifying and evaluating claims. Similar to Chen and Fiscus ( 2018 ), the dataset used was the Privacy Rights Clearinghouse database. Within the framework of reinsurance, Moro ( 2020 ) analysed cyber index-based information technology activity to see if index-parametric reinsurance coverage could suggest its cedant using data from a Symantec dataset.

Paté-Cornell et al. ( 2018 ) presented a general probabilistic risk analysis framework for cybersecurity in an organisation to be specified. The results are distributions of losses to cyberattacks, with and without considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. The data used were from The Common Vulnerability and Exposures database and via confidential access to a database of cyberattacks on a large, U.S.-based organisation. A different conceptual framework for cyber risk classification and assessment was proposed by Sheehan et al. ( 2021 ). This framework showed the importance of proactive and reactive barriers in reducing companies’ exposure to cyber risk and quantifying the risk. Another approach to cyber risk assessment and mitigation was proposed by Mukhopadhyay et al. ( 2019 ). They estimated the probability of an attack using generalised linear models, predicted the security technology required to reduce the probability of cyberattacks, and used gamma and exponential distributions to best approximate the average loss data for each malicious attack. They also calculated the expected loss due to cyberattacks, calculated the net premium that would need to be charged by a cyber insurer, and suggested cyber insurance as a strategy to minimise losses. They used the CSI-FBI survey (1997–2010) to conduct their research.

In order to highlight the lack of data on cyber risks, Eling ( 2020 ) conducted a literature review in the areas of cyber risk and cyber insurance. Available information on the frequency, severity, and dependency structure of cyber risks was filtered out. In addition, open questions for future cyber risk research were set up. Another example of data collection on the impact of cyberattacks is provided by Sornette et al. ( 2013 ), who use a database of newspaper articles, press reports and other media to provide a predictive method to identify triggering events and potential accident scenarios and estimate their severity and frequency. A similar approach to data collection was used by Arcuri et al. ( 2020 ) to gather an original sample of global cyberattacks from newspaper reports sourced from the LexisNexis database. This collection is also used and applied to the fields of dynamic communication and cyber risk perception by Fang et al. ( 2021 ). To create a dataset of cyber incidents and disputes, Valeriano and Maness ( 2014 ) collected information on cyber interactions between rival states.

To assess trends and the scale of economic cybercrime, Levi ( 2017 ) examined datasets from different countries and their impact on crime policy. Pooser et al. ( 2018 ) investigated the trend in cyber risk identification from 2006 to 2015 and company characteristics related to cyber risk perception. The authors used a dataset of various reports from cyber insurers for their study. Walker-Roberts et al. ( 2020 ) investigated the spectrum of risk of a cybersecurity incident taking place in the cyber-physical-enabled world using the VERIS Community Database. The datasets of impacts identified are presented below. Due to overlap, some may also appear in the causes dataset (Supplementary Table 2).

Cybersecurity datasets

General intrusion detection.

General intrusion detection systems account for the largest share of countermeasure datasets. For companies or researchers focused on cybersecurity, the datasets can be used to test their own countermeasures or obtain information about potential vulnerabilities. For example, Al-Omari et al. ( 2021 ) proposed an intelligent intrusion detection model for predicting and detecting attacks in cyberspace, which was applied to dataset UNSW-NB 15. A similar approach was taken by Choras and Kozik ( 2015 ), who used machine learning to detect cyberattacks on web applications. To evaluate their method, they used the HTTP dataset CSIC 2010. For the identification of unknown attacks on web servers, Kamarudin et al. ( 2017 ) proposed an anomaly-based intrusion detection system using an ensemble classification approach. Ganeshan and Rodrigues ( 2020 ) showed an intrusion detection system approach, which clusters the database into several groups and detects the presence of intrusion in the clusters. In comparison, AlKadi et al. ( 2019 ) used a localisation-based model to discover abnormal patterns in network traffic. Hybrid models have been recommended by Bhattacharya et al. ( 2020 ) and Agrawal et al. ( 2019 ); the former is a machine-learning model based on principal component analysis for the classification of intrusion detection system datasets, while the latter is a hybrid ensemble intrusion detection system for anomaly detection using different datasets to detect patterns in network traffic that deviate from normal behaviour.

Agarwal et al. ( 2021 ) used three different machine learning algorithms in their research to find the most suitable for efficiently identifying patterns of suspicious network activity. The UNSW-NB15 dataset was used for this purpose. Kasongo and Sun ( 2020 ), Feed-Forward Deep Neural Network (FFDNN), Keshk et al. ( 2021 ), the privacy-preserving anomaly detection framework, and others also use the UNSW-NB 15 dataset as part of intrusion detection systems. The same dataset and others were used by Binbusayyis and Vaiyapuri ( 2019 ) to identify and compare key features for cyber intrusion detection. Atefinia and Ahmadi ( 2021 ) proposed a deep neural network model to reduce the false positive rate of an anomaly-based intrusion detection system. Fossaceca et al. ( 2015 ) focused in their research on the development of a framework that combined the outputs of multiple learners in order to improve the efficacy of network intrusion, and Gauthama Raman et al. ( 2020 ) presented a search algorithm based on Support Vector machine to improve the performance of the detection and false alarm rate to improve intrusion detection techniques. Ahmad and Alsemmeari ( 2020 ) targeted extreme learning machine techniques due to their good capabilities in classification problems and handling huge data. They used the NSL-KDD dataset as a benchmark.

With reference to prediction, Bakdash et al. ( 2018 ) used datasets from the U.S. Department of Defence to predict cyberattacks by malware. This dataset consists of weekly counts of cyber events over approximately seven years. Another prediction method was presented by Fan et al. ( 2018 ), which showed an improved integrated cybersecurity prediction method based on spatial-time analysis. Also, with reference to prediction, Ashtiani and Azgomi ( 2014 ) proposed a framework for the distributed simulation of cyberattacks based on high-level architecture. Kirubavathi and Anitha ( 2016 ) recommended an approach to detect botnets, irrespective of their structures, based on network traffic flow behaviour analysis and machine-learning techniques. Dwivedi et al. ( 2021 ) introduced a multi-parallel adaptive technique to utilise an adaption mechanism in the group of swarms for network intrusion detection. AlEroud and Karabatis ( 2018 ) presented an approach that used contextual information to automatically identify and query possible semantic links between different types of suspicious activities extracted from network flows.

Intrusion detection systems with a focus on IoT

In addition to general intrusion detection systems, a proportion of studies focused on IoT. Habib et al. ( 2020 ) presented an approach for converting traditional intrusion detection systems into smart intrusion detection systems for IoT networks. To enhance the process of diagnostic detection of possible vulnerabilities with an IoT system, Georgescu et al. ( 2019 ) introduced a method that uses a named entity recognition-based solution. With regard to IoT in the smart home sector, Heartfield et al. ( 2021 ) presented a detection system that is able to autonomously adjust the decision function of its underlying anomaly classification models to a smart home’s changing condition. Another intrusion detection system was suggested by Keserwani et al. ( 2021 ), which combined Grey Wolf Optimization and Particle Swam Optimization to identify various attacks for IoT networks. They used the KDD Cup 99, NSL-KDD and CICIDS-2017 to evaluate their model. Abu Al-Haija and Zein-Sabatto ( 2020 ) provide a comprehensive development of a new intelligent and autonomous deep-learning-based detection and classification system for cyberattacks in IoT communication networks that leverage the power of convolutional neural networks, abbreviated as IoT-IDCS-CNN (IoT-based Intrusion Detection and Classification System using Convolutional Neural Network). To evaluate the development, the authors used the NSL-KDD dataset. Biswas and Roy ( 2021 ) recommended a model that identifies malicious botnet traffic using novel deep-learning approaches like artificial neural networks gutted recurrent units and long- or short-term memory models. They tested their model with the Bot-IoT dataset.

With a more forensic background, Koroniotis et al. ( 2020 ) submitted a network forensic framework, which described the digital investigation phases for identifying and tracing attack behaviours in IoT networks. The suggested work was evaluated with the Bot-IoT and UINSW-NB15 datasets. With a focus on big data and IoT, Chhabra et al. ( 2020 ) presented a cyber forensic framework for big data analytics in an IoT environment using machine learning. Furthermore, the authors mentioned different publicly available datasets for machine-learning models.

A stronger focus on a mobile phones was exhibited by Alazab et al. ( 2020 ), which presented a classification model that combined permission requests and application programme interface calls. The model was tested with a malware dataset containing 27,891 Android apps. A similar approach was taken by Li et al. ( 2019a , b ), who proposed a reliable classifier for Android malware detection based on factorisation machine architecture and extraction of Android app features from manifest files and source code.

Literature reviews

In addition to the different methods and models for intrusion detection systems, various literature reviews on the methods and datasets were also found. Liu and Lang ( 2019 ) proposed a taxonomy of intrusion detection systems that uses data objects as the main dimension to classify and summarise machine learning and deep learning-based intrusion detection literature. They also presented four different benchmark datasets for machine-learning detection systems. Ahmed et al. ( 2016 ) presented an in-depth analysis of four major categories of anomaly detection techniques, which include classification, statistical, information theory and clustering. Hajj et al. ( 2021 ) gave a comprehensive overview of anomaly-based intrusion detection systems. Their article gives an overview of the requirements, methods, measurements and datasets that are used in an intrusion detection system.

Within the framework of machine learning, Chattopadhyay et al. ( 2018 ) conducted a comprehensive review and meta-analysis on the application of machine-learning techniques in intrusion detection systems. They also compared different machine learning techniques in different datasets and summarised the performance. Vidros et al. ( 2017 ) presented an overview of characteristics and methods in automatic detection of online recruitment fraud. They also published an available dataset of 17,880 annotated job ads, retrieved from the use of a real-life system. An empirical study of different unsupervised learning algorithms used in the detection of unknown attacks was presented by Meira et al. ( 2020 ).

New datasets

Kilincer et al. ( 2021 ) reviewed different intrusion detection system datasets in detail. They had a closer look at the UNS-NB15, ISCX-2012, NSL-KDD and CIDDS-001 datasets. Stojanovic et al. ( 2020 ) also provided a review on datasets and their creation for use in advanced persistent threat detection in the literature. Another review of datasets was provided by Sarker et al. ( 2020 ), who focused on cybersecurity data science as part of their research and provided an overview from a machine-learning perspective. Avila et al. ( 2021 ) conducted a systematic literature review on the use of security logs for data leak detection. They recommended a new classification of information leak, which uses the GDPR principles, identified the most widely publicly available dataset for threat detection, described the attack types in the datasets and the algorithms used for data leak detection. Tuncer et al. ( 2020 ) presented a bytecode-based detection method consisting of feature extraction using local neighbourhood binary patterns. They chose a byte-based malware dataset to investigate the performance of the proposed local neighbourhood binary pattern-based detection method. With a different focus, Mauro et al. ( 2020 ) gave an experimental overview of neural-based techniques relevant to intrusion detection. They assessed the value of neural networks using the Bot-IoT and UNSW-DB15 datasets.

Another category of results in the context of countermeasure datasets is those that were presented as new. Moreno et al. ( 2018 ) developed a database of 300 security-related accidents from European and American sources. The database contained cybersecurity-related events in the chemical and process industry. Damasevicius et al. ( 2020 ) proposed a new dataset (LITNET-2020) for network intrusion detection. The dataset is a new annotated network benchmark dataset obtained from the real-world academic network. It presents real-world examples of normal and under-attack network traffic. With a focus on IoT intrusion detection systems, Alsaedi et al. ( 2020 ) proposed a new benchmark IoT/IIot datasets for assessing intrusion detection system-enabled IoT systems. Also in the context of IoT, Vaccari et al. ( 2020 ) proposed a dataset focusing on message queue telemetry transport protocols, which can be used to train machine-learning models. To evaluate the performance of machine-learning classifiers, Mahfouz et al. ( 2020 ) created a dataset called Game Theory and Cybersecurity (GTCS). A dataset containing 22,000 malware and benign samples was constructed by Martin et al. ( 2019 ). The dataset can be used as a benchmark to test the algorithm for Android malware classification and clustering techniques. In addition, Laso et al. ( 2017 ) presented a dataset created to investigate how data and information quality estimates enable the detection of anomalies and malicious acts in cyber-physical systems. The dataset contained various cyberattacks and is publicly available.

In addition to the results described above, several other studies were found that fit into the category of countermeasures. Johnson et al. ( 2016 ) examined the time between vulnerability disclosures. Using another vulnerabilities database, Common Vulnerabilities and Exposures (CVE), Subroto and Apriyana ( 2019 ) presented an algorithm model that uses big data analysis of social media and statistical machine learning to predict cyber risks. A similar databank but with a different focus, Common Vulnerability Scoring System, was used by Chatterjee and Thekdi ( 2020 ) to present an iterative data-driven learning approach to vulnerability assessment and management for complex systems. Using the CICIDS2017 dataset to evaluate the performance, Malik et al. ( 2020 ) proposed a control plane-based orchestration for varied, sophisticated threats and attacks. The same dataset was used in another study by Lee et al. ( 2019 ), who developed an artificial security information event management system based on a combination of event profiling for data processing and different artificial network methods. To exploit the interdependence between multiple series, Fang et al. ( 2021 ) proposed a statistical framework. In order to validate the framework, the authors applied it to a dataset of enterprise-level security breaches from the Privacy Rights Clearinghouse and Identity Theft Center database. Another framework with a defensive aspect was recommended by Li et al. ( 2021 ) to increase the robustness of deep neural networks against adversarial malware evasion attacks. Sarabi et al. ( 2016 ) investigated whether and to what extent business details can help assess an organisation's risk of data breaches and the distribution of risk across different types of incidents to create policies for protection, detection and recovery from different forms of security incidents. They used data from the VERIS Community Database.

Datasets that have been classified into the cybersecurity category are detailed in Supplementary Table 3. Due to overlap, records from the previous tables may also be included.

This paper presented a systematic literature review of studies on cyber risk and cybersecurity that used datasets. Within this framework, 255 studies were fully reviewed and then classified into three different categories. Then, 79 datasets were consolidated from these studies. These datasets were subsequently analysed, and important information was selected through a process of filtering out. This information was recorded in a table and enhanced with further information as part of the literature analysis. This made it possible to create a comprehensive overview of the datasets. For example, each dataset contains a description of where the data came from and how the data has been used to date. This allows different datasets to be compared and the appropriate dataset for the use case to be selected. This research certainly has limitations, so our selection of datasets cannot necessarily be taken as a representation of all available datasets related to cyber risks and cybersecurity. For example, literature searches were conducted in four academic databases and only found datasets that were used in the literature. Many research projects also used old datasets that may no longer consider current developments. In addition, the data are often focused on only one observation and are limited in scope. For example, the datasets can only be applied to specific contexts and are also subject to further limitations (e.g. region, industry, operating system). In the context of the applicability of the datasets, it is unfortunately not possible to make a clear statement on the extent to which they can be integrated into academic or practical areas of application or how great this effort is. Finally, it remains to be pointed out that this is an overview of currently available datasets, which are subject to constant change.

Due to the lack of datasets on cyber risks in the academic literature, additional datasets on cyber risks were integrated as part of a further search. The search was conducted on the Google Dataset search portal. The search term used was ‘cyber risk datasets’. Over 100 results were found. However, due to the low significance and verifiability, only 20 selected datasets were included. These can be found in Table 2  in the “ Appendix ”.

The results of the literature review and datasets also showed that there continues to be a lack of available, open cyber datasets. This lack of data is reflected in cyber insurance, for example, as it is difficult to find a risk-based premium without a sufficient database (Nurse et al. 2020 ). The global cyber insurance market was estimated at USD 5.5 billion in 2020 (Dyson 2020 ). When compared to the USD 1 trillion global losses from cybercrime (Maleks Smith et al. 2020 ), it is clear that there exists a significant cyber risk awareness challenge for both the insurance industry and international commerce. Without comprehensive and qualitative data on cyber losses, it can be difficult to estimate potential losses from cyberattacks and price cyber insurance accordingly (GAO 2021 ). For instance, the average cyber insurance loss increased from USD 145,000 in 2019 to USD 359,000 in 2020 (FitchRatings 2021 ). Cyber insurance is an important risk management tool to mitigate the financial impact of cybercrime. This is particularly evident in the impact of different industries. In the Energy & Commodities financial markets, a ransomware attack on the Colonial Pipeline led to a substantial impact on the U.S. economy. As a result of the attack, about 45% of the U.S. East Coast was temporarily unable to obtain supplies of diesel, petrol and jet fuel. This caused the average price in the U.S. to rise 7 cents to USD 3.04 per gallon, the highest in seven years (Garber 2021 ). In addition, Colonial Pipeline confirmed that it paid a USD 4.4 million ransom to a hacker gang after the attack. Another ransomware attack occurred in the healthcare and government sector. The victim of this attack was the Irish Health Service Executive (HSE). A ransom payment of USD 20 million was demanded from the Irish government to restore services after the hack (Tidy 2021 ). In the car manufacturing sector, Miller and Valasek ( 2015 ) initiated a cyberattack that resulted in the recall of 1.4 million vehicles and cost manufacturers EUR 761 million. The risk that arises in the context of these events is the potential for the accumulation of cyber losses, which is why cyber insurers are not expanding their capacity. An example of this accumulation of cyber risks is the NotPetya malware attack, which originated in Russia, struck in Ukraine, and rapidly spread around the world, causing at least USD 10 billion in damage (GAO 2021 ). These events highlight the importance of proper cyber risk management.

This research provides cyber insurance stakeholders with an overview of cyber datasets. Cyber insurers can use the open datasets to improve their understanding and assessment of cyber risks. For example, the impact datasets can be used to better measure financial impacts and their frequencies. These data could be combined with existing portfolio data from cyber insurers and integrated with existing pricing tools and factors to better assess cyber risk valuation. Although most cyber insurers have sparse historical cyber policy and claims data, they remain too small at present for accurate prediction (Bessy-Roland et al. 2021 ). A combination of portfolio data and external datasets would support risk-adjusted pricing for cyber insurance, which would also benefit policyholders. In addition, cyber insurance stakeholders can use the datasets to identify patterns and make better predictions, which would benefit sustainable cyber insurance coverage. In terms of cyber risk cause datasets, cyber insurers can use the data to review their insurance products. For example, the data could provide information on which cyber risks have not been sufficiently considered in product design or where improvements are needed. A combination of cyber cause and cybersecurity datasets can help establish uniform definitions to provide greater transparency and clarity. Consistent terminology could lead to a more sustainable cyber market, where cyber insurers make informed decisions about the level of coverage and policyholders understand their coverage (The Geneva Association 2020).

In addition to the cyber insurance community, this research also supports cybersecurity stakeholders. The reviewed literature can be used to provide a contemporary, contextual and categorised summary of available datasets. This supports efficient and timely progress in cyber risk research and is beneficial given the dynamic nature of cyber risks. With the help of the described cybersecurity datasets and the identified information, a comparison of different datasets is possible. The datasets can be used to evaluate the effectiveness of countermeasures in simulated cyberattacks or to test intrusion detection systems.

In this paper, we conducted a systematic review of studies on cyber risk and cybersecurity databases. We found that most of the datasets are in the field of intrusion detection and machine learning and are used for technical cybersecurity aspects. The available datasets on cyber risks were relatively less represented. Due to the dynamic nature and lack of historical data, assessing and understanding cyber risk is a major challenge for cyber insurance stakeholders. To address this challenge, a greater density of cyber data is needed to support cyber insurers in risk management and researchers with cyber risk-related topics. With reference to ‘Open Science’ FAIR data (Jacobsen et al. 2020 ), mandatory reporting of cyber incidents could help improve cyber understanding, awareness and loss prevention among companies and insurers. Through greater availability of data, cyber risks can be better understood, enabling researchers to conduct more in-depth research into these risks. Companies could incorporate this new knowledge into their corporate culture to reduce cyber risks. For insurance companies, this would have the advantage that all insurers would have the same understanding of cyber risks, which would support sustainable risk-based pricing. In addition, common definitions of cyber risks could be derived from new data.

The cybersecurity databases summarised and categorised in this research could provide a different perspective on cyber risks that would enable the formulation of common definitions in cyber policies. The datasets can help companies addressing cybersecurity and cyber risk as part of risk management assess their internal cyber posture and cybersecurity measures. The paper can also help improve risk awareness and corporate behaviour, and provides the research community with a comprehensive overview of peer-reviewed datasets and other available datasets in the area of cyber risk and cybersecurity. This approach is intended to support the free availability of data for research. The complete tabulated review of the literature is included in the Supplementary Material.

This work provides directions for several paths of future work. First, there are currently few publicly available datasets for cyber risk and cybersecurity. The older datasets that are still widely used no longer reflect today's technical environment. Moreover, they can often only be used in one context, and the scope of the samples is very limited. It would be of great value if more datasets were publicly available that reflect current environmental conditions. This could help intrusion detection systems to consider current events and thus lead to a higher success rate. It could also compensate for the disadvantages of older datasets by collecting larger quantities of samples and making this contextualisation more widespread. Another area of research may be the integratability and adaptability of cybersecurity and cyber risk datasets. For example, it is often unclear to what extent datasets can be integrated or adapted to existing data. For cyber risks and cybersecurity, it would be helpful to know what requirements need to be met or what is needed to use the datasets appropriately. In addition, it would certainly be helpful to know whether datasets can be modified to be used for cyber risks or cybersecurity. Finally, the ability for stakeholders to identify machine-readable cybersecurity datasets would be useful because it would allow for even clearer delineations or comparisons between datasets. Due to the lack of publicly available datasets, concrete benchmarks often cannot be applied.

Average cost of a breach of more than 50 million records.

Aamir, M., S.S.H. Rizvi, M.A. Hashmani, M. Zubair, and J. Ahmad. 2021. Machine learning classification of port scanning and DDoS attacks: A comparative analysis. Mehran University Research Journal of Engineering and Technology 40 (1): 215–229. https://doi.org/10.22581/muet1982.2101.19 .

Article   Google Scholar  

Aamir, M., and S.M.A. Zaidi. 2019. DDoS attack detection with feature engineering and machine learning: The framework and performance evaluation. International Journal of Information Security 18 (6): 761–785. https://doi.org/10.1007/s10207-019-00434-1 .

Aassal, A. El, S. Baki, A. Das, and R.M. Verma. 2020. 2020. An in-depth benchmarking and evaluation of phishing detection research for security needs. IEEE Access 8: 22170–22192. https://doi.org/10.1109/ACCESS.2020.2969780 .

Abu Al-Haija, Q., and S. Zein-Sabatto. 2020. An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 9 (12): 26. https://doi.org/10.3390/electronics9122152 .

Adhikari, U., T.H. Morris, and S.Y. Pan. 2018. Applying Hoeffding adaptive trees for real-time cyber-power event and intrusion classification. IEEE Transactions on Smart Grid 9 (5): 4049–4060. https://doi.org/10.1109/tsg.2017.2647778 .

Agarwal, A., P. Sharma, M. Alshehri, A.A. Mohamed, and O. Alfarraj. 2021. Classification model for accuracy and intrusion detection using machine learning approach. PeerJ Computer Science . https://doi.org/10.7717/peerj-cs.437 .

Agrafiotis, I., J.R.C.. Nurse, M. Goldsmith, S. Creese, and D. Upton. 2018. A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity 4: tyy006.

Agrawal, A., S. Mohammed, and J. Fiaidhi. 2019. Ensemble technique for intruder detection in network traffic. International Journal of Security and Its Applications 13 (3): 1–8. https://doi.org/10.33832/ijsia.2019.13.3.01 .

Ahmad, I., and R.A. Alsemmeari. 2020. Towards improving the intrusion detection through ELM (extreme learning machine). CMC Computers Materials & Continua 65 (2): 1097–1111. https://doi.org/10.32604/cmc.2020.011732 .

Ahmed, M., A.N. Mahmood, and J.K. Hu. 2016. A survey of network anomaly detection techniques. Journal of Network and Computer Applications 60: 19–31. https://doi.org/10.1016/j.jnca.2015.11.016 .

Al-Jarrah, O.Y., O. Alhussein, P.D. Yoo, S. Muhaidat, K. Taha, and K. Kim. 2016. Data randomization and cluster-based partitioning for Botnet intrusion detection. IEEE Transactions on Cybernetics 46 (8): 1796–1806. https://doi.org/10.1109/TCYB.2015.2490802 .

Al-Mhiqani, M.N., R. Ahmad, Z.Z. Abidin, W. Yassin, A. Hassan, K.H. Abdulkareem, N.S. Ali, and Z. Yunos. 2020. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations. Applied Sciences—Basel 10 (15): 41. https://doi.org/10.3390/app10155208 .

Al-Omari, M., M. Rawashdeh, F. Qutaishat, M. Alshira’H, and N. Ababneh. 2021. An intelligent tree-based intrusion detection model for cyber security. Journal of Network and Systems Management 29 (2): 18. https://doi.org/10.1007/s10922-021-09591-y .

Alabdallah, A., and M. Awad. 2018. Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System. KSII Transactions on Internet and Information Systems 12 (10): 5143–5158. https://doi.org/10.3837/tiis.2018.10.027 .

Alazab, M., M. Alazab, A. Shalaginov, A. Mesleh, and A. Awajan. 2020. Intelligent mobile malware detection using permission requests and API calls. Future Generation Computer Systems—the International Journal of eScience 107: 509–521. https://doi.org/10.1016/j.future.2020.02.002 .

Albahar, M.A., R.A. Al-Falluji, and M. Binsawad. 2020. An empirical comparison on malicious activity detection using different neural network-based models. IEEE Access 8: 61549–61564. https://doi.org/10.1109/ACCESS.2020.2984157 .

AlEroud, A.F., and G. Karabatis. 2018. Queryable semantics to detect cyber-attacks: A flow-based detection approach. IEEE Transactions on Systems, Man, and Cybernetics: Systems 48 (2): 207–223. https://doi.org/10.1109/TSMC.2016.2600405 .

Algarni, A.M., V. Thayananthan, and Y.K. Malaiya. 2021. Quantitative assessment of cybersecurity risks for mitigating data breaches in business systems. Applied Sciences (switzerland) . https://doi.org/10.3390/app11083678 .

Alhowaide, A., I. Alsmadi, and J. Tang. 2021. Towards the design of real-time autonomous IoT NIDS. Cluster Computing—the Journal of Networks Software Tools and Applications . https://doi.org/10.1007/s10586-021-03231-5 .

Ali, S., and Y. Li. 2019. Learning multilevel auto-encoders for DDoS attack detection in smart grid network. IEEE Access 7: 108647–108659. https://doi.org/10.1109/ACCESS.2019.2933304 .

AlKadi, O., N. Moustafa, B. Turnbull, and K.K.R. Choo. 2019. Mixture localization-based outliers models for securing data migration in cloud centers. IEEE Access 7: 114607–114618. https://doi.org/10.1109/ACCESS.2019.2935142 .

Allianz. 2021. Allianz Risk Barometer. https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-Barometer-2021.pdf . Accessed 15 May 2021.

Almiani, M., A. AbuGhazleh, A. Al-Rahayfeh, S. Atiewi, and Razaque, A. 2020. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory 101: 102031. https://doi.org/10.1016/j.simpat.2019.102031

Alsaedi, A., N. Moustafa, Z. Tari, A. Mahmood, and A. Anwar. 2020. TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8: 165130–165150. https://doi.org/10.1109/access.2020.3022862 .

Alsamiri, J., and K. Alsubhi. 2019. Internet of Things cyber attacks detection using machine learning. International Journal of Advanced Computer Science and Applications 10 (12): 627–634.

Alsharafat, W. 2013. Applying artificial neural network and eXtended classifier system for network intrusion detection. International Arab Journal of Information Technology 10 (3): 230–238.

Google Scholar  

Amin, R.W., H.E. Sevil, S. Kocak, G. Francia III., and P. Hoover. 2021. The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information (switzerland) 12 (1): 1–18. https://doi.org/10.3390/info12010002 .

Arcuri, M.C., L.Z. Gai, F. Ielasi, and E. Ventisette. 2020. Cyber attacks on hospitality sector: Stock market reaction. Journal of Hospitality and Tourism Technology 11 (2): 277–290. https://doi.org/10.1108/jhtt-05-2019-0080 .

Arp, D., M. Spreitzenbarth, M. Hubner, H. Gascon, K. Rieck, and C.E.R.T. Siemens. 2014. Drebin: Effective and explainable detection of android malware in your pocket. In Ndss 14: 23–26.

Ashtiani, M., and M.A. Azgomi. 2014. A distributed simulation framework for modeling cyber attacks and the evaluation of security measures. Simulation 90 (9): 1071–1102. https://doi.org/10.1177/0037549714540221 .

Atefinia, R., and M. Ahmadi. 2021. Network intrusion detection using multi-architectural modular deep neural network. Journal of Supercomputing 77 (4): 3571–3593. https://doi.org/10.1007/s11227-020-03410-y .

Avila, R., R. Khoury, R. Khoury, and F. Petrillo. 2021. Use of security logs for data leak detection: A systematic literature review. Security and Communication Networks 2021: 29. https://doi.org/10.1155/2021/6615899 .

Azeez, N.A., T.J. Ayemobola, S. Misra, R. Maskeliunas, and R. Damasevicius. 2019. Network Intrusion Detection with a Hashing Based Apriori Algorithm Using Hadoop MapReduce. Computers 8 (4): 15. https://doi.org/10.3390/computers8040086 .

Bakdash, J.Z., S. Hutchinson, E.G. Zaroukian, L.R. Marusich, S. Thirumuruganathan, C. Sample, B. Hoffman, and G. Das. 2018. Malware in the future forecasting of analyst detection of cyber events. Journal of Cybersecurity . https://doi.org/10.1093/cybsec/tyy007 .

Barletta, V.S., D. Caivano, A. Nannavecchia, and M. Scalera. 2020. Intrusion detection for in-vehicle communication networks: An unsupervised Kohonen SOM approach. Future Internet . https://doi.org/10.3390/FI12070119 .

Barzegar, M., and M. Shajari. 2018. Attack scenario reconstruction using intrusion semantics. Expert Systems with Applications 108: 119–133. https://doi.org/10.1016/j.eswa.2018.04.030 .

Bessy-Roland, Y., A. Boumezoued, and C. Hillairet. 2021. Multivariate Hawkes process for cyber insurance. Annals of Actuarial Science 15 (1): 14–39.

Bhardwaj, A., V. Mangat, and R. Vig. 2020. Hyperband tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud. IEEE Access 8: 181916–181929. https://doi.org/10.1109/ACCESS.2020.3028690 .

Bhati, B.S., C.S. Rai, B. Balamurugan, and F. Al-Turjman. 2020. An intrusion detection scheme based on the ensemble of discriminant classifiers. Computers & Electrical Engineering 86: 9. https://doi.org/10.1016/j.compeleceng.2020.106742 .

Bhattacharya, S., S.S.R. Krishnan, P.K.R. Maddikunta, R. Kaluri, S. Singh, T.R. Gadekallu, M. Alazab, and U. Tariq. 2020. A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9 (2): 16. https://doi.org/10.3390/electronics9020219 .

Bibi, I., A. Akhunzada, J. Malik, J. Iqbal, A. Musaddiq, and S. Kim. 2020. A dynamic DL-driven architecture to combat sophisticated android malware. IEEE Access 8: 129600–129612. https://doi.org/10.1109/ACCESS.2020.3009819 .

Biener, C., M. Eling, and J.H. Wirfs. 2015. Insurability of cyber risk: An empirical analysis. The   Geneva Papers on Risk and Insurance—Issues and Practice 40 (1): 131–158. https://doi.org/10.1057/gpp.2014.19 .

Binbusayyis, A., and T. Vaiyapuri. 2019. Identifying and benchmarking key features for cyber intrusion detection: An ensemble approach. IEEE Access 7: 106495–106513. https://doi.org/10.1109/ACCESS.2019.2929487 .

Biswas, R., and S. Roy. 2021. Botnet traffic identification using neural networks. Multimedia Tools and Applications . https://doi.org/10.1007/s11042-021-10765-8 .

Bouyeddou, B., F. Harrou, B. Kadri, and Y. Sun. 2021. Detecting network cyber-attacks using an integrated statistical approach. Cluster Computing—the Journal of Networks Software Tools and Applications 24 (2): 1435–1453. https://doi.org/10.1007/s10586-020-03203-1 .

Bozkir, A.S., and M. Aydos. 2020. LogoSENSE: A companion HOG based logo detection scheme for phishing web page and E-mail brand recognition. Computers & Security 95: 18. https://doi.org/10.1016/j.cose.2020.101855 .

Brower, D., and M. McCormick. 2021. Colonial pipeline resumes operations following ransomware attack. Financial Times .

Cai, H., F. Zhang, and A. Levi. 2019. An unsupervised method for detecting shilling attacks in recommender systems by mining item relationship and identifying target items. The Computer Journal 62 (4): 579–597. https://doi.org/10.1093/comjnl/bxy124 .

Cebula, J.J., M.E. Popeck, and L.R. Young. 2014. A Taxonomy of Operational Cyber Security Risks Version 2 .

Chadza, T., K.G. Kyriakopoulos, and S. Lambotharan. 2020. Learning to learn sequential network attacks using hidden Markov models. IEEE Access 8: 134480–134497. https://doi.org/10.1109/ACCESS.2020.3011293 .

Chatterjee, S., and S. Thekdi. 2020. An iterative learning and inference approach to managing dynamic cyber vulnerabilities of complex systems. Reliability Engineering and System Safety . https://doi.org/10.1016/j.ress.2019.106664 .

Chattopadhyay, M., R. Sen, and S. Gupta. 2018. A comprehensive review and meta-analysis on applications of machine learning techniques in intrusion detection. Australasian Journal of Information Systems 22: 27.

Chen, H.S., and J. Fiscus. 2018. The inhospitable vulnerability: A need for cybersecurity risk assessment in the hospitality industry. Journal of Hospitality and Tourism Technology 9 (2): 223–234. https://doi.org/10.1108/JHTT-07-2017-0044 .

Chhabra, G.S., V.P. Singh, and M. Singh. 2020. Cyber forensics framework for big data analytics in IoT environment using machine learning. Multimedia Tools and Applications 79 (23–24): 15881–15900. https://doi.org/10.1007/s11042-018-6338-1 .

Chiba, Z., N. Abghour, K. Moussaid, A. Elomri, and M. Rida. 2019. Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms. Computers and Security 86: 291–317. https://doi.org/10.1016/j.cose.2019.06.013 .

Choras, M., and R. Kozik. 2015. Machine learning techniques applied to detect cyber attacks on web applications. Logic Journal of the IGPL 23 (1): 45–56. https://doi.org/10.1093/jigpal/jzu038 .

Chowdhury, S., M. Khanzadeh, R. Akula, F. Zhang, S. Zhang, H. Medal, M. Marufuzzaman, and L. Bian. 2017. Botnet detection using graph-based feature clustering. Journal of Big Data 4 (1): 14. https://doi.org/10.1186/s40537-017-0074-7 .

Cost Of A Cyber Incident: Systematic Review And Cross-Validation, Cybersecurity & Infrastructure Agency , 1, https://www.cisa.gov/sites/default/files/publications/CISA-OCE_Cost_of_Cyber_Incidents_Study-FINAL_508.pdf (2020).

D’Hooge, L., T. Wauters, B. Volckaert, and F. De Turck. 2019. Classification hardness for supervised learners on 20 years of intrusion detection data. IEEE Access 7: 167455–167469. https://doi.org/10.1109/access.2019.2953451 .

Damasevicius, R., A. Venckauskas, S. Grigaliunas, J. Toldinas, N. Morkevicius, T. Aleliunas, and P. Smuikys. 2020. LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics 9 (5): 23. https://doi.org/10.3390/electronics9050800 .

De Giovanni, A.L.D., and M. Pirra. 2020. On the determinants of data breaches: A cointegration analysis. Decisions in Economics and Finance . https://doi.org/10.1007/s10203-020-00301-y .

Deng, L., D. Li, X. Yao, and H. Wang. 2019. Retracted Article: Mobile network intrusion detection for IoT system based on transfer learning algorithm. Cluster Computing 22 (4): 9889–9904. https://doi.org/10.1007/s10586-018-1847-2 .

Donkal, G., and G.K. Verma. 2018. A multimodal fusion based framework to reinforce IDS for securing Big Data environment using Spark. Journal of Information Security and Applications 43: 1–11. https://doi.org/10.1016/j.jisa.2018.10.001 .

Dunn, C., N. Moustafa, and B. Turnbull. 2020. Robustness evaluations of sustainable machine learning models against data Poisoning attacks in the Internet of Things. Sustainability 12 (16): 17. https://doi.org/10.3390/su12166434 .

Dwivedi, S., M. Vardhan, and S. Tripathi. 2021. Multi-parallel adaptive grasshopper optimization technique for detecting anonymous attacks in wireless networks. Wireless Personal Communications . https://doi.org/10.1007/s11277-021-08368-5 .

Dyson, B. 2020. COVID-19 crisis could be ‘watershed’ for cyber insurance, says Swiss Re exec. https://www.spglobal.com/marketintelligence/en/news-insights/latest-news-headlines/covid-19-crisis-could-be-watershed-for-cyber-insurance-says-swiss-re-exec-59197154 . Accessed 7 May 2020.

EIOPA. 2018. Understanding cyber insurance—a structured dialogue with insurance companies. https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_understanding_cyber_insurance.pdf . Accessed 28 May 2018

Elijah, A.V., A. Abdullah, N.Z. JhanJhi, M. Supramaniam, and O.B. Abdullateef. 2019. Ensemble and deep-learning methods for two-class and multi-attack anomaly intrusion detection: An empirical study. International Journal of Advanced Computer Science and Applications 10 (9): 520–528.

Eling, M., and K. Jung. 2018. Copula approaches for modeling cross-sectional dependence of data breach losses. Insurance Mathematics & Economics 82: 167–180. https://doi.org/10.1016/j.insmatheco.2018.07.003 .

Eling, M., and W. Schnell. 2016. What do we know about cyber risk and cyber risk insurance? Journal of Risk Finance 17 (5): 474–491. https://doi.org/10.1108/jrf-09-2016-0122 .

Eling, M., and J. Wirfs. 2019. What are the actual costs of cyber risk events? European Journal of Operational Research 272 (3): 1109–1119. https://doi.org/10.1016/j.ejor.2018.07.021 .

Eling, M. 2020. Cyber risk research in business and actuarial science. European Actuarial Journal 10 (2): 303–333.

Elmasry, W., A. Akbulut, and A.H. Zaim. 2019. Empirical study on multiclass classification-based network intrusion detection. Computational Intelligence 35 (4): 919–954. https://doi.org/10.1111/coin.12220 .

Elsaid, S.A., and N.S. Albatati. 2020. An optimized collaborative intrusion detection system for wireless sensor networks. Soft Computing 24 (16): 12553–12567. https://doi.org/10.1007/s00500-020-04695-0 .

Estepa, R., J.E. Díaz-Verdejo, A. Estepa, and G. Madinabeitia. 2020. How much training data is enough? A case study for HTTP anomaly-based intrusion detection. IEEE Access 8: 44410–44425. https://doi.org/10.1109/ACCESS.2020.2977591 .

European Council. 2021. Cybersecurity: how the EU tackles cyber threats. https://www.consilium.europa.eu/en/policies/cybersecurity/ . Accessed 10 May 2021

Falco, G. et al. 2019. Cyber risk research impeded by disciplinary barriers. Science (American Association for the Advancement of Science) 366 (6469): 1066–1069.

Fan, Z.J., Z.P. Tan, C.X. Tan, and X. Li. 2018. An improved integrated prediction method of cyber security situation based on spatial-time analysis. Journal of Internet Technology 19 (6): 1789–1800. https://doi.org/10.3966/160792642018111906015 .

Fang, Z.J., M.C. Xu, S.H. Xu, and T.Z. Hu. 2021. A framework for predicting data breach risk: Leveraging dependence to cope with sparsity. IEEE Transactions on Information Forensics and Security 16: 2186–2201. https://doi.org/10.1109/tifs.2021.3051804 .

Farkas, S., O. Lopez, and M. Thomas. 2021. Cyber claim analysis using Generalized Pareto regression trees with applications to insurance. Insurance: Mathematics and Economics 98: 92–105. https://doi.org/10.1016/j.insmatheco.2021.02.009 .

Farsi, H., A. Fanian, and Z. Taghiyarrenani. 2019. A novel online state-based anomaly detection system for process control networks. International Journal of Critical Infrastructure Protection 27: 11. https://doi.org/10.1016/j.ijcip.2019.100323 .

Ferrag, M.A., L. Maglaras, S. Moschoyiannis, and H. Janicke. 2020. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications 50: 19. https://doi.org/10.1016/j.jisa.2019.102419 .

Field, M. 2018. WannaCry cyber attack cost the NHS £92m as 19,000 appointments cancelled. https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled/ . Accessed 9 May 2018.

FitchRatings. 2021. U.S. Cyber Insurance Market Update (Spike in Claims Leads to Decline in 2020 Underwriting Performance). https://www.fitchratings.com/research/insurance/us-cyber-insurance-market-update-spike-in-claims-leads-to-decline-in-2020-underwriting-performance-26-05-2021 .

Fossaceca, J.M., T.A. Mazzuchi, and S. Sarkani. 2015. MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of network intrusion detection. Expert Systems with Applications 42 (8): 4062–4080. https://doi.org/10.1016/j.eswa.2014.12.040 .

Franke, U., and J. Brynielsson. 2014. Cyber situational awareness–a systematic review of the literature. Computers & security 46: 18–31.

Freeha, K., K.J. Hwan, M. Lars, and M. Robin. 2021. Data breach management: An integrated risk model. Information & Management 58 (1): 103392. https://doi.org/10.1016/j.im.2020.103392 .

Ganeshan, R., and P. Rodrigues. 2020. Crow-AFL: Crow based adaptive fractional lion optimization approach for the intrusion detection. Wireless Personal Communications 111 (4): 2065–2089. https://doi.org/10.1007/s11277-019-06972-0 .

GAO. 2021. CYBER INSURANCE—Insurers and policyholders face challenges in an evolving market. https://www.gao.gov/assets/gao-21-477.pdf . Accessed 16 May 2021.

Garber, J. 2021. Colonial Pipeline fiasco foreshadows impact of Biden energy policy. https://www.foxbusiness.com/markets/colonial-pipeline-fiasco-foreshadows-impact-of-biden-energy-policy . Accessed 4 May 2021.

Gauthama Raman, M.R., N. Somu, S. Jagarapu, T. Manghnani, T. Selvam, K. Krithivasan, and V.S. Shankar Sriram. 2020. An efficient intrusion detection technique based on support vector machine and improved binary gravitational search algorithm. Artificial Intelligence Review 53 (5): 3255–3286. https://doi.org/10.1007/s10462-019-09762-z .

Gavel, S., A.S. Raghuvanshi, and S. Tiwari. 2021. Distributed intrusion detection scheme using dual-axis dimensionality reduction for Internet of things (IoT). Journal of Supercomputing . https://doi.org/10.1007/s11227-021-03697-5 .

GDPR.EU. 2021. FAQ. https://gdpr.eu/faq/ . Accessed 10 May 2021.

Georgescu, T.M., B. Iancu, and M. Zurini. 2019. Named-entity-recognition-based automated system for diagnosing cybersecurity situations in IoT networks. Sensors (switzerland) . https://doi.org/10.3390/s19153380 .

Giudici, P., and E. Raffinetti. 2020. Cyber risk ordering with rank-based statistical models. AStA Advances in Statistical Analysis . https://doi.org/10.1007/s10182-020-00387-0 .

Goh, J., S. Adepu, K.N. Junejo, and A. Mathur. 2016. A dataset to support research in the design of secure water treatment systems. In CRITIS.

Gong, X.Y., J.L. Lu, Y.F. Zhou, H. Qiu, and R. He. 2021. Model uncertainty based annotation error fixing for web attack detection. Journal of Signal Processing Systems for Signal Image and Video Technology 93 (2–3): 187–199. https://doi.org/10.1007/s11265-019-01494-1 .

Goode, S., H. Hoehle, V. Venkatesh, and S.A. Brown. 2017. USER compensation as a data breach recovery action: An investigation of the sony playstation network breach. MIS Quarterly 41 (3): 703–727.

Guo, H., S. Huang, C. Huang, Z. Pan, M. Zhang, and F. Shi. 2020. File entropy signal analysis combined with wavelet decomposition for malware classification. IEEE Access 8: 158961–158971. https://doi.org/10.1109/ACCESS.2020.3020330 .

Habib, M., I. Aljarah, and H. Faris. 2020. A Modified multi-objective particle swarm optimizer-based Lévy flight: An approach toward intrusion detection in Internet of Things. Arabian Journal for Science and Engineering 45 (8): 6081–6108. https://doi.org/10.1007/s13369-020-04476-9 .

Hajj, S., R. El Sibai, J.B. Abdo, J. Demerjian, A. Makhoul, and C. Guyeux. 2021. Anomaly-based intrusion detection systems: The requirements, methods, measurements, and datasets. Transactions on Emerging Telecommunications Technologies 32 (4): 36. https://doi.org/10.1002/ett.4240 .

Heartfield, R., G. Loukas, A. Bezemskij, and E. Panaousis. 2021. Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning. IEEE Transactions on Information Forensics and Security 16: 1720–1735. https://doi.org/10.1109/tifs.2020.3042049 .

Hemo, B., T. Gafni, K. Cohen, and Q. Zhao. 2020. Searching for anomalies over composite hypotheses. IEEE Transactions on Signal Processing 68: 1181–1196. https://doi.org/10.1109/TSP.2020.2971438

Hindy, H., D. Brosset, E. Bayne, A.K. Seeam, C. Tachtatzis, R. Atkinson, and X. Bellekens. 2020. A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8: 104650–104675. https://doi.org/10.1109/ACCESS.2020.3000179 .

Hong, W., D. Huang, C. Chen, and J. Lee. 2020. Towards accurate and efficient classification of power system contingencies and cyber-attacks using recurrent neural networks. IEEE Access 8: 123297–123309. https://doi.org/10.1109/ACCESS.2020.3007609 .

Husák, M., M. Zádník, V. Bartos, and P. Sokol. 2020. Dataset of intrusion detection alerts from a sharing platform. Data in Brief 33: 106530.

IBM Security. 2020. Cost of a Data breach Report. https://www.capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf . Accessed 19 May 2021.

IEEE. 2021. IEEE Quick Facts. https://www.ieee.org/about/at-a-glance.html . Accessed 11 May 2021.

Kilincer, I.F., F. Ertam, and S. Abdulkadir. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 107840. https://doi.org/10.1016/j.comnet.2021.107840 .

Jaber, A.N., and S. Ul Rehman. 2020. FCM-SVM based intrusion detection system for cloud computing environment. Cluster Computing—the Journal of Networks Software Tools and Applications 23 (4): 3221–3231. https://doi.org/10.1007/s10586-020-03082-6 .

Jacobs, J., S. Romanosky, B. Edwards, M. Roytman, and I. Adjerid. 2019. Exploit prediction scoring system (epss). arXiv:1908.04856

Jacobsen, A. et al. 2020. FAIR principles: Interpretations and implementation considerations. Data Intelligence 2 (1–2): 10–29. https://doi.org/10.1162/dint_r_00024 .

Jahromi, A.N., S. Hashemi, A. Dehghantanha, R.M. Parizi, and K.K.R. Choo. 2020. An enhanced stacked LSTM method with no random initialization for malware threat hunting in safety and time-critical systems. IEEE Transactions on Emerging Topics in Computational Intelligence 4 (5): 630–640. https://doi.org/10.1109/TETCI.2019.2910243 .

Jang, S., S. Li, and Y. Sung. 2020. FastText-based local feature visualization algorithm for merged image-based malware classification framework for cyber security and cyber defense. Mathematics 8 (3): 13. https://doi.org/10.3390/math8030460 .

Javeed, D., T.H. Gao, and M.T. Khan. 2021. SDN-enabled hybrid DL-driven framework for the detection of emerging cyber threats in IoT. Electronics 10 (8): 16. https://doi.org/10.3390/electronics10080918 .

Johnson, P., D. Gorton, R. Lagerstrom, and M. Ekstedt. 2016. Time between vulnerability disclosures: A measure of software product vulnerability. Computers & Security 62: 278–295. https://doi.org/10.1016/j.cose.2016.08.004 .

Johnson, P., R. Lagerström, M. Ekstedt, and U. Franke. 2018. Can the common vulnerability scoring system be trusted? A Bayesian analysis. IEEE Transactions on Dependable and Secure Computing 15 (6): 1002–1015. https://doi.org/10.1109/TDSC.2016.2644614 .

Junger, M., V. Wang, and M. Schlömer. 2020. Fraud against businesses both online and offline: Crime scripts, business characteristics, efforts, and benefits. Crime Science 9 (1): 13. https://doi.org/10.1186/s40163-020-00119-4 .

Kalutarage, H.K., H.N. Nguyen, and S.A. Shaikh. 2017. Towards a threat assessment framework for apps collusion. Telecommunication Systems 66 (3): 417–430. https://doi.org/10.1007/s11235-017-0296-1 .

Kamarudin, M.H., C. Maple, T. Watson, and N.S. Safa. 2017. A LogitBoost-based algorithm for detecting known and unknown web attacks. IEEE Access 5: 26190–26200. https://doi.org/10.1109/ACCESS.2017.2766844 .

Kasongo, S.M., and Y.X. Sun. 2020. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security 92: 15. https://doi.org/10.1016/j.cose.2020.101752 .

Keserwani, P.K., M.C. Govil, E.S. Pilli, and P. Govil. 2021. A smart anomaly-based intrusion detection system for the Internet of Things (IoT) network using GWO–PSO–RF model. Journal of Reliable Intelligent Environments 7 (1): 3–21. https://doi.org/10.1007/s40860-020-00126-x .

Keshk, M., E. Sitnikova, N. Moustafa, J. Hu, and I. Khalil. 2021. An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems. IEEE Transactions on Sustainable Computing 6 (1): 66–79. https://doi.org/10.1109/TSUSC.2019.2906657 .

Khan, I.A., D.C. Pi, A.K. Bhatia, N. Khan, W. Haider, and A. Wahab. 2020. Generating realistic IoT-based IDS dataset centred on fuzzy qualitative modelling for cyber-physical systems. Electronics Letters 56 (9): 441–443. https://doi.org/10.1049/el.2019.4158 .

Khraisat, A., I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab. 2020. Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics 9 (1): 18. https://doi.org/10.3390/electronics9010173 .

Khraisat, A., I. Gondal, P. Vamplew, and J. Kamruzzaman. 2019. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity 2 (1): 20. https://doi.org/10.1186/s42400-019-0038-7 .

Kilincer, I.F., F. Ertam, and A. Sengur. 2021. Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks 188: 16. https://doi.org/10.1016/j.comnet.2021.107840 .

Kim, D., and H.K. Kim. 2019. Automated dataset generation system for collaborative research of cyber threat analysis. Security and Communication Networks 2019: 10. https://doi.org/10.1155/2019/6268476 .

Kim, G., C. Lee, J. Jo, and H. Lim. 2020. Automatic extraction of named entities of cyber threats using a deep Bi-LSTM-CRF network. International Journal of Machine Learning and Cybernetics 11 (10): 2341–2355. https://doi.org/10.1007/s13042-020-01122-6 .

Kirubavathi, G., and R. Anitha. 2016. Botnet detection via mining of traffic flow characteristics. Computers & Electrical Engineering 50: 91–101. https://doi.org/10.1016/j.compeleceng.2016.01.012 .

Kiwia, D., A. Dehghantanha, K.K.R. Choo, and J. Slaughter. 2018. A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. Journal of Computational Science 27: 394–409. https://doi.org/10.1016/j.jocs.2017.10.020 .

Koroniotis, N., N. Moustafa, and E. Sitnikova. 2020. A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework. Future Generation Computer Systems 110: 91–106. https://doi.org/10.1016/j.future.2020.03.042 .

Kruse, C.S., B. Frederick, T. Jacobson, and D. Kyle Monticone. 2017. Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care 25 (1): 1–10.

Kshetri, N. 2018. The economics of cyber-insurance. IT Professional 20 (6): 9–14. https://doi.org/10.1109/MITP.2018.2874210 .

Kumar, R., P. Kumar, R. Tripathi, G.P. Gupta, T.R. Gadekallu, and G. Srivastava. 2021. SP2F: A secured privacy-preserving framework for smart agricultural Unmanned Aerial Vehicles. Computer Networks . https://doi.org/10.1016/j.comnet.2021.107819 .

Kumar, R., and R. Tripathi. 2021. DBTP2SF: A deep blockchain-based trustworthy privacy-preserving secured framework in industrial internet of things systems. Transactions on Emerging Telecommunications Technologies 32 (4): 27. https://doi.org/10.1002/ett.4222 .

Laso, P.M., D. Brosset, and J. Puentes. 2017. Dataset of anomalies and malicious acts in a cyber-physical subsystem. Data in Brief 14: 186–191. https://doi.org/10.1016/j.dib.2017.07.038 .

Lee, J., J. Kim, I. Kim, and K. Han. 2019. Cyber threat detection based on artificial neural networks using event profiles. IEEE Access 7: 165607–165626. https://doi.org/10.1109/ACCESS.2019.2953095 .

Lee, S.J., P.D. Yoo, A.T. Asyhari, Y. Jhi, L. Chermak, C.Y. Yeun, and K. Taha. 2020. IMPACT: Impersonation attack detection via edge computing using deep Autoencoder and feature abstraction. IEEE Access 8: 65520–65529. https://doi.org/10.1109/ACCESS.2020.2985089 .

Leong, Y.-Y., and Y.-C. Chen. 2020. Cyber risk cost and management in IoT devices-linked health insurance. The Geneva Papers on Risk and Insurance—Issues and Practice 45 (4): 737–759. https://doi.org/10.1057/s41288-020-00169-4 .

Levi, M. 2017. Assessing the trends, scale and nature of economic cybercrimes: overview and Issues: In Cybercrimes, cybercriminals and their policing, in crime, law and social change. Crime, Law and Social Change 67 (1): 3–20. https://doi.org/10.1007/s10611-016-9645-3 .

Li, C., K. Mills, D. Niu, R. Zhu, H. Zhang, and H. Kinawi. 2019a. Android malware detection based on factorization machine. IEEE Access 7: 184008–184019. https://doi.org/10.1109/ACCESS.2019.2958927 .

Li, D.Q., and Q.M. Li. 2020. Adversarial deep ensemble: evasion attacks and defenses for malware detection. IEEE Transactions on Information Forensics and Security 15: 3886–3900. https://doi.org/10.1109/tifs.2020.3003571 .

Li, D.Q., Q.M. Li, Y.F. Ye, and S.H. Xu. 2021. A framework for enhancing deep neural networks against adversarial malware. IEEE Transactions on Network Science and Engineering 8 (1): 736–750. https://doi.org/10.1109/tnse.2021.3051354 .

Li, R.H., C. Zhang, C. Feng, X. Zhang, and C.J. Tang. 2019b. Locating vulnerability in binaries using deep neural networks. IEEE Access 7: 134660–134676. https://doi.org/10.1109/access.2019.2942043 .

Li, X., M. Xu, P. Vijayakumar, N. Kumar, and X. Liu. 2020. Detection of low-frequency and multi-stage attacks in industrial Internet of Things. IEEE Transactions on Vehicular Technology 69 (8): 8820–8831. https://doi.org/10.1109/TVT.2020.2995133 .

Liu, H.Y., and B. Lang. 2019. Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences—Basel 9 (20): 28. https://doi.org/10.3390/app9204396 .

Lopez-Martin, M., B. Carro, and A. Sanchez-Esguevillas. 2020. Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications . https://doi.org/10.1016/j.eswa.2019.112963 .

Loukas, G., D. Gan, and Tuan Vuong. 2013. A review of cyber threats and defence approaches in emergency management. Future Internet 5: 205–236.

Luo, C.C., S. Su, Y.B. Sun, Q.J. Tan, M. Han, and Z.H. Tian. 2020. A convolution-based system for malicious URLs detection. CMC—Computers Materials Continua 62 (1): 399–411.

Mahbooba, B., M. Timilsina, R. Sahal, and M. Serrano. 2021. Explainable artificial intelligence (XAI) to enhance trust management in intrusion detection systems using decision tree model. Complexity 2021: 11. https://doi.org/10.1155/2021/6634811 .

Mahdavifar, S., and A.A. Ghorbani. 2020. DeNNeS: Deep embedded neural network expert system for detecting cyber attacks. Neural Computing & Applications 32 (18): 14753–14780. https://doi.org/10.1007/s00521-020-04830-w .

Mahfouz, A., A. Abuhussein, D. Venugopal, and S. Shiva. 2020. Ensemble classifiers for network intrusion detection using a novel network attack dataset. Future Internet 12 (11): 1–19. https://doi.org/10.3390/fi12110180 .

Maleks Smith, Z., E. Lostri, and J.A. Lewis. 2020. The hidden costs of cybercrime. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf . Accessed 16 May 2021.

Malik, J., A. Akhunzada, I. Bibi, M. Imran, A. Musaddiq, and S.W. Kim. 2020. Hybrid deep learning: An efficient reconnaissance and surveillance detection mechanism in SDN. IEEE Access 8: 134695–134706. https://doi.org/10.1109/ACCESS.2020.3009849 .

Manimurugan, S. 2020. IoT-Fog-Cloud model for anomaly detection using improved Naive Bayes and principal component analysis. Journal of Ambient Intelligence and Humanized Computing . https://doi.org/10.1007/s12652-020-02723-3 .

Martin, A., R. Lara-Cabrera, and D. Camacho. 2019. Android malware detection through hybrid features fusion and ensemble classifiers: The AndroPyTool framework and the OmniDroid dataset. Information Fusion 52: 128–142. https://doi.org/10.1016/j.inffus.2018.12.006 .

Mauro, M.D., G. Galatro, and A. Liotta. 2020. Experimental review of neural-based approaches for network intrusion management. IEEE Transactions on Network and Service Management 17 (4): 2480–2495. https://doi.org/10.1109/TNSM.2020.3024225 .

McLeod, A., and D. Dolezel. 2018. Cyber-analytics: Modeling factors associated with healthcare data breaches. Decision Support Systems 108: 57–68. https://doi.org/10.1016/j.dss.2018.02.007 .

Meira, J., R. Andrade, I. Praca, J. Carneiro, V. Bolon-Canedo, A. Alonso-Betanzos, and G. Marreiros. 2020. Performance evaluation of unsupervised techniques in cyber-attack anomaly detection. Journal of Ambient Intelligence and Humanized Computing 11 (11): 4477–4489. https://doi.org/10.1007/s12652-019-01417-9 .

Miao, Y., J. Ma, X. Liu, J. Weng, H. Li, and H. Li. 2019. Lightweight fine-grained search over encrypted data in Fog computing. IEEE Transactions on Services Computing 12 (5): 772–785. https://doi.org/10.1109/TSC.2018.2823309 .

Miller, C., and C. Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015 (S 91).

Mireles, J.D., E. Ficke, J.H. Cho, P. Hurley, and S.H. Xu. 2019. Metrics towards measuring cyber agility. IEEE Transactions on Information Forensics and Security 14 (12): 3217–3232. https://doi.org/10.1109/tifs.2019.2912551 .

Mishra, N., and S. Pandya. 2021. Internet of Things applications, security challenges, attacks, intrusion detection, and future visions: A systematic review. IEEE Access . https://doi.org/10.1109/ACCESS.2021.3073408 .

Monshizadeh, M., V. Khatri, B.G. Atli, R. Kantola, and Z. Yan. 2019. Performance evaluation of a combined anomaly detection platform. IEEE Access 7: 100964–100978. https://doi.org/10.1109/ACCESS.2019.2930832 .

Moreno, V.C., G. Reniers, E. Salzano, and V. Cozzani. 2018. Analysis of physical and cyber security-related events in the chemical and process industry. Process Safety and Environmental Protection 116: 621–631. https://doi.org/10.1016/j.psep.2018.03.026 .

Moro, E.D. 2020. Towards an economic cyber loss index for parametric cover based on IT security indicator: A preliminary analysis. Risks . https://doi.org/10.3390/risks8020045 .

Moustafa, N., E. Adi, B. Turnbull, and J. Hu. 2018. A new threat intelligence scheme for safeguarding industry 4.0 systems. IEEE Access 6: 32910–32924. https://doi.org/10.1109/ACCESS.2018.2844794 .

Moustakidis, S., and P. Karlsson. 2020. A novel feature extraction methodology using Siamese convolutional neural networks for intrusion detection. Cybersecurity . https://doi.org/10.1186/s42400-020-00056-4 .

Mukhopadhyay, A., S. Chatterjee, K.K. Bagchi, P.J. Kirs, and G.K. Shukla. 2019. Cyber Risk Assessment and Mitigation (CRAM) framework using Logit and Probit models for cyber insurance. Information Systems Frontiers 21 (5): 997–1018. https://doi.org/10.1007/s10796-017-9808-5 .

Murphey, H. 2021a. Biden signs executive order to strengthen US cyber security. https://www.ft.com/content/4d808359-b504-4014-85f6-68e7a2851bf1?accessToken=zwAAAXl0_ifgkc9NgINZtQRAFNOF9mjnooUb8Q.MEYCIQDw46SFWsMn1iyuz3kvgAmn6mxc0rIVfw10Lg1ovJSfJwIhAK2X2URzfSqHwIS7ddRCvSt2nGC2DcdoiDTG49-4TeEt&sharetype=gift?token=fbcd6323-1ecf-4fc3-b136-b5b0dd6a8756 . Accessed 7 May 2021.

Murphey, H. 2021b. Millions of connected devices have security flaws, study shows. https://www.ft.com/content/0bf92003-926d-4dee-87d7-b01f7c3e9621?accessToken=zwAAAXnA7f2Ikc8L-SADkm1N7tOH17AffD6WIQ.MEQCIDjBuROvhmYV0Mx3iB0cEV7m5oND1uaCICxJu0mzxM0PAiBam98q9zfHiTB6hKGr1gGl0Azt85yazdpX9K5sI8se3Q&sharetype=gift?token=2538218d-77d9-4dd3-9649-3cb556a34e51 . Accessed 6 May 2021.

Murugesan, V., M. Shalinie, and M.H. Yang. 2018. Design and analysis of hybrid single packet IP traceback scheme. IET Networks 7 (3): 141–151. https://doi.org/10.1049/iet-net.2017.0115 .

Mwitondi, K.S., and S.A. Zargari. 2018. An iterative multiple sampling method for intrusion detection. Information Security Journal 27 (4): 230–239. https://doi.org/10.1080/19393555.2018.1539790 .

Neto, N.N., S. Madnick, A.M.G. De Paula, and N.M. Borges. 2021. Developing a global data breach database and the challenges encountered. ACM Journal of Data and Information Quality 13 (1): 33. https://doi.org/10.1145/3439873 .

Nurse, J.R.C., L. Axon, A. Erola, I. Agrafiotis, M. Goldsmith, and S. Creese. 2020. The data that drives cyber insurance: A study into the underwriting and claims processes. In 2020 International conference on cyber situational awareness, data analytics and assessment (CyberSA), 15–19 June 2020.

Oliveira, N., I. Praca, E. Maia, and O. Sousa. 2021. Intelligent cyber attack detection and classification for network-based intrusion detection systems. Applied Sciences—Basel 11 (4): 21. https://doi.org/10.3390/app11041674 .

Page, M.J. et al. 2021. The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. Systematic Reviews 10 (1): 89. https://doi.org/10.1186/s13643-021-01626-4 .

Pajouh, H.H., R. Javidan, R. Khayami, A. Dehghantanha, and K.R. Choo. 2019. A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Transactions on Emerging Topics in Computing 7 (2): 314–323. https://doi.org/10.1109/TETC.2016.2633228 .

Parra, G.D., P. Rad, K.K.R. Choo, and N. Beebe. 2020. Detecting Internet of Things attacks using distributed deep learning. Journal of Network and Computer Applications 163: 13. https://doi.org/10.1016/j.jnca.2020.102662 .

Paté-Cornell, M.E., M. Kuypers, M. Smith, and P. Keller. 2018. Cyber risk management for critical infrastructure: A risk analysis model and three case studies. Risk Analysis 38 (2): 226–241. https://doi.org/10.1111/risa.12844 .

Pooser, D.M., M.J. Browne, and O. Arkhangelska. 2018. Growth in the perception of cyber risk: evidence from U.S. P&C Insurers. The Geneva Papers on Risk and Insurance—Issues and Practice 43 (2): 208–223. https://doi.org/10.1057/s41288-017-0077-9 .

Pu, G., L. Wang, J. Shen, and F. Dong. 2021. A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology 26 (2): 146–153. https://doi.org/10.26599/TST.2019.9010051 .

Qiu, J., W. Luo, L. Pan, Y. Tai, J. Zhang, and Y. Xiang. 2019. Predicting the impact of android malicious samples via machine learning. IEEE Access 7: 66304–66316. https://doi.org/10.1109/ACCESS.2019.2914311 .

Qu, X., L. Yang, K. Guo, M. Sun, L. Ma, T. Feng, S. Ren, K. Li, and X. Ma. 2020. Direct batch growth hierarchical self-organizing mapping based on statistics for efficient network intrusion detection. IEEE Access 8: 42251–42260. https://doi.org/10.1109/ACCESS.2020.2976810 .

Rahman, Md.S., S. Halder, Md. Ashraf Uddin, and U.K. Acharjee. 2021. An efficient hybrid system for anomaly detection in social networks. Cybersecurity 4 (1): 10. https://doi.org/10.1186/s42400-021-00074-w .

Ramaiah, M., V. Chandrasekaran, V. Ravi, and N. Kumar. 2021. An intrusion detection system using optimized deep neural network architecture. Transactions on Emerging Telecommunications Technologies 32 (4): 17. https://doi.org/10.1002/ett.4221 .

Raman, M.R.G., K. Kannan, S.K. Pal, and V.S.S. Sriram. 2016. Rough set-hypergraph-based feature selection approach for intrusion detection systems. Defence Science Journal 66 (6): 612–617. https://doi.org/10.14429/dsj.66.10802 .

Rathore, S., J.H. Park. 2018. Semi-supervised learning based distributed attack detection framework for IoT. Applied Soft Computing 72: 79–89. https://doi.org/10.1016/j.asoc.2018.05.049 .

Romanosky, S., L. Ablon, A. Kuehn, and T. Jones. 2019. Content analysis of cyber insurance policies: How do carriers price cyber risk? Journal of Cybersecurity (oxford) 5 (1): tyz002.

Sarabi, A., P. Naghizadeh, Y. Liu, and M. Liu. 2016. Risky business: Fine-grained data breach prediction using business profiles. Journal of Cybersecurity 2 (1): 15–28. https://doi.org/10.1093/cybsec/tyw004 .

Sardi, Alberto, Alessandro Rizzi, Enrico Sorano, and Anna Guerrieri. 2021. Cyber risk in health facilities: A systematic literature review. Sustainability 12 (17): 7002.

Sarker, Iqbal H., A.S.M. Kayes, Shahriar Badsha, Hamed Alqahtani, Paul Watters, and Alex Ng. 2020. Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data 7 (1): 41. https://doi.org/10.1186/s40537-020-00318-5 .

Scopus. 2021. Factsheet. https://www.elsevier.com/__data/assets/pdf_file/0017/114533/Scopus_GlobalResearch_Factsheet2019_FINAL_WEB.pdf . Accessed 11 May 2021.

Sentuna, A., A. Alsadoon, P.W.C. Prasad, M. Saadeh, and O.H. Alsadoon. 2021. A novel Enhanced Naïve Bayes Posterior Probability (ENBPP) using machine learning: Cyber threat analysis. Neural Processing Letters 53 (1): 177–209. https://doi.org/10.1007/s11063-020-10381-x .

Shaukat, K., S.H. Luo, V. Varadharajan, I.A. Hameed, S. Chen, D.X. Liu, and J.M. Li. 2020. Performance comparison and current challenges of using machine learning techniques in cybersecurity. Energies 13 (10): 27. https://doi.org/10.3390/en13102509 .

Sheehan, B., F. Murphy, M. Mullins, and C. Ryan. 2019. Connected and autonomous vehicles: A cyber-risk classification framework. Transportation Research Part a: Policy and Practice 124: 523–536. https://doi.org/10.1016/j.tra.2018.06.033 .

Sheehan, B., F. Murphy, A.N. Kia, and R. Kiely. 2021. A quantitative bow-tie cyber risk classification and assessment framework. Journal of Risk Research 24 (12): 1619–1638.

Shlomo, A., M. Kalech, and R. Moskovitch. 2021. Temporal pattern-based malicious activity detection in SCADA systems. Computers & Security 102: 17. https://doi.org/10.1016/j.cose.2020.102153 .

Singh, K.J., and T. De. 2020. Efficient classification of DDoS attacks using an ensemble feature selection algorithm. Journal of Intelligent Systems 29 (1): 71–83. https://doi.org/10.1515/jisys-2017-0472 .

Skrjanc, I., S. Ozawa, T. Ban, and D. Dovzan. 2018. Large-scale cyber attacks monitoring using Evolving Cauchy Possibilistic Clustering. Applied Soft Computing 62: 592–601. https://doi.org/10.1016/j.asoc.2017.11.008 .

Smart, W. 2018. Lessons learned review of the WannaCry Ransomware Cyber Attack. https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf . Accessed 7 May 2021.

Sornette, D., T. Maillart, and W. Kröger. 2013. Exploring the limits of safety analysis in complex technological systems. International Journal of Disaster Risk Reduction 6: 59–66. https://doi.org/10.1016/j.ijdrr.2013.04.002 .

Sovacool, B.K. 2008. The costs of failure: A preliminary assessment of major energy accidents, 1907–2007. Energy Policy 36 (5): 1802–1820. https://doi.org/10.1016/j.enpol.2008.01.040 .

SpringerLink. 2021. Journal Search. https://rd.springer.com/search?facet-content-type=%22Journal%22 . Accessed 11 May 2021.

Stojanovic, B., K. Hofer-Schmitz, and U. Kleb. 2020. APT datasets and attack modeling for automated detection methods: A review. Computers & Security 92: 19. https://doi.org/10.1016/j.cose.2020.101734 .

Subroto, A., and A. Apriyana. 2019. Cyber risk prediction through social media big data analytics and statistical machine learning. Journal of Big Data . https://doi.org/10.1186/s40537-019-0216-1 .

Tan, Z., A. Jamdagni, X. He, P. Nanda, R.P. Liu, and J. Hu. 2015. Detection of denial-of-service attacks based on computer vision techniques. IEEE Transactions on Computers 64 (9): 2519–2533. https://doi.org/10.1109/TC.2014.2375218 .

Tidy, J. 2021. Irish cyber-attack: Hackers bail out Irish health service for free. https://www.bbc.com/news/world-europe-57197688 . Accessed 6 May 2021.

Tuncer, T., F. Ertam, and S. Dogan. 2020. Automated malware recognition method based on local neighborhood binary pattern. Multimedia Tools and Applications 79 (37–38): 27815–27832. https://doi.org/10.1007/s11042-020-09376-6 .

Uhm, Y., and W. Pak. 2021. Service-aware two-level partitioning for machine learning-based network intrusion detection with high performance and high scalability. IEEE Access 9: 6608–6622. https://doi.org/10.1109/ACCESS.2020.3048900 .

Ulven, J.B., and G. Wangen. 2021. A systematic review of cybersecurity risks in higher education. Future Internet 13 (2): 1–40. https://doi.org/10.3390/fi13020039 .

Vaccari, I., G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso. 2020. MQTTset, a new dataset for machine learning techniques on MQTT. Sensors 20 (22): 17. https://doi.org/10.3390/s20226578 .

Valeriano, B., and R.C. Maness. 2014. The dynamics of cyber conflict between rival antagonists, 2001–11. Journal of Peace Research 51 (3): 347–360. https://doi.org/10.1177/0022343313518940 .

Varghese, J.E., and B. Muniyal. 2021. An Efficient IDS framework for DDoS attacks in SDN environment. IEEE Access 9: 69680–69699. https://doi.org/10.1109/ACCESS.2021.3078065 .

Varsha, M. V., P. Vinod, K.A. Dhanya. 2017 Identification of malicious android app using manifest and opcode features. Journal of Computer Virology and Hacking Techniques 13 (2): 125–138. https://doi.org/10.1007/s11416-016-0277-z

Velliangiri, S., and H.M. Pandey. 2020. Fuzzy-Taylor-elephant herd optimization inspired Deep Belief Network for DDoS attack detection and comparison with state-of-the-arts algorithms. Future Generation Computer Systems—the International Journal of Escience 110: 80–90. https://doi.org/10.1016/j.future.2020.03.049 .

Verma, A., and V. Ranga. 2020. Machine learning based intrusion detection systems for IoT applications. Wireless Personal Communications 111 (4): 2287–2310. https://doi.org/10.1007/s11277-019-06986-8 .

Vidros, S., C. Kolias, G. Kambourakis, and L. Akoglu. 2017. Automatic detection of online recruitment frauds: Characteristics, methods, and a public dataset. Future Internet 9 (1): 19. https://doi.org/10.3390/fi9010006 .

Vinayakumar, R., M. Alazab, K.P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman. 2019. Deep learning approach for intelligent intrusion detection system. IEEE Access 7: 41525–41550. https://doi.org/10.1109/access.2019.2895334 .

Walker-Roberts, S., M. Hammoudeh, O. Aldabbas, M. Aydin, and A. Dehghantanha. 2020. Threats on the horizon: Understanding security threats in the era of cyber-physical systems. Journal of Supercomputing 76 (4): 2643–2664. https://doi.org/10.1007/s11227-019-03028-9 .

Web of Science. 2021. Web of Science: Science Citation Index Expanded. https://clarivate.com/webofsciencegroup/solutions/webofscience-scie/ . Accessed 11 May 2021.

World Economic Forum. 2020. WEF Global Risk Report. http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf . Accessed 13 May 2020.

Xin, Y., L. Kong, Z. Liu, Y. Chen, Y. Li, H. Zhu, M. Gao, H. Hou, and C. Wang. 2018. Machine learning and deep learning methods for cybersecurity. IEEE Access 6: 35365–35381. https://doi.org/10.1109/ACCESS.2018.2836950 .

Xu, C., J. Zhang, K. Chang, and C. Long. 2013. Uncovering collusive spammers in Chinese review websites. In Proceedings of the 22nd ACM international conference on Information & Knowledge Management.

Yang, J., T. Li, G. Liang, W. He, and Y. Zhao. 2019. A Simple recurrent unit model based intrusion detection system with DCGAN. IEEE Access 7: 83286–83296. https://doi.org/10.1109/ACCESS.2019.2922692 .

Yuan, B.G., J.F. Wang, D. Liu, W. Guo, P. Wu, and X.H. Bao. 2020. Byte-level malware classification based on Markov images and deep learning. Computers & Security 92: 12. https://doi.org/10.1016/j.cose.2020.101740 .

Zhang, S., X.M. Ou, and D. Caragea. 2015. Predicting cyber risks through national vulnerability database. Information Security Journal 24 (4–6): 194–206. https://doi.org/10.1080/19393555.2015.1111961 .

Zhang, Y., P. Li, and X. Wang. 2019. Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7: 31711–31722.

Zheng, Muwei, Hannah Robbins, Zimo Chai, Prakash Thapa, and Tyler Moore. 2018. Cybersecurity research datasets: taxonomy and empirical analysis. In 11th {USENIX} workshop on cyber security experimentation and test ({CSET} 18).

Zhou, X., W. Liang, S. Shimizu, J. Ma, and Q. Jin. 2021. Siamese neural network based few-shot learning for anomaly detection in industrial cyber-physical systems. IEEE Transactions on Industrial Informatics 17 (8): 5790–5798. https://doi.org/10.1109/TII.2020.3047675 .

Zhou, Y.Y., G. Cheng, S.Q. Jiang, and M. Dai. 2020. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Computer Networks 174: 17. https://doi.org/10.1016/j.comnet.2020.107247 .

Download references

Open Access funding provided by the IReL Consortium.

Author information

Authors and affiliations.

University of Limerick, Limerick, Ireland

Frank Cremer, Barry Sheehan, Arash N. Kia, Martin Mullins & Finbarr Murphy

TH Köln University of Applied Sciences, Cologne, Germany

Michael Fortmann & Stefan Materne

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Barry Sheehan .

Ethics declarations

Conflict of interest.

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary Information

Below is the link to the electronic supplementary material.

Supplementary file1 (PDF 334 kb)

Supplementary file1 (docx 418 kb), rights and permissions.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cremer, F., Sheehan, B., Fortmann, M. et al. Cyber risk and cybersecurity: a systematic review of data availability. Geneva Pap Risk Insur Issues Pract 47 , 698–736 (2022). https://doi.org/10.1057/s41288-022-00266-6

Download citation

Received : 15 June 2021

Accepted : 20 January 2022

Published : 17 February 2022

Issue Date : July 2022

DOI : https://doi.org/10.1057/s41288-022-00266-6

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

  • Cyber insurance
  • Systematic review
  • Cybersecurity
  • Find a journal
  • Publish with us
  • Track your research

Subscribe to the PwC Newsletter

Join the community, search results, large language models for cyber security: a systematic literature review.

1 code implementation • 8 May 2024

Overall, our survey provides a comprehensive overview of the current state-of-the-art in LLM4Security and identifies several promising directions for future research.

Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security

5 code implementations • International Conference on Computing, Communication and Networking Technologies (ICCCNT) 2018

In this paper, DNNs have been utilized to predict the attacks on Network Intrusion Detection System (N-IDS).

cyber security research paper docx

Automatic Labeling for Entity Extraction in Cyber Security

3 code implementations • 22 Aug 2013

Timely analysis of cyber-security information necessitates automated information extraction from unstructured text.

The Path To Autonomous Cyber Defense

1 code implementation • 12 Apr 2024

Defenders are overwhelmed by the number and scale of attacks against their networks. This problem will only be exacerbated as attackers leverage artificial intelligence to automate their workflows.

Developing Optimal Causal Cyber-Defence Agents via Cyber Security Simulation

3 code implementations • 25 Jul 2022

In this paper we explore cyber security defence, through the unification of a novel cyber security simulator with models for (causal) decision-making through optimisation.

SROS2: Usable Cyber Security Tools for ROS 2

1 code implementation • 4 Aug 2022

Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding security to robots and ROS computational graphs is increasingly becoming a concern.

Cryptography and Security Distributed, Parallel, and Cluster Computing Networking and Internet Architecture Robotics Software Engineering

Fundamental Challenges of Cyber-Physical Systems Security Modeling

1 code implementation • 30 Apr 2020

Systems modeling practice lacks security analysis tools that can interface with modeling languages to facilitate security by design.

Cryptography and Security Systems and Control Systems and Control

A Model-Based Approach to Security Analysis for Cyber-Physical Systems

1 code implementation • 31 Oct 2017

To construct such a model we produce a taxonomy of attributes; that is, a generalized schema for system attributes.

Looking for a Black Cat in a Dark Room: Security Visualization for Cyber-Physical System Design and Analysis

1 code implementation • 24 Aug 2018

Today, there is a plethora of software security tools employing visualizations that enable the creation of useful and effective interactive security analyst dashboards.

Human-Computer Interaction Cryptography and Security

Towards a relation extraction framework for cyber-security concepts

1 code implementation • 16 Apr 2015

In order to assist security analysts in obtaining information pertaining to their network, such as novel vulnerabilities, exploits, or patches, information retrieval methods tailored to the security domain are needed.

cyber security research paper docx

banner-in1

105 Latest Cyber Security Research Topics in 2024

Home Blog Security 105 Latest Cyber Security Research Topics in 2024

Play icon

The concept of cybersecurity refers to cracking the security mechanisms that break in dynamic environments. Implementing Cyber Security Project topics and cybersecurity thesis topics helps overcome attacks and take mitigation approaches to security risks and threats in real-time. Undoubtedly, it focuses on events injected into the system, data, and the whole network to attack/disturb it.

The network can be attacked in various ways, including Distributed DoS, Knowledge Disruptions, Computer Viruses / Worms, and many more. Cyber-attacks are still rising, and more are waiting to harm their targeted systems and networks. Detecting Intrusions in cybersecurity has become challenging due to their Intelligence Performance. Therefore, it may negatively affect data integrity, privacy, availability, and security. 

This article aims to demonstrate the most current Cyber Security Research Topics for Projects and areas of research currently lacking. We will talk about cyber security research questions, cyber security topics for the project, latest research titles about cyber security.

List of Trending Cyber Security Research Topics in 2024

Digital technology has revolutionized how all businesses, large or small, work, and even governments manage their day-to-day activities, requiring organizations, corporations, and government agencies to utilize computerized systems. To protect data against online attacks or unauthorized access, cybersecurity is a priority. There are many Cyber Security Courses online where you can learn about these topics. With the rapid development of technology comes an equally rapid shift in Cyber Security Research Topics and cybersecurity trends, as data breaches, ransomware, and hacks become almost routine news items. In 2024, these will be the top cybersecurity trends .

A. Exciting Mobile Cyber Security Research Paper Topics

  • The significance of continuous user authentication on mobile gadgets. 
  • The efficacy of different mobile security approaches. 
  • Detecting mobile phone hacking. 
  • Assessing the threat of using portable devices to access banking services. 
  • Cybersecurity and mobile applications. 
  • The vulnerabilities in wireless mobile data exchange. 
  • The rise of mobile malware. 
  • The evolution of Android malware.
  • How to know you’ve been hacked on mobile. 
  • The impact of mobile gadgets on cybersecurity. 

B. Top Computer and Software Security Topics to Research

  • Learn algorithms for data encryption 
  • Concept of risk management security 
  • How to develop the best Internet security software 
  • What are Encrypting Viruses- How does it work? 
  • How does a Ransomware attack work? 
  • Scanning of malware on your PC 
  • Infiltrating a Mac OS X operating system 
  • What are the effects of RSA on network security ? 
  • How do encrypting viruses work?
  • DDoS attacks on IoT devices

C. Trending Information Security Research Topics

  • Why should people avoid sharing their details on Facebook? 
  • What is the importance of unified user profiles? 
  • Discuss Cookies and Privacy  
  • White hat and black hat hackers 
  • What are the most secure methods for ensuring data integrity? 
  • Talk about the implications of Wi-Fi hacking apps on mobile phones 
  • Analyze the data breaches in 2024
  • Discuss digital piracy in 2024
  • critical cyber-attack concepts 
  • Social engineering and its importance 

D. Current Network Security Research Topics

  • Data storage centralization
  • Identify Malicious activity on a computer system. 
  • Firewall 
  • Importance of keeping updated Software  
  • wireless sensor network 
  • What are the effects of ad-hoc networks
  • How can a company network be safe? 
  • What are Network segmentation and its applications? 
  • Discuss Data Loss Prevention systems  
  • Discuss various methods for establishing secure algorithms in a network. 
  • Talk about two-factor authentication

E. Best Data Security Research Topics

  • Importance of backup and recovery 
  • Benefits of logging for applications 
  • Understand physical data security 
  • Importance of Cloud Security 
  • In computing, the relationship between privacy and data security 
  • Talk about data leaks in mobile apps 
  • Discuss the effects of a black hole on a network system. 

F. Important Application Security Research Topics

  • Detect Malicious Activity on Google Play Apps 
  • Dangers of XSS attacks on apps 
  • Discuss SQL injection attacks. 
  • Insecure Deserialization Effect 
  • Check Security protocols 

G. Cybersecurity Law & Ethics Research Topics

  • Strict cybersecurity laws in China 
  • Importance of the Cybersecurity Information Sharing Act. 
  • USA, UK, and other countries' cybersecurity laws  
  • Discuss The Pipeline Security Act in the United States 

H. Recent Cyberbullying Topics

  • Protecting your Online Identity and Reputation 
  • Online Safety 
  • Sexual Harassment and Sexual Bullying 
  • Dealing with Bullying 
  • Stress Center for Teens 

I. Operational Security Topics

  • Identify sensitive data 
  • Identify possible threats 
  • Analyze security threats and vulnerabilities 
  • Appraise the threat level and vulnerability risk 
  • Devise a plan to mitigate the threats 

J. Cybercrime Topics for a Research Paper

  • Crime Prevention. 
  • Criminal Specialization. 
  • Drug Courts. 
  • Criminal Courts. 
  • Criminal Justice Ethics. 
  • Capital Punishment.
  • Community Corrections. 
  • Criminal Law.

Cyber Security Future Research Topics

  • Developing more effective methods for detecting and responding to cyber attacks
  • Investigating the role of social media in cyber security
  • Examining the impact of cloud computing on cyber security
  • Investigating the security implications of the Internet of Things
  • Studying the effectiveness of current cyber security measures
  • Identifying new cyber security threats and vulnerabilities
  • Developing more effective cyber security policies
  • Examining the ethical implications of cyber security

Cyber Security Topics For Research Paper

  • Cyber security threats and vulnerabilities
  • Cyber security incident response and management
  • Cyber security risk management
  • Cyber security awareness and training
  • Cyber security controls and countermeasures
  • Cyber security governance
  • Cyber security standards
  • Cyber security insurance

Top 5 Current Research Topics in Cybersecurity

Below are the latest 5 cybersecurity research topics. They are:

  • Artificial Intelligence
  • Digital Supply Chains
  • Internet of Things
  • State-Sponsored Attacks
  • Working From Home

Research Area in Cyber Security

The field of cyber security is extensive and constantly evolving. Its research covers a wide range of subjects, including: 

  • Quantum & Space  
  • Data Privacy  
  • Criminology & Law 
  • AI & IoT Security
  • RFID Security
  • Authorization Infrastructure
  • Digital Forensics
  • Autonomous Security
  • Social Influence on Social Networks

How to Choose the Best Research Topics in Cyber Security?

A good cybersecurity assignment heading is a skill that not everyone has, and unfortunately, not everyone has one. You might have your teacher provide you with the topics, or you might be asked to come up with your own. If you want more cyber security research topics, you can take references from Certified Ethical Hacker Certification, where you will get more hints on new topics. If you don't know where to start, here are some tips. Follow them to create compelling cybersecurity assignment topics. 

1. Brainstorm

In order to select the most appropriate heading for your cybersecurity assignment, you first need to brainstorm ideas. What specific matter do you wish to explore? In this case, come up with relevant topics about the subject and select those relevant to your issue when you use our list of topics. You can also go to cyber security-oriented websites to get some ideas. Using any blog post on the internet can prove helpful if you intend to write a research paper on security threats in 2024. Creating a brainstorming list with all the keywords and cybersecurity concepts you wish to discuss is another great way to start. Once that's done, pick the topics you feel most comfortable handling. Keep in mind to stay away from common topics as much as possible. 

2. Understanding the Background

In order to write a cybersecurity assignment, you need to identify two or three research paper topics. Obtain the necessary resources and review them to gain background information on your heading. This will also allow you to learn new terminologies that can be used in your title to enhance it. 

3. Write a Single Topic

Make sure the subject of your cybersecurity research paper doesn't fall into either extreme. Make sure the title is neither too narrow nor too broad. Topics on either extreme will be challenging to research and write about. 

4. Be Flexible

There is no rule to say that the title you choose is permanent. It is perfectly okay to change your research paper topic along the way. For example, if you find another topic on this list to better suit your research paper, consider swapping it out. 

The Layout of Cybersecurity Research Guidance

It is undeniable that usability is one of cybersecurity's most important social issues today. Increasingly, security features have become standard components of our digital environment, which pervade our lives and require both novices and experts to use them. Supported by confidentiality, integrity, and availability concerns, security features have become essential components of our digital environment.  

In order to make security features easily accessible to a wider population, these functions need to be highly usable. This is especially true in this context because poor usability typically translates into the inadequate application of cybersecurity tools and functionality, resulting in their limited effectiveness. 

Cyber Security Research Topic Writing Tips from Expert

Additionally, a well-planned action plan and a set of useful tools are essential for delving into Cyber Security research topics. Not only do these topics present a vast realm of knowledge and potential innovation, but they also have paramount importance in today's digital age. Addressing the challenges and nuances of these research areas will contribute significantly to the global cybersecurity landscape, ensuring safer digital environments for all. It's crucial to approach these topics with diligence and an open mind to uncover groundbreaking insights.

  • Before you begin writing your research paper, make sure you understand the assignment. 
  • Your Research Paper Should Have an Engaging Topic 
  • Find reputable sources by doing a little research 
  • Precisely state your thesis on cybersecurity 
  • A rough outline should be developed 
  • Finish your paper by writing a draft 
  • Make sure that your bibliography is formatted correctly and cites your sources. 
Discover the Power of ITIL 4 Foundation - Unleash the Potential of Your Business with this Cost-Effective Solution. Boost Efficiency, Streamline Processes, and Stay Ahead of the Competition. Learn More!

Studies in the literature have identified and recommended guidelines and recommendations for addressing security usability problems to provide highly usable security. The purpose of such papers is to consolidate existing design guidelines and define an initial core list that can be used for future reference in the field of Cyber Security Research Topics.

The researcher takes advantage of the opportunity to provide an up-to-date analysis of cybersecurity usability issues and evaluation techniques applied so far. As a result of this research paper, researchers and practitioners interested in cybersecurity systems who value human and social design elements are likely to find it useful. You can find KnowledgeHut’s Cyber Security courses online and take maximum advantage of them.

Frequently Asked Questions (FAQs)

Businesses and individuals are changing how they handle cybersecurity as technology changes rapidly - from cloud-based services to new IoT devices. 

Ideally, you should have read many papers and know their structure, what information they contain, and so on if you want to write something of interest to others. 

Inmates having the right to work, transportation of concealed weapons, rape and violence in prison, verdicts on plea agreements, rehab versus reform, and how reliable are eyewitnesses? 

The field of cyber security is extensive and constantly evolving. Its research covers various subjects, including Quantum & Space, Data Privacy, Criminology & Law, and AI & IoT Security. 

Profile

Mrinal Prakash

I am a B.Tech Student who blogs about various topics on cyber security and is specialized in web application security

Avail your free 1:1 mentorship session.

Something went wrong

Upcoming Cyber Security Batches & Dates

NameDateFeeKnow more

Course advisor icon

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

  • We're Hiring!
  • Help Center

paper cover thumbnail

Cyber Security Curriculum Initiative.docx

Profile image of Jeff Hearn

Data breaches and increased regulatory compliance are driving the need for cyber security managers and technicians to fill positions that did not exist several years ago. To support the requirements of an ever-growing cyber security workforce, Cyber Security and Information Assurance Master of Science cohort 14 (CSIA) Team One, identified a global need for basic education in cyber security. This is partly because there is not enough interest in cyber security by K-12 students. Science, Technology, Engineering, and Math (STEM) education in America is designed to focus on developing scientists and engineers, not cyber security specialists, and thus, K-12 educators are not adequately trained in cyber security. They remain focused on teaching traditional STEM subjects. The new curriculum provides for lessons to be introduced during the 2016-2017, and will focus on ethics and defensive cyber security basics that could be used as a collaborative pilot program in local San Diego middle and high schools. One sample unit would be introduced into the curriculum. This instruction is subject to continuous improvement by future cohorts, and is meant to bridge the educational gap and prepare students to participate in Capture the Flag (CTF) events, certification, or to encourage degree work at a community college. Long-range employment plans could be a goal as well. Team One presents a survey of academic source works, government documents and highly regarded commercial or professional reports in the field. Multidisciplinary topics include information management, computer technology, ethics, curriculum design, and career development. Keywords: Capture the Flag (CTF); cyber ethics; cybersecurity, cyber security; cyber security curriculum; cyber workforce; Next Generation Science Standards, (NGSS); Science, Technology, Engineering and Math (STEM), National Institute for Cyber Education (NICE).

Related Papers

2017 IEEE World Engineering Education Conference (EDUNINE)

Henrique Santos

cyber security research paper docx

Hillary Fleenor

Investing in raising a generation with more security-aware minds is vital in preventing many of the security incidents that threaten individuals, organizations, businesses and nations today. In addition, there is a high need for well-trained cybersecurity professionals to protect our networks, computer systems, and infrastructure. Early exposure to basic cybersecurity concerns and concepts is key to developing awareness, piquing student interest, and laying foundation for more complex skill development. In this work, authors present their work developing a middle school cybersecurity curriculum for U.S. grade 8 students. This includes standards, objectives, and lessons for implementation within a year-long business and computer science course. The authors also share their experience and results from piloting the curriculum with nearly sixty grade 8 students in two classes at a Title I middle school in Columbus, GA during the 2017–2018 school year. A comparison of pre and post test r...

The human resource skills gap in cybersecurity has created an opportunity for educational institutions interested in cybersecurity education. The current number of schools designated by the Department of Homeland Security (DHS) and National Security Agency (NSA) as Centers of Academic Excellence (CAE) to train cybersecurity experts are not sufficient to meet the shortfall in the industry. The DHS has clearly mapped out knowledge areas for cybersecurity education for both technical and non-technical disciplines; it is therefore possible for institutions not yet designated CAEs to generate cybersecurity experts, with the longterm goal of attaining the CAE designation. The purpose of this paper is to emphasize the need for a topdriven, multidisciplinary approach to cybersecurity education especially at schools that have not yet been designated as Centers for Academic Excellence. The paper also suggests a multi-faceted approach and the important considerations needed to achieve a succes...

2014 47th Hawaii International Conference on System Sciences

James Ramsay

NATO Reference Curriculum

Sean S . Costigan

News headlines are replete with references to commer-cial hacks, data breaches, electronic fraud, the disrup-tion of government service or critical infrastructure, intellectual property theft, exfiltration of national secu-rity secrets, and the potential of cyber destruction. The domains once simply considered as electronic warfare, or information warfare once dominated by network security experts, is today transforming into a much broader domain, referred to as “cybersecurity.”

Proceedings of the 2011 conference on Information technology education - SIGITE '11

Joseph Ekstrom , Barry Lunt

Denise Dragos

Cybersecurity topics which make it into textbooks have historically been developed from real world threats which have been actualized in the real world. In fact, most risk management frameworks require cybersecurity threats to be ranked by a probability metric such as a likelihood and an impact score. Cybersecurity therefore is unlike other computing fields as it is most likely not developed in any part in isolation from the real world. This strong real world connection of the field can be emphasized directly to the student through regular cybersecurity lab and demo exercises. Our research contributes an emphasis for cybersecurity learning through regular (i.e. weekly) lab demonstrations by either or both the instructor or students. The paper discusses a curriculum design where both the cloud and local resources are employed for live cybersecurity demos to the students. A cloud service provider such as Amazon, Microsoft, or Google, can be employed in the classroom setting for the cy...

Janusz Zalewski

Valdemar Švábenský

Ali Bicak , Diane Murphy

The cybersecurity curriculum has grown dramatically over the past decade: once it was just a couple of courses in a computer science graduate program. Today cybersecurity is introduced at the high school level, incorporated into undergraduate computer science and information systems programs, and has resulted in a variety of cybersecurity-specific graduate programs. However, is that even enough? Is cybersecurity so broad that education needs to be more specialized? Employers want graduates who can hit the ground running: not in the broad field of cybersecurity but in some very specific areas. This paper is structured as follows. First, we will provide a brief overview of the current approaches to cybersecurity education including government standards bodies such as the National Initiative for Cybersecurity Education (NICE) framework, the upcoming changes in the National Information Assurance (IA) Education and Training Programs (NIETP) Center of Academic Excellence (CAE) designation requirements, and the Department of Labor competency model. Second, we will present a framework for curriculum changes, which we use to determine the viability of information technology/information systems (IS/IT) curriculum changes to our departmental educational offerings. We examine relationships with other departments and how cybersecurity is enhanced by other domain knowledge. Then we discuss the three specialties we plan to introduce in the cybersecurity graduate curriculum: cybersecurity data analysis, cyber intelligence, and health care information security and privacy. Finally, the future cybersecurity curriculum directions are presented and discussed.

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

RELATED PAPERS

Information Security Education for a Global Digital Society

Herbert Mattord

Journal of Homeland Security Education

Pierre Parrend

Proceedings of the 51st ACM Technical Symposium on Computer Science Education

Maurice Dawson

electronic Journal of Computer Science and Information Technology

Nabil Ahmad Zawawi

Central and Eastern European eDem and eGov Days

Dumitru Ciorba

Journal of US-China Public Administration

Donna Schaeffer

International Journal of Hyperconnectivity and the Internet of Things

Brian Broll

Proceedings of the 17th LACCEI International Multi-Conference for Engineering, Education, and Technology: “Industry, Innovation, and Infrastructure for Sustainable Cities and Communities”

Anthony Kelly , Margaret McCoey

International Journal in Foundations of Computer Science & Technology

Tamsin Kingston

Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education

arXiv (Cornell University)

Harjinder Lallie

Mircea Constantin Șcheau

Eugene H Spafford

Alla Skyrda

International Journal of Computer Theory and Engineering

Rania Hodhod

RELATED TOPICS

  •   We're Hiring!
  •   Help Center
  • Find new research papers in:
  • Health Sciences
  • Earth Sciences
  • Cognitive Science
  • Mathematics
  • Computer Science
  • Academia ©2024

cyber security research paper docx

Provide details on what you need help with along with a budget and time limit. Questions are posted anonymously and can be made 100% private.

cyber security research paper docx

Studypool matches you to the best tutor to help you with your question. Our tutors are highly qualified and vetted.

cyber security research paper docx

Your matched tutor provides personalized help according to your question details. Payment is made only after you have completed your 1-on-1 session and are satisfied with your session.

cyber security research paper docx

  • Homework Q&A
  • Become a Tutor

cyber security research paper docx

All Subjects

Mathematics

Programming

Health & Medical

Engineering

Computer Science

Foreign Languages

cyber security research paper docx

Access over 35 million academic & study documents

Cyber security research paper docx.

cyber security research paper docx

Sign up to view the full document!

cyber security research paper docx

24/7 Study Help

Stuck on a study question? Our verified tutors can answer all questions, from basic  math  to advanced rocket science !

cyber security research paper docx

Similar Documents

cyber security research paper docx

working on a study question?

Studypool BBB Business Review

Studypool is powered by Microtutoring TM

Copyright © 2024. Studypool Inc.

Studypool is not sponsored or endorsed by any college or university.

Ongoing Conversations

cyber security research paper docx

Access over 35 million study documents through the notebank

cyber security research paper docx

Get on-demand Q&A study help from verified tutors

cyber security research paper docx

Read 1000s of rich book guides covering popular titles

cyber security research paper docx

Sign up with Google

cyber security research paper docx

Sign up with Facebook

Already have an account? Login

Login with Google

Login with Facebook

Don't have an account? Sign Up

  • Environment
  • Science & Technology
  • Business & Industry
  • Health & Public Welfare
  • Topics (CFR Indexing Terms)
  • Public Inspection
  • Presidential Documents
  • Document Search
  • Advanced Document Search
  • Public Inspection Search
  • Reader Aids Home
  • Office of the Federal Register Announcements
  • Using FederalRegister.Gov
  • Understanding the Federal Register
  • Recent Site Updates
  • Federal Register & CFR Statistics
  • Videos & Tutorials
  • Developer Resources
  • Government Policy and OFR Procedures
  • Congressional Review
  • My Clipboard
  • My Comments
  • My Subscriptions
  • Sign In / Sign Up
  • Site Feedback
  • Search the Federal Register

The Federal Register

The daily journal of the united states government.

  • Legal Status

This site displays a prototype of a “Web 2.0” version of the daily Federal Register. It is not an official legal edition of the Federal Register, and does not replace the official print version or the official electronic version on GPO’s govinfo.gov.

The documents posted on this site are XML renditions of published Federal Register documents. Each document posted on the site includes a link to the corresponding official PDF file on govinfo.gov. This prototype edition of the daily Federal Register on FederalRegister.gov will remain an unofficial informational resource until the Administrative Committee of the Federal Register (ACFR) issues a regulation granting it official legal status. For complete information about, and access to, our official publications and services, go to About the Federal Register on NARA's archives.gov.

The OFR/GPO partnership is committed to presenting accurate and reliable regulatory information on FederalRegister.gov with the objective of establishing the XML-based Federal Register as an ACFR-sanctioned publication in the future. While every effort has been made to ensure that the material on FederalRegister.gov is accurately displayed, consistent with the official SGML-based PDF version on govinfo.gov, those relying on it for legal research should verify their results against an official edition of the Federal Register. Until the ACFR grants it official status, the XML rendition of the daily Federal Register on FederalRegister.gov does not provide legal notice to the public or judicial notice to the courts.

Notice of Funding Opportunity for the FY 2023-FY 2024 Railroad Crossing Elimination Program

A Notice by the Federal Railroad Administration on 07/10/2024

Document Details

Information about this document as published in the Federal Register .

Document Statistics

Enhanced content.

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Regulations.gov Logo

  • Petition for Waiver of Compliance

Published Document

This document has been published in the Federal Register . Use the PDF linked in the document sidebar for the official electronic format.

Enhanced Content - Table of Contents

This table of contents is a navigational tool, processed from the headings within the legal text of Federal Register documents. This repetition of headings to form internal navigation links has no substantive legal effect.

FOR FURTHER INFORMATION CONTACT:

Supplementary information:, table of contents, a. program description, 1. overview, 2. definitions of key terms, b. federal award information, 1. available award amount & special funding set-asides, 2. award size, a. award minimums and planning exception, 3. award type, 4. concurrent applications, c. eligibility information, 1. eligible applicants, 2. cost sharing and matching, 3. eligible projects, a. the following are eligible under this nofo, b. project component, c. application tracks, d. rural or tribal lands project, d. application and submission information, 1. address to request application package, 2. content and form of application submission, a. project narrative, b. additional application elements, c. post-selection requirements, 3. unique entity identifier and system for award management (sam), a. register with the sam at www.sam.gov, b. obtain a unique entity identifier, c. create a grants.gov username and password, d. acquire authorization for your aor from the e-business point of contact (e-biz poc), e. submit an application addressing all requirements outlined in this nofo, 4. submission dates and times, 5. intergovernmental review, 6. funding restrictions, 7. other submission requirements, e. application review information, 1. criteria, a. eligibility and completeness, b. evaluation criteria, merit criteria ratings—project readiness, merit criteria ratings—technical merit, merit criteria ratings—project benefits, c. selection criteria, i. fra will give preference to eligible projects that—, administration priorities, 2. review and selection process, 3. reporting matters related to integrity and performance.

  • F. Federal Award Administration Information  20

1. Federal Award Notices

2. administrative and national policy requirements, a. federal contract compliance, b. critical infrastructure security, cybersecurity and resilience, c. domestic preference requirements, d. civil rights and title vi, 3. reporting, a. progress reporting on grant activity, b. additional reporting, c. performance and program evaluation, d. performance reporting, e. program evaluation, f. project signage and public acknowledgements, g. federal awarding agency contacts, h. other information, enhanced content - submit public comment.

  • This feature is not available for this document.

Enhanced Content - Read Public Comments

Enhanced content - sharing.

  • Email this document to a friend

Enhanced Content - Document Print View

  • Print this document

Enhanced Content - Document Tools

These tools are designed to help you understand the official document better and aid in comparing the online edition to the print edition.

These markup elements allow the user to see how the document follows the Document Drafting Handbook that agencies use to create their documents. These can be useful for better understanding how a document is structured but are not part of the published document itself.

Enhanced Content - Developer Tools

This document is available in the following developer friendly formats:.

  • JSON: Normalized attributes and metadata
  • XML: Original full text XML
  • MODS: Government Publishing Office metadata

More information and documentation can be found in our developer tools pages .

Official Content

  • View printed version (PDF)

This PDF is the current document as it appeared on Public Inspection on 07/09/2024 at 8:45 am. It was viewed 0 times while on Public Inspection.

If you are using public inspection listings for legal research, you should verify the contents of the documents against a final, official edition of the Federal Register. Only official editions of the Federal Register provide legal notice of publication to the public and judicial notice to the courts under 44 U.S.C. 1503 & 1507 . Learn more here .

Federal Railroad Administration (FRA), Department of Transportation (DOT).

Notice of funding opportunity (NOFO or Notice).

This Notice details the application requirements and procedures to obtain grant funding for eligible projects under the Railroad Crossing Elimination Program for Fiscal Years (FY) 2023 and 2024. This Notice solicits applications for funds made available by the Infrastructure Investment and Jobs Act (IIJA). The opportunity described in this notice is made available under Assistance Listings Number 20.327, “Railroad Crossing Elimination.”

Applications for funding under this solicitation are due no later than 11:59 p.m. EST, September 23, 2024. Applications that are incomplete or received after 11:59 p.m. EST, on September 23, 2024 will not be considered for funding. See section D of this notice for additional information on the application process.

Applications must be submitted via www.Grants.gov . Only applicants who comply with all submission requirements described in this notice and submit applications through www.Grants.gov will be eligible for award.

For further information concerning this notice, please contact the FRA NOFO Support program staff via email at [email protected] . If additional assistance is needed, you may contact Ms. Jenny Zeng, Transportation Industry Analyst, at email: [email protected] or telephone: 857-330-2481; Stefani Gaede, Transportation Industry Analyst, at email: [email protected] or telephone: 202-940-8426; in FRA's Office of Rail Program Development.

Notice to applicants: FRA recommends that applicants read this notice in its entirety prior to preparing Start Printed Page 56789 application materials. Definitions of key terms used throughout the NOFO are provided in section A(2) below. These key terms are capitalized throughout the NOFO. There are several administrative and specific eligibility requirements described herein with which applicants must comply. Additionally, applicants should note that the required Project Narrative component of the application package may not exceed 25 pages in length.

F. Federal Award Administration Information

Summary Overview of Key Information: Railroad Crossing Elimination Program (RCE)

Issuing AgencyFederal Railroad Administration, U.S. Department of Transportation.Program OverviewThe purpose of the RCE Program is to fund highway-rail or pathway-rail grade crossing improvement projects that focus on improving the safety and mobility of people and goods.Eligible Applicants• A State (including the District of Columbia Puerto Rico, and other United States territories and possessions). • A political subdivision of a State. • A federally recognized Indian Tribe. • A unit of local government or a group of local governments. • A public port authority. • A metropolitan planning organization. • A group of entities included above.Eligible Project Types• Grade separation or closure, including through the use of a bridge, embankment, tunnel, or combination thereof. • Track relocation. • The improvement or installation of protective devices, signals, signs, or other measures to improve safety, provided that such activities are related to a separation or relocation project described above. • Other means to improve the safety and mobility of people and goods at highway-rail grade crossings (including technological solutions). • A group of related projects described above that would collectively improve the mobility of people and goods. • The planning, environmental studies, and final design for a project or group of projects described above.FundingThe total funding available for awards under this NOFO is up to $1,148,809,580.DeadlineDeadline: No later than 11:59 p.m. EST, September 23, 2024.

The RCE Program provides a federal funding opportunity to fund highway-rail or pathway-rail grade crossing improvement projects that focus on improving the safety and mobility of people and goods. Such projects will improve American rail infrastructure to enhance rail safety, improve the health and safety of communities, eliminate highway-rail and pathway-rail grade crossings that are frequently blocked by trains, and reduce the impacts that freight movement and railroad operations may have on underserved communities.

The purpose of this NOFO is to solicit applications for projects through the competitive RCE Program, which is authorized by the Infrastructure Investment and Jobs Act (IIJA), Sec. 22104, Public Law 117-58 (November 15, 2021), and funded by the 2023 and 2024 advance appropriations in Title VIII of Division J of the IIJA. This NOFO describes funding available, application submission requirements, and the selection and evaluation criteria for projects under the RCE Program. The RCE Program requirements are codified at 49 U.S.C. 22909 .

This NOFO integrates FRA's Guidance on Development and Implementation of Railroad Capital Projects (Jan. 12, 2023, 88 FR 2163 ) (FRA's Capital Projects Guidance), which assists project sponsors in developing effective and complete capital projects by defining the project development process and describing implementation tools, processes, and documentation that may be required for a grant. FRA's Capital Projects Guidance can be found here: https://railroads.dot.gov/​elibrary/​fra-guidance-development-and-implementation-railroad-capital-project .

In December 2023, FRA updated its standard grant agreement terms and conditions. The new FRA grant agreement consists of three parts: Attachment 1: Standard Terms and Conditions, Attachment 2: Project-Specific Terms and Conditions, and Terms and Conditions Exhibits. The updated agreements are available at: https://railroads.dot.gov/​grants-loans/​fra-discretionary-grant-agreements .

DOT seeks to fund projects that advance the Administration Priorities of safety, equity, climate and sustainability, workforce development, job quality, and wealth creation as described in the U.S. Department of Transportation (DOT) Strategic Plan, [ 1 ] and in executive orders, which are described in section E.

Terms defined in this section are capitalized throughout this notice.

a. “Capital Project” means a project for acquiring, constructing, improving, or inspecting rail equipment, track and track structures, or a rail facility, including expenses incidental to the acquisition or construction including pre-construction activities (such as designing, engineering, location surveying, mapping, acquiring rights-of-way) and related relocation costs, [ 2 ] environmental studies, and all work necessary for FRA to consider the effects of the proposed project under the National Environmental Policy Act; Highway-Rail Grade Crossing improvements; communication and signalization improvements; and rehabilitating, remanufacturing, or overhauling rail rolling stock and rail facilities.

b. “Commuter Rail Passenger Transportation” means short-haul rail passenger transportation in metropolitan and suburban areas usually having reduced fare, multiple rides, and commuter tickets, and morning and evening peak period Start Printed Page 56790 operations, consistent with 49 U.S.C. 24102(3) ; the term does not include rapid transit operations in an urban area that are not connected to the general railroad system of transportation.

c. “Construction” means the Lifecycle Stage of a Capital Project during which the Capital Project is completely built, installed, and placed in use. Construction activities include, but are not limited to, physical construction and installation of the Capital Project, including testing of equipment, workforce training, and start-up testing. Construction activities occur after a project has completed Final Design. Construction is described in FRA's Capital Projects Guidance.

d. “Final Design” or “FD” means the Lifecycle Stage of a Capital Project during which the Capital Project design is advanced to be ready for Construction. This is when the agreements necessary to construct and operate the Capital Project are secured, acquisition of right-of-way is completed, and final engineering plans and specifications necessary for the construction of the project are produced. Final Design activities occur after a Capital Project has completed Project Development, and before a Capital Project can advance to Construction. Final Design is described in FRA's Capital Projects Guidance.

e. “Grade Separation or Closure” means an underpass or overpass to eliminate level crossings between railroad and highway users at an existing highway-rail or pathway-rail grade crossing, or the closing of a highway-rail grade crossing to vehicular or pedestrian traffic.

f. “Highway-Rail Grade Crossing” means a location where a public highway, road, street, or private roadway, including associated sidewalks and pathways, crosses one or more railroad tracks at grade.

g. “Improvement Project” means a project related to an existing highway or pathway-rail crossing including: installation, repair, or improvement of crossings, grade separations, railroad crossing signals, gates, bells, audible warning devices and related technologies; highway traffic signalization, lighting, crossing approach signage, and roadway improvements such as medians or other barriers; pathway improvements such as bollards; railroad crossing panels and surfaces; and other safety engineering improvements, or highway-rail programs to reduce risk.

h. “Intercity Rail Passenger Transportation” means rail passenger transportation, except Commuter Rail Passenger Transportation, see 49 U.S.C. 22901(3) , and in this NOFO, it has the same meaning as “Intercity Passenger Rail Service” and “Intercity Passenger Rail Transportation.”

i. “Lifecycle Stage” means each of the consecutive stages of a Capital Project as it is developed and implemented that include Systems Planning, Project Planning, Project Development, Final Design, Construction, and Operation. Each sequential stage involves specific activities. Lifecycle Stages are described in FRA's Capital Projects Guidance.

j. “Major Project” means a Capital Project with a capital cost estimate equal to or greater than $500 million and with at least $100 million in federal assistance under the Railroad Crossing Elimination Program. Major Project is described in FRA's Capital Project Guidance.

k. “National Environmental Policy Act” or “NEPA” ( 42 U.S.C. 4321 et seq. ) is a federal law that requires federal agencies to analyze and document the environmental impacts of a proposed action in consultation with appropriate federal, tribal, state, and local authorities, and with the public. Environmental Review under NEPA consists of an Environmental Impact Statement (EIS), Environmental Analysis (EA) or Categorical Exclusion (CE). The NEPA class of action depends on the potential environmental impacts of the proposed action. For purposes of this NOFO, NEPA also includes all related federal laws and regulations including the Clean Air Act, section 4(f) of the Department of Transportation Act, section 7 of the Endangered Species Act, and section 106 of the National Historic Preservation Act. Additional information regarding FRA's environmental processes and requirements is located at https://railroads.dot.gov/​rail-network-development/​environment/​environment . NEPA consultation and documentation are considered part of the Project Development Lifecycle Stage, as described in FRA's Capital Projects Guidance.

l. “Pathway-Rail Grade Crossing” means a pathway that crosses one or more railroad tracks at grade and that is: (1) explicitly authorized by a public authority or a railroad; (2) dedicated for the use of non-vehicular traffic, including pedestrians, bicyclists, and others; and (3) not associated with a public highway, road, or street, or a private roadway.

m. “Preliminary Engineering” or “PE” means engineering design to define a Capital Project, including identification of all environmental impacts and design of all critical project elements at a level sufficient to ensure reliable cost estimates and schedules. The PE development process starts with specific project design alternatives that allow for the assessment of a range of rail improvements, specific alignments, and project designs. PE is considered part of the Project Development Lifecycle Stage, as described in FRA's Capital Projects Guidance.

n. “Project Development” means the Lifecycle Stage of a Capital Project during which the project sponsor conducts design, environmental, and other studies to ensure the project is ready for implementation. Project Development activities occur after a project has completed Project Planning, and before a Capital Project can advance to Final Design. Project Development is described in FRA's Capital Projects Guidance.

o. “Project Management Plan” means, under this NOFO, a document that describes how the Capital Project will be implemented, monitored, and controlled to help the project sponsor effectively, efficiently, and safely deliver the project on-time, within budget, and at the highest appropriate quality. Project Management Plan is described in FRA's Capital Projects Guidance.

p. “Project Planning” is the first Lifecycle Stage of a Capital Project during which the project sponsor identifies Capital Project concepts to adequately address transportation needs and opportunities; identifies and compares costs, benefits, and impacts of project options; identifies the impacted environmental resources; and engages with interested parties, agencies, and infrastructure owners. Project Planning activities are completed before a Capital Project advances to Project Development. Project Planning is described in FRA's Capital Projects Guidance.

q. “Rural Area” means any area that is not within an area designated as an urbanized area by the most recent Bureau of the Census.

r. “Track Relocation” means moving a rail line vertically or laterally to a new location in order to eliminate an existing Highway-Rail Grade Crossing. “Vertical Relocation” refers to raising above the current ground level or sinking below the current ground level of a rail line. “Lateral Relocation” refers to moving a rail line horizontally to a new location.

s. “Tribal Lands” means any lands reserved for a federally recognized Native American tribe or tribes under treaty or other agreement with the United States, executive order, or federal statute or administrative action as permanent tribal homelands, and Start Printed Page 56791 where the federal government holds title to the land in trust on behalf of the tribe.

The total funding available for awards under this NOFO is up to $1,148,809,580, made available by the FY 2023 and 2024 advance appropriations provided in Title VIII of Division J of IIJA and by remaining unawarded FY 2022 RCE Program balances. [ 3 ] Should additional RCE Program funds become available after the release of this NOFO, FRA may elect to award such additional funds to applications received under this NOFO. Any selection and award under this NOFO are subject to the availability of appropriated funds.

Further, of the available award amount listed above, certain funding amounts are set-aside for the following purposes under this NOFO:

a. Planning Projects—At least three percent of the total FY 2023-2024 RCE Program grant funds available, or $36,000,000, as well as $2,281,580 in FY 2022 RCE funds, will combine to make $38,281,580 available for planning projects described in 49 U.S.C. 22909(d)(6) . Of these funds, $10,840,000 (which includes $1,840,000 in FY 2022 carryover funds) will be made available for planning projects located in Rural Areas or on Tribal Lands. Further, FRA specifically expects to support planning projects that seek to advance efforts to grade separate at least one or more at-grade crossings. Planning projects are also subject to special considerations for award size and preference, as detailed in the following section 2(a).

b. Rural or Tribal set-aside—At least 20 percent of the total FY 2023-2024 RCE Program grant funds available, or $229,305,600, will be made available for projects located in Rural Areas or on Tribal Lands, as required by 49 U.S.C. 22909(f)(3)(A) . [ 4 ] At least five percent of these set-aside funds, or $11,465,280, will be made available for projects in counties with 20 or fewer residents per square mile, according to the most recent decennial census, provided that sufficient eligible applications have been submitted.

c. In addition, FRA will make at least $3,000,000 available for grants that carry out Highway-Rail Grade Crossing safety information and education programs. FRA expects that activities to promote further awareness of grade crossing safety will be based on existing best practices and such efforts will be implemented in a comprehensive manner through coordination with relevant stakeholders.

FRA anticipates making multiple awards with the available funding. FRA may not be able to award grants to all eligible applications even if they meet or exceed the stated evaluation criteria (see section E, Application Review Information). FRA strongly encourages applicants to seek funding for the appropriate Lifecycle Stage of a Capital Project, consistent with the application tracks in section C(3)(c) below. Where an application includes multiple Lifecycle Stages of a Capital Project, FRA may decide to only award funds for what it determines is the appropriate Lifecycle Stage.

In addition, projects may require more funding than is available. FRA encourages applicants to propose a project that has operational independence, or a component of such project, which can be completed and implemented with funding under this NOFO as a part of the total project cost together with other, non-federal sources. (See section C(3)(c) for more information). There are no predetermined maximum dollar thresholds for individual awards, but no more than 20 percent of the grant funds available ($229,761,916 total from both FY 2023-2024 funding and FY 2022 carryover funds) will be awarded for projects in any single State.

Applicants are not limited in the number of projects for which they seek funding. Applicants submitting more than one application are requested to submit a priority ranking of their submitted applications that is consistent with each application package submitted.

FRA will not award grants for less than $1,000,000, except for a Planning project, as described in 49 U.S.C. 22909(d)(6) . Projects requesting less than $1,000,000 must consist solely of Planning activities (Planning is defined in section A.3.n of this NOFO) to be considered eligible. Applications that request funding for a combination of Planning and Project Development activities must exceed $1,000,000 in federal assistance under this NOFO.

FRA will make awards for projects selected under this notice through grant agreements and/or cooperative agreements. Grant agreements are used when FRA does not expect to have substantial federal involvement in carrying out the funded activity. Cooperative agreements allow for substantial federal involvement in carrying out the agreed upon investment, including technical assistance, review of interim work products, and increased program oversight. The term “grant” is used throughout this document and is intended to reference funding awarded through a grant agreement or a cooperative agreement.

The funding provided under this NOFO will be made available to grantees on a reimbursable basis. Applicants must certify that their expenditures are allowable, allocable, reasonable, and necessary to the approved project before seeking reimbursement from FRA. Additionally, the grantee is expected to expend matching funds at the required percentage concurrent with federal funds throughout the life of the project.

The new FRA grant agreement consists of three parts: Attachment 1: Standard Terms and Conditions, Attachment 2: Project-Specific Terms and Conditions, and Terms and Conditions Exhibits. The grant agreement templates are available at: https://railroads.dot.gov/​grants-loans/​fra-discretionary-grant-agreements . These templates are subject to revision.

DOT and FRA may concurrently solicit applications for transportation infrastructure projects for several financial assistance programs. Applicants may submit applications requesting funding for a particular project to one or more of these programs. In the application for funding under this NOFO, applicants must indicate the other program(s) to which they submitted an application for funding the entire project or certain components, as well as highlight new or revised information in the application responsive to this NOFO that differs from the previously submitted application(s).

This section of the notice explains applicant eligibility, cost sharing and matching requirements, project eligibility, and project component Start Printed Page 56792 operational independence. Applications that do not meet the requirements in this section are ineligible for funding. Instructions for submitting eligibility information to FRA are detailed in section D of this NOFO.

The following entities are eligible applicants for all projects permitted under this notice:

a. A State (including the District of Columbia, Puerto Rico, and other United States territories and possessions).

b. A political subdivision of a State.

c. A federally recognized Indian Tribe.

d. A unit of local government or a group of local governments.

e. A public port authority.

f. A metropolitan planning organization.

g. A group of entities described in any of paragraphs (a) through (f).

The applicant serves as the primary point of contact for the application, and if selected, as the recipient of the RCE Program grant award. An application may identify entities that are not eligible applicants as project partners.

The federal share of total costs for RCE Program projects funded under this NOFO may not exceed 80 percent. The estimated total cost of a project must be based on the best available information, including engineering studies, studies of economic feasibility, environmental analyses, and information on the expected use of equipment and/or facilities. Additionally, in preparing estimates of total project costs, applicants are encouraged to use FRA's cost estimate guidance documentation, “Capital Cost Estimating: Guidance for Project Sponsors,” which is available at: https://www.fra.dot.gov/​Page/​P0926 . Project sponsors should account for the impact of factors such as inflation as the applicant prepares their scope, schedule, and budget.

The minimum 20 percent non-federal share may be comprised of public sector ( e.g., State or local) or private sector funding. FRA will not consider any federal financial assistance, or any non-federal funds already expended (or otherwise encumbered) toward the matching requirement, unless such sources are compliant with 2 CFR part 200 . In-kind contributions, including the donation of services, materials, and equipment, may be credited as a project cost in a uniform manner consistent with 2 CFR 200.306 . In addition, applicants may count costs incurred for Preliminary Engineering associated with Highway-Rail Grade Crossing and Pathway-Rail Grade Crossing Improvement Projects as part of the total project costs. Such costs are eligible as non-federal share or for reimbursement, even if they were incurred before project selection for award, consistent with 49 U.S.C. 22909(g) . Such costs must have been incurred no earlier than November 15, 2021, and must be otherwise compliant with 2 CFR part 200 and the requirements of this RCE Program.

Funding under this NOFO may not be used for costs that are included in or used to meet cost sharing or matching requirements of any other federally financed award or program. If the applicant is seeking additional funding for a project that has already received federal financial assistance, costs associated with the scope of work for the existing federal award are not eligible for funding under this NOFO. Only new scope elements/activities ( e.g., new deliverables) are eligible for funding under this NOFO.

Before applying, applicants should carefully review the principles for cost sharing or matching in 2 CFR 200.306 . See section D(2)(a)(iii) of this NOFO for required application information on non-federal match and section E for further discussion of FRA's consideration of matching funds in the review and selection process. FRA will approve pre-award costs incurred after announcement of awards consistent with 2 CFR 200.458 , as applicable. See section D(6). Cost sharing or matching may be used only for eligible expenses for authorized Federal award purposes.

All contracts for projects financed with federal funds will be subject to applicable federal requirements. Applicants that have entered into contracts for a proposed project prior to award must ensure that applicable federal requirements are included in the contract in the event the project is selected and federal funds are obligated.

The following Highway-Rail or Pathway-Rail Grade Crossing Improvement Projects (including acquiring real property interests) that focus on improving the safety and mobility of people and goods are eligible for funding under 49 U.S.C. 22909(d) and this NOFO:

i. Grade separation or closure, including through the use of a bridge, embankment, tunnel, or combination thereof;

ii. Track Relocation;

iii. The improvement or installation of protective devices, signals, signs, or other measures the improve safety, provided that such activities are related to a separation or relocation project described in paragraph (i) or (ii);

iv. Other means to improve the safety and mobility of people and goods at highway-rail grade crossings (including technological solutions);  [ 5 ]

v. A group of related projects described in paragraphs (i) through (iv) that would collectively improve the mobility of people and goods; or

vi. The planning, environmental review, and design of an eligible project described in paragraphs (i) through (v).

Consistent with 49 U.S.C. 22909(j)(1) , grants under the RCE Program are not subject to the limitation in 49 U.S.C. 22905(f) and may therefore be awarded for commuter rail passenger transportation projects. Consistent with 49 U.S.C. 22909(j)(2) , FRA will transfer such projects to the Federal Transit Administration to administer.

If an applicant requests funding for a component or set of components of a larger Capital Project, the project component(s) included in the application must be attainable with the award amount and comply with all eligibility requirements described in section C. In addition, the component(s) must enable independent analysis and decision making, as determined by FRA, under NEPA ( i.e., have independent utility, connect logical termini, and not restrict the consideration of alternatives for other reasonably foreseeable rail projects).

Applicants are not limited in the number of projects for which they seek funding. FRA generally evaluates applications in Tracks based on the Lifecycle Stages of a Capital Project. While applications covering multiple Lifecycle Stages are not precluded, FRA generally expects that applications identify only one of the following tracks for an eligible proposed project:

  • Track 1—Project Planning;
  • Track 2—Project Development;
  • Track 3—Final Design (FD)/Construction.

FRA strongly encourages applicants to seek funding for the appropriate Lifecycle Stage of a Capital Project, consistent with these application tracks. Start Printed Page 56793 To the extent possible, applicants should describe their projects consistent with FRA's Capital Projects Guidance, which provides a detailed description of each Lifecycle Stage and its required activities: https://railroads.dot.gov/​elibrary/​fra-guidance-development-and-implementation-railroad-capital-project .

If an application seeks funding under more than one application Track for multiple Lifecycle Stages, FRA may award funds for the application Track and corresponding Lifecycle Stage(s) it determines most appropriate based on project readiness information. Applicants are directed to identify the project components and estimated amount of federal funding requested for each Lifecycle Stage. If an application selected for award includes multiple Lifecycle Stages, FRA will require the grantee to complete the Lifecycle Stages in the order consistent with FRA's Capital Projects Guidance.

i. Track 1—Project Planning: Track 1 consists of Project Planning specific to an eligible Capital Project. Example activities for Project Planning include: the development of a purpose and need statement; completion of conceptual engineering and other design; documentation showing that project alternatives were considered; completion of an environmental resource inventory and potential environmental concerns analysis; scale design drawings; public and stakeholder involvement; completion of an order-of-magnitude project cost estimate; and for Major Projects, completion of an initial Project Management Plan. Project Planning projects funded under this NOFO must be sufficiently developed when complete to support Project Development activities.

FRA strongly encourages Track 1 Planning projects given the RCE Program's dedicated set-aside funding for planning activities. Please note that, pursuant to 49 U.S.C. 22909(d)(6) , the minimum award requirement of $1,000,000 does not apply to applications for awards that fund only activities consistent with the Project Planning Lifecycle Stage. Consistent with Section A.2 of this NOFO, FRA intends to prioritize Planning projects that seek to grade separate one or more grade crossings.

ii. Track 2—Project Development: Track 2 consists of projects for eligible Project Development activities. Example activities include: completion of PE and architectural or other design; PE drawings and specifications (scale drawings at the 30 percent design level, including track geometry as appropriate); design criteria, schematics and/or track charts that support the development of PE; work that can be funded in conjunction with developing PE, such as operations modeling, surveying, project work/management plans, preliminary cost estimates, and preliminary project schedules; completion of environmental review; and completion of applicable project management documentation (such as a Project Management Plan, schedule, capital cost estimate, and financial plan). Project Development projects funded under this NOFO must first demonstrate completion of Project Planning elements prior to Project Development funds being awarded and be sufficiently developed when complete to support FD or Construction activities.

iii. Track 3—Final Design (FD)/Construction: Track 3 consists of projects for eligible FD and Construction activities. Applicants must complete all necessary Planning and Project Development stages, including PE and NEPA requirements, prior to moving to the FD/Construction stage of a project. FD activities may include completion of the FD documentation, acquisition of right-of-way, [ 6 ] resolving remaining uncertainties or risks associated with changes to the design and scope of the Capital Project; addressing procurement processes; and updating/completing the applicable project management documentation (such as a Project Management Plan, schedule, capital cost estimate, and financial plan). [ 7 ] Construction activities may include physical construction and installation of the Capital Project, including procurement and manufacturing of vehicles and equipment, project administration, testing of equipment ( e.g., signal equipment and rolling stock), systems integration testing, workforce training, system certification, procurement of insurance, provision of warrantees, pre-revenue service, and start-up testing. Prior to obligation, applicants selected for funding for FD/Construction must demonstrate completion of applicable Systems Planning and Project Planning and Project Development activities, consistent with FRA's Capital Projects Guidance.

FRA will consider a project to be in a Rural Area or on Tribal Lands if all or the majority of the project (determined by geographic location(s) where the majority of the project funds will be spent) is located in a Rural Area or on Tribal Lands. However, in the event FRA elects to fund a component of the project, then FRA will reevaluate whether the project is in a Rural Area or on Tribal Lands.

Required documents for the application are outlined in the following paragraphs. Applicants must complete and submit all components of the application for the application to be reviewed by FRA. An applicant that fails to submit all required documentation prior to the closing period of the notice may have its application deemed incomplete and will not advance to evaluation review. See section D(2) for the required documents and information for an application package. FRA welcomes the submission of additional relevant supporting documentation, such as planning, engineering, and design documentation, and letters of support from partnering organizations, which will not count against the Project Narrative 25-page limit.

Applicants may access application materials at https://www.Grants.gov and must submit all application materials in their entirety through https://www.Grants.gov no later than 11:59 p.m. EST, on September 23, 2024. Applicants must complete an Authorized Organization Representative (AOR) profile on www.Grants.gov and create a username and password. Additional information about the registration process is available at: https://www.grants.gov/​applicants/​applicant-registration .

Applicants are strongly encouraged to apply early to ensure that all materials are received before the application deadline. FRA reserves the right to modify this deadline. General information for submitting applications through Grants.gov can be found at: https://www.fra.dot.gov/​Page/​P0270 . FRA is committed to ensuring that information is available in appropriate alternative formats to meet the requirements of persons who have a Start Printed Page 56794 disability. If you require an alternative version of files provided or paper copies of materials, please contact Ms. Laura Mahoney, Office of the Chief Financial Officer, Federal Railroad Administration, 1200 New Jersey Avenue SE, Washington, DC 20590; email: [email protected] ; or telephone: 202-578-9337.

The E-Biz point of contact (E-Biz POC) at the applicant's organization must respond to the registration email from Grants.gov and login at www.Grants.gov to authorize the applicant as the AOR. Please note there can be more than one AOR for an organization.

If an applicant has difficulty at any point during this process, please call the Grants.gov Customer Center Hotline at 1-800-518-4726, 24 hours a day, 7 days a week (closed on federal holidays). For information and instructions on each of these processes, please see instructions at: https://www.grants.gov/​support .

FRA strongly advises applicants to read this section carefully. Applicants must submit all required information and components of the application package to be considered for funding. Applications that are not submitted on time or do not contain all required documentation will not be considered for funding. To support the application, applicants may provide additional relevant and available optional supporting documentation that may have been developed by the applicant, especially such documentation that provides evidence of completion of the appropriate Lifecycle Stage(s) of a Capital Project. Additionally, applicants selected to receive funding must satisfy the requirements in 49 U.S.C. 22903 and 22905 , including FRA's Buy America requirement and conditions explained in part at https://www.fra.dot.gov/​page/​P0185 and further in section F.2 of this notice.

Required documents and information for an application package include the following:

Application informationNOFO section for guidanceProject NarrativeSee D.2.a.Statement of Work (SOW), project budget, estimated project schedule, and performance measuresSee D.2.b.i.Environmental Compliance DocumentationSee D.2.b.ii.Draft Agreement required under , if applicableSee D.2.b.iii.SF 424—Application for Federal Assistance  See D.2.b.iv.SF 424A—Budget Information for Non-Construction or SF 424C—Budget Information for ConstructionSee D.2.b.v.SF 424B—Assurances for Non-Construction or SF 424D—Assurances for ConstructionSee D.2.b.vi.FRA's F 30—Certifications Regarding Debarment, Suspension and Other Responsibility Matters, Drug-Free Workplace Requirements and LobbyingSee D.2.b.vii.FRA F 251—Applicant Financial Capability QuestionnaireSee D.2.b.viii.SF LLL—Disclosure of Lobbying Activities, if applicableSee D.2.b.ix.

This section describes the minimum content the applicant is required to provide in the Project Narrative section of the grant application. The Project Narrative must follow the basic outline below to address the program requirements and assist evaluators in locating relevant information.

I. Cover PageSee D.2.a.i.II. Project SummarySee D.2.a.ii.III. Grant Funds, Sources and Uses of Project FundsSee D.2.a.iii.IV. Applicant Eligibility CriteriaSee D.2.a.iv.V. Project Eligibility CriteriaSee D.2.a.v.VI. Detailed Project DescriptionSee D.2.a.vi.VII. Highway-Rail Grade Crossing Safety Information and Education ProgramsSee D.2.a.vii.VIII. Project LocationSee D.2.a.viii.IX. Grade Crossing InformationSee D.2.a.ix.X. Safety BenefitSee D.2.a.x.XI. Evaluation and Selection CriteriaSee D.2.a.xi.XII. Project Implementation and ManagementSee D.2.a.xii.

The applicant must provide the content listed above in a narrative statement. The Project Narrative may not exceed 25 pages in length (excluding cover pages, table of contents, and supporting documentation). When possible, applicants should submit supporting documents via website links rather than hard copies. If supporting documents are submitted, applicants must clearly identify the relevant portion of the supporting document with the page numbers of the cited information in the Project Narrative. The Project Narrative must adhere to the following outline.

i. Cover Page: include a cover page that lists the following elements in either a table or formatted list:

Project TitleApplicant Name Amount of RCE Program Funding Requested under this NOFO$:Amount of Proposed Non-Federal Match$:Does some or all of the proposed Non-Federal Match for the total project cost consist of Preliminary Engineering costs incurred before project selection (but after November 15, 2021)?If yes, how much?Other Sources of Federal funding, if applicableProvide funding source and amount $:Source(s) of Proposed Non-Federal MatchIf applicable, are set-aside funds requested? Is the project eligible for a funding set-aside in Section B.1?Yes/No. If yes, please specify which one [Planning Projects, Safety Information and Education Program, Rural or Tribal Set-Aside].If “Yes,” amount of set-aside funds requested:$:Total Project Cost$: Was a Federal Grant Application Previously Submitted for this Project?Yes/No. If yes, please specify the program, funding year and project title of the previous application, and identify any differences between the applications. City(ies), County(ies), State(s) Where the Project is LocatedIs the Project Located in a Rural Area or on Tribal Lands?Yes/No.If the Project is located in a Rural Area or Tribal Land, is the Project Located in a county with 20 or fewer residents per square mile, according to the most recent decennial census?Yes/No.Congressional District(s) Where the Project is Located Application Track(s) proposed to be funded by this NOFO?Lifecyle Stage(s) proposed to be funded by this NOFO?Current Lifecycle Stage and Anticipated completion of current Lifecycle Stage? Is the Project located on real property owned by someone other than the applicant?Yes/No. If yes, list real property owners and the nature of the property interest.Host Railroad/Infrastructure Owner(s) of Project Assets;Other impacted Railroad(s)Tenant Railroad(s), if applicableIf applicable, is a -compliant Railroad Agreement executed or pending?Yes/No/Pending. Is the project currently programmed in ANY medium- or long-range planning document: ?Yes/No. If yes, please specify.   Yes/No. If yes, please specify the corridor(s).

ii. Project Summary: Provide a brief 4-6 sentence summary of the proposed project. Include challenges the proposed project aims to address and summarize the intended outcomes and anticipated benefits that will result from the proposed project.

iii. Grant Funds, Sources and Uses of Project Funds: Project budgets should show how different funding sources will fund project activities and present the data in dollars and percentages. The budget should identify other federal funds the applicant is applying for or has been awarded, if any, or intends to use. Funding sources should be grouped into three categories: RCE request, non-federal, and other federal with specific amounts for each funding source. If other federal funding is proposed as match, demonstrate the applicant's determination of eligibility for such use, Start Printed Page 56796 and the legal basis for that determination. If federal funding for the project is currently or has previously been sought, identify the federal program and fiscal year of the funding request(s), as well as highlight new or revised information in the application responsive to this NOFO that differs from the application(s) to other financial assistance programs.

As shown in the table format below, the applicant should indicate the amount in dollars and percentages of RCE Program funding requested, the amount of non-federal match, source(s) for all non-federal match, [ 10 ] other federal funds (if applicable), and the total project cost. FRA may not award more funding for a project than is requested in an application.

The applicant should itemize funding by project Lifecycle Stage(s) and by project activity. For a Major Project, applicants are encouraged to provide an annualized budget in year of expenditure dollars. Project budget information must be consistent throughout all application materials, specifically the Standard Form (SF) 424, Project Narrative, Statement of Work, and funding commitment letters. [ 11 ] The project budget should be specific to the project scope described in the applicant's request for funding under this NOFO. If the project proposed to be funded under this NOFO is part of a larger scope, the applicant may reference the larger scope in the Project Narrative but should only include the project scope proposed to be funded under this NOFO within the budget table.

If applicable, the applicant should explain if the RCE Program request or other funds must be obligated or spent by a certain date.

If applicable, the applicant should provide the type and estimated value of any proposed in-kind contributions, as well as explain how the contributions meet the requirements in 2 CFR 200.306 . If the applicant is requesting set-aside funds per section B(1), identify the dedicated activities and amount requested within the budget table.

Example Project Funding Table: Applicants may use the following table to describe project funding, and may use additional rows and columns, or additional project funding tables, as appropriate.

Task No.Task name project componentCostPercentage of total costSource of funds and citation, as applicable
1
2
Total Project Cost
Federal Funding Requested in this Application (RCE Program Request)
Total Non-Federal Match
Non-Federal Funding (State)Cash:
In-Kind:
Non-Federal Funding (Private Sector)Cash:
In-Kind:
Non-Federal Federal Funding (Local)Cash:
In-Kind:
Other Committed Federal Funding  ( Federal Highway Administration, congressionally directed/earmark, other FRA grant program funds—including previous RCE grants, etc.) Note: If there are multiple sources of other federal funding, please break funding down by each source
Other Pending Federal Funding Requests 
Amount (if any) of funding request eligible for set-aside funds as described in section B(1) (Planning, Rural/Tribal set-aside, or Highway-Rail Grade Crossing safety information and education programs)
Portion of Total Project Costs Spent in a Rural Area, if applicable
Does some or all the proposed Non-Federal Match for the total project cost consist of Preliminary Engineering costs incurred before project selection (but after November 15, 2021)?  If yes, how much?

iv. Applicant Eligibility Criteria: In this section, the applicant must explain how it meets the applicant eligibility criteria outlined in section C of this NOFO and include citations to appropriate authorities that demonstrate the applicant's eligibility to receive federal funds. For example, if the applicant is a political subdivision of a State, public agency or publicly chartered authority established by one or more States, the applicant should provide relevant legislative language, including citations to the applicable enabling legislation, that demonstrate the applicant's legal status. Applicants that fail to adequately demonstrate their Start Printed Page 56797 legal status may be found ineligible and their application will not be reviewed.

v. Project Eligibility Criteria: Explain how the proposed project meets the project eligibility criteria in section C(3) of this NOFO.

vi. Detailed Project Description: In this section, the applicant must provide a detailed project description that expands upon the brief project summary. This detailed description should provide, at a minimum: additional background on the challenges the project aims to address; a summary of current and proposed railroad operations in the project area and service frequency, which should include identification of all railroad owners and operators; typical daily, weekly, or annual train counts by operator; the primary expected project outcomes such as increased safety outcomes or reduced delays, improved rail network asset condition and performance, or similar outcomes and benefits; the expected users and beneficiaries of the project, including all railroad operators; the specific components and elements of the project; and any other information the applicant deems necessary to justify the proposed project. Applicants should specify whether the project will result in the elimination of one or more grade crossings. Provide detailed descriptions on the proposed improvement to each grade crossing included in the application. For all projects, applicants must provide information about proposed performance measures, as described in section F(3) and required in 2 CFR 200.301 .

vii. Highway-Rail Grade Crossing Safety Information and Education Programs: For these projects, specify how the program will enhance education and informational outreach to help prevent and reduce pedestrian, motor vehicle and other accidents, incidents, injuries, and facilities, and how the program will help improve awareness along railroad rights-of-way and at Highway-Rail Grade Crossings. FRA expects that activities to promote further awareness of grade crossing safety will be based on existing best practices and such efforts will be implemented in a comprehensive manner through coordination with relevant stakeholders.

viii. Project Location: Applicants must include geospatial data for the project, as well as a map of the project's location. Geospatial data must be expressed in decimal degrees for latitude and longitude with at least five decimal places of precision. If the project includes a length of track or corridor development, the start and end coordinates for each corridor or segment must be provided. Milepost, railroad, and subdivision identifiers can also be provided but must be accompanied by corresponding latitudes and longitudes. For projects with multiple locations, the corresponding geospatial data must be included for each location, with individual columns for latitude and longitude, in table form as an attachment to the application. On the map, include the Congressional districts in which the project will take place.

ix. Grade Crossing Information: Cite specific US DOT National Grade Crossing Inventory information for each grade crossing to be addressed in the proposed application, including the US DOT grade crossing inventory number. Include latitude and longitude coordinates for each grade crossing location, the railroad that owns the infrastructure (or the crossing owner, if different from the railroad), the primary railroad operator, and the roadway at the crossing. To find US DOT grade crossing inventory number(s) and location(s), please visit: https://railroads.dot.gov/​safety-data/​fra-safety-data-reporting/​crossing-inventory-data-search . For projects involving Pathway-Rail Grade Crossings that do not have US DOT grade crossing inventory numbers or data, please provide as much locational data as possible.

List the following details for each grade crossing involved in the application scope of work, either in the following table format within the Project Narrative or, if more space is needed, in a separate, unlocked Excel file attachment (the table will not count against the 25-page Project Narrative page limit). Please include, to the best of the applicant's ability, specific US DOT National Grade Crossing Inventory information that may combine information requested under both this section and E.2.a.viii “Grade Crossing Information,” including:

a. US DOT grade crossing inventory number;

b. The proposed improvement requested in the application, using “new, separated, closed, or improved” to describe proposed improvement (such as gate additions, lights, etc.);

c. The primary railroad operator;

d. The railroad that owns the infrastructure (or the crossing owner, if different from the railroad); and

e. The roadway at the crossing with location latitude and longitude coordinates.

Example Table 1. In Project Narrative or attached as an appendix in unlocked Excel file format:

* Example Table 1—Grade Crossing Information for Proposed Project

US DOT grade crossing inventory #Proposed improvementRail operator(s)Railroad ownerLatitude coordinates (at least five decimal places of precision)Longitude coordinates (at least five decimal places of precision)

x. Safety Benefit Data: Applicants are strongly encouraged to submit safety justifications for the project that rely on standardized, objective safety metrics and data, if available, including data from sources such as: GradeDec.Net; National Risk Index; 49 CFR part 234 ; safety metrics found in Appendix D of 49 CFR part 222 ; the FRA crossing incident dashboard (FRA Safety Data & Reporting | FRA ( dot.gov )); or other relevant safety data or metrics. FRA will analyze data for each grade crossing, including information and data detailing the history of each crossing's incident history for the past five calendar years (2019-2023), to demonstrate the existing level of risk for each grade crossing proposed for improvement, as well as other tools and measures to better inform selection evaluation. [ 15 ]

viii. Evaluation and Selection Criteria: The applicant must include a thorough discussion of how the proposed project meets the evaluation and selection criteria. As described in section E, FRA will evaluate applications based on project readiness, technical merit, and project benefits, and will consider how the applicant's project aligns with the Start Printed Page 56798 Administration Priorities. If an application does not sufficiently address the evaluation criteria and the selection criteria, it is unlikely to be a competitive application. Applicants are expected to follow the directions and format requested in this NOFO, and adherence to these directions will be considered in evaluations. Applicants are encouraged to include quantifiable railroad data, such as information on delay, failure or safety incidents, daily train movement, or similar metrics, and should include qualitative data on accessibility improvements to either new or existing assets. To the extent feasible, such railroad metrics should be provided and analyzed discretely for intercity passenger rail and, if applicable, Commuter Rail Passenger Transportation and freight rail transportation services involved in the proposed project. For more information on performance metrics see FRA's Metrics and Minimum Standards for Intercity Passenger Rail Service, available at: https://railroads.dot.gov/​elibrary/​metrics-and-standards-final-rule-november-16-2020 .

xiii. Project Implementation and Management: Applicants must describe proposed project implementation and project management arrangements. Include descriptions of the expected arrangements for project contracting (construction, maintenance, and operation), contract oversight and control, change-order management, risk management, and conformance to federal requirements for project progress reporting (see FRA Reports, available at: https://www.fra.dot.gov/​Page/​P0274 ). Further, applicants must provide their plan for taking affirmative steps to employ small businesses consistent with 2 CFR 200.321 . Describe experience in managing and overseeing similar projects; the technical qualifications and demonstrated experience of key personnel proposed to lead and perform the technical efforts; and the qualifications of the primary and supporting organizations to fully and successfully execute the proposed project within the proposed timeframe and budget, including a discussion of the factors in 2 CFR 200.206(b) and the proposed approach to assessing and mitigating project risk.

Applicants must submit the following documents and forms. Note, the Standard OMB Forms needed for the electronic application process are available at: www.Grants.gov .

i. A Statement of Work (SOW), addressing the scope, project budget, estimated project schedule, and performance measures, for the proposed project if it were selected for award. The applicant should include sufficient detail in those documents so that FRA can understand the expected outcomes of the proposed work to be performed and can monitor progress toward completing project tasks and deliverables during a prospective grant's period of performance. Applicants are expected to include Articles 4-7 of Attachment 2: Project Specific Terms and Conditions, at a minimum. [ 16 ] Applications that do not follow this format may be considered incomplete and may not be reviewed. In addition, FRA encourages applicants submitting planning projects to look at the planning-specific Statement of Work template available here: https://railroads.dot.gov/​elibrary/​RCE-Grant-Project-Planning-SOW-sample .

When preparing the budget, the total cost of a project must be based on the best available information as indicated in cited references that include engineering studies, economic feasibility studies, environmental analyses, and information on the expected use of equipment or facilities. Applicants must include annual budget estimates in year of expenditure dollars for the duration of the project.

ii. Environmental compliance documentation, as applicable, if a website link to such documentation is not provided in the Project Narrative.

Applicants should explain what Federal (and, if appropriate, State, Tribal, and local) environmental compliance and permitting requirements have been completed. Such requirements include NEPA and other Federal, State, Tribal, and local environmental permitting requirements, if applicable. For all other Federal, State, Tribal, and local permitting requirements, the applicant should describe which permits apply, the status of those reviews, and the expected timeline for completion. If the NEPA process is complete, an applicant should indicate the date of completion, and provide a website link or other reference to the documents demonstrating compliance with NEPA, which might include a final Categorical Exclusion determination documentation, Finding of No Significant Impact, or Record of Decision. If the NEPA process is not yet underway, the application should state this. If the NEPA process is underway, but not complete, the application should detail the type of NEPA review underway, where the project is in the process, and indicate the anticipated date of completion of all NEPA and other environmental requirements. Additional information regarding FRA's environmental processes and requirements is located at https://fra.dot.gov/​environment .

iii. Draft or finalized agreement required under 49 U.S.C. 22905(c)(1) , if applicable. Provide information about the status of agreements with infrastructure owners. FRA encourages early cooperation between applicants and any relevant infrastructure owners. Under section 22905(c)(1), a grant applicant must have entered into a written agreement with a railroad that owns rights-of-way to be used by the project (referred to as the 22905 Agreement) prior to grant obligation. If the agreement is complete at the time of the application, an applicant should indicate the agreement's effective date, and provide a website link or attach the agreement as part of the application. Applicants are also encouraged to provide draft agreements. The written agreement between the grantee and the railroad should describe use and ownership, including any compensation for such use; assurances regarding the adequacy of infrastructure capacity to accommodate both existing and future freight and passenger operations; an assurance by the railroad that collective bargaining agreements with the railroad's employees including terms regulating the contracting of work will remain in full force and effect according to their terms for work performed by the railroad on the railroad transportation corridor; and an assurance that the grantee complies with liability requirements consistent with 49 U.S.C. 28103 . For additional guidance see the FRA Answers to Frequently Asked Questions about Rail Improvement Grant Conditions under 49 U.S.C. 22905(c)(1) : https://railroads.dot.gov/​elibrary/​frequently-asked-questions-about-rail-improvement-grant-conditions-under-49-usc-ss-22905c1 .

iv. SF 424—Application for Federal Assistance.

v. SF 424A—Budget Information for Non-Construction or SF 424C—Budget Information for Construction.

vi. SF 424B—Assurances for Non-Construction or SF 424D—Assurances for Construction.

vii. FRA F30—Certification Regarding Debarment, Suspension and Other Responsibility Matters, Drug-Free Workplace Requirements and Lobbying, located at https://railroads.dot.gov/​elibrary/​fra-f-30-certifications-regarding-debarment-suspension-and-other-responsibility-matters . Start Printed Page 56799

viii. FRA F 251—Applicant Financial Capability Questionnaire, located at https://railroads.dot.gov/​elibrary/​fra-f-251 .

ix. SF LLL—Disclosure of Lobbying Activities.

Forms needed for the electronic application process are at www.Grants.gov .

See section F(2) of this notice for post-selection requirements.

To apply for funding through Grants.gov , applicants must be properly registered in SAM before submitting an application, provide a valid unique entity identifier in its application, and continue to maintain an active SAM registration all as described in detail below. Complete instructions on how to register and submit an application can be found at www.Grants.gov . Registering with Grants.gov is a one-time process; however, it can take up to several weeks for first-time registrants to receive confirmation and a user password. FRA recommends that applicants start the registration process as early as possible to prevent delays that may preclude submitting an application package by the application deadline. Applications will not be accepted after the due date. Delayed registration is not an acceptable justification for an application extension.

FRA may not make a grant award to an applicant until the applicant has complied with all applicable SAM requirements, and if an applicant has not fully complied with the requirements by the time the federal awarding agency is ready to make a federal award, the federal awarding agency may determine that the applicant is not qualified to receive a federal award and use that determination as a basis for making a federal award to another applicant. Late applications, including those that are the result of a failure to register or comply with Grants.gov applicant requirements in a timely manner, will not be considered. If an applicant has not fully complied with the requirements by the submission deadline, the application will not be considered. To submit an application through Grants.gov , applicants must follow the directions below in this subsection.

All applicants for federal financial assistance must maintain current registrations in the SAM database. An applicant must be registered in SAM to successfully register in Grants.gov . The SAM database is the repository for standard information about federal financial assistance applicants, grantees, and subrecipients. Organizations that have previously submitted applications via Grants.gov are already registered with SAM, as it is a requirement for Grants.gov registration. Please note, however, that applicants must update or renew their SAM registration at least once per year to maintain an active status. Therefore, it is critical to check registration status well in advance of the application deadline. If an applicant is selected for an award, the applicant must maintain an active SAM registration with current information throughout the period of the award, including information on a grantee's immediate and highest-level owner and subsidiaries, as well as on all predecessors that have been awarded a federal contract or grant within the last three years, if applicable. Information about SAM registration procedures is available at www.SAM.gov .

On April 4, 2022, the Federal government discontinued using DUNS numbers. The DUNS Number was replaced by a new, non-proprietary identifier that is provided by the System for Award Management ( SAM.gov ). This new identifier is called the Unique Entity Identifier (UEI), or the Entity ID. To find or request a Unique Entity Identifier, please visit: www.SAM.gov .

Applicants must complete an Authorized Organization Representative (AOR) profile on www.Grants.gov and create a username and password. Applicants must use the organization's UEI to complete this step. Additional information about the registration process is available at: https://www.grants.gov/​applicants/​applicant-registration .

The E-Biz POC at the applicant's organization must respond to the registration email from Grants.gov and login at www.Grants.gov to authorize the applicant as the AOR. Please note there can be more than one AOR for an organization.

If an applicant has trouble at any point during this process, please call the Grants.gov Customer Center Hotline at 1-800-518-4726, 24 hours a day, 7 days a week (closed on Federal holidays). For information and instructions on each of these processes, please see instructions at: https://www.grants.gov/​support .

Applicants must submit complete applications to www.Grants.gov no later than 11:59 p.m. EST, September 23, 2024. Applicants will receive a system-generated acknowledgement of receipt. FRA reviews www.Grants.gov information on dates/times of applications submitted to determine timeliness of submissions. Late applications will be neither reviewed nor considered, no exceptions. To apply for funding under this announcement, all applicants are required to be registered as an organization with Grants.gov . Applicants are strongly encouraged to apply early to ensure all materials are received before this deadline.

To ensure fair competition for limited discretionary funds, no late submissions will be reviewed for any reason, including: (1) failure to complete the Grants.gov registration process before the deadline; (2) failure to follow Grants.gov instructions on how to register and apply as posted on its website; (3) failure to follow all the instructions in this NOFO; and (4) technical issues experienced with the applicant's computer or information technology environment.

Intergovernmental Review is required for this program. Applicants must contact their State Single Point of Contact to comply with their State's process under Executive Order 12372 .

Consistent with 2 CFR 200.458 , as applicable, FRA will only approve pre-award costs if such costs are incurred pursuant to the negotiation and in anticipation of the grant agreement and if such costs are necessary for efficient and timely performance of the scope of work. [ 17 ] Under 2 CFR 200.458 , grant recipients must seek written approval from FRA for pre-award activities to be Start Printed Page 56800 eligible for reimbursement under the grant. Activities initiated prior to the execution of a grant or without FRA's written approval may be ineligible for reimbursement or matching contribution. Cost sharing or matching may be used only for authorized Federal award purposes.

Applicants may count costs incurred for Preliminary Engineering costs on Highway-Rail and Pathway-Rail Grade Crossing Projects as part of the total project costs. Consistent with 49 U.S.C. 22909(g) , such costs are eligible as non-federal share or reimbursement, even if they were incurred before project selection for award. Such costs must have been incurred no earlier than November 15, 2021, and must be otherwise compliant with 2 CFR part 200 and the requirements of this NOFO.

Please use generally accepted formats such as .pdf, .doc, .docx, .xls, .xlsx and .ppt, when uploading attachments. While applicants may embed picture files, such as .jpg, .gif, and .bmp, in document files, applicants should not submit attachments in these formats. Additionally, the following formats will not be accepted: .com, .bat, .exe, .vbs, .cfg, .dat, .db, .dbf, .dll, .ini, .log, .ora, .sys, and .zip.

FRA will first screen each application for applicant and project eligibility (eligibility requirements are outlined in section C of this NOFO), completeness (application documentation and submission requirements are outlined in section D of this NOFO), and the 20 percent minimum non-federal match.

FRA will evaluate all eligible and complete applications using the evaluation criteria outlined in this section to determine project readiness, technical merit, and project benefits.

i. Project Readiness:

In evaluating Project Readiness, FRA will evaluate project and applicant risk based on the applicant's preparedness and capacity to implement the proposed project, including whether the applicant is reasonably equipped to begin the capital or planning project in a timely manner to meet its proposed schedule. FRA will evaluate whether the applicant is able to meet project milestones and use Federal funds efficiently to deliver the proposed project. [ 18 ]

FRA will evaluate the application for the degree to which—

(A) The application demonstrates strong project readiness, evidenced by status of required NEPA actions and environmental permitting readiness (if applicable);

(B) The status and timeline of agreements, such as an agreement required under 49 U.S.C. 22905(c)(1) , necessary for the legal, financial, and technical capacity to complete the project as proposed, are sufficiently developed;

(C) The application identifies the appropriate Lifecycle Stage(s) for the proposed project, demonstrates that the project has completed or will complete any preceding Lifecycle Stage(s), and the project is able to complete all requirements of the identified Lifecycle Stage(s); and

(D) Project partner coordination and commitments, including letters of support, agreements, and funding, are secured or able to be secured without undue delay.

ii. Technical Merit:

In evaluating Technical Merit, FRA will evaluate the degree to which the application, statement of work, schedule and budget are reasonable and appropriate to achieve the expected outcomes, commitment of necessary resources and workforce to deliver the project, and the proposed project elements are appropriate for the project funding request. FRA will also consider applicant risk, including the applicant's past performance in developing and delivering similar projects.

FRA will evaluate application information for the degree to which—

(A) The tasks and subtasks outlined in the SOW, project budget, and estimated project schedule are appropriate to achieve the expected outcomes of the proposed project;

(B) The technical qualifications and experience of key personnel the applicant proposes to lead and perform the technical efforts, including the qualifications of the primary and supporting organizations, demonstrates the ability to fully and successfully execute the proposed project within the proposed time frame and budget;

(C) The project is identified in the freight investment plan component of a state freight plan, a state rail plan, a state highway-rail grade crossing action plan, a state freight plan, or other equivalent document;

(D) The project will use innovative technologies, innovative design and construction techniques, or construction materials that reduce greenhouse gas emissions;

(E) The project will use financial support from impacted rail carriers; and

(F) The project will improve the mobility of multiple modes of transportation, including ingress and egress from freight facilities, or users of nonvehicular modes of transportation such as pedestrians, bicycles, and public transportation.

iii. Project Benefits:

FRA will evaluate application information for the extent to which the proposed project—

(A) Improves safety at Highway-Rail or Pathway-Rail Grade Crossings;

(B) Proposes to grade separate, eliminate, or close one or more Highway-Rail or Pathway-Rail Grade Crossings;

(C) Improves the mobility of both people and goods;

(D) Reduces emissions, protects the environment, and provides community benefit (including noise reduction);

(E) Improves access to emergency services;

(F) Improves access to communities;

(G) Provides economic benefit; and

(H) Uses contracting incentives to employ local labor, to the extent permissible under federal law.

For each evaluation criterion—Project Readiness, Technical Merit, and Project Benefits—FRA will evaluate whether the application demonstrates level of risk or responsiveness, as applicable, as described in the rubrics below.

For each merit criterion, FRA will use rubric ratings with applied criteria to evaluate whether the applications meet the defined thresholds:

For the Project Readiness Criteria described in section E(B)(i), FRA will evaluate the application's responsiveness to the criteria, including an assessment of supporting justifications, and assign a cumulative Project Readiness risk rating. Start Printed Page 56801

UnacceptableHigh riskMedium riskLow riskApplication provides limited or no information necessary to assess the project readiness criteria; application does not demonstrate support, progress, or completion of required Lifecycle Stage(s) pre-requisites; or application contains one or more significant barriers that would prevent project deliveryApplication provides insufficient information to assess the project readiness criteria; application does not demonstrate sufficient support, progress, or completion of required Lifecycle Stage(s) pre-requisites but indicates risk to advancing the project without foreseeable delays; or application contains a barrier that would likely prevent project delivery in any of these areasApplication provides sufficient information to assess the project readiness criteria; demonstrates support, progress, or completion on one or more required Lifecycle Stage(s) pre-requisites, but indicates some risk to advancing the project in a timely manner; and the application does not contain a barrier that would likely prevent project delivery in any of these areasApplication provides thorough and complete information and evidence to assess the project readiness criteria, and demonstrates strong support, progress, or completion on required Lifecycle Stage(s) pre-requisites, and indicates minimal risk to advancing the project in a timely manner; and application does not contain a barrier that would likely prevent project delivery in any of these areas.

For the Technical Merit Criteria described in section E(B)(ii), FRA will evaluate the application's responsiveness to the criteria, including an assessment of supporting justifications, and assign a cumulative technical merit rating.

UnacceptableAcceptableResponsiveHighly responsiveApplication provides limited or no information necessary to assess the technical merit criteria, or application demonstrates one or more significant technical challenges that would prevent the applicant from delivering the projectApplication contains insufficient information to assess one or more of the technical merit criteria, or application demonstrates technical challenges that could affect project delivery, but not prevent the applicant from delivering the projectApplication provides sufficient information and evidence to assess the technical merit criteria and demonstrates that the applicant can deliver the project with minimal technical challengesApplication provides thorough and complete information and evidence to assess the technical merit criteria, and sufficiently demonstrates that the project can be successfully delivered by the applicant.

For the Project Benefits Criteria described in section E(B)(iii), FRA will evaluate the application's responsiveness to the criteria, including an assessment of supporting justifications, and assign a cumulative Project Benefits rating.

UnacceptableAcceptableResponsiveHighly responsiveApplication provides insufficient information necessary to assess the project benefits criteria, and does not demonstrate that the project will achieve its intended benefitsThe application contains limited information to assess the project benefits criteria; or the project is not likely to achieve all of its intended benefitsApplication provides sufficient information to assess the project benefits criteria, and adequately demonstrates that the project will likely achieve its intended benefitsApplication provides thorough and complete information and evidence to assess the project benefits criteria, and sufficiently demonstrates that the project will achieve its intended benefits.

In addition to the ratings described above, FRA will also apply the selection preferences described in section E(C)(i) and consider the Administration Priorities described in section E(2)(c)(ii).

After completing the merit review, FRA will apply the selection criteria and consider the Administration Priorities in this section.

(A) result in one or more grade separated crossings;

(B) close grade crossings through Track Relocation; or

(C) result in corridor-wide grade crossing improvements. [ 19 ]

ii. Administration Priorities

FRA will consider how projects address the following key Administration Priorities:

Safety: FRA will assess the project's ability to foster a safe transportation system for the movement of goods and people, consistent with DOT's strategic goal to reduce transportation-related fatalities and serious injuries across the transportation system. Such considerations will include, but are not limited to, the extent to which the project improves and upgrades infrastructure to achieve a higher level of safety, reduces incidences of rail-related trespassing, upgrades infrastructure to achieve a higher level of safety, and uses an appropriately trained workforce. Overall, FRA expects that projects will provide positive safety benefits for all users and not negatively impact safety for all users.

Climate Change and Sustainability: FRA will assess the project's ability to reduce the harmful effects of climate change and anticipate necessary improvements to prepare for extreme weather events. Such considerations may include, but are not limited to, the extent to which the project reduces emissions, promotes energy efficiency, increases resiliency, incorporates evidence-based climate resilience measures or features, and avoids adverse environmental impacts to air or Start Printed Page 56802 water quality, wetlands, and endangered species.

Applicants are encouraged to use the DOT Navigator Climate checklist in responding to this criterion. Applications that are rated highly on this criterion will be those that use data-driven and evidence-based methods to demonstrate that the project will:

  • Significantly reduce GHG emissions in the transportation sector; and
  • Incorporate evidence-based climate resilience measures or features.

Equity and Justice40: FRA will assess elements including how the project will create positive outcomes that will reduce, mitigate, or reverse how a community is experiencing disadvantage through increasing affordable transportation options, improving health or safety, reducing pollution, connecting Americans to good-paying jobs, fighting climate change, and/or improving access to nature, resources, transportation or mobility, and quality of life. FRA will consider the benefits and potential burdens a project may create, who would experience them and how the benefits and potential burdens will impact disadvantaged communities.

Applicants are strongly encouraged to use the FRA's Justice40 Rail Explorer Tool ( https://usdot.maps.arcgis.com/​apps/​webappviewer/​index.html?​id=​fd9810f673b64d228ae072bead46f703 ) to identify the rail infrastructure in their project and features of the surrounding community as the basis of their assessment. The FRA Justice40 Rail Explorer Tool is a rail-specific complement to the USDOT ETC Explorer and leverages the same methodology and metrics. The FRA Justice40 Rail Explorer Tool provides GIS information on existing rail infrastructure, communities, and pollution levels based on the proposed project's location, and applicants can thus use this tool to note how their project location scores across several different measures. Transportation disadvantaged communities experience burden, as a result of underinvestment in transportation, in the following five components: Transportation Insecurity, Climate and Disaster Risk Burden, Environmental Burden, Health Vulnerability, and Social Vulnerability.

Applicants are also encouraged to use Climate & Economic Justice Screening Tool (CEJST), a new tool by the White House Council on Environmental Quality (CEQ), that aims to help Federal agencies identify disadvantaged communities as part of the Justice40 initiative to accomplish the goal that 40% of benefits from certain federal investment reach disadvantaged communities. Applicants should use CEJST to identify disadvantaged communities (Justice40 communities). Applicants are encouraged to use the USDOT Equitable Transportation Community (ETC) Explorer to understand how their community or project area is experiencing disadvantage related to lack of transportation investments or opportunities. Through understanding how a community or project area is experiencing transportation-related disadvantage, applicants are able to address how the benefits of a project will reverse or mitigate the burdens of disadvantage and demonstrate how the project will address challenges and accrued benefits.

Workforce Development, Job Quality, and Wealth Creation: FRA will assess how the project will create good-paying, safe jobs with free and fair choice to join a union including through the use of a project labor agreement, promote investments in high-quality workforce development programs, adopt local and economic hiring preferences for the project workforce, and promote local inclusive economic and entrepreneurship programs.

For Administration Priorities, FRA will consider the application's responsiveness to the criteria, and will result in a rating of “Non-responsive, “Acceptable,” “Responsive,” or “Highly Responsive” as described in the rubric below. Applicants do not need to respond to all of the Administration Priorities if the criterion is not applicable to the proposed project.

For the Administration Priorities Criteria described in section E(C)(ii), FRA will consider the application's responsiveness to the criteria, including an assessment of supporting justifications.

Non-responsiveAcceptableResponsiveHighly responsiveApplication contains insufficient information to assess any of the Administration Priorities, or project is inconsistent with one or more of the Administration PrioritiesApplication contains limited information that is supported by some evidence, but primarily described qualitatively, that the project is consistent with at least one of the Administration PrioritiesApplication contains sufficient information that is adequately supported by both quantitative and qualitative evidence that the project has clear and direct benefits in at least one of the Administration PrioritiesApplication contains thorough and complete information that is strongly supported by both quantitative and qualitative evidence that the project has clear, direct, and significant benefits in one or more of the Administration Priorities, and is not inconsistent with any of the Administration Priorities.

Upon completion of all reviews, FRA will finalize an Overall Rating for each application. This rating will be a combination of the results of the three Merit Criteria reviews, specifically Project Readiness, Project Benefits, and Technical Merit criteria ratings as described in sections E(B)(i)-E(B)(iii); and the Administration Priorities as described in section E(c)(ii). Provided in the Overall Rating Rubric below, each rating has defined parameters to which each application will be assessed. Start Printed Page 56803

Overall Rating

Not recommendedAcceptableRecommendedHighly recommendedThe application received an overall score of not recommended based on Project Readiness, Technical Merit, and Project Benefits ratings, and consideration of Administration PrioritiesThe application received an overall score of acceptable based on Project Readiness, Technical Merit, and Project Benefits ratings, and consideration of Administration PrioritiesThe application received an overall score of recommended based on Project Readiness, Technical Merit, and Project Benefits ratings, and has clear and direct benefits in one of the Administration PrioritiesThe application received an overall score of highly recommended based on Project Readiness, Technical Merit, and Project Benefits ratings, and has clear, direct, and significant benefits in one or more of the Administration Priorities.

The evaluation process may draw upon subject matter experts within FRA Division offices whose expertise is relevant to understanding the application's responsiveness to the program criteria, such as assessing the applicant's capacity to successfully deliver the project in compliance with applicable federal requirements based on factors including, but not limited to, the recipient's experience working with federal agencies, previous experience with DOT discretionary grant awards and/or the technical experience and resources dedicated to the project. Finally, in determining the allocation of program funds, FRA may also consider geographic diversity, diversity in the size of the systems receiving funding, and the applicant's receipt of other competitive awards.

FRA will conduct a five-part application review process, as follows:

  • Intake and Eligibility Phase: Screen applications for applicant and project eligibility, completeness, and the minimum match (completed by the Evaluation Management and Oversight Team, or “EMOT,” comprised of FRA program review directors who manage the pre-award process);
  • Evaluation Review Phase: Evaluate remaining applications against the statutory technical merit criteria, project benefit criteria, project readiness and the applicant's ability (based on past performance and relevant project factors) to develop and deliver similar projects, and alignment with Administration Priorities (completed by technical merit review panels consisting of FRA and other Department of Transportation (DOT) staff). The EMOT will compile the results of the Evaluation Review Phase consistent with the RCE Program set-asides and selection preferences. After considering all FRA reviews under the statutory criteria, applications will be assigned an overall rating of “Highly Recommended,” “Recommended,” “Acceptable,” or “Not Recommended”;
  • Steering Committee Phase: The Steering Committee is comprised of Senior Directors with the Office of Railroad Development, which may also include senior leadership from the Railroad Office of Safety and other relevant offices. The EMOT briefs the Steering Committee on all rated applications, and the Steering Committee may request more information from FRA offices whose expertise may be relevant. The Steering Committee provides strategic direction, in line with program goals outlined in this NOFO, on the development of materials and approach for the Senior Review Team (SRT) briefing;
  • Senior Review Phase: The SRT, which may include senior leadership from the Office of the Secretary and FRA, will review and apply selection criteria, and recommend an initial selection of projects for the FRA Administrator's review; and
  • Selection and Award Phase: The FRA Administrator will recommend awards for the Secretary or his designee's review and approval.

Before making a federal award with a total amount of federal share greater than the simplified acquisition threshold per 2 CFR 200.1 and 2 CFR 200.320 , FRA will review and consider any information about the applicant that is in the designated integrity and performance system accessible through SAM (currently the Federal Awardee Performance and Integrity Information System (FAPIIS)). See 41 U.S.C. 2313 .

An applicant, at its option, may review information in the designated integrity and performance systems accessible through SAM and comment on any information about itself that a federal awarding agency previously entered and is currently in the designated integrity and performance system accessible through SAM.

FRA will consider any comments by the applicant, in addition to the other information, in making a judgment about the applicant's integrity, business ethics, and record of performance under federal awards when completing the review of risk posed by applicants as described in 2 CFR 200.206

F. Federal Award Administration Information  [ 20 ]

FRA will announce applications selected for funding in a press release and on FRA's website after the application review period. This announcement is FRA's notification to successful and unsuccessful applicants alike. Following this announcement, FRA will contact the point of contact listed in the SF 424 to initiate negotiation of a project-specific grant agreement. This notification is not an authorization to begin proposed project activities. FRA requires satisfaction of applicable requirements by the applicant and a formal agreement signed by both the grantee and FRA, including an approved scope, schedule, and budget, before obligating the grant.

In connection with any program or activity conducted with or benefiting from funds awarded under this notice, grantees of funds must comply with all applicable requirements of federal law, including, without limitation, the Constitution of the United States; the relevant authorization and appropriations, the conditions of performance, nondiscrimination requirements, and other assurances made applicable to the award of funds in accordance with regulations of DOT; and applicable federal financial assistance and contracting principles promulgated by the Office of Management and Budget. In complying with these requirements, grantees must ensure that no concession agreements are denied, or other contracting decisions made on the basis of speech or other activities protected by the First Start Printed Page 56804 Amendment. If DOT determines that a grantee has failed to comply with applicable federal requirements, DOT may terminate the award of funds and disallow previously incurred costs, requiring the grantee to reimburse any expended award funds. The new FRA grant agreement consists of three parts: Attachment 1: Standard Terms and Conditions, Attachment 2: Project-Specific Terms and Conditions, and Terms and Conditions Exhibits.

Examples of administrative and national policy requirements include: 2 CFR part 200 ; procurement standards at 2 CFR part 200 subpart D , 2 CFR 1207.317, and 2 CFR 200.401 ; compliance with federal civil rights laws and regulations; disadvantaged business enterprises requirements; debarment and suspension requirements; drug-free workplace requirements; FRA's and OMB's Assurances and Certifications; the Americans with Disabilities Act (ADA); safety requirements; NEPA; environmental justice; compliance with 49 U.S.C. 24905(c)(2) for the duration of NEC Projects; and 2 CFR 200.315 , governing rights to intangible property. Projects assisted with funds provided through the Maglev Grants Program are subject to 49 U.S.C. 5333(a) . Unless otherwise stated in statutory or legislative authority, or appropriations language, all financial assistance awards follow the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards at 2 CFR part 200 and 2 CFR part 1201 .

Assistance under this NOFO is subject to the grant conditions in 49 U.S.C. 22905 , including labor protective arrangements that are equivalent to the protective arrangements established under section 504 of the Railroad Revitalization and Regulatory Reform Act of 1976 ( 45 U.S.C. 836 ) with respect to employees affected by actions taken in connection with the project to be financed in whole or in part by grants, subject to 49 U.S.C. 22905 , the provision deeming operators as rail carriers and employers for certain purposes, and grantee agreements with railroad right-of-way owners for projects using railroad rights-of-way (see section D(2)(a)(viii)(A)(5)). [ 21 ]

Projects selected under this NOFO for commuter rail passenger transportation for positive train control projects may be transferred to the Federal Transit Administration for grant administration at the Secretary's discretion. If such a project is transferred to the Federal Transit Administration, applicants will be required to comply with chapter 53 of title 49 of the United States Code .

Projects that have not sufficiently considered climate change and environmental justice in their planning, as determined by FRA, will be required to do so before receiving funds for construction, consistent with core policy goals of assessing these potential impacts. For example, see Executive Order 14008 , Tackling the Climate Crisis at Home and Abroad ( 86 FR 7619 ), and Executive Order 14096 , Revitalizing Our Nation's Commitment to Environmental Justice. In the grant agreement, recipients will be expected to describe activities they have taken or will take prior to obligation of construction funds to address climate change and environmental justice (EJ). (See Article 9 of FRA's Attachment 2: Project-Specific Terms and Conditions for a list of project activities that address climate change and environmental justice priorities, available at: https://railroads.dot.gov/​sites/​fra.dot.gov/​files/​2024-02/​Attachment_​2_​Project_​Specific_​Terms_​12.11.23_​PDFa.pdf . ) Activities that address climate change include, but are not limited to, demonstrating the project: will result in significant greenhouse gas emissions reductions; supports emissions reductions goals in a local/regional/state plan; improves disaster preparedness and resilience; incorporates resilience in its design; and primarily focuses on funding for state of good repair and clean transportation options, including public transportation, walking, biking, and micro-mobility. Activities that address environmental justice may include, but are not limited to: basing project design on consideration of community impacts; information gained from screening tools such as CEJST, EPA's EJ Screen, or other appropriate environmental and community impacts tools developed by a State agency; connecting transportation disadvantaged communities or other communities with environmental justice concerns based on information gained from either the screening tools noted above or FRA's Justice40 Rail Explorer Tool; conducting enhanced, targeted outreach to potentially affected communities, including disadvantaged communities; considering environmental justice in alternatives analysis and final project design; and supporting a modal shift in freight or passenger movement to reduce emissions or reduce induced travel demand.

Projects must consider and address equity and barriers to opportunity in their planning, as determined by FRA, and as a condition of receiving construction funds, consistent with Executive Order 13985 , Advancing Racial Equity and Support for Underserved Communities Through the Federal Government ( 86 FR 7009 ). The grant agreement should include the grantee's description of activities it has taken or will take prior to obligation of construction funds that address equity and barriers to opportunity. These activities may include, but are not limited to: completing an equity impact analysis for the project; completing a community needs assessment; adopting an equity and inclusion program/plan; conducting meaningful public engagement to ensure underserved communities are provided an opportunity to be involved in the planning process in a manner consistent with Title VI of the Civil Rights Act (Title VI); including investments that either redress past barriers to opportunity or that proactively create new connections and opportunities for underserved communities; hiring from local communities; improving access to or providing economic growth and wealth building opportunities for underserved, overburdened, or rural communities; or addressing historic or current inequitable air pollution or other environmental, health, or economic burdens and impacts. (See Article 10 of FRA's Attachment 2: Project-Specific Terms and Conditions for a list of project activities that address efforts to improve racial equity and reduce barriers to opportunity, available at: https://railroads.dot.gov/​sites/​fra.dot.gov/​files/​2024-02/​Attachment_​2_​Project_​Specific_​Terms_​12.11.23_​PDFa.pdf . ) While not a selection criterion to the extent the project includes or is part of a station area, DOT encourages project sponsors to consider how the submitted project could develop or facilitate economic development, including commercial and residential development that enhances the economic vitality and competitiveness of the surrounding neighborhoods and region.

To the extent that applicants have not sufficiently considered job quality and labor rights in their planning, as determined by the Department of Labor, applicants will be required to do so before receiving funds for construction, consistent with Executive Order 14025 , Worker Organizing and Empowerment ( 86 FR 22829 ), and Executive Order 14052 , Implementation of the Infrastructure Investment and Jobs Act ( 86 FR 64335 ). Specifically, the project planning activities and project delivery actions must support: strong labor Start Printed Page 56805 standards and the free and fair choice to join a union, including project labor agreements, local hire agreements, distribution of workplace rights notices, and use of an appropriately trained workforce; support of high-quality workforce development programs, including registered apprenticeship, labor-management training programs, and supportive services to help train, place, and retain people in good-paying jobs and apprenticeships; and comprehensive planning and policies to promote hiring and inclusion for all groups of workers, including through the use of local and economic hiring preferences, linkage agreements with workforce programs that serve underrepresented groups, and proactive plans to prevent harassment. (See Article 11 of FRA's Attachment 2: Project-Specific Terms and Conditions for a list of project activities that address efforts to support good-paying jobs and strong labor standards, available at: https://railroads.dot.gov/​sites/​fra.dot.gov/​files/​2024-02/​Attachment_​2_​Project_​Specific_​Terms_​12.11.23_​PDFa.pdf . )

As a condition of grant award and consistent with Executive Order 11246 , Equal Employment Opportunity ( 30 FR 12319 , and as amended), all federally assisted contractors are required to make good faith efforts to meet the goals of 6.9 percent of construction project hours being performed by women, in addition to goals that vary based on geography for construction work hours and for work being performed by people of color. Under section 503 of the Rehabilitation Act of 1973 and its implementing regulations, affirmative action obligations for certain contractors include an aspirational employment goal of 7 percent workers with disabilities.

The U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) is charged with enforcing Executive Order 11246 , section 503 of the Rehabilitation Act, and the Vietnam Era Veterans' Readjustment Assistance Act of 1974. OFCCP has a Mega Construction Project Program through which it engages with project sponsors as early as the design phase to help promote compliance with non-discrimination and affirmative action obligations. OFCCP will identify projects that receive an award under this notice and are required to participate in OFCCP's Mega Construction Project Program from a wide range of Federally assisted projects over which OFCCP has jurisdiction and that have a project cost above $35 million. DOT will require project sponsors with costs above $35 million that receive awards under this funding opportunity to partner with OFCCP (if selected by OFCCP) as a condition of their DOT award.

It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against all hazards, including physical and cyber risks, consistent with Presidential Policy Directive 21— Critical Infrastructure Security and Resilience, and National Security Memorandum (NSM-5) on Improving Cybersecurity for Critical Infrastructure Control Systems. Each applicant selected for federal funding must demonstrate, prior to signing of the grant agreement, efforts to consider and address physical and cyber security risks relevant to the transportation mode and type and scale of the project. Projects that have not appropriately considered and addressed physical and cyber security and resilience in their planning, design, and project oversight, as determined by DOT and the Department of Homeland Security, will be required to do so before receiving funds.

As expressed in Executive Order 14005 , Ensuring the Future Is Made in All of America by All of America's Workers ( 86 FR 7475 ), the executive branch should maximize, consistent with law, the use of goods, products, and materials produced in, and services offered in, the United States. Funds made available under this notice are subject to the domestic preference requirement in 49 U.S.C. 22905(a) (FRA Buy America) and the Build America, Buy America Act, Public Law 117-58 , 70901-52. DOT expects all applicants to comply with the applicable domestic preference requirements. However, Major Projects applicants should include a domestic sourcing plan that provides details on the extent to which the materials covered by the plan are to be imported and the extent to which such materials can be sourced domestically. Applicants should also provide an explanation in the plan of the number of domestic jobs—temporary and permanent—that will be generated by the project and outline a plan to transition any foreign labor responsibilities to domestic jobs. Major Projects applicants may also request a waiver from certain Buy America requirements along with the domestic sourcing plan.

As a condition of a grant award, grant recipients should demonstrate that the recipient has a plan for compliance with civil rights obligations and nondiscrimination laws, including Title VI of the Civil Rights Act of 1964 and implementing regulations ( 49 CFR part 21 ), the Americans with Disabilities Act of 1990 (ADA), section 504 of the Rehabilitation Act, and all other civil rights requirements and accompanying regulations. This may include a current Title VI plan, completed Community Participation Plan, and a plan to address any legacy infrastructure or facilities that are not compliant with ADA standards. DOT's and FRA's Offices of Civil Rights may work with awarded grant recipients to ensure full compliance with federal civil rights requirements.

Each applicant selected for a grant will be required to comply with all standard FRA reporting requirements, including quarterly progress reports, quarterly federal financial reports, and interim and final performance reports, as well as all applicable auditing, monitoring, and close out requirements. Reports may be submitted electronically. Pursuant to 2 CFR 170.210 , non-federal entities applying under this NOFO must have the necessary processes and systems in place to comply with the reporting requirements should they receive federal funding.

Applicants selected for funding are required to comply with all reporting requirements in the standard terms and conditions for FRA grant awards, including 2 CFR 180.335 and 2 CFR 180.350 . If the total value of a selected applicant's active grants, cooperative agreements, and procurement contracts from all federal awarding agencies exceeds $10,000,000 for any period of time during the period of performance of this federal award, the applicant during that period of time must maintain the information reported to SAM and ensure it is made available in the designated integrity and performance system (currently the Federal Awardee Performance and Integrity Information System (FAPIIS)) about civil, criminal, or administrative proceedings described in paragraph 2 of this award term and condition. This is a statutory requirement under section 872 of Public Law 110-417 , as amended ( 41 U.S.C. 2313 ). As required by section Start Printed Page 56806 3010 of Public Law 111-212 , all information posted in the designated integrity and performance system on or after April 15, 2011, except past performance reviews required for federal procurement contracts, will be publicly available.

Recipients and subrecipients are also encouraged to incorporate program evaluation, including associated data collection activities from the outset of their program design and implementation, to meaningfully document and measure their progress towards meeting an agency priority goal(s). Title I of the Foundations for Evidence-Based Policymaking Act of 2018 (Evidence Act), Public Law 115-435 (2019) urges Federal awarding agencies and Federal assistance recipients and subrecipients to use program evaluation as a critical tool to learn, improve equitable delivery, and elevate program service and delivery across the program lifecycle. Evaluation means “an assessment using systematic data collection and analysis of one or more programs, policies, and organizations intended to assess their effectiveness and efficiency” ( 5 U.S.C. 311 ). Credible program evaluation activities are implemented with relevance and utility, rigor, independence and objectivity, transparency, and ethics (OMB Circular A-11, Part 6 Section 290).

For grant recipients receiving an award, evaluation costs are allowable costs (either as direct or indirect), unless prohibited by statute or regulation, and such costs may include the personnel and equipment needed for data infrastructure and expertise in data analysis, performance, and evaluation ( 2 CFR part 200 ).

Each applicant selected for funding must collect information and report on the project's performance using measures mutually agreed upon by FRA and the grantee to assess progress in achieving strategic goals and objectives. Examples of some rail performance measures for RCE funding are listed in the table below. The applicable measure(s) will depend upon the type of project.

Performance Measure Examples

Rail measuresUnit measureTemporalPrimary administration goalSecondary administration goalDescription
Reduced Grade Crossing IncidentsCountAnnualSafetyEquity and Barriers to OpportunityThe number of grade crossing incidents at the grade crossings addressed by the project. Comparison of actual versus baseline and expected post-project number of incidents.
Reduced blocked crossing timesCountAnnualEconomic StrengthSafetyAverage amount of time trains blocks the grade crossings addressed by the project. Comparison of actual performance versus baseline and expected post-project performance.
Improved emergency vehicle response times due to reduced blocked crossingsTime/TripAnnualSafetyEquity and Barriers to OpportunityMeasures how improvements impact emergency service vehicle response operations. Comparison of actual performance versus baseline and expected post-performance.
Increased percentage of freight transported by rail from commercial facilityPercentageAnnualEconomic StrengthClimate ChangeIncreased amount of freight transported compared to the baseline pre-project.
Average Daily Minutes of DelayAverage daily minutes of delay experience by vehiclesMinutes/DayEconomic StrengthEquity and Barriers to OpportunityTraffic analysis can be performed to determine the average daily minutes of delay experienced by vehicles compared to baseline and expected post-project performance.

As a condition of grant award, grantees may be required to participate in an evaluation undertaken by DOT, or another agency or partner. The evaluation may take different forms, such as an implementation assessment across grant recipients, an impact or outcomes analysis of all or selected sites within or across grantees, or a benefit/cost analysis or assessment of return on investment. DOT may require applicants to collect data elements to aid the evaluation. As a part of the evaluation, and as a condition of award, grantees must agree to: (1) make records available to the evaluation contractor; (2) provide access to program records and any other relevant documents to calculate costs and benefits; (3) in the case of an impact analysis, facilitate access to relevant information as requested; and (4) follow evaluation procedures as specified by the evaluation contractor or DOT staff. For grant recipients, evaluation expenses are allowable costs (either as direct or indirect), unless prohibited by statute or regulation, and such expenses may include the personnel and equipment needed for data infrastructure and expertise in data analysis, performance, and evaluation ( 2 CFR part 200 ).

As a condition of grant award, for construction and non-construction projects, recipients may be required to post project signage and to include public acknowledgments in published and other collateral materials ( e.g., press releases, marketing materials, website, etc.) satisfactory in form and substance to DOT, that identifies the nature of the project and indicates that “the project is funded by the Bipartisan Infrastructure Law.” In addition, recipients employing project signage are required to use the official Investing in America emblem in accordance with the official Investing in America Emblem Style Guide. Costs associated with signage and public acknowledgments must be reasonable and limited. Signs or public acknowledgments should not be produced, displayed, or published if doing so results in unreasonable cost, expense, or recipient burden. The recipient is encouraged to use recycled or recovered materials when procuring signs. Start Printed Page 56807

For further information concerning this notice, please contact the FRA NOFO Support program staff via email at [email protected] . If additional assistance is needed, you may contact Ms. Jenny Zeng, Transportation Industry Analyst in FRA's Office of Rail Program Development, by email: [email protected] or telephone: 857-330-2481.

All information submitted as part of or in support of any application must use publicly available data or data that can be made public and methodologies that are accepted by industry practice and standards, to the extent possible. If an application includes information the applicant considers to be a trade secret or confidential commercial or financial information, the applicant should do the following: (1) note on the front cover that the submission “Contains Confidential Business Information (CBI)”; (2) mark each affected page “CBI”; and (3) highlight or otherwise denote the CBI portions.

DOT regulations implementing the Freedom of Information Act (FOIA) are found at 49 CFR part 7 subpart C —Availability of Reasonably Described Records under the Freedom of Information Act, which sets forth rules for FRA to make requested materials, information, and records publicly available under FOIA. Unless prohibited by law and to the extent permitted under the FOIA, contents of applications and proposals submitted by successful applicants may be released in response to FOIA requests. DOT may share application information within DOT or with other Federal agencies if DOT determines that sharing is relevant to the respective program's objectives.

Issued in Washington, DC.

Jennifer Mitchell,

Deputy Administrator.

1.  Additional information about the USDOT Strategic Plan, Research, Development and Technology Strategic Plan can be found here: https://www.transportation.gov/​dot-strategic-plan .

2.  FRA will consider right-of-way acquisition only if it is included in an application also seeking Construction funding.

3.  $1,146,528,000 in combined FY 2023-2024 supplemental appropriations ($573,264,000 each year) are provided by Title VIII of Division J of IIJA, as well as $2,281,580 in carryover FY 2022 supplemental appropriations from Title VIII of Division J of IIJA. This creates a total of $1,148,809,580 available.

4.  FRA awarded all of the FY 2022 Rural or Tribal set-aside to eligible applicants. No additional set-aside funds are carried forward to FY 2023-2024.

5.  Highway-Rail Grade Crossing Safety Information and Education Programs are eligible under this category. FRA generally interprets this project eligibility category to relate to projects that directly improve safety and mobility at existing at-grade crossing locations.

6.  FRA will only award funds for right-of-way (ROW)/property acquisition activities if the proposed project also includes construction activities consistent with the Construction Lifecycle Stage. FRA will not fund ROW acquisition activities independently or if proposed project only includes pre-construction activities or Lifecycle Stages ( i.e., Project Planning, Project Development, or Final Design).

7.  Applicants selected for funding are encouraged to submit the following before obligation: an updated Project Management Plan (including a schedule, capital cost estimate, and financial plan), as grantees will be expected to develop a Project Management Plan under the grant agreement. See FRA's Capital Projects Guidance, Section V—Project Management for additional information.

8.  The amount requested from the RCE program on the SF-424 is the official record of request, and therefore must be consistent with the amount requested in the Project Narrative and Statement of Work documents, including the breakdown of Federal and non-Federal sources. For applications with discrepancies, FRA will defer to the funding amount in the SF-424.

9.  For more information about selected Corridors under the Corridor Identification Program, please visit: https://railroads.dot.gov/​elibrary/​fy22-CID-program-selections .

10.  Applicants should submit evidence of the availability of non-Federal funds, which may include a board resolution, letter of support from the State, a budget document highlighting the line item or section committing funds to the proposed project. The applicant may provide this documentation in an appendix. Documentation of previous and recent local investments in the project may evidence of local financial commitment project, but cannot be used to satisfy non-Federal matching requirements. Any funding commitment letters must be signed by an authorized representative of the entity providing a non-Federal match.

11.  If there is a discrepancy between materials, FRA will defer to the funding amounts shown in the applicant's SF 424 as the amount requested for funding.

12.  For other Federal funding sources proposed as match, the applicant should explain why the Federal funds are eligible as match and the legal basis for that determination.

13.  For other Federal funds that will be used for the project, the applicant should identify the Federal program and fiscal year of the funding request(s), as well as highlight new or revised information in the application responsive to this NOFO that differs from the application(s) to other financial assistance programs.

14.  If seeking to use Preliminary Engineering costs as match for a Highway-Rail and Pathway-Rail Grade Crossing Improvement Project or trespassing prevention projects, please identify the costs incurred before project selection (but after November 15, 2021).

15.  Applicants can review the history of highway-rail crossing incidents relevant to their project on FRA's public safety website: https://safetydata.fra.dot.gov/​OfficeofSafety/​publicsite/​crossing/​crossing.aspx or https://data.transportation.gov/​dataset/​Highway-Rail-Grade-Crossing-Accident-Data-Form-57-/​aeeh-bp8c/​explore .

16.   https://railroads.dot.gov/​grants-loans/​fra-discretionary-grant-agreements .

17.  For more information on pre-award costs, see FRA Answers to Frequently Asked Questions about Pre-Award Authority, available at: https://railroads.dot.gov/​elibrary/​federal-railroad-administration-answers-frequently-asked-questions-about-pre-award .

18.  Additional information on DOT's Project Readiness checklist can be found here: https://www.transportation.gov/​grants/​dot-navigator/​project-readiness-checklist-dot-discretionary-grant-applicants .

19.  FRA considers corridor-wide grade crossing improvements to be projects that directly improve a series of linked, consecutive grade crossings.

20.  More information on FRA Discretionary Grant Agreements can be found at: https://railroads.dot.gov/​grants-loans/​fra-discretionary-grant-agreements .

21.  More information on labor protections can be found here: https://railroads.dot.gov/​elibrary/​equivalent-labor-protections .

[ FR Doc. 2024-15061 Filed 7-9-24; 8:45 am]

BILLING CODE 4910-06-P

  • Executive Orders

Reader Aids

Information.

  • About This Site
  • Accessibility
  • No Fear Act
  • Continuity Information

IMAGES

  1. Example Of Cyber Security Research Paper

    cyber security research paper docx

  2. (PDF) Cybersecurity Issues in AI

    cyber security research paper docx

  3. Cyber Security Issues Essay Example

    cyber security research paper docx

  4. Cyber Security Research Paper

    cyber security research paper docx

  5. Cyber Security Research paper.docx

    cyber security research paper docx

  6. Cyber Security Research Paper --- Sandboxing.docx

    cyber security research paper docx

VIDEO

  1. Operating systems security

  2. Security Guard Gets Paper Sprayed

  3. Great research topics in cyber security #cybersecuritymastery

  4. cyber security question paper degree final year sem 6 osmania university 2024

  5. cyber security 2024 questions paper// ou Cybersecurity question paper 2024//#cybersecurity

  6. cyber security question paper December 2023 #diploma

COMMENTS

  1. Cyber Security Research Paper.docx

    See Full PDFDownload PDF. Cyber security has been really important for organizations for a long time, notwithstanding, even with interests in security cycles and innovation, cyberattacks are ordinary across all enterprises. Assessing occurrences throughout the long term, cybercriminals have been keeping occupied with sharpening their art ...

  2. Research paper A comprehensive review study of cyber-attacks and cyber

    Standard security frameworks are discussed with the history and early-generation cyber-security methods. In addition, emerging trends and recent developments of cyber security and security threats and challenges are presented. It is expected that the comprehensive review study presented for IT and cyber security researchers will be useful.

  3. Cyber risk and cybersecurity: a systematic review of data ...

    This research paper reviews the existing literature and open data sources related to cybersecurity and cyber risk, focusing on the datasets used to improve academic understanding and advance the current state-of-the-art in cybersecurity.

  4. A Study of Cyber Security and Its Challenges in The Society

    Besides various measures cyber security is still a very big concern to many. This paper mainly focuses on challenges faced by cyber security on the latest technologies .It also focuses on latest about the cyber security techniques, ethics and the trends changing the face of cyber security.

  5. Cyber Security Research Paper.docx

    View Essay - Cyber Security Research Paper.docx from COMPUTER S CSC 301 at University of Ilorin. Cyber Security Research Paper" Cyber security refers to the framework of rules, applications and

  6. Cyber Security Research Paper.docx

    View Essay - Cyber Security Research Paper.docx from CJ 4472 at Troy University, Troy. Running head: Protecting Your Networks with Cyber Security Protecting Your Networks with Cyber Security Kenneth

  7. (PDF) Research Paper on Cyber Security

    Cyber security is essential because military, government, financial, medical and corporate organizations accumulate, practise, and stock unprecedented quantities of data on PCs and other devices.

  8. Search for Cyber Security

    In this paper we explore cyber security defence, through the unification of a novel cyber security simulator with models for (causal) decision-making through optimisation.

  9. CyberSecurity Research Paper.docx

    Cybersecurity is important to individuals, firms, and nations. "Consequently, security needs are pushed back in the face of the clear priority given to speed of development and market penetration." (Shabtai, 2017) To many firm's cybersecurity is side issue, their priority is to make profit and fighting cyber-attacks requires too much money.

  10. Cyber Security Research Proposal

    Cyber Security Research Proposal - Sandboxing.docx - Free download as Word Doc (.doc / .docx), PDF File (.pdf), Text File (.txt) or read online for free. This research proposal aims to study the use of sandboxing in improving cyber security. Sandboxing works by separating an institution's programs from untrusted external sources to protect against viruses and hacking. If machines are ...

  11. (DOC) CYBER SECURITY.docx

    In this paper, a critical review of the existing cyber security mechanisms has been done and a framework for effective management of cyber security threats proposed for the UAE government agencies.

  12. 105 Latest Cyber Security Research Topics in 2024

    Looking for latest cyber security research topics of 2024? Here is a list of 105 research ideas along with the cyber security research areas, tips to choose the best topic from experts and more.

  13. Cyber security research paper.docx

    Cyber security research paper Response to hacking by company's Several companies have experiencedand have caused a lot of technicalities when dealing with their operation(Sun et al., 2018).

  14. Research Paper On "Cyber Security: Need of An Hour"

    research paper on "cyber security: need of an hour" - Free download as Word Doc (.doc / .docx), PDF File (.pdf), Text File (.txt) or read online for free. this research paper is made and presented by me and my co authors in front of the jims faculty.

  15. Cyber Security Curriculum Initiative.docx

    Data breaches and increased regulatory compliance are driving the need for cyber security managers and technicians to fill positions that did not exist several years ago. To support the requirements of an ever-growing cyber security workforce, Cyber

  16. RESEARCH PAPER.docx

    This means the cybersecurity issue is fundamental in our current economy. Dunn -Cavelty & Wenger (2020) explains cybersecurity as the act of creating more security in cyberspace by using technical and non-technical approaches.

  17. SOLUTION: Cyber security research paper docx

    Cyber security refers to the framework of rules, applications and standard practices that safeguardthe internet network, connected hardware and software applications and data from authorized

  18. RESEARCH PAPER ON CYBER SECURITY.docx.pdf

    View RESEARCH_PAPER_ON_CYBER_SECURITY.docx.pdf from ENGLISH 126 at Harvard University. Running head: CYBERSECURITY IN INDUSTRY Research Paper on Cyber Security in Industry University of the

  19. Federal Register :: Notice of Funding Opportunity for the FY 2023-FY

    It is the policy of the United States to strengthen the security and resilience of its critical infrastructure against all hazards, including physical and cyber risks, consistent with Presidential Policy Directive 21— Critical Infrastructure Security and Resilience, and National Security Memorandum (NSM-5) on Improving Cybersecurity for ...

  20. cybersecurity research paper.docx

    CYBER SECURITY 4 Introduction According to McLellan (2013), in the earlier digital years, cyber security involved circling the wagons and utilizing firewalls and other interloping prevention systems. Secure email getaways were used to protect an organization's perimeter, with additional protection being delivered by antivirus programs. After the digital revolution, cybercrime became more ...

  21. Cybersecurity Research Paper.docx

    View Cybersecurity Research Paper.docx from CJUS 540 at Liberty University. CYBERSECURITY 1 Cybersecurity Research Paper Christopher Martin Helms School of Government, Liberty University Author

  22. Cybersecurity Research Paper 1 .edited 1 .docx

    2 Cybersecurity Research Paper Introduction Cyber security protects crucial systems and confidential information from digital attacks. Cybersecurity measures aim to protect networked software and devices from internal and external threats (Sarker et al., 2020).

  23. RESEARCH PAPER ON CYBER SECURITY.docx

    View RESEARCH PAPER ON CYBER SECURITY.docx from IS MISC at Jomo Kenyatta University of Agriculture and Technology. Running head: CYBERSECURITY IN INDUSTRY Research Paper on Cyber Security in

  24. CYBERSECURITY RESEARCH PAPER

    Cybersecurity; Relation to Computer Science and Science in General. Anything which has something to do with computing and technology falls under the umbrella of computer science. Cyber security, like visual game production, technological analytics, network management, and industrial studies, is a part of computer science. Technical skills in computer science is crucial to any learning ...