A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

ERIC Educational Resources Information Center

Mohammadi, Hadi

2014-01-01

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…

Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders

NASA Astrophysics Data System (ADS)

White, Jonathan; Panda, Brajendra

A major concern for computer system security is the threat from malicious insiders who target and abuse critical data items in the system. In this paper, we propose a solution to enable automatic identification of critical data items in a database by way of data dependency relationships. This identification of critical data items is necessary because insider threats often target mission critical data in order to accomplish malicious tasks. Unfortunately, currently available systems fail to address this problem in a comprehensive manner. It is more difficult for non-experts to identify these critical data items because of their lack of familiarity and due to the fact that data systems are constantly changing. By identifying the critical data items automatically, security engineers will be better prepared to protect what is critical to the mission of the organization and also have the ability to focus their security efforts on these critical data items. We have developed an algorithm that scans the database logs and forms a directed graph showing which items influence a large number of other items and at what frequency this influence occurs. This graph is traversed to reveal the data items which have a large influence throughout the database system by using a novel metric based formula. These items are critical to the system because if they are maliciously altered or stolen, the malicious alterations will spread throughout the system, delaying recovery and causing a much more malignant effect. As these items have significant influence, they are deemed to be critical and worthy of extra security measures. Our proposal is not intended to replace existing intrusion detection systems, but rather is intended to complement current and future technologies. Our proposal has never been performed before, and our experimental results have shown that it is very effective in revealing critical data items automatically.

77 FR 19300 - National Infrastructure Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-30

... Homeland Security with advice on the security of the critical infrastructure sectors and their information systems. The NIAC will meet to address issues relevant to the protection of critical infrastructure as... Group regarding the scope of the next phase of the Working Group's critical infrastructure resilience...

Aviation security : terrorist acts demonstrate urgent need to improve security at the nation's airports

DOT National Transportation Integrated Search

2001-09-20

A safe and secure civil aviation system is a critical component of the nation's overall security, physical infrastructure, and economic foundation. Billions of dollars and a myriad of programs and policies have been devoted to achieving such a system...

Cyber Security: Assessing Our Vulnerabilities and Developing an Effective Defense

NASA Astrophysics Data System (ADS)

Spafford, Eugene H.

The number and sophistication of cyberattacks continues to increase, but no national policy is in place to confront them. Critical systems need to be built on secure foundations, rather than the cheapest general-purpose platform. A program that combines education in cyber security, increasing resources for law enforcement, development of reliable systems for critical applications, and expanding research support in multiple areas of security and reliability is essential to combat risks that are far beyond the nuisances of spam email and viruses, and involve widespread espionage, theft, and attacks on essential services.

Critical field-exponents for secure message-passing in modular networks

NASA Astrophysics Data System (ADS)

Shekhtman, Louis M.; Danziger, Michael M.; Bonamassa, Ivan; Buldyrev, Sergey V.; Caldarelli, Guido; Zlatić, Vinko; Havlin, Shlomo

2018-05-01

We study secure message-passing in the presence of multiple adversaries in modular networks. We assume a dominant fraction of nodes in each module have the same vulnerability, i.e., the same entity spying on them. We find both analytically and via simulations that the links between the modules (interlinks) have effects analogous to a magnetic field in a spin-system in that for any amount of interlinks the system no longer undergoes a phase transition. We then define the exponents δ, which relates the order parameter (the size of the giant secure component) at the critical point to the field strength (average number of interlinks per node), and γ, which describes the susceptibility near criticality. These are found to be δ = 2 and γ = 1 (with the scaling of the order parameter near the critical point given by β = 1). When two or more vulnerabilities are equally present in a module we find δ = 1 and γ = 0 (with β ≥ 2). Apart from defining a previously unidentified universality class, these exponents show that increasing connections between modules is more beneficial for security than increasing connections within modules. We also measure the correlation critical exponent ν, and the upper critical dimension d c , finding that ν {d}c=3 as for ordinary percolation, suggesting that for secure message-passing d c = 6. These results provide an interesting analogy between secure message-passing in modular networks and the physics of magnetic spin-systems.

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Security in Full-Force

NASA Technical Reports Server (NTRS)

2002-01-01

When fully developed for NASA, Vanguard Enforcer(TM) software-which emulates the activities of highly technical security system programmers, auditors, and administrators-was among the first intrusion detection programs to restrict human errors from affecting security, and to ensure the integrity of a computer's operating systems, as well as the protection of mission critical resources. Vanguard Enforcer was delivered in 1991 to Johnson Space Center and has been protecting systems and critical data there ever since. In August of 1999, NASA granted Vanguard exclusive rights to commercialize the Enforcer system for the private sector. In return, Vanguard continues to supply NASA with ongoing research, development, and support of Enforcer. The Vanguard Enforcer 4.2 is one of several surveillance technologies that make up the Vanguard Security Solutions line of products. Using a mainframe environment, Enforcer 4.2 achieves previously unattainable levels of automated security management.

INcreasing Security and Protection through Infrastructure REsilience: The INSPIRE Project

NASA Astrophysics Data System (ADS)

D'Antonio, Salvatore; Romano, Luigi; Khelil, Abdelmajid; Suri, Neeraj

The INSPIRE project aims at enhancing the European potential in the field of security by ensuring the protection of critical information infrastructures through (a) the identification of their vulnerabilities and (b) the development of innovative techniques for securing networked process control systems. To increase the resilience of such systems INSPIRE will develop traffic engineering algorithms, diagnostic processes and self-reconfigurable architectures along with recovery techniques. Hence, the core idea of the INSPIRE project is to protect critical information infrastructures by appropriately configuring, managing, and securing the communication network which interconnects the distributed control systems. A working prototype will be implemented as a final demonstrator of selected scenarios. Controls/Communication Experts will support project partners in the validation and demonstration activities. INSPIRE will also contribute to standardization process in order to foster multi-operator interoperability and coordinated strategies for securing lifeline systems.

Automatic Learning of Fine Operating Rules for Online Power System Security Control.

PubMed

Sun, Hongbin; Zhao, Feng; Wang, Hao; Wang, Kang; Jiang, Weiyong; Guo, Qinglai; Zhang, Boming; Wehenkel, Louis

2016-08-01

Fine operating rules for security control and an automatic system for their online discovery were developed to adapt to the development of smart grids. The automatic system uses the real-time system state to determine critical flowgates, and then a continuation power flow-based security analysis is used to compute the initial transfer capability of critical flowgates. Next, the system applies the Monte Carlo simulations to expected short-term operating condition changes, feature selection, and a linear least squares fitting of the fine operating rules. The proposed system was validated both on an academic test system and on a provincial power system in China. The results indicated that the derived rules provide accuracy and good interpretability and are suitable for real-time power system security control. The use of high-performance computing systems enables these fine operating rules to be refreshed online every 15 min.

Cyber Security Assessment Report: Adventium Labs

DOE Office of Scientific and Technical Information (OSTI.GOV)

None

2007-12-31

Major control system components often have life spans of 15-20 years. Many systems in our Nation's critical infrastructure were installed before the Internet became a reality and security was a concern. Consequently, control systems are generally insecure. Security is now being included in the development of new control system devices; however, legacy control systems remain vulnerable. Most efforts to secure control systems are aimed at protecting network borers, but if an intruder gets inside the network these systems are vulnerable to a cyber attack.

Ad-Hoc Networks and the Mobile Application Security System (MASS)

DTIC Science & Technology

2006-01-01

solution to this problem that addresses critical aspects of security in ad-hoc mobile application networks. This approach involves preventing unauthorized...modification of a mobile application , both by other applications and by hosts, and ensuring that mobile code is authentic and authorized. These...capabilities constitute the Mobile Application Security System (MASS). The MASS applies effective, robust security to mobile application -based systems

Architecture of security management unit for safe hosting of multiple agents

NASA Astrophysics Data System (ADS)

Gilmont, Tanguy; Legat, Jean-Didier; Quisquater, Jean-Jacques

1999-04-01

In such growing areas as remote applications in large public networks, electronic commerce, digital signature, intellectual property and copyright protection, and even operating system extensibility, the hardware security level offered by existing processors is insufficient. They lack protection mechanisms that prevent the user from tampering critical data owned by those applications. Some devices make exception, but have not enough processing power nor enough memory to stand up to such applications (e.g. smart cards). This paper proposes an architecture of secure processor, in which the classical memory management unit is extended into a new security management unit. It allows ciphered code execution and ciphered data processing. An internal permanent memory can store cipher keys and critical data for several client agents simultaneously. The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility. The result is a secure processor that has hardware support for extensible multitask operating systems, and can be used for both general applications and critical applications needing strong protection. The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance, and do not require it to be modified.

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Shannon

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, andmore » proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.« less

A study on an information security system of a regional collaborative medical platform.

PubMed

Zhao, Junping; Peng, Kun; Leng, Jinchang; Sun, Xiaowei; Zhang, Zhenjiang; Xue, Wanguo; Ren, Lianzhong

2010-01-01

The objective of this study was to share the experience of building an information security system for a regional collaborative medical platform (RCMP) and discuss the lessons learned from practical projects. Safety measures are analyzed from the perspective of system engineering. We present the essential requirements, critical architectures, and policies for system security of regional collaborative medical platforms.

Model based verification of the Secure Socket Layer (SSL) Protocol for NASA systems

NASA Technical Reports Server (NTRS)

Powell, John D.; Gilliam, David

2004-01-01

The National Aeronautics and Space Administration (NASA) has tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information theft, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach' offers formal verification of information technology (IT), through the creation of a Software Security Assessment Instrument (SSAI), to address software security risks.

75 FR 81284 - National Protection and Programs Directorate; National Infrastructure Advisory Council Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-27

... Homeland Security with advice on the security of the critical infrastructure sectors and their information systems. The NIAC will meet to address issues relevant to the protection of critical infrastructure as... Directorate; National Infrastructure Advisory Council Meeting AGENCY: National Protection and Programs...

US-CERT Control System Center Input/Output (I/O) Conceputal Design

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2005-02-01

This document was prepared for the US-CERT Control Systems Center of the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs the federal departments to identify and prioritize critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the NCSD to address the control system security component addressed in the National Strategy to Secure Cyberspace andmore » the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems; the I/O upgrade described in this document supports these goals. The vulnerability assessment Test Bed, located in the Information Operations Research Center (IORC) facility at Idaho National Laboratory (INL), consists of a cyber test facility integrated with multiple test beds that simulate the nation's critical infrastructure. The fundamental mission of the Test Bed is to provide industry owner/operators, system vendors, and multi-agency partners of the INL National Security Division a platform for vulnerability assessments of control systems. The Input/Output (I/O) upgrade to the Test Bed (see Work Package 3.1 of the FY-05 Annual Work Plan) will provide for the expansion of assessment capabilities within the IORC facility. It will also provide capabilities to connect test beds within the Test Range and other Laboratory resources. This will allow real time I/O data input and communication channels for full replications of control systems (Process Control Systems [PCS], Supervisory Control and Data Acquisition Systems [SCADA], and components). This will be accomplished through the design and implementation of a modular infrastructure of control system, communications, networking, computing and associated equipment, and measurement/control devices. The architecture upgrade will provide a flexible patching system providing a quick ''plug and play''configuration through various communication paths to gain access to live I/O running over specific protocols. This will allow for in-depth assessments of control systems in a true-to-life environment. The full I/O upgrade will be completed through a two-phased approach. Phase I, funded by DHS, expands the capabilities of the Test Bed by developing an operational control system in two functional areas, the Science & Technology Applications Research (STAR) Facility and the expansion of various portions of the Test Bed. Phase II (see Appendix A), funded by other programs, will complete the full I/O upgrade to the facility.« less

Enhancing security and improving interoperability in healthcare information systems.

PubMed

Gritzalis, D A

1998-01-01

Security is a key issue in healthcare information systems, since most aspects of security become of considerable or even critical importance when handling healthcare information. In addition, the intense need for information exchange has revealed interoperability of systems and applications as another key issue. Standardization can play an important role towards both these issues. In this paper, relevant standardization activities are briefly presented, and existing and emerging healthcare information security standards are identified and critically analysed. The analysis is based on a framework which has been developed for this reason. Therefore, the identification of gaps and inconsistencies in current standardization, the description of the conflicts of standards with legislation, and the analysis of implications of these standards to user organizations, are the main results of this paper.

On determining specifications and selections of alternative technologies for airport checked-baggage security screening.

PubMed

Feng, Qianmei

2007-10-01

Federal law mandates that every checked bag at all commercial airports be screened by explosive detection systems (EDS), explosive trace detection systems (ETD), or alternative technologies. These technologies serve as critical components of airport security systems that strive to reduce security risks at both national and global levels. To improve the operational efficiency and airport security, emerging image-based technologies have been developed, such as dual-energy X-ray (DX), backscatter X-ray (BX), and multiview tomography (MVT). These technologies differ widely in purchasing cost, maintenance cost, operating cost, processing rate, and accuracy. Based on a mathematical framework that takes into account all these factors, this article investigates two critical issues for operating screening devices: setting specifications for continuous security responses by different technologies; and selecting technology or combination of technologies for efficient 100% baggage screening. For continuous security responses, specifications or thresholds are used for classifying threat items from nonthreat items. By investigating the setting of specifications on system security responses, this article assesses the risk and cost effectiveness of various technologies for both single-device and two-device systems. The findings provide the best selection of image-based technologies for both single-device and two-device systems. Our study suggests that two-device systems outperform single-device systems in terms of both cost effectiveness and accuracy. The model can be readily extended to evaluate risk and cost effectiveness of multiple-device systems for airport checked-baggage security screening.

A Hierarchical Security Architecture for Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Quanyan Zhu; Tamer Basar

2011-08-01

Security of control systems is becoming a pivotal concern in critical national infrastructures such as the power grid and nuclear plants. In this paper, we adopt a hierarchical viewpoint to these security issues, addressing security concerns at each level and emphasizing a holistic cross-layer philosophy for developing security solutions. We propose a bottom-up framework that establishes a model from the physical and control levels to the supervisory level, incorporating concerns from network and communication levels. We show that the game-theoretical approach can yield cross-layer security strategy solutions to the cyber-physical systems.

The public transportation system security and emergency preparedness planning guide

DOT National Transportation Integrated Search

2003-01-01

Recent events have focused renewed attention on the vulnerability of the nation's critical infrastructure to major events, including terrorism. The Public Transportation System Security and Emergency Preparedness Planning Guide has been prepared to s...

Towards the cyber security paradigm of ehealth: Resilience and design aspects

NASA Astrophysics Data System (ADS)

Rajamäki, Jyri; Pirinen, Rauno

2017-06-01

Digital technologies have significantly changed the role of healthcare clients in seeking and receiving medical help, as well as brought up more cooperative policy issues in healthcare cross-border services. Citizens continue to take a more co-creative role in decisions about their own healthcare, and new technologies can enable and facilitate this emergent trend. In this study, healthcare services have been intended as a critical societal sector and therefore healthcare systems are focused on as critical infrastructures that ought to be protected from all types of fears, including cyber security threats and attacks. Despite continual progress in the systemic risk management of cyber domain, it is clear that anticipation and prevention of all possible types of attack and malfunction are not achievable for current or future cyber infrastructures. This study focuses on the investigation of a cyber security paradigm, adaptive systems and sense of resilience in a healthcare critical information infrastructure.

Analyzing the security of an existing computer system

NASA Technical Reports Server (NTRS)

Bishop, M.

1986-01-01

Most work concerning secure computer systems has dealt with the design, verification, and implementation of provably secure computer systems, or has explored ways of making existing computer systems more secure. The problem of locating security holes in existing systems has received considerably less attention; methods generally rely on thought experiments as a critical step in the procedure. The difficulty is that such experiments require that a large amount of information be available in a format that makes correlating the details of various programs straightforward. This paper describes a method of providing such a basis for the thought experiment by writing a special manual for parts of the operating system, system programs, and library subroutines.

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

Critical Infrastructure Protection II, The International Federation for Information Processing, Volume 290.

NASA Astrophysics Data System (ADS)

Papa, Mauricio; Shenoi, Sujeet

The information infrastructure -- comprising computers, embedded devices, networks and software systems -- is vital to day-to-day operations in every sector: information and telecommunications, banking and finance, energy, chemicals and hazardous materials, agriculture, food, water, public health, emergency services, transportation, postal and shipping, government and defense. Global business and industry, governments, indeed society itself, cannot function effectively if major components of the critical information infrastructure are degraded, disabled or destroyed. Critical Infrastructure Protection II describes original research results and innovative applications in the interdisciplinary field of critical infrastructure protection. Also, it highlights the importance of weaving science, technology and policy in crafting sophisticated, yet practical, solutions that will help secure information, computer and network assets in the various critical infrastructure sectors. Areas of coverage include: - Themes and Issues - Infrastructure Security - Control Systems Security - Security Strategies - Infrastructure Interdependencies - Infrastructure Modeling and Simulation This book is the second volume in the annual series produced by the International Federation for Information Processing (IFIP) Working Group 11.10 on Critical Infrastructure Protection, an international community of scientists, engineers, practitioners and policy makers dedicated to advancing research, development and implementation efforts focused on infrastructure protection. The book contains a selection of twenty edited papers from the Second Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection held at George Mason University, Arlington, Virginia, USA in the spring of 2008.

Manufacturing Accomplices: ICT Use in Securing the Safety State at Airports

NASA Astrophysics Data System (ADS)

Østerlie, Thomas; Asak, Ole Martin; Pettersen, Ole Georg; Tronhus, Håvard

Based on a study of ICT use at an airport security checkpoint, this paper explores a possible explanation to the paradox that travelers find existing airport security measures inadequate while at the same time believing air travel to be sufficiently secure. We pursue this explanation by showing that, for the security checkpoint to function properly in relation to the overall function of the airport, travelers have to be enrolled in a particular program of action. They are then locked into this program through sanctions. Travelers are forced into participating in a system many of them find ethically and morally objectionable. Yet, active participation makes it difficult for them to object to the moral and ethical issues of their actions without damning themselves. Our explanation of the security paradox is, therefore, that while travelers remain critical of airport security, they avoid damning themselves by criticizing the system in terms of its own logic. They have been made accomplices.

Recommended Practice for Securing Control System Modems

DOE Office of Scientific and Technical Information (OSTI.GOV)

James R. Davidson; Jason L. Wright

2008-01-01

This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

Managing Complex IT Security Processes with Value Based Measures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

2009-01-01

Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides amore » comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.« less

Integrated homeland security system with passive thermal imaging and advanced video analytics

NASA Astrophysics Data System (ADS)

Francisco, Glen; Tillman, Jennifer; Hanna, Keith; Heubusch, Jeff; Ayers, Robert

2007-04-01

A complete detection, management, and control security system is absolutely essential to preempting criminal and terrorist assaults on key assets and critical infrastructure. According to Tom Ridge, former Secretary of the US Department of Homeland Security, "Voluntary efforts alone are not sufficient to provide the level of assurance Americans deserve and they must take steps to improve security." Further, it is expected that Congress will mandate private sector investment of over $20 billion in infrastructure protection between 2007 and 2015, which is incremental to funds currently being allocated to key sites by the department of Homeland Security. Nearly 500,000 individual sites have been identified by the US Department of Homeland Security as critical infrastructure sites that would suffer severe and extensive damage if a security breach should occur. In fact, one major breach in any of 7,000 critical infrastructure facilities threatens more than 10,000 people. And one major breach in any of 123 facilities-identified as "most critical" among the 500,000-threatens more than 1,000,000 people. Current visible, nightvision or near infrared imaging technology alone has limited foul-weather viewing capability, poor nighttime performance, and limited nighttime range. And many systems today yield excessive false alarms, are managed by fatigued operators, are unable to manage the voluminous data captured, or lack the ability to pinpoint where an intrusion occurred. In our 2006 paper, "Critical Infrastructure Security Confidence Through Automated Thermal Imaging", we showed how a highly effective security solution can be developed by integrating what are now available "next-generation technologies" which include: Thermal imaging for the highly effective detection of intruders in the dark of night and in challenging weather conditions at the sensor imaging level - we refer to this as the passive thermal sensor level detection building block Automated software detection for creating initial alerts - we refer to this as software level detection, the next level building block Immersive 3D visual assessment for situational awareness and to manage the reaction process - we refer to this as automated intelligent situational awareness, a third building block Wide area command and control capabilities to allow control from a remote location - we refer to this as the management and process control building block integrating together the lower level building elements. In addition, this paper describes three live installations of complete, total systems that incorporate visible and thermal cameras as well as advanced video analytics. Discussion of both system elements and design is extensive.

77 FR 38467 - Special Conditions: Gulfstream Aerospace LP (GALP), Model Gulfstream G280 Airplane; Isolation or...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-28

... network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the... Gulfstream G280 Airplane; Isolation or Aircraft Electronic System Security Protection From Unauthorized... connectivity of the passenger service computer systems to the airplane critical systems and data networks. The...

Foundational Security Principles for Medical Application Platforms* (Extended Abstract)

PubMed Central

Vasserman, Eugene Y.; Hatcliff, John

2014-01-01

We describe a preliminary set of security requirements for safe and secure next-generation medical systems, consisting of dynamically composable units, tied together through a real-time safety-critical middleware. We note that this requirement set is not the same for individual (stand-alone) devices or for electronic health record systems, and we must take care to define system-level requirements rather than security goals for components. The requirements themselves build on each other such that it is difficult or impossible to eliminate any one of the requirements and still achieve high-level security goals. PMID:25599096

A New Operating System for Security Tagged Architecture Hardware in Support of Multiple Independent Levels of Security (MILS) Compliant System

DTIC Science & Technology

2014-04-01

important data structures of RTEMS are introduced. Section 3.2.2 discusses the problems we found in RTEMS that may cause security vulnerabilities...the important data structures in RTEMS: Object, which is a critical data structure in the SCORE, tasks threads. Approved for Public Release...these important system codes. The example code shows a possibility that a user can delete a system thread. Therefore, in order to protect system

The Continuing Evolution of Effective IT Security Practices

ERIC Educational Resources Information Center

Voloudakis, John

2006-01-01

In the past three years, higher education institutions have made a number of moves to secure their critical systems and protect their users, resulting in a marked change in the techniques used to combat security threats. Today, continued progress may depend on the development of an enterprise IT security program. (Contains 10 notes.)

75 FR 35508 - Draft Regulatory Guide: Issuance, Availability

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-22

... Systems and Networks,'' requires licensees to develop cyber-security plans and programs to protect critical digital assets, including digital safety systems, from malicious cyber attacks. Regulatory Guide 5.71, ``Cyber Security Programs for Nuclear Facilities,'' provides guidance to meet the requirements of...

Exploring the effectiveness of transit security awareness campaigns in the San Francisco Bay Area.

DOT National Transportation Integrated Search

2010-06-01

Public involvement in alerting officials of suspicious and potentially harmful activity is critical to the overall security of a transit system. As part of an effort to get passengers and the public involved, many transit agencies have security aware...

Towards Resilient Critical Infrastructures: Application of Type-2 Fuzzy Logic in Embedded Network Security Cyber Sensor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Jim Alves-Foss

2011-08-01

Resiliency and cyber security of modern critical infrastructures is becoming increasingly important with the growing number of threats in the cyber-environment. This paper proposes an extension to a previously developed fuzzy logic based anomaly detection network security cyber sensor via incorporating Type-2 Fuzzy Logic (T2 FL). In general, fuzzy logic provides a framework for system modeling in linguistic form capable of coping with imprecise and vague meanings of words. T2 FL is an extension of Type-1 FL which proved to be successful in modeling and minimizing the effects of various kinds of dynamic uncertainties. In this paper, T2 FL providesmore » a basis for robust anomaly detection and cyber security state awareness. In addition, the proposed algorithm was specifically developed to comply with the constrained computational requirements of low-cost embedded network security cyber sensors. The performance of the system was evaluated on a set of network data recorded from an experimental cyber-security test-bed.« less

Security engineering: systems engineering of security through the adaptation and application of risk management

NASA Technical Reports Server (NTRS)

Gilliam, David P.; Feather, Martin S.

2004-01-01

Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle.

Food Security Framings within the UK and the Integration of Local Food Systems

ERIC Educational Resources Information Center

Kirwan, James; Maye, Damian

2013-01-01

This paper provides a critical interpretation of food security politics in the UK. It applies the notion of food security collective action frames to assess how specific action frames are maintained and contested. The interdependency between scale and framing in food security discourse is also scrutinised. It does this through an examination of…

Close the Gate, Lock the Windows, Bolt the Doors: Securing Library Computers. Online Treasures

ERIC Educational Resources Information Center

Balas, Janet

2005-01-01

This article, written by a systems librarian at the Monroeville Public Library, discusses a major issue affecting all computer users, security. It indicates that while, staying up-to-date on the latest security issues has become essential for all computer users, it's more critical for network managers who are responsible for securing computer…

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew A.

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

NASA Technical Reports Server (NTRS)

Branch, Drew

2013-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2014 CFR

2014-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2014-01-01 2014-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2011 CFR

2011-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2011-01-01 2011-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2010 CFR

2010-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2010-01-01 2010-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2012 CFR

2012-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2012-01-01 2012-01-01 false Protected Critical Infrastructure Information...

6 CFR 29.4 - Protected Critical Infrastructure Information Program administration.

Code of Federal Regulations, 2013 CFR

2013-01-01

...) Protected Critical Infrastructure Information Management System (PCIIMS). The PCII Program Manager shall... be known as the “Protected Critical Infrastructure Information Management System” (PCIIMS), to record... 6 Domestic Security 1 2013-01-01 2013-01-01 false Protected Critical Infrastructure Information...

Using RFID to enhance security in off-site data storage.

PubMed

Lopez-Carmona, Miguel A; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system's benefits in terms of efficiency and failure prevention.

What are we assessing when we measure food security? A compendium and review of current metrics.

PubMed

Jones, Andrew D; Ngure, Francis M; Pelto, Gretel; Young, Sera L

2013-09-01

The appropriate measurement of food security is critical for targeting food and economic aid; supporting early famine warning and global monitoring systems; evaluating nutrition, health, and development programs; and informing government policy across many sectors. This important work is complicated by the multiple approaches and tools for assessing food security. In response, we have prepared a compendium and review of food security assessment tools in which we review issues of terminology, measurement, and validation. We begin by describing the evolving definition of food security and use this discussion to frame a review of the current landscape of measurement tools available for assessing food security. We critically assess the purpose/s of these tools, the domains of food security assessed by each, the conceptualizations of food security that underpin each metric, as well as the approaches that have been used to validate these metrics. Specifically, we describe measurement tools that 1) provide national-level estimates of food security, 2) inform global monitoring and early warning systems, 3) assess household food access and acquisition, and 4) measure food consumption and utilization. After describing a number of outstanding measurement challenges that might be addressed in future research, we conclude by offering suggestions to guide the selection of appropriate food security metrics.

What Are We Assessing When We Measure Food Security? A Compendium and Review of Current Metrics12

PubMed Central

Jones, Andrew D.; Ngure, Francis M.; Pelto, Gretel; Young, Sera L.

2013-01-01

The appropriate measurement of food security is critical for targeting food and economic aid; supporting early famine warning and global monitoring systems; evaluating nutrition, health, and development programs; and informing government policy across many sectors. This important work is complicated by the multiple approaches and tools for assessing food security. In response, we have prepared a compendium and review of food security assessment tools in which we review issues of terminology, measurement, and validation. We begin by describing the evolving definition of food security and use this discussion to frame a review of the current landscape of measurement tools available for assessing food security. We critically assess the purpose/s of these tools, the domains of food security assessed by each, the conceptualizations of food security that underpin each metric, as well as the approaches that have been used to validate these metrics. Specifically, we describe measurement tools that 1) provide national-level estimates of food security, 2) inform global monitoring and early warning systems, 3) assess household food access and acquisition, and 4) measure food consumption and utilization. After describing a number of outstanding measurement challenges that might be addressed in future research, we conclude by offering suggestions to guide the selection of appropriate food security metrics. PMID:24038241

2011 Defense Industrial Base Critical Infrastructure Protection Conference (DIBCIP)

DTIC Science & Technology

2011-08-25

Office of the Program Manager, Information Sharing Environment u Mr. Vince Jarvie , Vice President, Corporate Security, L-3 Communications...National Defense University IRM College and in 2008 he obtained the Certified Information System Security Professional certificate. MR. VINCE JARVIE ...Vice President, Corporate Security, L-3 Communciations Corporation Mr. Vincent (Vince) Jarvie is the Vice President, Corporate Security for L-3

Critical side channel effects in random bit generation with multiple semiconductor lasers in a polarization-based quantum key distribution system.

PubMed

Ko, Heasin; Choi, Byung-Seok; Choe, Joong-Seon; Kim, Kap-Joong; Kim, Jong-Hoi; Youn, Chun Ju

2017-08-21

Most polarization-based BB84 quantum key distribution (QKD) systems utilize multiple lasers to generate one of four polarization quantum states randomly. However, random bit generation with multiple lasers can potentially open critical side channels that significantly endangers the security of QKD systems. In this paper, we show unnoticed side channels of temporal disparity and intensity fluctuation, which possibly exist in the operation of multiple semiconductor laser diodes. Experimental results show that the side channels can enormously degrade security performance of QKD systems. An important system issue for the improvement of quantum bit error rate (QBER) related with laser driving condition is further addressed with experimental results.

Medical systems and malware.

PubMed

Kusche, Kristopher P

2004-01-01

No longer just an information technology issue, network security requires a multifaceted, multidisciplinary approach to ensuring critical equipment functionality, data security, and patient safety. This article provides insight into the threat of malware and ways to deal with it.

Cyber Security Testing and Training Programs for Industrial Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Daniel Noyes

2012-03-01

Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall securitymore » posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.« less

An enhanced security solution for electronic medical records based on AES hybrid technique with SOAP/XML and SHA-1.

PubMed

Kiah, M L Mat; Nabi, Mohamed S; Zaidan, B B; Zaidan, A A

2013-10-01

This study aims to provide security solutions for implementing electronic medical records (EMRs). E-Health organizations could utilize the proposed method and implement recommended solutions in medical/health systems. Majority of the required security features of EMRs were noted. The methods used were tested against each of these security features. In implementing the system, the combination that satisfied all of the security features of EMRs was selected. Secure implementation and management of EMRs facilitate the safeguarding of the confidentiality, integrity, and availability of e-health organization systems. Health practitioners, patients, and visitors can use the information system facilities safely and with confidence anytime and anywhere. After critically reviewing security and data transmission methods, a new hybrid method was proposed to be implemented on EMR systems. This method will enhance the robustness, security, and integration of EMR systems. The hybrid of simple object access protocol/extensible markup language (XML) with advanced encryption standard and secure hash algorithm version 1 has achieved the security requirements of an EMR system with the capability of integrating with other systems through the design of XML messages.

Forewarning of Failure in Complex Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Hively, Lee M; Prowell, Stacy J

2011-01-01

As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from disruption or failure of these networks has also increased. Securing the nation s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. A failure is inclusive of random events, design flaws, and instabilities caused by cyber (and/or physical) attack. One such domain is failure in critical equipment. A second is aging bridges. We discuss the workings of such amore » system in the context of the necessary sensors, command and control and data collection as well as the cyber security efforts that would support this system. Their application and the implications of this computing architecture are also discussed, with respect to our nation s aging infrastructure.« less

Network Randomization and Dynamic Defense for Critical Infrastructure Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chavez, Adrian R.; Martin, Mitchell Tyler; Hamlet, Jason

2015-04-01

Critical Infrastructure control systems continue to foster predictable communication paths, static configurations, and unpatched systems that allow easy access to our nation's most critical assets. This makes them attractive targets for cyber intrusion. We seek to address these attack vectors by automatically randomizing network settings, randomizing applications on the end devices themselves, and dynamically defending these systems against active attacks. Applying these protective measures will convert control systems into moving targets that proactively defend themselves against attack. Sandia National Laboratories has led this effort by gathering operational and technical requirements from Tennessee Valley Authority (TVA) and performing research and developmentmore » to create a proof-of-concept solution. Our proof-of-concept has been tested in a laboratory environment with over 300 nodes. The vision of this project is to enhance control system security by converting existing control systems into moving targets and building these security measures into future systems while meeting the unique constraints that control systems face.« less

The Market Value of Information System (IS) Security: An Event Study of E-Banking Service Providers

ERIC Educational Resources Information Center

Brock, Linda

2012-01-01

Understanding the financial value resulting from IS security investments is critically important to organizations focused on protecting service confidentiality, integrity, and availability in order to preserve firm revenues and reputations. Quantifying the financial effect from IS security investments is difficult to derive. This study…

Social Security Number Protection Laws: State-by-State Summary Table

ERIC Educational Resources Information Center

Data Quality Campaign, 2011

2011-01-01

As state policymakers implement statewide longitudinal data systems that collect, store, link and share student-level data, it is critical that they understand applicable privacy and data security standards and laws designed to ensure the privacy, security, and confidentiality of that data. To help state policymakers navigate this complex legal…

Examining Cybersecurity of Cyberphysical Systems for Critical Infrastructures Through Work Domain Analysis.

PubMed

Wang, Hao; Lau, Nathan; Gerdes, Ryan M

2018-04-01

The aim of this study was to apply work domain analysis for cybersecurity assessment and design of supervisory control and data acquisition (SCADA) systems. Adoption of information and communication technology in cyberphysical systems (CPSs) for critical infrastructures enables automated and distributed control but introduces cybersecurity risk. Many CPSs employ SCADA industrial control systems that have become the target of cyberattacks, which inflict physical damage without use of force. Given that absolute security is not feasible for complex systems, cyberintrusions that introduce unanticipated events will occur; a proper response will in turn require human adaptive ability. Therefore, analysis techniques that can support security assessment and human factors engineering are invaluable for defending CPSs. We conducted work domain analysis using the abstraction hierarchy (AH) to model a generic SCADA implementation to identify the functional structures and means-ends relations. We then adopted a case study approach examining the Stuxnet cyberattack by developing and integrating AHs for the uranium enrichment process, SCADA implementation, and malware to investigate the interactions between the three aspects of cybersecurity in CPSs. The AHs for modeling a generic SCADA implementation and studying the Stuxnet cyberattack are useful for mapping attack vectors, identifying deficiencies in security processes and features, and evaluating proposed security solutions with respect to system objectives. Work domain analysis is an effective analytical method for studying cybersecurity of CPSs for critical infrastructures in a psychologically relevant manner. Work domain analysis should be applied to assess cybersecurity risk and inform engineering and user interface design.

Using RFID to Enhance Security in Off-Site Data Storage

PubMed Central

Lopez-Carmona, Miguel A.; Marsa-Maestre, Ivan; de la Hoz, Enrique; Velasco, Juan R.

2010-01-01

Off-site data storage is one of the most widely used strategies in enterprises of all sizes to improve business continuity. In medium-to-large size enterprises, the off-site data storage processes are usually outsourced to specialized providers. However, outsourcing the storage of critical business information assets raises serious security considerations, some of which are usually either disregarded or incorrectly addressed by service providers. This article reviews these security considerations and presents a radio frequency identification (RFID)-based, off-site, data storage management system specifically designed to address security issues. The system relies on a set of security mechanisms or controls that are arranged in security layers or tiers to balance security requirements with usability and costs. The system has been successfully implemented, deployed and put into production. In addition, an experimental comparison with classical bar-code-based systems is provided, demonstrating the system’s benefits in terms of efficiency and failure prevention. PMID:22163638

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Understanding Information Security Culture in an Organization: An Interpretive Case Study

ERIC Educational Resources Information Center

Bess, Donald Arlo

2012-01-01

Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information…

Quality of protection evaluation of security mechanisms.

PubMed

Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

2014-01-01

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol.

Design and Implementation of a Secure Modbus Protocol

NASA Astrophysics Data System (ADS)

Fovino, Igor Nai; Carcano, Andrea; Masera, Marcelo; Trombetta, Alberto

The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

An integrated water-energy-food-livelihoods approach for assessing environmental livelihood security

NASA Astrophysics Data System (ADS)

Biggs, E. M.; Duncan, J.; Boruff, B.; Bruce, E.; Neef, A.; McNeill, K.; van Ogtrop, F. F.; Haworth, B.; Duce, S.; Horsley, J.; Pauli, N.; Curnow, J.; Imanari, Y.

2015-12-01

Environmental livelihood security refers to the challenges of maintaining global food security and universal access to freshwater and energy to sustain livelihoods and promote inclusive economic growth, whilst sustaining key environmental systems' functionality, particularly under variable climatic regimes. Environmental security is a concept complementary to sustainable development, and considers the increased vulnerability people have to certain environmental stresses, such as climatic change. Bridging links between the core component concepts of environmental security is integral to future human security, and in an attempt to create this bridge, the nexus approach to human protection has been created, where water resource availability underpins food, water and energy security. The water-energy-food nexus has an influential role in attaining human security, yet little research has made the link between the nexus and livelihoods. In this research we provide a critical appraisal of the synergies between water-energy-food nexus framings and sustainable livelihoods approaches, both of which aim to promote sustainable development. In regions where livelihoods are dependent on environmental conditions, the concept of sustainable development is critical for ensuring future environmental and human security. Given our appraisal we go on to develop an integrated framework for assessing environmental livelihood security of multiscale and multi-level systems. This framework provides a tangible approach for assessing changes in the water-energy-food-livelihood indicators of a system. Examples of where system applications may occur are discussed for the Southeast Asia and Oceania region. Our approach will be particularly useful for policy-makers to inform evidence-based decision-making, especially in localities where climate change increases the vulnerability of impoverished communities and extenuates environmental livelihood insecurity.

Report: EPA Needs to Strengthen Financial Database Security Oversight and Monitor Compliance

EPA Pesticide Factsheets

Report #2007-P-00017, March 29, 2007. Weaknesses in how EPA offices monitor databases for known security vulnerabilities, communicate the status of critical system patches, and monitor the access to database administrator accounts and privileges.

Applying New Network Security Technologies to SCADA Systems.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A; Stamp, Jason Edwin; Duggan, David P

2006-11-01

Supervisory Control and Data Acquisition (SCADA) systems for automation are very important for critical infrastructure and manufacturing operations. They have been implemented to work in a number of physical environments using a variety of hardware, software, networking protocols, and communications technologies, often before security issues became of paramount concern. To offer solutions to security shortcomings in the short/medium term, this project was to identify technologies used to secure "traditional" IT networks and systems, and then assess their efficacy with respect to SCADA systems. These proposed solutions must be relatively simple to implement, reliable, and acceptable to SCADA owners and operators.more » 4This page intentionally left blank.« less

Enabling Dynamic Security Management of Networked Systems via Device-Embedded Security (Self-Securing Devices)

DTIC Science & Technology

2007-01-15

it can detect specifically proscribed content changes to critical files (e.g., illegal shells inserted into /etc/ passwd ). Fourth, it can detect the...UNIX password management involves a pair of inter-related files (/etc/ passwd and /etc/shadow). The corresponding access patterns seen at the storage...content integrity verification is utilized. As a concrete example, consider a UNIX system password file (/etc/ passwd ), which consists of a set of well

Creation of security engineering programs by the Southwest Surety Institute

NASA Astrophysics Data System (ADS)

Romero, Van D.; Rogers, Bradley; Winfree, Tim; Walsh, Dan; Garcia, Mary Lynn

1998-12-01

The Southwest Surety Institute includes Arizona State University (ASU), Louisiana State University (LSU), New Mexico Institute of Mining and Technology (NM Tech), New Mexico State University (NMSU), and Sandia National Laboratories (SNL). The universities currently offer a full spectrum of post-secondary programs in security system design and evaluation, including an undergraduate minor, a graduate program, and continuing education programs. The programs are based on the methodology developed at Sandia National Laboratories over the past 25 years to protect critical nuclear assets. The programs combine basic concepts and principles from business, criminal justice, and technology to create an integrated performance-based approach to security system design and analysis. Existing university capabilities in criminal justice (NMSU), explosives testing and technology (NM Tech and LSU), and engineering technology (ASU) are leveraged to provide unique science-based programs that will emphasize the use of performance measures and computer analysis tools to prove the effectiveness of proposed systems in the design phase. Facility managers may then balance increased protection against the cost of implementation and risk mitigation, thereby enabling effective business decisions. Applications expected to benefit from these programs include corrections, law enforcement, counter-terrorism, critical infrastructure protection, financial and medical care fraud, industrial security, and border security.

Software Assurance in Acquisition: Mitigating Risks to the Enterprise. A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing

DTIC Science & Technology

2009-02-01

management, available at <http://www.iso.org/ iso /en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICS1=35&ICS2=40 &ICS3=>. ISO /IEC 27001 . Information...Management of the Systems Engineering Process. [ ISO /IEC 27001 ] ISO /IEC 27001 :2005. Information technology -- Security techniques -- Information security...software life cycles [ ISO /IEC 15026]. Software assurance is a key element of national security and homeland security. It is critical because dramatic

Quality of Protection Evaluation of Security Mechanisms

PubMed Central

Ksiezopolski, Bogdan; Zurek, Tomasz; Mokkas, Michail

2014-01-01

Recent research indicates that during the design of teleinformatic system the tradeoff between the systems performance and the system protection should be made. The traditional approach assumes that the best way is to apply the strongest possible security measures. Unfortunately, the overestimation of security measures can lead to the unreasonable increase of system load. This is especially important in multimedia systems where the performance has critical character. In many cases determination of the required level of protection and adjustment of some security measures to these requirements increase system efficiency. Such an approach is achieved by means of the quality of protection models where the security measures are evaluated according to their influence on the system security. In the paper, we propose a model for QoP evaluation of security mechanisms. Owing to this model, one can quantify the influence of particular security mechanisms on ensuring security attributes. The methodology of our model preparation is described and based on it the case study analysis is presented. We support our method by the tool where the models can be defined and QoP evaluation can be performed. Finally, we have modelled TLS cryptographic protocol and presented the QoP security mechanisms evaluation for the selected versions of this protocol. PMID:25136683

DOE Office of Scientific and Technical Information (OSTI.GOV)

Halbgewachs, Ronald D.; Chavez, Adrian R.

Process Control System (PCS) and Industrial Control System (ICS) security is critical to our national security. But there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. Sandia National Laboratories has performed the research and development of the OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE), to address this issue. OPSAID is an open-source architecture for PCS/ICS security that provides a design basis for vendors to build add-on security devices for legacy systems, whilemore » providing a path forward for the development of inherently-secure PCS elements in the future. Using standardized hardware, a proof-of-concept prototype system was also developed. This report describes the improvements and capabilities that have been added to OPSAID since an initial report was released. Testing and validation of this architecture has been conducted in another project, Lemnos Interoperable Security Project, sponsored by DOE/OE and managed by the National Energy Technology Laboratory (NETL).« less

Risk Assessment Methodology Based on the NISTIR 7628 Guidelines

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

Earlier work describes computational models of critical infrastructure that allow an analyst to estimate the security of a system in terms of the impact of loss per stakeholder resulting from security breakdowns. Here, we consider how to identify, monitor and estimate risk impact and probability for different smart grid stakeholders. Our constructive method leverages currently available standards and defined failure scenarios. We utilize the National Institute of Standards and Technology (NIST) Interagency or Internal Reports (NISTIR) 7628 as a basis to apply Cyberspace Security Econometrics system (CSES) for comparing design principles and courses of action in making security-related decisions.

Applying a Space-Based Security Recovery Scheme for Critical Homeland Security Cyberinfrastructure Utilizing the NASA Tracking and Data Relay (TDRS) Based Space Network

NASA Technical Reports Server (NTRS)

Shaw, Harry C.; McLaughlin, Brian; Stocklin, Frank; Fortin, Andre; Israel, David; Dissanayake, Asoka; Gilliand, Denise; LaFontaine, Richard; Broomandan, Richard; Hyunh, Nancy

2015-01-01

Protection of the national infrastructure is a high priority for cybersecurity of the homeland. Critical infrastructure such as the national power grid, commercial financial networks, and communications networks have been successfully invaded and re-invaded from foreign and domestic attackers. The ability to re-establish authentication and confidentiality of the network participants via secure channels that have not been compromised would be an important countermeasure to compromise of our critical network infrastructure. This paper describes a concept of operations by which the NASA Tracking and Data Relay (TDRS) constellation of spacecraft in conjunction with the White Sands Complex (WSC) Ground Station host a security recovery system for re-establishing secure network communications in the event of a national or regional cyberattack. Users would perform security and network restoral functions via a Broadcast Satellite Service (BSS) from the TDRS constellation. The BSS enrollment only requires that each network location have a receive antenna and satellite receiver. This would be no more complex than setting up a DIRECTTV-like receiver at each network location with separate network connectivity. A GEO BSS would allow a mass re-enrollment of network nodes (up to nationwide) simultaneously depending upon downlink characteristics. This paper details the spectrum requirements, link budget, notional assets and communications requirements for the scheme. It describes the architecture of such a system and the manner in which it leverages off of the existing secure infrastructure which is already in place and managed by the NASAGSFC Space Network Project.

Quantifying Availability in SCADA Environments Using the Cyber Security Metric MFC

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aissa, Anis Ben; Rabai, Latifa Ben Arfa; Abercrombie, Robert K

2014-01-01

Supervisory Control and Data Acquisition (SCADA) systems are distributed networks dispersed over large geographic areas that aim to monitor and control industrial processes from remote areas and/or a centralized location. They are used in the management of critical infrastructures such as electric power generation, transmission and distribution, water and sewage, manufacturing/industrial manufacturing as well as oil and gas production. The availability of SCADA systems is tantamount to assuring safety, security and profitability. SCADA systems are the backbone of the national cyber-physical critical infrastructure. Herein, we explore the definition and quantification of an econometric measure of availability, as it applies tomore » SCADA systems; our metric is a specialization of the generic measure of mean failure cost.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Okhravi, Hamed; Sheldon, Frederick T.; Haines, Joshua

Data diodes provide protection of critical cyber assets by the means of physically enforcing traffic direction on the network. In order to deploy data diodes effectively, it is imperative to understand the protection they provide, the protection they do not provide, their limitations, and their place in the larger security infrastructure. In this work, we study data diodes, their functionalities and limitations. We then propose two critical infrastructure systems that can benefit from the additional protection offered by data diodes: process control networks and net-centric cyber decision support systems. We review the security requirements of these systems, describe the architectures,more » and study the trade-offs. Finally, the architectures are evaluated against different attack patterns.« less

High-Tech Security Help.

ERIC Educational Resources Information Center

Flanigan, Robin L.

2000-01-01

Advocates embrace high-tech security measures as necessary to avoid Columbine-style massacres. Critics contend that school systems can go overboard, making students feel less safe and too closely scrutinized. Current electronic, biometric, and computer-mapping devices and school applications are discussed. Vendors are listed. (MLH)

Managing security risks for inter-organisational information systems: a multiagent collaborative model

NASA Astrophysics Data System (ADS)

Feng, Nan; Wu, Harris; Li, Minqiang; Wu, Desheng; Chen, Fuzan; Tian, Jin

2016-09-01

Information sharing across organisations is critical to effectively managing the security risks of inter-organisational information systems. Nevertheless, few previous studies on information systems security have focused on inter-organisational information sharing, and none have studied the sharing of inferred beliefs versus factual observations. In this article, a multiagent collaborative model (MACM) is proposed as a practical solution to assess the risk level of each allied organisation's information system and support proactive security treatment by sharing beliefs on event probabilities as well as factual observations. In MACM, for each allied organisation's information system, we design four types of agents: inspection agent, analysis agent, control agent, and communication agent. By sharing soft findings (beliefs) in addition to hard findings (factual observations) among the organisations, each organisation's analysis agent is capable of dynamically predicting its security risk level using a Bayesian network. A real-world implementation illustrates how our model can be used to manage security risks in distributed information systems and that sharing soft findings leads to lower expected loss from security risks.

Cyber Security and Resilient Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson

2009-07-01

The Department of Energy (DOE) Idaho National Laboratory (INL) has become a center of excellence for critical infrastructure protection, particularly in the field of cyber security. It is one of only a few national laboratories that have enhanced the nation’s cyber security posture by performing industrial control system (ICS) vendor assessments as well as user on-site assessments. Not only are vulnerabilities discovered, but described actions for enhancing security are suggested – both on a system-specific basis and from a general perspective of identifying common weaknesses and their corresponding corrective actions. These cyber security programs have performed over 40 assessments tomore » date which have led to more robust, secure, and resilient monitoring and control systems for the US electrical grid, oil and gas, chemical, transportation, and many other sectors. In addition to cyber assessments themselves, the INL has been engaged in outreach to the ICS community through vendor forums, technical conferences, vendor user groups, and other special engagements as requested. Training programs have been created to help educate all levels of management and worker alike with an emphasis towards real everyday cyber hacking methods and techniques including typical exploits that are used. The asset owner or end user has many products available for its use created from these programs. One outstanding product is the US Department of Homeland Security (DHS) Cyber Security Procurement Language for Control Systems document that provides insight to the user when specifying a new monitoring and control system, particularly concerning security requirements. Employing some of the top cyber researchers in the nation, the INL can leverage this talent towards many applications other than critical infrastructure. Monitoring and control systems are used throughout the world to perform simple tasks such as cooking in a microwave to complex ones such as the monitoring and control of the next generation fighter jets or nuclear material safeguards systems in complex nuclear fuel cycle facilities. It is the intent of this paper to describe the cyber security programs that are currently in place, the experiences and successes achieved in industry including outreach and training, and suggestions about how other sectors and organizations can leverage this national expertise to help their monitoring and control systems become more secure.« less

Neural Network Based Intrusion Detection System for Critical Infrastructures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Todd Vollmer; Ondrej Linda; Milos Manic

2009-07-01

Resiliency and security in control systems such as SCADA and Nuclear plant’s in today’s world of hackers and malware are a relevant concern. Computer systems used within critical infrastructures to control physical functions are not immune to the threat of cyber attacks and may be potentially vulnerable. Tailoring an intrusion detection system to the specifics of critical infrastructures can significantly improve the security of such systems. The IDS-NNM – Intrusion Detection System using Neural Network based Modeling, is presented in this paper. The main contributions of this work are: 1) the use and analyses of real network data (data recordedmore » from an existing critical infrastructure); 2) the development of a specific window based feature extraction technique; 3) the construction of training dataset using randomly generated intrusion vectors; 4) the use of a combination of two neural network learning algorithms – the Error-Back Propagation and Levenberg-Marquardt, for normal behavior modeling. The presented algorithm was evaluated on previously unseen network data. The IDS-NNM algorithm proved to be capable of capturing all intrusion attempts presented in the network communication while not generating any false alerts.« less

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network

PubMed Central

Yang, Bin; Zhang, Jianfeng

2017-01-01

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme. PMID:28657588

Physical Layer Secret-Key Generation Scheme for Transportation Security Sensor Network.

PubMed

Yang, Bin; Zhang, Jianfeng

2017-06-28

Wireless Sensor Networks (WSNs) are widely used in different disciplines, including transportation systems, agriculture field environment monitoring, healthcare systems, and industrial monitoring. The security challenge of the wireless communication link between sensor nodes is critical in WSNs. In this paper, we propose a new physical layer secret-key generation scheme for transportation security sensor network. The scheme is based on the cooperation of all the sensor nodes, thus avoiding the key distribution process, which increases the security of the system. Different passive and active attack models are analyzed in this paper. We also prove that when the cooperative node number is large enough, even when the eavesdropper is equipped with multiple antennas, the secret-key is still secure. Numerical results are performed to show the efficiency of the proposed scheme.

Managing information technology security risk

NASA Technical Reports Server (NTRS)

Gilliam, David

2003-01-01

Information Technology (IT) Security Risk Management is a critical task for the organization to protect against the loss of confidentiality, integrity and availability of IT resources. As systems bgecome more complex and diverse and and attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security risk. This paper describes a two-pronged approach in addressing IT security risk and risk management in the organization: 1) an institutional enterprise appraoch, and 2) a project life cycle approach.

A quantitative risk-based model for reasoning over critical system properties

NASA Technical Reports Server (NTRS)

Feather, M. S.

2002-01-01

This position paper suggests the use of a quantitative risk-based model to help support reeasoning and decision making that spans many of the critical properties such as security, safety, survivability, fault tolerance, and real-time.

Secure Computer System: Unified Exposition and Multics Interpretation

DTIC Science & Technology

1976-03-01

prearranged code to semaphore critical information to an undercleared subject/process. Neither of these topics is directly addressed by the mathematical...FURTHER CONSIDERATIONS. RULES OF OPERATION FOR A SECURE MULTICS Kernel primitives for a secure Multics will be derived from a higher level user...the Multics architecture as little as possible; this will account to a large extent for radical differences in form between actual kernel primitives

Better protecting staff working alone.

PubMed

Swindlehurst, Darren

2016-08-01

Established four and a half years ago as a wholly-owned subsidiary of Dutch-headquartered personal security and critical communications solutions provider, Atus BV, Hereford-based Atus Systems has since established a strong UK-wide client base supplying personal pagers, wireless personal alarm units, and the associated infrastructure, predominantly to high secure mental health facilities, prisons, and detention centres. Recent months, however, mark a new chapter for it, with the launch of a 'unique' lone worker protection system able to identify such personnel's location even when they are indoors and out of range of GPS coverage, and a sophisticated two-way enterprise critical messaging system. As HEJ editor, Jonathan Baillie, discovered from MD, Darren Swindlehurst, the company will target both systems squarely at the NHS and private healthcare providers, as well as at its more 'traditional' customers.

A model of airport security work flow based on petri net

NASA Astrophysics Data System (ADS)

Dong, Xinming

2017-09-01

Extremely long lines at airports in the United States have been sharply criticized. In order to find out the bottleneck in the existing security system and put forward reasonable improvement plans and proposal, the Petri net model and the Markov Chain are introduced in this paper. This paper uses data collected by transportation Security Agency (TSA), assuming the data can represent the average level of all airports in the Unites States, to analysis the performance of security check system. By calculating the busy probabilities and the utilization probabilities, the bottleneck is found. Moreover, recommendation is given based on the parameters’ modification in Petri net model.

46 CFR 62.30-1 - Failsafe.

Code of Federal Regulations, 2011 CFR

2011-10-01

... subsystem, system, or vessel to determine the least critical consequence. (b) All automatic control, remote control, safety control, and alarm systems must be failsafe. ..., DEPARTMENT OF HOMELAND SECURITY (CONTINUED) MARINE ENGINEERING VITAL SYSTEM AUTOMATION Reliability and Safety...

Collaborative Access Control For Critical Infrastructures

NASA Astrophysics Data System (ADS)

Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

Between Technocracy and Democracy: An Experimental Approach to Certification of Food Products by Japanese Consumer Cooperative Women

ERIC Educational Resources Information Center

Kimura, Aya Hirata

2010-01-01

Voluntary food certification systems have emerged as a prominent mechanism of food governance in recent years. However, critics have exposed certifications' inability to secure independence, quality, consumer trust, and costs. Recent criticism is even more pointed in that some theorists have critiqued "alternative" systems such as Fair…

Aviation Security: Slow Progress in Addressing Long-Standing Screener Performance Problems

DTIC Science & Technology

2000-03-16

aviation security , in particular airport screeners. Securing an air transportation system the size of this nation’s-with hundreds of airports, thousands of aircraft, and tens of thousands of flights daily carrying millions of passengers and pieces of baggage-is a difficult task. Events over the past decade have shown that the threat of terrorism against the United States is an ever-present danger. Aviation is an attractive target for terrorists, and because the air transportation system is critical to the nation’s well-being, protecting it is an important

Increasing the resilience and security of the United States' power infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

2015-08-01

The United States' power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power infrastructure control and distribution paradigms by utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Understanding how these systems behave in real-worldmore » conditions will lead to new ways to make our power infrastructure more resilient and secure. Demonstrating security in embedded systems is another research area PNNL is tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the aging networks protecting them are becoming easier to attack.« less

Anomaly-based intrusion detection for SCADA systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yang, D.; Usynin, A.; Hines, J. W.

2006-07-01

Most critical infrastructure such as chemical processing plants, electrical generation and distribution networks, and gas distribution is monitored and controlled by Supervisory Control and Data Acquisition Systems (SCADA. These systems have been the focus of increased security and there are concerns that they could be the target of international terrorists. With the constantly growing number of internet related computer attacks, there is evidence that our critical infrastructure may also be vulnerable. Researchers estimate that malicious online actions may cause $75 billion at 2007. One of the interesting countermeasures for enhancing information system security is called intrusion detection. This paper willmore » briefly discuss the history of research in intrusion detection techniques and introduce the two basic detection approaches: signature detection and anomaly detection. Finally, it presents the application of techniques developed for monitoring critical process systems, such as nuclear power plants, to anomaly intrusion detection. The method uses an auto-associative kernel regression (AAKR) model coupled with the statistical probability ratio test (SPRT) and applied to a simulated SCADA system. The results show that these methods can be generally used to detect a variety of common attacks. (authors)« less

A Security Audit Framework to Manage Information System Security

NASA Astrophysics Data System (ADS)

Pereira, Teresa; Santos, Henrique

The widespread adoption of information and communication technology have promoted an increase dependency of organizations in the performance of their Information Systems. As a result, adequate security procedures to properly manage information security must be established by the organizations, in order to protect their valued or critical resources from accidental or intentional attacks, and ensure their normal activity. A conceptual security framework to manage and audit Information System Security is proposed and discussed. The proposed framework intends to assist organizations firstly to understand what they precisely need to protect assets and what are their weaknesses (vulnerabilities), enabling to perform an adequate security management. Secondly, enabling a security audit framework to support the organization to assess the efficiency of the controls and policy adopted to prevent or mitigate attacks, threats and vulnerabilities, promoted by the advances of new technologies and new Internet-enabled services, that the organizations are subject of. The presented framework is based on a conceptual model approach, which contains the semantic description of the concepts defined in information security domain, based on the ISO/IEC_JCT1 standards.

Strengthening National, Homeland, and Economic Security. Networking and Information Technology Research and Development Supplement to the President’s FY 2003 Budget

DTIC Science & Technology

2002-07-01

Knowledge From Data .................................................. 25 HIGH-CONFIDENCE SOFTWARE AND SYSTEMS Reliability, Security, and Safety for...NOAA’s Cessna Citation flew over the 16-acre World Trade Center site, scanning with an Optech ALSM unit. The system recorded data points from 33,000...provide the data storage and compute power for intelligence analysis, high-performance national defense systems , and critical scientific research • Large

SPI/U3.2. Security Profile Inspector for UNIX Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, A.

1994-08-01

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Complex Failure Forewarning System - DHS Conference Proceedings

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Hively, Lee M; Prowell, Stacy J

2011-01-01

As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from disruption or failure of these networks has also increased. Securing the nation s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. A failure is inclusive of random events, design flaws, and instabilities caused by cyber (and/or physical) attack. One such domain, aging bridges, is used to explain the Complex Structure Failure Forewarning System. We discuss the workings ofmore » such a system in the context of the necessary sensors, command and control and data collection as well as the cyber security efforts that would support this system. Their application and the implications of this computing architecture are also discussed, with respect to our nation s aging infrastructure.« less

Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

NASA Technical Reports Server (NTRS)

Gunawan, Ryan A.

2016-01-01

With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

Cyber Vulnerabilities Within Critical Infrastructure: The Flaws of Industrial Control Systems in the Oil and Gas Industry

NASA Astrophysics Data System (ADS)

Alpi, Danielle Marie

The 16 sectors of critical infrastructure in the US are susceptible to cyber-attacks. Potential attacks come from internal and external threats. These attacks target the industrial control systems (ICS) of companies within critical infrastructure. Weakness in the energy sector's ICS, specifically the oil and gas industry, can result in economic and ecological disaster. The purpose of this study was to establish means for oil companies to identify and stop cyber-attacks specifically APT threats. This research reviewed current cyber vulnerabilities and ways in which a cyber-attack may be deterred. This research found that there are insecure devices within ICS that are not regularly updated. Therefore, security issues have amassed. Safety procedures and training thereof are often neglected. Jurisdiction is unclear in regard to critical infrastructure. The recommendations this research offers are further examination of information sharing methods, development of analytic platforms, and better methods for the implementation of defense-in-depth security measures.

Green Secure Processors: Towards Power-Efficient Secure Processor Design

NASA Astrophysics Data System (ADS)

Chhabra, Siddhartha; Solihin, Yan

With the increasing wealth of digital information stored on computer systems today, security issues have become increasingly important. In addition to attacks targeting the software stack of a system, hardware attacks have become equally likely. Researchers have proposed Secure Processor Architectures which utilize hardware mechanisms for memory encryption and integrity verification to protect the confidentiality and integrity of data and computation, even from sophisticated hardware attacks. While there have been many works addressing performance and other system level issues in secure processor design, power issues have largely been ignored. In this paper, we first analyze the sources of power (energy) increase in different secure processor architectures. We then present a power analysis of various secure processor architectures in terms of their increase in power consumption over a base system with no protection and then provide recommendations for designs that offer the best balance between performance and power without compromising security. We extend our study to the embedded domain as well. We also outline the design of a novel hybrid cryptographic engine that can be used to minimize the power consumption for a secure processor. We believe that if secure processors are to be adopted in future systems (general purpose or embedded), it is critically important that power issues are considered in addition to performance and other system level issues. To the best of our knowledge, this is the first work to examine the power implications of providing hardware mechanisms for security.

The Causes of Poverty: Thinking Critically about a Key Economic Issue

ERIC Educational Resources Information Center

Otlin, Josh

2008-01-01

Economics is a central part of civic education. Students need to know about the Constitution and the party system, but active citizenship in the twenty-first century requires much more than the standard civics courses offer. Economic issues dominate public policy debates ranging from Social Security to immigration to international security. If…

NASA Blue Team: Determining Operational Security Posture of Critical Systems and Networks

NASA Technical Reports Server (NTRS)

Alley, Adam David

2016-01-01

Emergence of Cybersecurity has increased the focus on security risks to Information Technology (IT) assets going beyond traditional Information Assurance (IA) concerns: More sophisticated threats have emerged from increasing sources as advanced hacker tools and techniques have emerged and proliferated to broaden the attack surface available across globally interconnected networks.

75 FR 65618 - Commission Information Collection Activities (FERC-725B); Comment Request; Extension

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-26

... requirements to safeguard critical cyber assets.\\4\\ These standards help protect the nation's Bulk-Power System against potential disruptions from cyber attacks.\\5\\ \\3\\ CIP-002-1, CIP-003-1, CIP-004-1, CIP-005-1, CIP... Cyber Asset Identification. Security Management Controls. Personnel and Training. Electronic Security...

The governance dimensions of water security: a review.

PubMed

Bakker, Karen; Morinville, Cynthia

2013-11-13

Water governance is critical to water security, and to the long-term sustainability of the Earth's freshwater systems. This review examines recent debates regarding the governance dimensions of water security, including adaptive governance, polycentric governance, social learning and multi-level governance. The analysis emphasizes the political and institutional dimensions of water governance, and explores the relevance of social power-an overlooked yet important aspect of the water security debate. In addition, the review explores the intersection and potential synergies between water governance perspectives and risk-based approaches to water security, and offers critiques and suggestions for further research questions and agendas.

Cyber Safety and Security for Reduced Crew Operations (RCO)

NASA Technical Reports Server (NTRS)

Driscoll, Kevin R.; Roy, Aloke; Ponchak, Denise S.; Downey, Alan N.

2017-01-01

NASA and the Aviation Industry is looking into reduced crew operations (RCO) that would cut today's required two-person flight crews down to a single pilot with support from ground-based crews. Shared responsibility across air and ground personnel will require highly reliable and secure data communication and supporting automation, which will be safety-critical for passenger and cargo aircraft. This paper looks at the different types and degrees of authority delegation given from the air to the ground and the ramifications of each, including the safety and security hazards introduced, the mitigation mechanisms for these hazards, and other demands on an RCO system architecture which would be highly invasive into (almost) all safety-critical avionics. The adjacent fields of unmanned aerial systems and autonomous ground vehicles are viewed to find problems that RCO may face and related aviation accident scenarios are described. The paper explores possible data communication architectures to meet stringent performance and information security (INFOSEC) requirements of RCO. Subsequently, potential challenges for RCO data communication authentication, encryption and non-repudiation are identified.

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

78 FR 6807 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-31

... Cyber Security Trade Mission to Saudi Arabia and Kuwait, September 28-October 1, 2013 AGENCY... coordinating and sponsoring an executive-led Critical Infrastructure Protection and Cyber Security mission to... on the cyber security, critical infrastructure protection, and emergency management, ports of entry...

Critical Infrastructure Interdependencies Assessment

DOE PAGES

Petit, Frederic; Verner, Duane

2016-11-01

Throughout the world there is strong recognition that critical infrastructure security and resilience needs to be improved. In the United States, the National Infrastructure Protection Plan (NIPP) provides the strategic vision to guide the national effort to manage risk to the Nation’s critical infrastructure.”1 The achievement of this vision is challenged by the complexity of critical infrastructure systems and their inherent interdependencies. The update to the NIPP presents an opportunity to advance the nation’s efforts to further understand and analyze interdependencies. Such an important undertaking requires the involvement of public and private sector stakeholders and the reinforcement of existing partnershipsmore » and collaborations within the U.S. Department of Homeland Security (DHS) and other Federal agencies, including national laboratories; State, local, tribal, and territorial governments; and nongovernmental organizations.« less

Cyber Safety and Security for Reduced Crew Operations (RCO)

NASA Technical Reports Server (NTRS)

Driscoll, Kevin

2017-01-01

NASA and the Aviation Industry is looking into reduced crew operations (RCO) that would cut today's required two-person flight crews down to a single pilot with support from ground-based crews. Shared responsibility across air and ground personnel will require highly reliable and secure data communication and supporting automation, which will be safety-critical for passenger and cargo aircraft. This paper looks at the different types and degrees of authority delegation given from the air to the ground and the ramifications of each, including the safety and security hazards introduced, the mitigation mechanisms for these hazards, and other demands on an RCO system architecture which would be highly invasive into (almost) all safety-critical avionics. The adjacent fields of unmanned aerial systems and autonomous ground vehicles are viewed to find problems that RCO may face and related aviation accident scenarios are described. The paper explores possible data communication architectures to meet stringent performance and information security (INFOSEC) requirements of RCO. Subsequently, potential challenges for RCO data communication authentication, encryption and non-repudiation are identified. The approach includes a comprehensive safety-hazard analysis of the RCO system to determine top level INFOSEC requirements for RCO and proposes an option for effective RCO implementation. This paper concludes with questioning the economic viability of RCO in light of the expense of overcoming the operational safety and security hazards it would introduce.

Implementation of a Wireless Time Distribution Testbed Protected with Quantum Key Distribution

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bonior, Jason D; Evans, Philip G; Sheets, Gregory S

2017-01-01

Secure time transfer is critical for many timesensitive applications. the Global Positioning System (GPS) which is often used for this purpose has been shown to be susceptible to spoofing attacks. Quantum Key Distribution offers a way to securely generate encryption keys at two locations. Through careful use of this information it is possible to create a system that is more resistant to spoofing attacks. In this paper we describe our work to create a testbed which utilizes QKD and traditional RF links. This testbed will be used for the development of more secure and spoofing resistant time distribution protocols.

Digital watermarking in telemedicine applications--towards enhanced data security and accessibility.

PubMed

Giakoumaki, Aggeliki L; Perakis, Konstantinos; Tagaris, Anastassios; Koutsouris, Dimitris

2006-01-01

Implementing telemedical solutions has become a trend amongst the various research teams at an international level. Yet, contemporary information access and distribution technologies raise critical issues that urgently need to be addressed, especially those related to security. The paper suggests the use of watermarking in telemedical applications in order to enhance security of the transmitted sensitive medical data, familiarizes the users with a telemedical system and a watermarking module that have already been developed, and proposes an architecture that will enable the integration of the two systems, taking into account a variety of use cases and application scenarios.

Wide Area Security Region Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Makarov, Yuri V.; Lu, Shuai; Guo, Xinxin

2010-03-31

This report develops innovative and efficient methodologies and practical procedures to determine the wide-area security region of a power system, which take into consideration all types of system constraints including thermal, voltage, voltage stability, transient and potentially oscillatory stability limits in the system. The approach expands the idea of transmission system nomograms to a multidimensional case, involving multiple system limits and parameters such as transmission path constraints, zonal generation or load, etc., considered concurrently. The security region boundary is represented using its piecewise approximation with the help of linear inequalities (so called hyperplanes) in a multi-dimensional space, consisting of systemmore » parameters that are critical for security analyses. The goal of this approximation is to find a minimum set of hyperplanes that describe the boundary with a given accuracy. Methodologies are also developed to use the security hyperplanes, pre-calculated offline, to determine system security margins in real-time system operations, to identify weak elements in the system, and to calculate key contributing factors and sensitivities to determine the best system controls in real time and to assist in developing remedial actions and transmission system enhancements offline . A prototype program that automates the simulation procedures used to build the set of security hyperplanes has also been developed. The program makes it convenient to update the set of security hyperplanes necessitated by changes in system configurations. A prototype operational tool that uses the security hyperplanes to assess security margins and to calculate optimal control directions in real time has been built to demonstrate the project success. Numerical simulations have been conducted using the full-size Western Electricity Coordinating Council (WECC) system model, and they clearly demonstrated the feasibility and the effectiveness of the developed technology. Recommendations for the future work have also been formulated.« less

Optimisation of Critical Infrastructure Protection: The SiVe Project on Airport Security

NASA Astrophysics Data System (ADS)

Breiing, Marcus; Cole, Mara; D'Avanzo, John; Geiger, Gebhard; Goldner, Sascha; Kuhlmann, Andreas; Lorenz, Claudia; Papproth, Alf; Petzel, Erhard; Schwetje, Oliver

This paper outlines the scientific goals, ongoing work and first results of the SiVe research project on critical infrastructure security. The methodology is generic while pilot studies are chosen from airport security. The outline proceeds in three major steps, (1) building a threat scenario, (2) development of simulation models as scenario refinements, and (3) assessment of alternatives. Advanced techniques of systems analysis and simulation are employed to model relevant airport structures and processes as well as offences. Computer experiments are carried out to compare and optimise alternative solutions. The optimality analyses draw on approaches to quantitative risk assessment recently developed in the operational sciences. To exploit the advantages of the various techniques, an integrated simulation workbench is build up in the project.

GPS disruptions : efforts to assess risks to critical infrastructure and coordinate agency actions should be enhanced.

DOT National Transportation Integrated Search

2013-11-01

To assess the risks and potential effects from disruptions in the Global : Positioning System (GPS) on critical infrastructure, the Department of Homeland : Security (DHS) published the GPS National Risk Estimate (NRE) in 2012. In : doing so, DHS con...

DOE Office of Scientific and Technical Information (OSTI.GOV)

Happenny, Sean F.

The United States’ power infrastructure is aging, underfunded, and vulnerable to cyber attack. Emerging smart grid technologies may take some of the burden off of existing systems and make the grid as a whole more efficient, reliable, and secure. The Pacific Northwest National Laboratory (PNNL) is funding research into several aspects of smart grid technology and grid security, creating a software simulation tool that will allow researchers to test power distribution networks utilizing different smart grid technologies to determine how the grid and these technologies react under different circumstances. Demonstrating security in embedded systems is another research area PNNL ismore » tackling. Many of the systems controlling the U.S. critical infrastructure, such as the power grid, lack integrated security and the networks protecting them are becoming easier to breach. Providing a virtual power substation network to each student team at the National Collegiate Cyber Defense Competition, thereby supporting the education of future cyber security professionals, is another way PNNL is helping to strengthen the security of the nation’s power infrastructure.« less

Shared Electronic Health Record Systems: Key Legal and Security Challenges.

PubMed

Christiansen, Ellen K; Skipenes, Eva; Hausken, Marie F; Skeie, Svein; Østbye, Truls; Iversen, Marjolein M

2017-11-01

Use of shared electronic health records opens a whole range of new possibilities for flexible and fruitful cooperation among health personnel in different health institutions, to the benefit of the patients. There are, however, unsolved legal and security challenges. The overall aim of this article is to highlight legal and security challenges that should be considered before using shared electronic cooperation platforms and health record systems to avoid legal and security "surprises" subsequent to the implementation. Practical lessons learned from the use of a web-based ulcer record system involving patients, community nurses, GPs, and hospital nurses and doctors in specialist health care are used to illustrate challenges we faced. Discussion of possible legal and security challenges is critical for successful implementation of shared electronic collaboration systems. Key challenges include (1) allocation of responsibility, (2) documentation routines, (3) and integrated or federated access control. We discuss and suggest how challenges of legal and security aspects can be handled. This discussion may be useful for both current and future users, as well as policy makers.

A cooperative model for IS security risk management in distributed environment.

PubMed

Feng, Nan; Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively.

TCIA Secure Cyber Critical Infrastructure Modernization.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Keliiaa, Curtis M.

The Sandia National Laboratories (Sandia Labs) tribal cyber infrastructure assurance initiative was developed in response to growing national cybersecurity concerns in the the sixteen Department of Homeland Security (DHS) defined critical infrastructure sectors1. Technical assistance is provided for the secure modernization of critical infrastructure and key resources from a cyber-ecosystem perspective with an emphasis on enhanced security, resilience, and protection. Our purpose is to address national critical infrastructure challenges as a shared responsibility.

An Encryption Scheme for Communication Internet SCADA Components

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network. SCADA is considered a critical infrastructure, and connecting to the internet is putting the society on jeopardy, some operators hold back on connecting it to the internet. But since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Supervisory Control and Data Acquisition Systems (SCADA) through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

Using software security analysis to verify the secure socket layer (SSL) protocol

NASA Technical Reports Server (NTRS)

Powell, John D.

2004-01-01

nal Aeronautics and Space Administration (NASA) have tens of thousands of networked computer systems and applications. Software Security vulnerabilities present risks such as lost or corrupted data, information the3, and unavailability of critical systems. These risks represent potentially enormous costs to NASA. The NASA Code Q research initiative 'Reducing Software Security Risk (RSSR) Trough an Integrated Approach '' offers, among its capabilities, formal verification of software security properties, through the use of model based verification (MBV) to address software security risks. [1,2,3,4,5,6] MBV is a formal approach to software assurance that combines analysis of software, via abstract models, with technology, such as model checkers, that provide automation of the mechanical portions of the analysis process. This paper will discuss: The need for formal analysis to assure software systems with respect to software and why testing alone cannot provide it. The means by which MBV with a Flexible Modeling Framework (FMF) accomplishes the necessary analysis task. An example of FMF style MBV in the verification of properties over the Secure Socket Layer (SSL) communication protocol as a demonstration.

Science of Security Lablet - Scalability and Usability

DTIC Science & Technology

2014-12-16

mobile computing [19]. However, the high-level infrastructure design and our own implementation (both described throughout this paper) can easily...critical and infrastructural systems demands high levels of sophistication in the technical aspects of cybersecurity, software and hardware design...Forget, S. Komanduri, Alessandro Acquisti, Nicolas Christin, Lorrie Cranor, Rahul Telang. "Security Behavior Observatory: Infrastructure for Long-term

The development of control and monitoring system on marine current renewable energy Case study: strait of Toyapakeh - Nusa Penida, Bali

NASA Astrophysics Data System (ADS)

Arief, I. S.; Suherman, I. H.; Wardani, A. Y.; Baidowi, A.

2017-05-01

Control and monitoring system is a continuous process of securing the asset in the Marine Current Renewable Energy. A control and monitoring system is existed each critical components which is embedded in Failure Mode Effect Analysis (FMEA) method. As the result, the process in this paper developed through a matrix sensor. The matrix correlated to critical components and monitoring system which supported by sensors to conduct decision-making.

Consistency Analysis and Data Consultation of Gas System of Gas-Electricity Network of Latvia

NASA Astrophysics Data System (ADS)

Zemite, L.; Kutjuns, A.; Bode, I.; Kunickis, M.; Zeltins, N.

2018-02-01

In the present research, the main critical points of gas transmission and storage system of Latvia have been determined to ensure secure and reliable gas supply among the Baltic States to fulfil the core objectives of the EU energy policies. Technical data of critical points of the gas transmission and storage system of Latvia have been collected and analysed with the SWOT method and solutions have been provided to increase the reliability of the regional natural gas system.

Three tenets for secure cyber-physical system design and assessment

NASA Astrophysics Data System (ADS)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Beaver, Justin M; Borges, Raymond Charles; Buckner, Mark A

Critical infrastructure Supervisory Control and Data Acquisition (SCADA) systems were designed to operate on closed, proprietary networks where a malicious insider posed the greatest threat potential. The centralization of control and the movement towards open systems and standards has improved the efficiency of industrial control, but has also exposed legacy SCADA systems to security threats that they were not designed to mitigate. This work explores the viability of machine learning methods in detecting the new threat scenarios of command and data injection. Similar to network intrusion detection systems in the cyber security domain, the command and control communications in amore » critical infrastructure setting are monitored, and vetted against examples of benign and malicious command traffic, in order to identify potential attack events. Multiple learning methods are evaluated using a dataset of Remote Terminal Unit communications, which included both normal operations and instances of command and data injection attack scenarios.« less

Developing measurement indices to enhance protection and resilience of critical infrastructure and key resources.

PubMed

Fisher, Ronald E; Norman, Michael

2010-07-01

The US Department of Homeland Security (DHS) is developing indices to better assist in the risk management of critical infrastructures. The first of these indices is the Protective Measures Index - a quantitative index that measures overall protection across component categories: physical security, security management, security force, information sharing, protective measures and dependencies. The Protective Measures Index, which can also be recalculated as the Vulnerability Index, is a way to compare differing protective measures (eg fence versus security training). The second of these indices is the Resilience Index, which assesses a site's resilience and consists of three primary components: robustness, resourcefulness and recovery. The third index is the Criticality Index, which assesses the importance of a facility. The Criticality Index includes economic, human, governance and mass evacuation impacts. The Protective Measures Index, Resilience Index and Criticality Index are being developed as part of the Enhanced Critical Infrastructure Protection initiative that DHS protective security advisers implement across the nation at critical facilities. This paper describes two core themes: determination of the vulnerability, resilience and criticality of a facility and comparison of the indices at different facilities.

Choice of optical system is critical for the security of double random phase encryption systems

NASA Astrophysics Data System (ADS)

Muniraj, Inbarasan; Guo, Changliang; Malallah, Ra'ed; Cassidy, Derek; Zhao, Liang; Ryle, James P.; Healy, John J.; Sheridan, John T.

2017-06-01

The linear canonical transform (LCT) is used in modeling a coherent light-field propagation through first-order optical systems. Recently, a generic optical system, known as the quadratic phase encoding system (QPES), for encrypting a two-dimensional image has been reported. In such systems, two random phase keys and the individual LCT parameters (α,β,γ) serve as secret keys of the cryptosystem. It is important that such encryption systems also satisfy some dynamic security properties. We, therefore, examine such systems using two cryptographic evaluation methods, the avalanche effect and bit independence criterion, which indicate the degree of security of the cryptographic algorithms using QPES. We compared our simulation results with the conventional Fourier and the Fresnel transform-based double random phase encryption (DRPE) systems. The results show that the LCT-based DRPE has an excellent avalanche and bit independence characteristics compared to the conventional Fourier and Fresnel-based encryption systems.

Intelligent cloud computing security using genetic algorithm as a computational tools

NASA Astrophysics Data System (ADS)

Razuky AL-Shaikhly, Mazin H.

2018-05-01

An essential change had occurred in the field of Information Technology which represented with cloud computing, cloud giving virtual assets by means of web yet awesome difficulties in the field of information security and security assurance. Currently main problem with cloud computing is how to improve privacy and security for cloud “cloud is critical security”. This paper attempts to solve cloud security by using intelligent system with genetic algorithm as wall to provide cloud data secure, all services provided by cloud must detect who receive and register it to create list of users (trusted or un-trusted) depend on behavior. The execution of present proposal has shown great outcome.

Secure Naming and Addressing Operations for Store, Carry and Forward Networks

NASA Technical Reports Server (NTRS)

Eddy, Wesley M.; Ivancic, William D.; Iannicca, Dennis C.; Ishac, Joseph; Hylton, Alan G.

2014-01-01

This paper describes concepts for secure naming and addressing directed at Store, Carry and Forward (SCF) distributed applications, where disconnection and intermittent connectivity between forwarding systems is the norm. The paper provides a brief overview of store, carry and forward distributed applications followed by an in depth discussion of how to securely: create a namespace; allocate names within the namespace; query for names known within a local processing system or connected subnetwork; validate ownership of a given name; authenticate data from a given name; and, encrypt data to a given name. Critical issues such as revocation of names, mobility and the ability to use various namespaces to secure operations or for Quality-of-Service are also presented. Although the concepts presented for naming and addressing have been developed for SCF, they are directly applicable to fully connected systems.

HPC Annual Report: Emulytics.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crussell, Jonathan; Boote, Jeffrey W.; Fritz, David Jakob

Networked Information Technology systems play a key role supporting critical government, military, and private computer installations. Many of today's critical infrastructure systems have strong dependencies on secure information exchange among geographically dispersed facilities. As operations become increasingly dependent on the information exchange they also become targets for exploitation. The need to protect data and defend these systems from external attack has become increasingly vital while the nature of the threats has become sophisticated and pervasive making the challenges daunting. Enter Emulytics.

Cryptanalysis and Enhancement of Anonymity Preserving Remote User Mutual Authentication and Session Key Agreement Scheme for E-Health Care Systems.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Li, Xiong

2015-11-01

The E-health care systems employ IT infrastructure for maximizing health care resources utilization as well as providing flexible opportunities to the remote patient. Therefore, transmission of medical data over any public networks is necessary in health care system. Note that patient authentication including secure data transmission in e-health care system is critical issue. Although several user authentication schemes for accessing remote services are available, their security analysis show that none of them are free from relevant security attacks. We reviewed Das et al.'s scheme and demonstrated their scheme lacks proper protection against several security attacks such as user anonymity, off-line password guessing attack, smart card theft attack, user impersonation attack, server impersonation attack, session key discloser attack. In order to overcome the mentioned security pitfalls, this paper proposes an anonymity preserving remote patient authentication scheme usable in E-health care systems. We then validated the security of the proposed scheme using BAN logic that ensures secure mutual authentication and session key agreement. We also presented the experimental results of the proposed scheme using AVISPA software and the results ensure that our scheme is secure under OFMC and CL-AtSe models. Moreover, resilience of relevant security attacks has been proved through both formal and informal security analysis. The performance analysis and comparison with other schemes are also made, and it has been found that the proposed scheme overcomes the security drawbacks of the Das et al.'s scheme and additionally achieves extra security requirements.

Integrity and security in an Ada runtime environment

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

A review is provided of the Formal Methods group discussions. It was stated that integrity is not a pure mathematical dual of security. The input data is part of the integrity domain. The group provided a roadmap for research. One item of the roadmap and the final position statement are closely related to the space shuttle and space station. The group's position is to use a safe subset of Ada. Examples of safe sets include the Army Secure Operating System and the Penelope Ada verification tool. It is recommended that a conservative attitude is required when writing Ada code for life and property critical systems.

A Cooperative Model for IS Security Risk Management in Distributed Environment

PubMed Central

Zheng, Chundong

2014-01-01

Given the increasing cooperation between organizations, the flexible exchange of security information across the allied organizations is critical to effectively manage information systems (IS) security in a distributed environment. In this paper, we develop a cooperative model for IS security risk management in a distributed environment. In the proposed model, the exchange of security information among the interconnected IS under distributed environment is supported by Bayesian networks (BNs). In addition, for an organization's IS, a BN is utilized to represent its security environment and dynamically predict its security risk level, by which the security manager can select an optimal action to safeguard the firm's information resources. The actual case studied illustrates the cooperative model presented in this paper and how it can be exploited to manage the distributed IS security risk effectively. PMID:24563626

Security Engineering and Educational Initiatives for Critical Information Infrastructures

DTIC Science & Technology

2013-06-01

standard for cryptographic protection of SCADA communications. The United Kingdom’s National Infrastructure Security Co-ordination Centre (NISCC...has released a good practice guide on firewall deployment for SCADA systems and process control networks [17]. Meanwhile, National Institute for ...report. APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED 18 The SCADA gateway collects the data gathered by sensors, translates them from

Multisensor system for the protection of critical infrastructure of a seaport

NASA Astrophysics Data System (ADS)

Kastek, Mariusz; Dulski, Rafał; Zyczkowski, Marek; Szustakowski, Mieczysław; Trzaskawka, Piotr; Ciurapinski, Wiesław; Grelowska, Grazyna; Gloza, Ignacy; Milewski, Stanislaw; Listewnik, Karol

2012-06-01

There are many separated infrastructural objects within a harbor area that may be considered "critical", such as gas and oil terminals or anchored naval vessels. Those objects require special protection, including security systems capable of monitoring both surface and underwater areas, because an intrusion into the protected area may be attempted using small surface vehicles (boats, kayaks, rafts, floating devices with weapons and explosives) as well as underwater ones (manned or unmanned submarines, scuba divers). The paper will present the concept of multisensor security system for a harbor protection, capable of complex monitoring of selected critical objects within the protected area. The proposed system consists of a command centre and several different sensors deployed in key areas, providing effective protection from land and sea, with special attention focused on the monitoring of underwater zone. The initial project of such systems will be presented, its configuration and initial tests of the selected components. The protection of surface area is based on medium-range radar and LLTV and infrared cameras. Underwater zone will be monitored by a sonar and acoustic and magnetic barriers, connected into an integrated monitoring system. Theoretical analyses concerning the detection of fast, small surface objects (such as RIB boats) by a camera system and real test results in various weather conditions will also be presented.

Continuous Security and Configuration Monitoring of HPC Clusters

DOE Office of Scientific and Technical Information (OSTI.GOV)

Garcia-Lomeli, H. D.; Bertsch, A. D.; Fox, D. M.

Continuous security and configuration monitoring of information systems has been a time consuming and laborious task for system administrators at the High Performance Computing (HPC) center. Prior to this project, system administrators had to manually check the settings of thousands of nodes, which required a significant number of hours rendering the old process ineffective and inefficient. This paper explains the application of Splunk Enterprise, a software agent, and a reporting tool in the development of a user application interface to track and report on critical system updates and security compliance status of HPC Clusters. In conjunction with other configuration managementmore » systems, the reporting tool is to provide continuous situational awareness to system administrators of the compliance state of information systems. Our approach consisted of the development, testing, and deployment of an agent to collect any arbitrary information across a massively distributed computing center, and organize that information into a human-readable format. Using Splunk Enterprise, this raw data was then gathered into a central repository and indexed for search, analysis, and correlation. Following acquisition and accumulation, the reporting tool generated and presented actionable information by filtering the data according to command line parameters passed at run time. Preliminary data showed results for over six thousand nodes. Further research and expansion of this tool could lead to the development of a series of agents to gather and report critical system parameters. However, in order to make use of the flexibility and resourcefulness of the reporting tool the agent must conform to specifications set forth in this paper. This project has simplified the way system administrators gather, analyze, and report on the configuration and security state of HPC clusters, maintaining ongoing situational awareness. Rather than querying each cluster independently, compliance checking can be managed from one central location.« less

Secure scalable disaster electronic medical record and tracking system.

PubMed

Demers, Gerard; Kahn, Christopher; Johansson, Per; Buono, Colleen; Chipara, Octav; Griswold, William; Chan, Theodore

2013-10-01

Electronic medical records (EMRs) are considered superior in documentation of care for medical practice. Current disaster medical response involves paper tracking systems and radio communication for mass-casualty incidents (MCIs). These systems are prone to errors, may be compromised by local conditions, and are labor intensive. Communication infrastructure may be impacted, overwhelmed by call volume, or destroyed by the disaster, making self-contained and secure EMR response a critical capability. Report As the prehospital disaster EMR allows for more robust content including protected health information (PHI), security measures must be instituted to safeguard these data. The Wireless Internet Information System for medicAl Response in Disasters (WIISARD) Research Group developed a handheld, linked, wireless EMR system utilizing current technology platforms. Smart phones connected to radio frequency identification (RFID) readers may be utilized to efficiently track casualties resulting from the incident. Medical information may be transmitted on an encrypted network to fellow prehospital team members, medical dispatch, and receiving medical centers. This system has been field tested in a number of exercises with excellent results, and future iterations will incorporate robust security measures. A secure prehospital triage EMR improves documentation quality during disaster drills.

Restricted Authentication and Encryption for Cyber-physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kirkpatrick, Michael S; Bertino, Elisa; Sheldon, Frederick T

2009-01-01

Cyber-physical systems (CPS) are characterized by the close linkage of computational resources and physical devices. These systems can be deployed in a number of critical infrastructure settings. As a result, the security requirements of CPS are different than traditional computing architectures. For example, critical functions must be identified and isolated from interference by other functions. Similarly, lightweight schemes may be required, as CPS can include devices with limited computing power. One approach that offers promise for CPS security is the use of lightweight, hardware-based authentication. Specifically, we consider the use of Physically Unclonable Functions (PUFs) to bind an access requestmore » to specific hardware with device-specific keys. PUFs are implemented in hardware, such as SRAM, and can be used to uniquely identify the device. This technology could be used in CPS to ensure location-based access control and encryption, both of which would be desirable for CPS implementations.« less

Risk assessment for physical and cyber attacks on critical infrastructures.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Bryan J.; Sholander, Peter E.; Phelan, James M.

2005-08-01

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). This paper presents a risk assessment methodology that accounts for both physical and cyber security. It also preserves the traditional security paradigm of detect, delay and respond, while accounting for the possibility that a facility may be able to recover from or mitigate the results ofmore » a successful attack before serious consequences occur. The methodology provides a means for ranking those assets most at risk from malevolent attacks. Because the methodology is automated the analyst can also play 'what if with mitigation measures to gain a better understanding of how to best expend resources towards securing the facilities. It is simple enough to be applied to large infrastructure facilities without developing highly complicated models. Finally, it is applicable to facilities with extensive security as well as those that are less well-protected.« less

Critical (of) Issues in Real-Time Systems.

DTIC Science & Technology

1988-05-03

IACCESON 11 T IT LE (Include Security Classification) Cr it ic, (of) issues in real .- time systems A Position Paper 12 PERPSONAL AU THOR(S) Fr ed B...are obsolete %0%’ 4.’.C %" Critical (of) issues in real - time systems ’ • "A Position Paper Acc, son For NTIS R& DTrC TAB May 3, 1988 Uyjannotuce~d...m . 2C:. r Ithaca, New York 14853 Dist 1 -.1 g- It is time to place the development of real - time systems on a firm scientific basis. Unlike other

Testbeds for Assessing Critical Scenarios in Power Control Systems

NASA Astrophysics Data System (ADS)

Dondossola, Giovanna; Deconinck, Geert; Garrone, Fabrizio; Beitollahi, Hakem

The paper presents a set of control system scenarios implemented in two testbeds developed in the context of the European Project CRUTIAL - CRitical UTility InfrastructurAL Resilience. The selected scenarios refer to power control systems encompassing information and communication security of SCADA systems for grid teleoperation, impact of attacks on inter-operator communications in power emergency conditions, impact of intentional faults on the secondary and tertiary control in power grids with distributed generators. Two testbeds have been developed for assessing the effect of the attacks and prototyping resilient architectures.

A malicious pattern detection engine for embedded security systems in the Internet of Things.

PubMed

Oh, Doohwan; Kim, Deokho; Ro, Won Woo

2014-12-16

With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns.

78 FR 73995 - Special Conditions: Cessna Model 680 Series Airplanes; Aircraft Electronic System Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-10

... critical systems and data networks. The network architecture is composed of several connected networks including the following: 1. Flight-Safety related control and navigation systems, 2. Operator business and... the individual sending the comment (or signing the comment for an association, business, labor union...

Homeland Security Presidential Directives

EPA Pesticide Factsheets

Three of these directives directly affect EPA's role in the national emergency response system: HSPD-5 Management of Domestic Incidents; HSPD-7 Critical Infrastructure Identification, Prioritization, and Protection; and HSPD-8 National Preparedness.

Designing and Operating Through Compromise: Architectural Analysis of CKMS for the Advanced Metering Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duren, Mike; Aldridge, Hal; Abercrombie, Robert K

2013-01-01

Compromises attributable to the Advanced Persistent Threat (APT) highlight the necessity for constant vigilance. The APT provides a new perspective on security metrics (e.g., statistics based cyber security) and quantitative risk assessments. We consider design principals and models/tools that provide high assurance for energy delivery systems (EDS) operations regardless of the state of compromise. Cryptographic keys must be securely exchanged, then held and protected on either end of a communications link. This is challenging for a utility with numerous substations that must secure the intelligent electronic devices (IEDs) that may comprise complex control system of systems. For example, distribution andmore » management of keys among the millions of intelligent meters within the Advanced Metering Infrastructure (AMI) is being implemented as part of the National Smart Grid initiative. Without a means for a secure cryptographic key management system (CKMS) no cryptographic solution can be widely deployed to protect the EDS infrastructure from cyber-attack. We consider 1) how security modeling is applied to key management and cyber security concerns on a continuous basis from design through operation, 2) how trusted models and key management architectures greatly impact failure scenarios, and 3) how hardware-enabled trust is a critical element to detecting, surviving, and recovering from attack.« less

Centralized Cryptographic Key Management and Critical Risk Assessment - CRADA Final Report For CRADA Number NFE-11-03562

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, R. K.; Peters, Scott

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) Cyber Security for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing Cyber Security for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modifiedmore » and used as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Cryptographic Key Management and Critical Risk Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K

The Department of Energy Office of Electricity Delivery and Energy Reliability (DOE-OE) CyberSecurity for Energy Delivery Systems (CSEDS) industry led program (DE-FOA-0000359) entitled "Innovation for Increasing CyberSecurity for Energy Delivery Systems (12CSEDS)," awarded a contract to Sypris Electronics LLC to develop a Cryptographic Key Management System for the smart grid (Scalable Key Management Solutions for Critical Infrastructure Protection). Oak Ridge National Laboratory (ORNL) and Sypris Electronics, LLC as a result of that award entered into a CRADA (NFE-11-03562) between ORNL and Sypris Electronics, LLC. ORNL provided its Cyber Security Econometrics System (CSES) as a tool to be modified and usedmore » as a metric to address risks and vulnerabilities in the management of cryptographic keys within the Advanced Metering Infrastructure (AMI) domain of the electric sector. ORNL concentrated our analysis on the AMI domain of which the National Electric Sector Cyber security Organization Resource (NESCOR) Working Group 1 (WG1) has documented 29 failure scenarios. The computational infrastructure of this metric involves system stakeholders, security requirements, system components and security threats. To compute this metric, we estimated the stakes that each stakeholder associates with each security requirement, as well as stochastic matrices that represent the probability of a threat to cause a component failure and the probability of a component failure to cause a security requirement violation. We applied this model to estimate the security of the AMI, by leveraging the recently established National Institute of Standards and Technology Interagency Report (NISTIR) 7628 guidelines for smart grid security and the International Electrotechnical Commission (IEC) 63351, Part 9 to identify the life cycle for cryptographic key management, resulting in a vector that assigned to each stakeholder an estimate of their average loss in terms of dollars per day of system operation. To further address probabilities of threats, information security analysis can be performed using game theory implemented in dynamic Agent Based Game Theoretic (ABGT) simulations. Such simulations can be verified with the results from game theory analysis and further used to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. The strategy for the game was developed by analyzing five electric sector representative failure scenarios contained in the AMI functional domain from NESCOR WG1. From these five selected scenarios, we characterized them into three specific threat categories affecting confidentiality, integrity and availability (CIA). The analysis using our ABGT simulation demonstrated how to model the AMI functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the AMI network with respect to CIA.« less

Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Milos Manic; Miles McQueen

Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenariosmore » is demonstrated on several control system network topologies.« less

Hiding Critical Targets in Smart Grid Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bao, Wei; Li, Qinghua

With the integration of advanced communication technologies, the power grid is expected to greatly enhance efficiency and reliability of future power systems. However, since most electrical devices in power grid substations are connected via communication networks, cyber security of these communication networks becomes a critical issue. Real-World incidents such as Stuxnet have shown the feasibility of compromising a device in the power grid network to further launch more sophisticated attacks. To deal with security attacks of this spirit, this paper aims to hide critical targets from compromised internal nodes and hence protect them from further attacks launched by those compromisedmore » nodes. In particular, we consider substation networks and propose to add carefully-controlled dummy traffic to a substation network to make critical target nodes indistinguishable from other nodes in network traffic patterns. This paper describes the design and evaluation of such a scheme. Evaluations show that the scheme can effectively protect critical nodes with acceptable communication cost.« less

The link between national security and biometrics

NASA Astrophysics Data System (ADS)

Etter, Delores M.

2005-03-01

National security today requires identification of people, things and activities. Biometrics plays an important role in the identification of people, and indirectly, in the identification of things and activities. Therefore, the development of technology and systems that provide faster and more accurate biometric identification is critical to the defense of our country. In addition, the development of a broad range of biometrics is necessary to provide the range of options needed to address flexible and adaptive adversaries. This paper will discuss the importance of a number of critical areas in the development of an environment to support biometrics, including research and development, biometric education, standards, pilot projects, and privacy assurance.

Implementation of QoSS (Quality-of-Security Service) for NoC-Based SoC Protection

NASA Astrophysics Data System (ADS)

Sepúlveda, Johanna; Pires, Ricardo; Strum, Marius; Chau, Wang Jiang

Many of the current electronic systems embedded in a SoC (System-on-Chip) are used to capture, store, manipulate and access critical data, as well as to perform other key functions. In such a scenario, security is considered as an important issue. The Network-on-chip (NoC), as the foreseen communication structure of next-generation SoC devices, can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (Quality of Security Service) to overcome present SoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. In this paper, we present the implementation of two security services (access control and authentication), that may be configured to assume one from several possible levels, the implementation of a technique to avoid denial-of-service (DoS) attacks, evaluate their effectiveness and estimate their impact on NoC performance.

The biological threat to U.S. water supplies: Toward a national water security policy.

PubMed

Nuzzo, Jennifer B

2006-01-01

In addition to providing potable drinking water, U.S. water systems are critical to the maintenance of many vital public services, such as fire suppression and power generation. Disruption of these systems would produce severe public health and safety risks, as well as considerable economic losses. Thus, water systems have been designated as critical to national security by the U.S. government. Previous outbreaks of waterborne disease have demonstrated the vulnerability of both the water supply and the public's health to biological contamination of drinking water. Such experiences suggest that a biological attack, or even a credible threat of an attack, on water infrastructure could seriously jeopardize the public's health, its confidence, and the economic vitality of a community. Despite these recognized vulnerabilities, protecting water supplies from a deliberate biological attack has not been sufficiently addressed. Action in this area has suffered from a lack of scientific understanding of the true vulnerability of water supplies to intentional contamination with bioweapons, insufficient tools for detecting biological agents, and a lack of funds to implement security improvements. Much of what is needed to address the vulnerability of the national water supply falls outside the influence of individual utilities. This includes developing a national research agenda to appropriately identify and characterize waterborne threats and making funds available to implement security improvements.

Security Economics and Critical National Infrastructure

NASA Astrophysics Data System (ADS)

Anderson, Ross; Fuloria, Shailendra

There has been considerable effort and expenditure since 9/11 on the protection of ‘Critical National Infrastructure' against online attack. This is commonly interpreted to mean preventing online sabotage against utilities such as electricity,oil and gas, water, and sewage - including pipelines, refineries, generators, storage depots and transport facilities such as tankers and terminals. A consensus is emerging that the protection of such assets is more a matter of business models and regulation - in short, of security economics - than of technology. We describe the problems, and the state of play, in this paper. Industrial control systems operate in a different world from systems previously studied by security economists; we find the same issues (lock-in, externalities, asymmetric information and so on) but in different forms. Lock-in is physical, rather than based on network effects, while the most serious externalities result from correlated failure, whether from cascade failures, common-mode failures or simultaneous attacks. There is also an interesting natural experiment happening, in that the USA is regulating cyber security in the electric power industry, but not in oil and gas, while the UK is not regulating at all but rather encouraging industry's own efforts. Some European governments are intervening, while others are leaving cybersecurity entirely to plant owners to worry about. We already note some perverse effects of the U.S. regulation regime as companies game the system, to the detriment of overall dependability.

Critical Rare Earths, National Security, and U.S.-China Interactions: A Portfolio Approach to Dysprosium Policy Design

DTIC Science & Technology

2015-01-01

by the graduate fellow’s faculty committee. C O R P O R A T I O N Dissertation Critical Rare Earths, National Security, and U.S.-China Interactions A...Portfolio Approach to Dysprosium Policy Design David L. An Dissertation Critical Rare Earths, National Security, and U.S.-China Interactions A...Permanent Magnet ................................................ xxiv Dysprosium, the Most Critical Rare Earth

OPSAID Initial Design and Testing Report.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hurd, Steven A.; Stamp, Jason Edwin; Chavez, Adrian R.

2007-11-01

Process Control System (PCS) security is critical to our national security. Yet, there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy's Office of Electricity Delivery and Reliability, aims to address this issue through developing and testing an open source architecture for PCS security. Sandia National Laboratories, along with a team of PCS vendors and owners, have developed and tested this PCS security architecture. This report describes their progress to date.2 AcknowledgementsThe authors acknowledgemore » and thank their colleagues for their assistance with the OPSAID project.Sandia National Laboratories: Alex Berry, Charles Perine, Regis Cassidy, Bryan Richardson, Laurence PhillipsTeumim Technical, LLC: Dave TeumimIn addition, the authors are greatly indebted to the invaluable help of the members of the OPSAID Core Team. Their assistance has been critical to the success and industry acceptance of the OPSAID project.Schweitzer Engineering Laboratory: Rhett Smith, Ryan Bradetich, Dennis GammelTelTone: Ori Artman Entergy: Dave Norton, Leonard Chamberlin, Mark AllenThe authors would like to acknowledge that the work that produced the results presented in this paper was funded by the U.S. Department of Energy/Office of Electricity Delivery and Energy Reliability (DOE/OE) as part of the National SCADA Test Bed (NSTB) Program. Executive SummaryProcess control systems (PCS) are very important for critical infrastructure and manufacturing operations, yet cyber security technology in PCS is generally poor. The OPSAID (Open PCS (Process Control System) Security Architecture for Interoperable Design) program is intended to address these security shortcomings by accelerating the availability and deployment of comprehensive security technology for PCS, both for existing PCS and inherently secure PCS in the future. All activities are closely linked to industry outreach and advisory efforts.Generally speaking, the OPSAID project is focused on providing comprehensive security functionality to PCS that communicate using IP. This is done through creating an interoperable PCS security architecture and developing a reference implementation, which is tested extensively for performance and reliability.This report first provides background on the PCS security problem and OPSAID, followed by goals and objectives of the project. The report also includes an overview of the results, including the OPSAID architecture and testing activities, along with results from industry outreach activities. Conclusion and recommendation sections follow. Finally, a series of appendices provide more detailed information regarding architecture and testing activities.Summarizing the project results, the OPSAID architecture was defined, which includes modular security functionality and corresponding component modules. The reference implementation, which includes the collection of component modules, was tested extensively and proved to provide more than acceptable performance in a variety of test scenarios. The primary challenge in implementation and testing was correcting initial configuration errors.OPSAID industry outreach efforts were very successful. A small group of industry partners were extensively involved in both the design and testing of OPSAID. Conference presentations resulted in creating a larger group of potential industry partners.Based upon experience implementing and testing OPSAID, as well as through collecting industry feedback, the OPSAID project has done well and is well received. Recommendations for future work include further development of advanced functionality, refinement of interoperability guidance, additional laboratory and field testing, and industry outreach that includes PCS owner education. 4 5 --This page intentionally left blank --« less

IT Security Support for the Spaceport Command Control System Development

NASA Technical Reports Server (NTRS)

Varise, Brian

2014-01-01

My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

Measurement-Device-Independent Quantum Cryptography

NASA Astrophysics Data System (ADS)

Tang, Zhiyuan

Quantum key distribution (QKD) enables two legitimate parties to share a secret key even in the presence of an eavesdropper. The unconditional security of QKD is based on the fundamental laws of quantum physics. Original security proofs of QKD are based on a few assumptions, e.g., perfect single photon sources and perfect single-photon detectors. However, practical implementations of QKD systems do not fully comply with such assumptions due to technical limitations. The gap between theory and implementations leads to security loopholes in most QKD systems, and several attacks have been launched on sophisticated QKD systems. Particularly, the detectors have been found to be the most vulnerable part of QKD. Much effort has been put to build side-channel-free QKD systems. Solutions such as security patches and device-independent QKD have been proposed. However, the former are normally ad-hoc, and cannot close unidentified loopholes. The latter, while having the advantages of removing all assumptions on devices, is impractical to implement today. Measurement-device-independent QKD (MDI-QKD) turns out to be a promising solution to the security problem of QKD. In MDI-QKD, all security loopholes, including those yet-to-be discovered, have been removed from the detectors, the most critical part in QKD. In this thesis, we investigate issues related to the practical implementation and security of MDI-QKD. We first present a demonstration of polarization-encoding MDI-QKD. Taking finite key effect into account, we achieve a secret key rate of 0.005 bit per second (bps) over 10 km spooled telecom fiber, and a 1600-bit key is distributed. This work, together with other demonstrations, shows the practicality of MDI-QKD. Next we investigate a critical assumption of MDI-QKD: perfect state preparation. We apply the loss-tolerant QKD protocol and adapt it to MDI-QKD to quantify information leakage due to imperfect state preparation. We then present an experimental demonstration of MDI-QKD over 10 km and 40 km of spooled fiber, which for the first time considers the impact of inaccurate polarization state preparation on the secret key rate. This would not have been possible under previous security proofs, given the same amount of state preparation flaws.

Cyber security risk assessment for SCADA and DCS networks.

PubMed

Ralston, P A S; Graham, J H; Hieb, J L

2007-10-01

The growing dependence of critical infrastructures and industrial automation on interconnected physical and cyber-based control systems has resulted in a growing and previously unforeseen cyber security threat to supervisory control and data acquisition (SCADA) and distributed control systems (DCSs). It is critical that engineers and managers understand these issues and know how to locate the information they need. This paper provides a broad overview of cyber security and risk assessment for SCADA and DCS, introduces the main industry organizations and government groups working in this area, and gives a comprehensive review of the literature to date. Major concepts related to the risk assessment methods are introduced with references cited for more detail. Included are risk assessment methods such as HHM, IIM, and RFRM which have been applied successfully to SCADA systems with many interdependencies and have highlighted the need for quantifiable metrics. Presented in broad terms is probability risk analysis (PRA) which includes methods such as FTA, ETA, and FEMA. The paper concludes with a general discussion of two recent methods (one based on compromise graphs and one on augmented vulnerability trees) that quantitatively determine the probability of an attack, the impact of the attack, and the reduction in risk associated with a particular countermeasure.

An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

PubMed

Barrett, Jason R; French, P Edward

2013-01-01

The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

Secure real-time wireless video streaming in the aeronautical telecommunications network

NASA Astrophysics Data System (ADS)

Czernik, Pawel; Olszyna, Jakub

2010-09-01

As Air Traffic Control Systems move from a voice only environment to one in which clearances are issued via data link, there is a risk that an unauthorized entity may attempt to masquerade as either the pilot or controller. In order to protect against this and related attacks, air-ground communications must be secured. The challenge is to add security in an environment in which bandwidth is limited. The Aeronautical Telecommunications Network (ATN) is an enabling digital network communications technology that addresses capacity and efficiency issues associated with current aeronautical voice communication systems. Equally important, the ATN facilitates migration to free flight, where direct computer-to-computer communication will automate air traffic management, minimize controller and pilot workload, and improve overall aircraft routing efficiency. Protecting ATN communications is critical since safety-of-flight is seriously affected if an unauthorized entity, a hacker for example, is able to penetrate an otherwise reliable communications system and accidentally or maliciously introduce erroneous information that jeopardizes the overall safety and integrity of a given airspace. However, an ATN security implementation must address the challenges associated with aircraft mobility, limited bandwidth communication channels, and uninterrupted operation across organizational and geopolitical boundaries. This paper provides a brief overview of the ATN, the ATN security concept, and begins a basic introduction to the relevant security concepts of security threats, security services and security mechanisms. Security mechanisms are further examined by presenting the fundamental building blocks of symmetric encipherment, asymmetric encipherment, and hash functions. The second part of this paper presents the project of cryptographiclly secure wireless communication between Unmanned Aerial Vehicles (UAV) and the ground station in the ATM system, based on the ARM9 processor development kid and Embedded Linux operation system.

System for critical infrastructure security based on multispectral observation-detection module

NASA Astrophysics Data System (ADS)

Trzaskawka, Piotr; Kastek, Mariusz; Życzkowski, Marek; Dulski, Rafał; Szustakowski, Mieczysław; Ciurapiński, Wiesław; Bareła, Jarosław

2013-10-01

Recent terrorist attacks and possibilities of such actions in future have forced to develop security systems for critical infrastructures that embrace sensors technologies and technical organization of systems. The used till now perimeter protection of stationary objects, based on construction of a ring with two-zone fencing, visual cameras with illumination are efficiently displaced by the systems of the multisensor technology that consists of: visible technology - day/night cameras registering optical contrast of a scene, thermal technology - cheap bolometric cameras recording thermal contrast of a scene and active ground radars - microwave and millimetre wavelengths that record and detect reflected radiation. Merging of these three different technologies into one system requires methodology for selection of technical conditions of installation and parameters of sensors. This procedure enables us to construct a system with correlated range, resolution, field of view and object identification. Important technical problem connected with the multispectral system is its software, which helps couple the radar with the cameras. This software can be used for automatic focusing of cameras, automatic guiding cameras to an object detected by the radar, tracking of the object and localization of the object on the digital map as well as target identification and alerting. Based on "plug and play" architecture, this system provides unmatched flexibility and simplistic integration of sensors and devices in TCP/IP networks. Using a graphical user interface it is possible to control sensors and monitor streaming video and other data over the network, visualize the results of data fusion process and obtain detailed information about detected intruders over a digital map. System provide high-level applications and operator workload reduction with features such as sensor to sensor cueing from detection devices, automatic e-mail notification and alarm triggering. The paper presents a structure and some elements of critical infrastructure protection solution which is based on a modular multisensor security system. System description is focused mainly on methodology of selection of sensors parameters. The results of the tests in real conditions are also presented.

36 CFR Appendix A to Part 1234 - Minimum Security Standards for Level III Federal Facilities

Code of Federal Regulations, 2014 CFR

2014-07-01

... technology and blast standards. Immediate review of ongoing projects may generate savings in the... critical systems (alarm systems, radio communications, computer facilities, etc.) Required. Occupant... all exterior windows (shatter protection) Recommended. Review current projects for blast standards...

36 CFR Appendix A to Part 1234 - Minimum Security Standards for Level III Federal Facilities

Code of Federal Regulations, 2013 CFR

2013-07-01

... construction projects should be reviewed if possible, to incorporate current technology and blast standards... critical systems (alarm systems, radio communications, computer facilities, etc.) Required. Occupant... all exterior windows (shatter protection) Recommended. Review current projects for blast standards...

36 CFR Appendix A to Part 1234 - Minimum Security Standards for Level III Federal Facilities

Code of Federal Regulations, 2012 CFR

2012-07-01

... technology and blast standards. Immediate review of ongoing projects may generate savings in the... critical systems (alarm systems, radio communications, computer facilities, etc.) Required. Occupant... all exterior windows (shatter protection) Recommended. Review current projects for blast standards...

Using a Prediction Model to Manage Cyber Security Threats.

PubMed

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

PubMed Central

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, T.

SPI/U3.1 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Inspector Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bartoletti, Tony

SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

Measurement-Device-Independent Quantum Key Distribution over Untrustful Metropolitan Network

NASA Astrophysics Data System (ADS)

Tang, Yan-Lin; Yin, Hua-Lei; Zhao, Qi; Liu, Hui; Sun, Xiang-Xiang; Huang, Ming-Qi; Zhang, Wei-Jun; Chen, Si-Jing; Zhang, Lu; You, Li-Xing; Wang, Zhen; Liu, Yang; Lu, Chao-Yang; Jiang, Xiao; Ma, Xiongfeng; Zhang, Qiang; Chen, Teng-Yun; Pan, Jian-Wei

2016-01-01

Quantum cryptography holds the promise to establish an information-theoretically secure global network. All field tests of metropolitan-scale quantum networks to date are based on trusted relays. The security critically relies on the accountability of the trusted relays, which will break down if the relay is dishonest or compromised. Here, we construct a measurement-device-independent quantum key distribution (MDIQKD) network in a star topology over a 200-square-kilometer metropolitan area, which is secure against untrustful relays and against all detection attacks. In the field test, our system continuously runs through one week with a secure key rate 10 times larger than previous results. Our results demonstrate that the MDIQKD network, combining the best of both worlds—security and practicality, constitutes an appealing solution to secure metropolitan communications.

Review of Estelle and LOTOS with respect to critical computer applications

NASA Technical Reports Server (NTRS)

Bown, Rodney L.

1991-01-01

Man rated NASA space vehicles seem to represent a set of ultimate critical computer applications. These applications require a high degree of security, integrity, and safety. A variety of formal and/or precise modeling techniques are becoming available for the designer of critical systems. The design phase of the software engineering life cycle includes the modification of non-development components. A review of the Estelle and LOTOS formal description languages is presented. Details of the languages and a set of references are provided. The languages were used to formally describe some of the Open System Interconnect (OSI) protocols.

78 FR 57644 - Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-19

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2103-0050] Critical Infrastructure Partnership... management; Notice of an open Federal Advisory Committee Meeting. SUMMARY: The Critical Infrastructure... involving critical infrastructure security and resiliency. Off-topic questions or comments will not be...

49 CFR 1.21 - Reservations of Authority to the Secretary of Transportation.

Code of Federal Regulations, 2013 CFR

2013-10-01

... Wage system. (5) Security. (i) Authorizing the filling of a critical-sensitive position for a limited... final approval of applications for credit assistance under the Transportation Infrastructure Finance and...

49 CFR 1.21 - Reservations of Authority to the Secretary of Transportation.

Code of Federal Regulations, 2012 CFR

2012-10-01

... Wage system. (5) Security. (i) Authorizing the filling of a critical-sensitive position for a limited... final approval of applications for credit assistance under the Transportation Infrastructure Finance and...

Instrumentation, Control, and Intelligent Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

2005-09-01

Abundant and affordable energy is required for U.S. economic stability and national security. Advanced nuclear power plants offer the best near-term potential to generate abundant, affordable, and sustainable electricity and hydrogen without appreciable generation of greenhouse gases. To that end, Idaho National Laboratory (INL) has been charged with leading the revitalization of nuclear power in the U.S. The INL vision is to become the preeminent nuclear energy laboratory with synergistic, world-class, multi-program capabilities and partnerships by 2015. The vision focuses on four essential destinations: (1) Be the preeminent internationally-recognized nuclear energy research, development, and demonstration laboratory; (2) Be a majormore » center for national security technology development and demonstration; (3) Be a multi-program national laboratory with world-class capabilities; (4) Foster academic, industry, government, and international collaborations to produce the needed investment, programs, and expertise. Crucial to that effort is the inclusion of research in advanced instrumentation, control, and intelligent systems (ICIS) for use in current and advanced power and energy security systems to enable increased performance, reliability, security, and safety. For nuclear energy plants, ICIS will extend the lifetime of power plant systems, increase performance and power output, and ensure reliable operation within the system's safety margin; for national security applications, ICIS will enable increased protection of our nation's critical infrastructure. In general, ICIS will cost-effectively increase performance for all energy security systems.« less

High Fidelity Simulations of Large-Scale Wireless Networks (Plus-Up)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onunkwo, Uzoma

Sandia has built a strong reputation in scalable network simulation and emulation for cyber security studies to protect our nation’s critical information infrastructures. Georgia Tech has preeminent reputation in academia for excellence in scalable discrete event simulations, with strong emphasis on simulating cyber networks. Many of the experts in this field, such as Dr. Richard Fujimoto, Dr. George Riley, and Dr. Chris Carothers, have strong affiliations with Georgia Tech. The collaborative relationship that we intend to immediately pursue is in high fidelity simulations of practical large-scale wireless networks using ns-3 simulator via Dr. George Riley. This project will have mutualmore » benefits in bolstering both institutions’ expertise and reputation in the field of scalable simulation for cyber-security studies. This project promises to address high fidelity simulations of large-scale wireless networks. This proposed collaboration is directly in line with Georgia Tech’s goals for developing and expanding the Communications Systems Center, the Georgia Tech Broadband Institute, and Georgia Tech Information Security Center along with its yearly Emerging Cyber Threats Report. At Sandia, this work benefits the defense systems and assessment area with promise for large-scale assessment of cyber security needs and vulnerabilities of our nation’s critical cyber infrastructures exposed to wireless communications.« less

Nutrient Use Efficiency in Bioenergy Cropping Systems: Critical Research Questions

USDA-ARS?s Scientific Manuscript database

Current U.S. plans for energy security rely on converting large areas of cropland from food to biofuel production. Additionally, lands currently considered too marginal for intensive food production may be considered suitable for biofuels production; predominant cropping systems may shift to more va...

The Enlargement of the Classified Information System.

ERIC Educational Resources Information Center

Academe, 1983

1983-01-01

The second of two reports examines a recent executive order prescribing a system for classifying information on the basis of national security concerns, criticizing it for imperiling the freedoms it means to protect, and potentially inhibiting research efforts. A National Academy of Sciences report is appended. (MSE)

Security Hardened Cyber Components for Nuclear Power Plants: Phase I SBIR Final Technical Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Franusich, Michael D.

SpiralGen, Inc. built a proof-of-concept toolkit for enhancing the cyber security of nuclear power plants and other critical infrastructure with high-assurance instrumentation and control code. The toolkit is based on technology from the DARPA High-Assurance Cyber Military Systems (HACMS) program, which has focused on applying the science of formal methods to the formidable set of problems involved in securing cyber physical systems. The primary challenges beyond HACMS in developing this toolkit were to make the new technology usable by control system engineers and compatible with the regulatory and commercial constraints of the nuclear power industry. The toolkit, packaged as amore » Simulink add-on, allows a system designer to assemble a high-assurance component from formally specified and proven blocks and generate provably correct control and monitor code for that subsystem.« less

76 FR 19333 - Commission Information Collection Activities (FERC-725B); Comment Request; Submitted for OMB Review

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-07

... the Bulk-Power System to comply with specific requirements to safeguard critical cyber assets.\\2\\ These standards help protect the nation's Bulk-Power System against potential disruptions from cyber... recordkeeping requirements. Specifically, CIP- 008-1 requires responsible entities to report cyber security...

Sensitive Security Information (SSI) and Transportation Security: Background and Controversies

DTIC Science & Technology

2004-02-05

with airport security procedures, employee accountability, passenger screening, and airport secrecy agreements. In January 2003, the Dallas/Fort... Airport Security Flaws Bring Criticism,” Los Angeles Times, July 2, 2002, p. A8. 16 Charles Piller and Ricardo Alonso-Zaldivar, “A Suspect Computer...Secrecy in Airport Security Contract Criticized,” Des Moines Register, Sept. 27, 2003, p. 1A; James Andrews, “Here in Tristate, Security’s Tighter

A Malicious Pattern Detection Engine for Embedded Security Systems in the Internet of Things

PubMed Central

Oh, Doohwan; Kim, Deokho; Ro, Won Woo

2014-01-01

With the emergence of the Internet of Things (IoT), a large number of physical objects in daily life have been aggressively connected to the Internet. As the number of objects connected to networks increases, the security systems face a critical challenge due to the global connectivity and accessibility of the IoT. However, it is difficult to adapt traditional security systems to the objects in the IoT, because of their limited computing power and memory size. In light of this, we present a lightweight security system that uses a novel malicious pattern-matching engine. We limit the memory usage of the proposed system in order to make it work on resource-constrained devices. To mitigate performance degradation due to limitations of computation power and memory, we propose two novel techniques, auxiliary shifting and early decision. Through both techniques, we can efficiently reduce the number of matching operations on resource-constrained systems. Experiments and performance analyses show that our proposed system achieves a maximum speedup of 2.14 with an IoT object and provides scalable performance for a large number of patterns. PMID:25521382

It Security and EO Systems

NASA Astrophysics Data System (ADS)

Burnett, M.

2010-12-01

One topic that is beginning to influence the systems that support these goals is that of Information Technology (IT) Security. Unsecure systems are vulnerable to increasing attacks and other negative consequences; sponsoring agencies are correspondingly responding with more refined policies and more stringent security requirements. These affect how EO systems can meet the goals of data and service interoperability and harmonization through open access, transformation and visualization services. Contemporary systems, including the vision of a system-of-systems (such as GEOSS, the Global Earth Observation System of Systems), utilize technologies that support a distributed, global, net-centric environment. These types of systems have a high reliance on the open systems, web services, shared infrastructure and data standards. The broader IT industry has developed and used these technologies in their business and mission critical systems for many years. Unfortunately, the IT industry, and their customers have learned the importance of protecting their assets and resources (computing and information) as they have been forced to respond to an ever increasing number and more complex illegitimate “attackers”. This presentation will offer an overview of work done by the CEOS WGISS organization in summarizing security threats, the challenges to responding to them and capturing the current state of the practice within the EO community.

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System.

PubMed

Li, Chun-Ta; Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-06-23

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients' physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu-Chung's scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP.

A threat intelligence framework for access control security in the oil industry

NASA Astrophysics Data System (ADS)

Alaskandrani, Faisal T.

The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

[Evaluation of health system decentralization and reform of the Social Security system in Colombia].

PubMed

Jaramillo, I

2002-01-01

The aim of this study is to present the results of the reforms in the health sector that have taken place in Colombia since 1990. These reforms replaced the previous national health system and the so-called Bismarkian social security system. The new system has three basic characteristics: a) the public subsidies are decentralized in the municipalities and territorial departments; b) the public hospitals have been converted into state social enterprises, which has led them towards a management model, and c) the health and social security system monopoly has been abolished and a system of health subsidies has been created for the poorest citizens. This article systematically collects secondary information extracted from the most important studies evaluating the health sector reforms in Colombia. The present author participated in some of these studies. The reforms have increased financial resources, which, has led to an increase in public system staff and their salaries. The availability of hospitals' budgetary resources has increased and the social security system has become wider, including 20% of the poorest population who have benefited from subsidies on demand. Ease of access and equity in the health system have significantly improved. However, indicators of public health have fallen and health professionals are critical of a system based on mediation, which increases transaction costs.

Incorporating voltage security into the planning, operation and monitoring of restructured electric energy markets

NASA Astrophysics Data System (ADS)

Nair, Nirmal-Kumar

As open access market principles are applied to power systems, significant changes are happening in their planning, operation and control. In the emerging marketplace, systems are operating under higher loading conditions as markets focus greater attention to operating costs than stability and security margins. Since operating stability is a basic requirement for any power system, there is need for newer tools to ensure stability and security margins being strictly enforced in the competitive marketplace. This dissertation investigates issues associated with incorporating voltage security into the unbundled operating environment of electricity markets. It includes addressing voltage security in the monitoring, operational and planning horizons of restructured power system. This dissertation presents a new decomposition procedure to estimate voltage security usage by transactions. The procedure follows physical law and uses an index that can be monitored knowing the state of the system. The expression derived is based on composite market coordination models that have both PoolCo and OpCo transactions, in a shared stressed transmission grid. Our procedure is able to equitably distinguish the impacts of individual transactions on voltage stability, at load buses, in a simple and fast manner. This dissertation formulates a new voltage stability constrained optimal power flow (VSCOPF) using a simple voltage security index. In modern planning, composite power system reliability analysis that encompasses both adequacy and security issues is being developed. We have illustrated the applicability of our VSCOPF into composite reliability analysis. This dissertation also delves into the various applications of voltage security index. Increasingly, FACT devices are being used in restructured markets to mitigate a variety of operational problems. Their control effects on voltage security would be demonstrated using our VSCOPF procedure. Further, this dissertation investigates the application of steady state voltage stability index to detect potential dynamic voltage collapse. Finally, this dissertation examines developments in representation, standardization, communication and exchange of power system data. Power system data is the key input to all analytical engines for system operation, monitoring and control. Data exchange and dissemination could impact voltage security evaluation and therefore needs to be critically examined.

The MAGTF’s Reliance on the Global Positioning System: A Critical Vulnerability

DTIC Science & Technology

2013-05-02

Reference&ItemId=+++1 499015&Pubabbrev=JC4IJ 45 “AURA Mobile Communications GPS/ WiFi Jammer”, Jane’s Police and Homeland Security Equipment, last...securityaffairs.co/wordpress/2845/ hacking /gps-spoofing- old-threat-and-new-problems.html 52“GPS Spoofing, Old Threat and New Problems”, Pierluigi...Paganini, Security Affairs, last modified February 23, 2012, http://securityaffairs.co/wordpress/2845/ hacking /gps-spoofing- old-threat-and-new

Risk Assessment Methodology for Water utilities (RAM-W) : the foundation for emergency response planning.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Danneels, Jeffrey John

2005-03-01

Concerns about acts of terrorism against critical infrastructures have been on the rise for several years. Critical infrastructures are those physical structures and information systems (including cyber) essential to the minimum operations of the economy and government. The President's Commission on Critical Infrastructure Protection (PCCIP) probed the security of the nation's critical infrastructures. The PCCIP determined the water infrastructure is highly vulnerable to a range of potential attacks. In October 1997, the PCCIP proposed a public/private partnership between the federal government and private industry to improve the protection of the nation's critical infrastructures. In early 2000, the EPA partnered withmore » the Awwa Research Foundation (AwwaRF) and Sandia National Laboratories to create the Risk Assessment Methodology for Water Utilities (RAM-W{trademark}). Soon thereafter, they initiated an effort to create a template and minimum requirements for water utility Emergency Response Plans (ERP). All public water utilities in the US serving populations greater than 3,300 are required to undertaken both a vulnerability assessment and the development of an emergency response plan. This paper explains the initial steps of RAM-W{trademark} and then demonstrates how the security risk assessment is fundamental to the ERP. During the development of RAM-W{trademark}, Sandia performed several security risk assessments at large metropolitan water utilities. As part of the scope of that effort, ERPs at each utility were reviewed to determine how well they addressed significant vulnerabilities uncovered during the risk assessment. The ERP will contain responses to other events as well (e.g. natural disasters) but should address all major findings in the security risk assessment.« less

Synopsis of Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission Value

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

2008-01-01

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with the goal of improved enterprise and business risk management. Economic uncertainty, intensively collaborative work styles, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation of a balanced approach. The Cyberspace Security Econometrics System (CSES) provides a measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. For a given stakeholder,more » CSES reflects the variance that may exist among the stakes one attaches to meeting each requirement. This paper summarizes the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural underpinnings.« less

76 FR 81956 - National Infrastructure Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-29

... through the Secretary of Homeland Security with advice on the security of the critical infrastructure... critical infrastructure as directed by the President. At this meeting, the committee will receive work from... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0117] National Infrastructure Advisory...

Regenerative Medicine for Battlefield Injuries

DTIC Science & Technology

2013-10-01

across a critical size defect (CSD) in the fibula, using the axolotl , Abystoma mexicanum as a model system. The scope of the research is to...successful because they initiated the whole cascade of events required for cartilage development. These results indicate that the axolotl fibula can be used...TERMS Regeneration across a critical size defect in axolotl fibula, efficacy of growth factor combinations 16. SECURITY CLASSIFICATION OF: 17

Analyzing Risks and Vulnerabilities of Various Computer Systems and Undergoing Exploitation using Embedded Devices

NASA Technical Reports Server (NTRS)

Branch, Drew Alexander

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated, patched and secured state in a launch control system environment. Attacks on critical systems are becoming more and more relevant and frequent. Nation states are hacking into critical networks that might control electrical power grids or water dams as well as carrying out advanced persistent threat (APTs) attacks on government entities. NASA, as an organization, must protect its self from attacks from all different types of attackers with different motives. Although the International Space Station was created, there is still competition between the different space programs. With that in mind, NASA might get attacked and breached for various reasons such as espionage or sabotage. My project will provide a way for NASA to complete an in house penetration test which includes: asset discovery, vulnerability scans, exploit vulnerabilities and also provide forensic information to harden systems. Completing penetration testing is a part of the compliance requirements of the Federal Information Security Act (FISMA) and NASA NPR 2810.1 and related NASA Handbooks. This project is to demonstrate how in house penetration testing can be conducted that will satisfy all of the compliance requirements of the National Institute of Standards and Technology (NIST), as outlined in FISMA. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

6 CFR 29.1 - Purpose and scope.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... receipt, care, and storage of Critical Infrastructure Information (CII) voluntarily submitted to the... herein as the Critical Infrastructure Information Act of 2002 (CII Act). Consistent with the statutory...

6 CFR 29.1 - Purpose and scope.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... receipt, care, and storage of Critical Infrastructure Information (CII) voluntarily submitted to the... herein as the Critical Infrastructure Information Act of 2002 (CII Act). Consistent with the statutory...

6 CFR 29.1 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... receipt, care, and storage of Critical Infrastructure Information (CII) voluntarily submitted to the... herein as the Critical Infrastructure Information Act of 2002 (CII Act). Consistent with the statutory...

6 CFR 29.1 - Purpose and scope.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE... receipt, care, and storage of Critical Infrastructure Information (CII) voluntarily submitted to the... herein as the Critical Infrastructure Information Act of 2002 (CII Act). Consistent with the statutory...

76 FR 20995 - Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-14

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0028] Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, U.S. Department of Homeland Security...

Mobile healthcare applications: system design review, critical issues and challenges.

PubMed

Baig, Mirza Mansoor; GholamHosseini, Hamid; Connolly, Martin J

2015-03-01

Mobile phones are becoming increasingly important in monitoring and delivery of healthcare interventions. They are often considered as pocket computers, due to their advanced computing features, enhanced preferences and diverse capabilities. Their sophisticated sensors and complex software applications make the mobile healthcare (m-health) based applications more feasible and innovative. In a number of scenarios user-friendliness, convenience and effectiveness of these systems have been acknowledged by both patients as well as healthcare providers. M-health technology employs advanced concepts and techniques from multidisciplinary fields of electrical engineering, computer science, biomedical engineering and medicine which benefit the innovations of these fields towards healthcare systems. This paper deals with two important aspects of current mobile phone based sensor applications in healthcare. Firstly, critical review of advanced applications such as; vital sign monitoring, blood glucose monitoring and in-built camera based smartphone sensor applications. Secondly, investigating challenges and critical issues related to the use of smartphones in healthcare including; reliability, efficiency, mobile phone platform variability, cost effectiveness, energy usage, user interface, quality of medical data, and security and privacy. It was found that the mobile based applications have been widely developed in recent years with fast growing deployment by healthcare professionals and patients. However, despite the advantages of smartphones in patient monitoring, education, and management there are some critical issues and challenges related to security and privacy of data, acceptability, reliability and cost that need to be addressed.

78 FR 39712 - Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-02

... DEPARTMENT OF COMMERCE International Trade Administration Critical Infrastructure Protection and Cyber Security Trade Mission to Saudi Arabia and Kuwait Clarification and Amendment AGENCY... cyber-security firms and trade organizations which have not already submitted an application are...

Privacy and security of patient data in the pathology laboratory.

PubMed

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui

Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less

77 FR 57072 - Proposed Information Collection; Comment Request; National Security and Critical Technology...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-09-17

... Request; National Security and Critical Technology Assessments of the U.S. Industrial Base AGENCY: Bureau... Federal agencies, conducts assessments of U.S. industrial base sectors deemed critical to U.S. national... needs of these critical market segments in order to maintain a strong U.S. industrial base. II. Method...

76 FR 70730 - The Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-15

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0112] The Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, U.S. Department of Homeland Security...

76 FR 29775 - The Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-23

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2011-0038] The Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, U.S. Department of Homeland Security...

78 FR 16861 - The Critical Infrastructure Partnership Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-19

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0077] The Critical Infrastructure Partnership... Infrastructure Partnership Advisory Council membership update. SUMMARY: The Department of Homeland Security (DHS) announced the establishment of the Critical Infrastructure Partnership Advisory Council (CIPAC) in a Federal...

75 FR 48983 - The Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2010-08-12

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0062] The Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Infrastructure Protection, National Protection and Programs Directorate, Department of Homeland Security, 245...

Multinational Experiment 7. Outcome 3 - Cyber Domain Objective 3.1: Threats and Vulnerability Methodology Version 1.0

DTIC Science & Technology

2014-02-09

often  operators  of command and control  systems  within critical infrastructures, and  can in some ways be considered critical assets themselves. The...application layer makes up the  command and control  system  for the critical infrastructure. That includes  operating   systems  and  applications for users and...Determine how to achieve secure synchronization between primary and secondary  systems .  • Ensure alternatives are  operating , trained for, and practiced

Validating the Octave Allegro Information Systems Risk Assessment Methodology: A Case Study

ERIC Educational Resources Information Center

Keating, Corland G.

2014-01-01

An information system (IS) risk assessment is an important part of any successful security management strategy. Risk assessments help organizations to identify mission-critical IS assets and prioritize risk mitigation efforts. Many risk assessment methodologies, however, are complex and can only be completed successfully by highly qualified and…

International organizations to enable world-wide mobile satellite services

NASA Technical Reports Server (NTRS)

Anglin, Richard L., Jr.

1993-01-01

Numbers of systems exist or have been proposed to provide world-wide mobile satellite services (MSS). Developers of these systems have formulated institutional structures they consider most appropriate for profitable delivery of these services. MSS systems provide niche services and complement traditional telecommunications networks; they are not integrated into world-wide networks. To be successful, MSS system operators must be able to provide an integrated suite of services to support the increasing globalization, interconnectivity, and mobility of business. The critical issue to enabling 'universal roaming' is securing authority to provide MSS in all of the nations of the world. Such authority must be secured in the context of evolving trends in international telecommunications, and must specifically address issues of standardization, regulation and organization. Today, only one existing organization has such world-wide authority. The question is how proponents of new MSS systems and services can gain similar authority. Securing the appropriate authorizations requires that these new organizations reflect the objectives of the nations in which services are to be delivered.

Nanotechnology and MEMS-based systems for civil infrastructure safety and security: Opportunities and challenges

NASA Astrophysics Data System (ADS)

Robinson, Nidia; Saafi, Mohamed

2006-03-01

Critical civil infrastructure systems such as bridges, high rises, dams, nuclear power plants and pipelines present a major investment and the health of the United States' economy and the lifestyle of its citizens both depend on their safety and security. The challenge for engineers is to maintain the safety and security of these large structures in the face of terrorism threats, natural disasters and long-term deterioration, as well as to meet the demands of emergency response times. With the significant negative impact that these threats can have on the structural environment, health monitoring of civil infrastructure holds promise as a way to provide information for near real-time condition assessment of the structure's safety and security. This information can be used to assess the integrity of the structure for post-earthquake and terrorist attacks rescue and recovery, and to safely and rapidly remove the debris and to temporary shore specific structural elements. This information can also be used for identification of incipient damage in structures experiencing long-term deterioration. However, one of the major obstacles preventing sensor-based monitoring is the lack of reliable, easy-to-install, cost-effective and harsh environment resistant sensors that can be densely embedded into large-scale civil infrastructure systems. Nanotechnology and MEMS-based systems which have matured in recent years represent an innovative solution to current damage detection systems, leading to wireless, inexpensive, durable, compact, and high-density information collection. In this paper, ongoing research activities at Alabama A&M University (AAMU) Center for Transportation Infrastructure Safety and Security on the application of nanotechnology and MEMS to Civil Infrastructure for health monitoring will presented. To date, research showed that nanotechnology and MEMS-based systems can be used to wirelessly detect and monitor different damage mechanisms in concrete structures as well as monitor critical structures' stability during floods and barge impact. However, some technical issues that needs to be addressed before full implementation of these new systems and will also be discussed in this paper.

The European cooperative approach to securing critical information infrastructure.

PubMed

Purser, Steve

2011-10-01

This paper provides an overview of the EU approach to securing critical information infrastructure, as defined in the Action Plan contained in the Commission Communication of March 2009, entitled 'Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience' and further elaborated by the Communication of May 2011 on critical Information infrastructure protection 'Achievements and next steps: towards global cyber-security'. After explaining the need for pan-European cooperation in this area, the CIIP Action Plan is explained in detail. Finally, the current state of progress is summarised together with the proposed next steps.

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2012 CFR

2012-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2013 CFR

2013-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2014 CFR

2014-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

6 CFR 29.7 - Safeguarding of Protected Critical Infrastructure Information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... prevents unauthorized retrieval, such as shredding or incineration. (f) Transmission of information. PCII... Infrastructure Information. 29.7 Section 29.7 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.7 Safeguarding of Protected Critical...

Maximizing the security of chaotic optical communications.

PubMed

Hou, T T; Yi, L L; Yang, X L; Ke, J X; Hu, Y; Yang, Q; Zhou, P; Hu, W S

2016-10-03

The practical application of chaotic optical communications has been limited by two aspects: the difficulty in concealing the time delay - a critical security parameter in feedback chaotic systems, and the difficulty of significantly enlarging the key space without complicating the implementation. Here we propose an architecture to break the above limits. By introducing a frequency-dependent group delay module with frequency tuning resolution of 1 MHz into the chaotic feedback loop, we demonstrate excellent time delay concealment effect, and an additional huge key space of 10⁴⁸ can be achieved at the same time. The effectiveness is proved by both numerical simulation and experiment. Besides, the proposed scheme is compatible with the existing commercial optical communication systems, thus pave the way for high-speed secure optical communications.

IEC 61850: Technology Standards and Cyber-Security Threats

DOE Office of Scientific and Technical Information (OSTI.GOV)

Youssef, Tarek A; El Hariri, mohamed; Bugay, Nicole

Substations constitute a fundamental part in providing reliable electricity to consumers. For a substation to maintain electricity reliability and its own real-time operability, communication between its components is inevitable. Before the emergence of IEC 61850, inter-substation communication was established via expensive copper wires with limited capabilities. IEC 61850 is the standard set by the International Electrotechnical Commission (IEC) Technical Committee Number 57 Working Group 10 and IEEE for Ethernet (IEEE 802.3)-based communication in electrical substations. Like many power grid systems standards, IEC 61850 was set without extensive consideration for critical security measures. This paper discusses IEC 61850 technology standards andmore » applications thoroughly and points out major security vulnerabilities it introduces in the context of current cyber-physical smart grid systems.« less

Emerging Techniques for Field Device Security

DOE PAGES

Schwartz, Moses; Bechtel Corp.; Mulder, John; ...

2014-11-01

Critical infrastructure, such as electrical power plants and oil refineries, rely on embedded devices to control essential processes. State of the art security is unable to detect attacks on these devices at the hardware or firmware level. We provide an overview of the hardware used in industrial control system field devices, look at how these devices have been attacked, and discuss techniques and new technologies that may be used to secure them. We follow three themes: (1) Inspectability, the capability for an external arbiter to monitor the internal state of a device. (2) Trustworthiness, the degree to which a systemmore » will continue to function correctly despite disruption, error, or attack. (3) Diversity, the use of adaptive systems and complexity to make attacks more difficult by reducing the feasible attack surface.« less

Development of a consortium for water security and safety: Planning for an early warning system

USGS Publications Warehouse

Clark, R.M.; Adam, N.R.; Atluri, V.; Halem, M.; Vowinkel, E.F.; ,

2004-01-01

The events of September 11, 2001 have raised concerns over the safety and security of the Nation's critical infrastructure including water and waste water systems. In June 2002, the U.S. EPA's Region II Office (New York City), in response to concerns over water security, in collaboration with Rutgers University agreed to establish a Regional Drinking Water Security and Safety Consortium (RDWSSC). Members of the consortium include: Rutgers University's Center for Information Management, Integration and Connectivity (CIMIC), American Water (AW), the Passaic Valley Water Commission (PVWC), the North Jersey District Water Supply Commission (NJDWSC), the N.J. Department of Environmental Protection, the U.S. Geological Survey (USGS), and the U.S. Environmental Protection Agencies, Region II Office. In December of 2002 the consortium members signed a memorandum of understanding (MOU) to pursue activities to enhance regional water security. Development of an early warning system for source and distributed water was identified as being of primary importance by the consortium. In this context, an early warning system (EWS) is an integrated system of monitoring stations located at strategic points in a water utilities source waters or in its distribution system, designed to warn against contaminants that might threaten the health and welfare of drinking water consumers. This paper will discuss the consortium's progress in achieving these important objectives.

Cyberspace Security Econometrics System (CSES) - U.S. Copyright TXu 1-901-039

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Schlicher, Bob G; Sheldon, Frederick T

2014-01-01

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. The Cyberspace Security Econometrics System (CSES) provides a measure (i.e., a quantitative indication) of reliability, performance, and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. For a given stakeholder, CSESmore » accounts for the variance that may exist among the stakes one attaches to meeting each requirement. The basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings contained in this copyright.« less

An Efficient User Authentication and User Anonymity Scheme with Provably Security for IoT-Based Medical Care System

PubMed Central

Wu, Tsu-Yang; Chen, Chin-Ling; Lee, Cheng-Chi; Chen, Chien-Ming

2017-01-01

In recent years, with the increase in degenerative diseases and the aging population in advanced countries, demands for medical care of older or solitary people have increased continually in hospitals and healthcare institutions. Applying wireless sensor networks for the IoT-based telemedicine system enables doctors, caregivers or families to monitor patients’ physiological conditions at anytime and anyplace according to the acquired information. However, transmitting physiological data through the Internet concerns the personal privacy of patients. Therefore, before users can access medical care services in IoT-based medical care system, they must be authenticated. Typically, user authentication and data encryption are most critical for securing network communications over a public channel between two or more participants. In 2016, Liu and Chung proposed a bilinear pairing-based password authentication scheme for wireless healthcare sensor networks. They claimed their authentication scheme cannot only secure sensor data transmission, but also resist various well-known security attacks. In this paper, we demonstrate that Liu–Chung’s scheme has some security weaknesses, and we further present an improved secure authentication and data encryption scheme for the IoT-based medical care system, which can provide user anonymity and prevent the security threats of replay and password/sensed data disclosure attacks. Moreover, we modify the authentication process to reduce redundancy in protocol design, and the proposed scheme is more efficient in performance compared with previous related schemes. Finally, the proposed scheme is provably secure in the random oracle model under ECDHP. PMID:28644381

Critical Infrastructure: Control Systems and the Terrorist Threat

DTIC Science & Technology

2004-01-20

Congressional Research Service ˜ The Library of Congress CRS Report for Congress Received through the CRS Web Order Code RL31534 Critical...http://www.pnl.gov/main/sectors/homeland.html]. 68 Rolf Carlson, “Sandia SCADA Program High-Security SCADA LDRD Final Report ,” Sandia Report SAND2002...and Industry Division Report Documentation Page Form ApprovedOMB No. 0704-0188 Public reporting burden for the collection of information is estimated to

Critical Infrastructure: Control Systems and the Terrorist Threat

DTIC Science & Technology

2003-07-14

Congressional Research Service ˜ The Library of Congress CRS Report for Congress Received through the CRS Web Order Code RL31534 Critical...available online at [http://www.pnl.gov/main/sectors/homeland.html]. 56 Rolf Carlson, “Sandia SCADA Program High-Security SCADA LDRD Final Report ...Industry Division Report Documentation Page Form ApprovedOMB No. 0704-0188 Public reporting burden for the collection of information is estimated to

The neoliberal political economy and erosion of retirement security.

PubMed

Polivka, Larry; Luo, Baozhen

2015-04-01

The origins and trajectory of the crisis in the United States retirement security system have slowly become part of the discussion about the social, political, and economic impacts of population aging. Private sources of retirement security have weakened significantly since 1980 as employers have converted defined benefits precisions to defined contribution plans. The Center for Retirement Research (CRR) now estimates that over half of boomer generation retirees will not receive 70-80% of their wages while working. This erosion of the private retirement security system will likely increase reliance on the public system, mainly Social Security and Medicare. These programs, however, have increasingly become the targets of critics who claim that they are not financially sustainable in their current form and must be significantly modified. This article will focus on an analysis of these trends in the erosion of the United States retirement security system and their connection to changes in the United States political economy as neoliberal, promarket ideology, and policies (low taxes, reduced spending, and deregulation) have become dominant in the private and public sectors. The neoliberal priority on reducing labor costs and achieving maximum shareholder value has created an environment inimical to maintain the traditional system of pension and health care benefits in both the private and public sectors. This article explores the implications of these neoliberal trends in the United States economy for the future of retirement security. © The Author 2015. Published by Oxford University Press on behalf of The Gerontological Society of America. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com.

A Quantitative Socio-hydrological Characterization of Water Security in Large-Scale Irrigation Systems

NASA Astrophysics Data System (ADS)

Siddiqi, A.; Muhammad, A.; Wescoat, J. L., Jr.

2017-12-01

Large-scale, legacy canal systems, such as the irrigation infrastructure in the Indus Basin in Punjab, Pakistan, have been primarily conceived, constructed, and operated with a techno-centric approach. The emerging socio-hydrological approaches provide a new lens for studying such systems to potentially identify fresh insights for addressing contemporary challenges of water security. In this work, using the partial definition of water security as "the reliable availability of an acceptable quantity and quality of water", supply reliability is construed as a partial measure of water security in irrigation systems. A set of metrics are used to quantitatively study reliability of surface supply in the canal systems of Punjab, Pakistan using an extensive dataset of 10-daily surface water deliveries over a decade (2007-2016) and of high frequency (10-minute) flow measurements over one year. The reliability quantification is based on comparison of actual deliveries and entitlements, which are a combination of hydrological and social constructs. The socio-hydrological lens highlights critical issues of how flows are measured, monitored, perceived, and experienced from the perspective of operators (government officials) and users (famers). The analysis reveals varying levels of reliability (and by extension security) of supply when data is examined across multiple temporal and spatial scales. The results shed new light on evolution of water security (as partially measured by supply reliability) for surface irrigation in the Punjab province of Pakistan and demonstrate that "information security" (defined as reliable availability of sufficiently detailed data) is vital for enabling water security. It is found that forecasting and management (that are social processes) lead to differences between entitlements and actual deliveries, and there is significant potential to positively affect supply reliability through interventions in the social realm.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System.

PubMed

Jung, Jaewook; Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency.

An Improved and Secure Anonymous Biometric-Based User Authentication with Key Agreement Scheme for the Integrated EPR Information System

PubMed Central

Kang, Dongwoo; Lee, Donghoon; Won, Dongho

2017-01-01

Nowadays, many hospitals and medical institutes employ an authentication protocol within electronic patient records (EPR) services in order to provide protected electronic transactions in e-medicine systems. In order to establish efficient and robust health care services, numerous studies have been carried out on authentication protocols. Recently, Li et al. proposed a user authenticated key agreement scheme according to EPR information systems, arguing that their scheme is able to resist various types of attacks and preserve diverse security properties. However, this scheme possesses critical vulnerabilities. First, the scheme cannot prevent off-line password guessing attacks and server spoofing attack, and cannot preserve user identity. Second, there is no password verification process with the failure to identify the correct password at the beginning of the login phase. Third, the mechanism of password change is incompetent, in that it induces inefficient communication in communicating with the server to change a user password. Therefore, we suggest an upgraded version of the user authenticated key agreement scheme that provides enhanced security. Our security and performance analysis shows that compared to other related schemes, our scheme not only improves the security level, but also ensures efficiency. PMID:28046075

Evaluation of the Food and Agriculture Sector Criticality Assessment Tool (FASCAT) and the Collected Data.

PubMed

Huff, Andrew G; Hodges, James S; Kennedy, Shaun P; Kircher, Amy

2015-08-01

To protect and secure food resources for the United States, it is crucial to have a method to compare food systems' criticality. In 2007, the U.S. government funded development of the Food and Agriculture Sector Criticality Assessment Tool (FASCAT) to determine which food and agriculture systems were most critical to the nation. FASCAT was developed in a collaborative process involving government officials and food industry subject matter experts (SMEs). After development, data were collected using FASCAT to quantify threats, vulnerabilities, consequences, and the impacts on the United States from failure of evaluated food and agriculture systems. To examine FASCAT's utility, linear regression models were used to determine: (1) which groups of questions posed in FASCAT were better predictors of cumulative criticality scores; (2) whether the items included in FASCAT's criticality method or the smaller subset of FASCAT items included in DHS's risk analysis method predicted similar criticality scores. Akaike's information criterion was used to determine which regression models best described criticality, and a mixed linear model was used to shrink estimates of criticality for individual food and agriculture systems. The results indicated that: (1) some of the questions used in FASCAT strongly predicted food or agriculture system criticality; (2) the FASCAT criticality formula was a stronger predictor of criticality compared to the DHS risk formula; (3) the cumulative criticality formula predicted criticality more strongly than weighted criticality formula; and (4) the mixed linear regression model did not change the rank-order of food and agriculture system criticality to a large degree. © 2015 Society for Risk Analysis.

17 CFR 39.18 - System safeguards.

Code of Federal Regulations, 2012 CFR

2012-04-01

... physical infrastructure or personnel necessary for it to conduct activities necessary to the clearing and... transportation, telecommunications, power, water, or other critical infrastructure components in a relevant area... Division of Clearing and Risk promptly of: (1) Any hardware or software malfunction, cyber security...

17 CFR 39.18 - System safeguards.

Code of Federal Regulations, 2014 CFR

2014-04-01

... physical infrastructure or personnel necessary for it to conduct activities necessary to the clearing and... transportation, telecommunications, power, water, or other critical infrastructure components in a relevant area... Division of Clearing and Risk promptly of: (1) Any hardware or software malfunction, cyber security...

17 CFR 39.18 - System safeguards.

Code of Federal Regulations, 2013 CFR

2013-04-01

... physical infrastructure or personnel necessary for it to conduct activities necessary to the clearing and... transportation, telecommunications, power, water, or other critical infrastructure components in a relevant area... Division of Clearing and Risk promptly of: (1) Any hardware or software malfunction, cyber security...

5 CFR 9901.106 - Relationship to other provisions.

Code of Federal Regulations, 2010 CFR

2010-01-01

....106 Section 9901.106 Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE... way that recognizes the critical national security mission of the Department, and each provision of...

5 CFR 9901.106 - Relationship to other provisions.

Code of Federal Regulations, 2011 CFR

2011-01-01

....106 Section 9901.106 Administrative Personnel DEPARTMENT OF DEFENSE HUMAN RESOURCES MANAGEMENT AND LABOR RELATIONS SYSTEMS (DEPARTMENT OF DEFENSE-OFFICE OF PERSONNEL MANAGEMENT) DEPARTMENT OF DEFENSE... way that recognizes the critical national security mission of the Department, and each provision of...

Efficiency vs. Security: Information Technology Consolidations - Resilience, Complexity, and Monoculture

DTIC Science & Technology

infrastructure. This may result in vulnerabilities not typically considered by policymakers, due to concentration and homogenization of critical...Resilience of a system is counter-proportional to the product of vulnerability and spectral radius; therefore, any increase in vulnerability, spectral

Food Security, Decision Making and the Use of Remote Sensing in Famine Early Warning Systems

NASA Technical Reports Server (NTRS)

Brown, Molly E.

2008-01-01

Famine early warning systems use remote sensing in combination with socio-economic and household food economy analysis to provide timely and rigorous information on emerging food security crises. The Famine Early Warning Systems Network (FEWS NET) is the US Agency for International Development's decision support system in 20 African countries, as well as in Guatemala, Haiti and Afghanistan. FEWS NET provides early and actionable policy guidance for the US Government and its humanitarian aid partners. As we move into an era of climate change where weather hazards will become more frequent and severe, understanding how to provide quantitative and actionable scientific information for policy makers using biophysical data is critical for an appropriate and effective response.

Improving Cyber-Security of Smart Grid Systems via Anomaly Detection and Linguistic Domain Knowledge

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ondrej Linda; Todd Vollmer; Milos Manic

The planned large scale deployment of smart grid network devices will generate a large amount of information exchanged over various types of communication networks. The implementation of these critical systems will require appropriate cyber-security measures. A network anomaly detection solution is considered in this work. In common network architectures multiple communications streams are simultaneously present, making it difficult to build an anomaly detection solution for the entire system. In addition, common anomaly detection algorithms require specification of a sensitivity threshold, which inevitably leads to a tradeoff between false positives and false negatives rates. In order to alleviate these issues, thismore » paper proposes a novel anomaly detection architecture. The designed system applies the previously developed network security cyber-sensor method to individual selected communication streams allowing for learning accurate normal network behavior models. Furthermore, the developed system dynamically adjusts the sensitivity threshold of each anomaly detection algorithm based on domain knowledge about the specific network system. It is proposed to model this domain knowledge using Interval Type-2 Fuzzy Logic rules, which linguistically describe the relationship between various features of the network communication and the possibility of a cyber attack. The proposed method was tested on experimental smart grid system demonstrating enhanced cyber-security.« less

Fuzzy assessment of health information system users' security awareness.

PubMed

Aydın, Özlem Müge; Chouseinoglou, Oumout

2013-12-01

Health information systems (HIS) are a specific area of information systems (IS), where critical patient data is stored and quality health service is only realized with the correct use and efficient dissemination of this data to health workers. Therefore, a balance needs to be established between the levels of security and flow of information on HIS. Instead of implementing higher levels and further mechanisms of control to increase the security of HIS, it is preferable to deal with the arguably weakest link on HIS chain with respect to security: HIS users. In order to provide solutions and approaches for transforming users to the first line of defense in HIS but also to employ capable and appropriate candidates from the pool of newly graduated students, it is important to assess and evaluate the security awareness levels and characteristics of these existing and future users. This study aims to provide a new perspective to understand the phenomenon of security awareness of HIS users with the use of fuzzy analysis, and to assess the present situation of current and future HIS users of a leading medical and educational institution of Turkey, with respect to their security characteristics based on four different security scales. The results of the fuzzy analysis, the guide on how to implement this fuzzy analysis to any health institution and how to read and interpret these results, together with the possible implications of these results to the organization are provided.

Public key infrastructure for DOE security research

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aiken, R.; Foster, I.; Johnston, W.E.

This document summarizes the Department of Energy`s Second Joint Energy Research/Defence Programs Security Research Workshop. The workshop, built on the results of the first Joint Workshop which reviewed security requirements represented in a range of mission-critical ER and DP applications, discussed commonalties and differences in ER/DP requirements and approaches, and identified an integrated common set of security research priorities. One significant conclusion of the first workshop was that progress in a broad spectrum of DOE-relevant security problems and applications could best be addressed through public-key cryptography based systems, and therefore depended upon the existence of a robust, broadly deployed public-keymore » infrastructure. Hence, public-key infrastructure ({open_quotes}PKI{close_quotes}) was adopted as a primary focus for the second workshop. The Second Joint Workshop covered a range of DOE security research and deployment efforts, as well as summaries of the state of the art in various areas relating to public-key technologies. Key findings were that a broad range of DOE applications can benefit from security architectures and technologies built on a robust, flexible, widely deployed public-key infrastructure; that there exists a collection of specific requirements for missing or undeveloped PKI functionality, together with a preliminary assessment of how these requirements can be met; that, while commercial developments can be expected to provide many relevant security technologies, there are important capabilities that commercial developments will not address, due to the unique scale, performance, diversity, distributed nature, and sensitivity of DOE applications; that DOE should encourage and support research activities intended to increase understanding of security technology requirements, and to develop critical components not forthcoming from other sources in a timely manner.« less

Practical cryptographic strategies in the post-quantum era

NASA Astrophysics Data System (ADS)

Kabanov, I. S.; Yunusov, R. R.; Kurochkin, Y. V.; Fedorov, A. K.

2018-02-01

Quantum key distribution technologies promise information-theoretic security and are currently being deployed in com-mercial applications. We review new frontiers in information security technologies in communications and distributed storage applications with the use of classical, quantum, hybrid classical-quantum, and post-quantum cryptography. We analyze the cur-rent state-of-the-art, critical characteristics, development trends, and limitations of these techniques for application in enterprise information protection systems. An approach concerning the selection of practical encryption technologies for enterprises with branched communication networks is discussed.

Protecting Commercial Space Systems: A Critical National Security Issue

DTIC Science & Technology

1999-04-01

The Influence of Sea Power on World History: 1660-1783” (excerpt). Air Command and Staff College War Theory Coursebook (Academic Year 1999), 87- 88. 6...Publications. State of the Space Industry, 1998, 42, 49; and (2) US Census Bureau, Statistical Abstract of the United States: 1998, 1 Oct 1998, 578...College War Theory Coursebook (Academic Year 1999), 109. 2 Stubbs, Captain Bruce B., “The Coast Guard’s National Security Role in the 21st Century.” Air

A Study on the Commercialization of Space-Based Remote Sensing in the Twenty-First Century and Its Implications to United States National Security

DTIC Science & Technology

2011-06-01

Remote sensing from space provides critical data for many commercial space applications. Due to global market demand, it has undergone tremendous...commercial space imaging capability in the future, remote sensing policy makers, systems engineers, and industry analysts must be aware of the implications to United States National Security....available dissemination and accessibility. The analysis results, together with the findings from a review of commercial programs, initiatives, and remote

PMU-Aided Voltage Security Assessment for a Wind Power Plant

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jiang, Huaiguang; Zhang, Yingchen; Zhang, Jun Jason

2015-10-05

Because wind power penetration levels in electric power systems are continuously increasing, voltage stability is a critical issue for maintaining power system security and operation. The traditional methods to analyze voltage stability can be classified into two categories: dynamic and steady-state. Dynamic analysis relies on time-domain simulations of faults at different locations; however, this method needs to exhaust faults at all locations to find the security region for voltage at a single bus. With the widely located phasor measurement units (PMUs), the Thevenin equivalent matrix can be calculated by the voltage and current information collected by the PMUs. This papermore » proposes a method based on a Thevenin equivalent matrix to identify system locations that will have the greatest impact on the voltage at the wind power plant's point of interconnection. The number of dynamic voltage stability analysis runs is greatly reduced by using the proposed method. The numerical results demonstrate the feasibility, effectiveness, and robustness of the proposed approach for voltage security assessment for a wind power plant.« less

Critical Infrastructure Protection- Los Alamos National Laboratory

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bofman, Ryan K.

Los Alamos National Laboratory (LANL) has been a key facet of Critical National Infrastructure since the nuclear bombing of Hiroshima exposed the nature of the Laboratory’s work in 1945. Common knowledge of the nature of sensitive information contained here presents a necessity to protect this critical infrastructure as a matter of national security. This protection occurs in multiple forms beginning with physical security, followed by cybersecurity, safeguarding of classified information, and concluded by the missions of the National Nuclear Security Administration.

Importance of biometrics to addressing vulnerabilities of the U.S. infrastructure

NASA Astrophysics Data System (ADS)

Arndt, Craig M.; Hall, Nathaniel A.

2004-08-01

Human identification technologies are important threat countermeasures in minimizing select infrastructure vulnerabilities. Properly targeted countermeasures should be selected and integrated into an overall security solution based on disciplined analysis and modeling. Available data on infrastructure value, threat intelligence, and system vulnerabilities are carefully organized, analyzed and modeled. Prior to design and deployment of an effective countermeasure; the proper role and appropriateness of technology in addressing the overall set of vulnerabilities is established. Deployment of biometrics systems, as with other countermeasures, introduces potentially heightened vulnerabilities into the system. Heightened vulnerabilities may arise from both the newly introduced system complexities and an unfocused understanding of the set of vulnerabilities impacted by the new countermeasure. The countermeasure's own inherent vulnerabilities and those introduced by the system's integration with the existing system are analyzed and modeled to determine the overall vulnerability impact. The United States infrastructure is composed of government and private assets. The infrastructure is valued by their potential impact on several components: human physical safety, physical/information replacement/repair cost, potential contribution to future loss (criticality in weapons production), direct productivity output, national macro-economic output/productivity, and information integrity. These components must be considered in determining the overall impact of an infrastructure security breach. Cost/benefit analysis is then incorporated in the security technology deployment decision process. Overall security risks based on system vulnerabilities and threat intelligence determines areas of potential benefit. Biometric countermeasures are often considered when additional security at intended points of entry would minimize vulnerabilities.

Identifying changing aviation threat environments within an adaptive Homeland Security Advisory System.

PubMed

Lee, Adrian J; Jacobson, Sheldon H

2012-02-01

A critical component of aviation security consists of screening passengers and baggage to protect airports and aircraft from terrorist threats. Advancements in screening device technology have increased the ability to detect these threats; however, specifying the operational configurations of these devices in response to changes in the threat environment can become difficult. This article proposes to use Fisher information as a statistical measure for detecting changes in the threat environment. The perceived risk of passengers, according to prescreening information and behavior analysis, is analyzed as the passengers sequentially enter the security checkpoint. The alarm responses from the devices used to detect threats are also analyzed to monitor significant changes in the frequency of threat items uncovered. The key results are that this information-based measure can be used within the Homeland Security Advisory System to indicate changes in threat conditions in real time, and provide the flexibility of security screening detection devices to responsively and automatically adapt operational configurations to these changing threat conditions. © 2012 Society for Risk Analysis. All rights reserved.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onyeji, Ijeoma; Bazilian, Morgan; Bronk, Chris

Both the number and security implications of sophisticated cyber attacks on companies providing critical energy infrastructures are increasing. As power networks and, to a certain extent, oil and gas infrastructure both upstream and downstream, are becoming increasingly integrated with information communication technology systems, they are growing more susceptible to cyber attacks.

Security of Electronic Voting in the United States

DOE PAGES

King, Charity; Thompson, Michael

2016-10-20

In the midst of numerous high-profile cyber-attacks, the US is considering whether to categorize the US electronic voting system as “critical infrastructure”, to be protected and invested in much the same way as the US power grid or waterways.

Integrating machine learning to achieve an automatic parameter prediction for practical continuous-variable quantum key distribution

NASA Astrophysics Data System (ADS)

Liu, Weiqi; Huang, Peng; Peng, Jinye; Fan, Jianping; Zeng, Guihua

2018-02-01

For supporting practical quantum key distribution (QKD), it is critical to stabilize the physical parameters of signals, e.g., the intensity, phase, and polarization of the laser signals, so that such QKD systems can achieve better performance and practical security. In this paper, an approach is developed by integrating a support vector regression (SVR) model to optimize the performance and practical security of the QKD system. First, a SVR model is learned to precisely predict the time-along evolutions of the physical parameters of signals. Second, such predicted time-along evolutions are employed as feedback to control the QKD system for achieving the optimal performance and practical security. Finally, our proposed approach is exemplified by using the intensity evolution of laser light and a local oscillator pulse in the Gaussian modulated coherent state QKD system. Our experimental results have demonstrated three significant benefits of our SVR-based approach: (1) it can allow the QKD system to achieve optimal performance and practical security, (2) it does not require any additional resources and any real-time monitoring module to support automatic prediction of the time-along evolutions of the physical parameters of signals, and (3) it is applicable to any measurable physical parameter of signals in the practical QKD system.

The secure authorization model for healthcare information system.

PubMed

Hsu, Wen-Shin; Pan, Jiann-I

2013-10-01

Exploring healthcare system for assisting medical services or transmitting patients' personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.

Scalability, Interoperability, and Security at the Data Discovery Level: A System Administrator's Perspective

NASA Technical Reports Server (NTRS)

2006-01-01

The Global Change Master Directory (GCMD) has been one of the best known Earth science and global change data discovery online resources throughout its extended operational history. The growing popularity of the system since its introduction on the World Wide Web in 1994 has created an environment where resolving issues of scalability, security, and interoperability have been critical to providing the best available service to the users and partners of the GCMD. Innovative approaches developed at the GCMD in these areas will be presented with a focus on how they relate to current and future GO-ESSP community needs.

Layered virus protection for the operations and administrative messaging system

NASA Technical Reports Server (NTRS)

Cortez, R. H.

2002-01-01

NASA's Deep Space Network (DSN) is critical in supporting the wide variety of operating and plannedunmanned flight projects. For day-to-day operations it relies on email communication between the three Deep Space Communication Complexes (Canberra, Goldstone, Madrid) and NASA's Jet Propulsion Laboratory. The Operations & Administrative Messaging system, based on the Microsoft Windows NTand Exchange platform, provides the infrastructure that is required for reliable, mission-critical messaging. The reliability of this system, however, is threatened by the proliferation of email viruses that continue to spread at alarming rates. A layered approach to email security has been implemented across the DSN to protect against this threat.

77 FR 64818 - The Critical Infrastructure Partnership Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-23

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0033] The Critical Infrastructure Partnership... Infrastructure Partnership Advisory Council membership update. SUMMARY: The Department of Homeland Security (DHS) announced the [[Page 64819

Smart security system for Indian rail wagons using IOT

NASA Astrophysics Data System (ADS)

Bhanuteja, S.; Shilpi, S.; Pragna, K.; Arun, M.

2017-11-01

The objective of this project is to create a Security System for the goods that are carried in open top freight trains. The most efficient way to secure anything from thieves is to have a continuous observation. So for continuous observation of the open top freight train, Camera module2 has been used. Passive Infrared Sensor (PIR) 1 has been used to detect the motion or to sense movement of people, animals, or any object. So whenever a motion is detected by the PIR sensor, the Camera takes a picture of that particular instance. That picture will be send to the Raspberry PI which does Skin Detection Algorithm and specifies whether that motion was created by a human or not. If a human makes it, then that picture will send to the drop box. Any Official can have a look at the same. The existing system has a CCTV installed at various critical locations like bridges, railway stations etc. but they does not provide a continuous observation. This paper describes about the Security System that provides continuous observation for open top freight trains so that goods can be carried safely to its destination.

Young physicians and the Finnish welfare state.

PubMed

Saarinen, Arttu

2009-01-01

This article aims to focus on how young physicians in general and different subpopulations, in particular, see the role of the welfare state. The author seeks to compare young physicians' opinions with those of older physicians, a similar age group in the general population and all physicians. A random sample was picked from the Finnish Medical Association register (n = 1,092). Data were analysed using descriptive statistics and multinomial logistic regression analysis. Results show that young physicians--when compared with an overall population of the same age, with physicians overall, or with older physicians--are more critical of the degree of social security currently offered. Young physicians also want to give more responsibility to the private sector than do older physicians. On the other hand, young physicians are not very critical of healthcare system functionality. All in all, young physicians' opinions about the welfare state are not particularly radical. Results indicate that physicians' opinions about the welfare state will not change dramatically in the near future. Views on social security, healthcare system functionality and the role of the private sector correlate best with political orientation. There are some studies about physicians' attitudes towards the welfare state, but the opinions of young physicians have not been studied in countries with large social security systems. The paper addresses this gap because it is important to study young physicians' opinions because future services will be structured on them.

Cybersecurity and Optimization in Smart “Autonomous” Buildings

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mylrea, Michael E.; Gourisetti, Sri Nikhil Gup

Significant resources have been invested in making buildings “smart” by digitizing, networking and automating key systems and operations. Smart autonomous buildings create new energy efficiency, economic and environmental opportunities. But as buildings become increasingly networked to the Internet, they can also become more vulnerable to various cyber threats. Automated and Internet-connected buildings systems, equipment, controls, and sensors can significantly increase cyber and physical vulnerabilities that threaten the confidentiality, integrity, and availability of critical systems in organizations. Securing smart autonomous buildings presents a national security and economic challenge to the nation. Ignoring this challenge threatens business continuity and the availability ofmore » critical infrastructures that are enabled by smart buildings. In this chapter, the authors address challenges and explore new opportunities in securing smart buildings that are enhanced by machine learning, cognitive sensing, artificial intelligence (AI) and smart-energy technologies. The chapter begins by identifying cyber-threats and challenges to smart autonomous buildings. Then it provides recommendations on how AI enabled solutions can help smart buildings and facilities better protect, detect and respond to cyber-physical threats and vulnerabilities. Next, the chapter will provide case studies that examine how combining AI with innovative smart-energy technologies can increase both cybersecurity and energy efficiency savings in buildings. The chapter will conclude by proposing recommendations for future cybersecurity and energy optimization research for examining AI enabled smart-energy technology.« less

Privacy and security of patient data in the pathology laboratory

PubMed Central

Cucoranu, Ioan C.; Parwani, Anil V.; West, Andrew J.; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B.; Balis, Ulysses J.; Tuthill, Mark J.; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States. PMID:23599904

Finite Energy and Bounded Attacks on Control System Sensor Signals

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

Control system networks are increasingly being connected to enterprise level networks. These connections leave critical industrial controls systems vulnerable to cyber-attacks. Most of the effort in protecting these cyber-physical systems (CPS) has been in securing the networks using information security techniques and protection and reliability concerns at the control system level against random hardware and software failures. However, besides these failures the inability of information security techniques to protect against all intrusions means that the control system must be resilient to various signal attacks for which new analysis and detection methods need to be developed. In this paper, sensor signalmore » attacks are analyzed for observer-based controlled systems. The threat surface for sensor signal attacks is subdivided into denial of service, finite energy, and bounded attacks. In particular, the error signals between states of attack free systems and systems subject to these attacks are quantified. Optimal sensor and actuator signal attacks for the finite and infinite horizon linear quadratic (LQ) control in terms of maximizing the corresponding cost functions are computed. The closed-loop system under optimal signal attacks are provided. Illustrative numerical examples are provided together with an application to a power network with distributed LQ controllers.« less

On a simulation study of cyber attacks on vehicle-to-infrastructure communication (V2I) in Intelligent Transportation System (ITS)

NASA Astrophysics Data System (ADS)

Ekedebe, Nnanna; Yu, Wei; Song, Houbing; Lu, Chao

2015-05-01

An intelligent transportation system (ITS) is one typical cyber-physical system (CPS) that aims to provide efficient, effective, reliable, and safe driving experiences with minimal congestion and effective traffic flow management. In order to achieve these goals, various ITS technologies need to work synergistically. Nonetheless, ITS's reliance on wireless connectivity makes it vulnerable to cyber threats. Thus, it is critical to understand the impact of cyber threats on ITS. In this paper, using real-world transportation dataset, we evaluated the consequences of cyber threats - attacks against service availability by jamming the communication channel of ITS. In this way, we can have a better understanding of the importance of ensuring adequate security respecting safety and life-critical ITS applications before full and expensive real-world deployments. Our experimental data shows that cyber threats against service availability could adversely affect traffic efficiency and safety performances evidenced by exacerbated travel time, fuel consumed, and other evaluated performance metrics as the communication network is compromised. Finally, we discuss a framework to make ITS secure and more resilient against cyber threats.

Network Intrusion Detection and Visualization using Aggregations in a Cyber Security Data Warehouse

DOE Office of Scientific and Technical Information (OSTI.GOV)

Czejdo, Bogdan; Ferragut, Erik M; Goodall, John R

2012-01-01

The challenge of achieving situational understanding is a limiting factor in effective, timely, and adaptive cyber-security analysis. Anomaly detection fills a critical role in network assessment and trend analysis, both of which underlie the establishment of comprehensive situational understanding. To that end, we propose a cyber security data warehouse implemented as a hierarchical graph of aggregations that captures anomalies at multiple scales. Each node of our pro-posed graph is a summarization table of cyber event aggregations, and the edges are aggregation operators. The cyber security data warehouse enables domain experts to quickly traverse a multi-scale aggregation space systematically. We describemore » the architecture of a test bed system and a summary of results on the IEEE VAST 2012 Cyber Forensics data.« less

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

Risk assessment for Industrial Control Systems quantifying availability using mean failure cost (MFC)

DOE PAGES

Chen, Qian; Abercrombie, Robert K; Sheldon, Frederick T.

2015-09-23

Industrial Control Systems (ICS) are commonly used in industries such as oil and natural gas, transportation, electric, water and wastewater, chemical, pharmaceutical, pulp and paper, food and beverage, as well as discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control.Originally, ICS implementations were susceptible primarily to local threats because most of their components were located in physically secure areas (i.e., ICS components were not connected to IT networks or systems). The trend toward integrating ICS systems with IT networks (e.g., efficiency and the Internet ofmore » Things) provides significantly less isolation for ICS from the outside world thus creating greater risk due to external threats. Albeit, the availability of ICS/SCADA systems is critical to assuring safety, security and profitability. Such systems form the backbone of our national cyber-physical infrastructure.Herein, we extend the concept of mean failure cost (MFC) to address quantifying availability to harmonize well with ICS security risk assessment. This new measure is based on the classic formulation of Availability combined with Mean Failure Cost (MFC). Finally, the metric offers a computational basis to estimate the availability of a system in terms of the loss that each stakeholder stands to sustain as a result of security violations or breakdowns (e.g., deliberate malicious failures).« less

Protecting Database Centric Web Services against SQL/XPath Injection Attacks

NASA Astrophysics Data System (ADS)

Laranjeiro, Nuno; Vieira, Marco; Madeira, Henrique

Web services represent a powerful interface for back-end database systems and are increasingly being used in business critical applications. However, field studies show that a large number of web services are deployed with security flaws (e.g., having SQL Injection vulnerabilities). Although several techniques for the identification of security vulnerabilities have been proposed, developing non-vulnerable web services is still a difficult task. In fact, security-related concerns are hard to apply as they involve adding complexity to already complex code. This paper proposes an approach to secure web services against SQL and XPath Injection attacks, by transparently detecting and aborting service invocations that try to take advantage of potential vulnerabilities. Our mechanism was applied to secure several web services specified by the TPC-App benchmark, showing to be 100% effective in stopping attacks, non-intrusive and very easy to use.

Orion is Taken From Ship & Put in Shipping Container

NASA Image and Video Library

2014-12-10

The Orion crew module has been lowered and secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover is being lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts.

Orion is Taken From Ship & Put in Shipping Container

NASA Image and Video Library

2014-12-10

The Orion crew module has been secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover has been lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts.

Social Security: Strengthening a Vital Safety Net for Latinos

ERIC Educational Resources Information Center

Cruz, Jeff

2012-01-01

Since 1935, Social Security has provided a vital safety net for millions of Americans who cannot work because of age or disability. This safety net has been especially critical for Americans of Latino decent, who number more than 50 million or nearly one out of every six Americans. Social Security is critical to Latinos because it is much more…

Critical analysis of the Bennett-Riedel attack on secure cryptographic key distributions via the Kirchhoff-Law-Johnson-noise scheme.

PubMed

Kish, Laszlo B; Abbott, Derek; Granqvist, Claes G

2013-01-01

Recently, Bennett and Riedel (BR) (http://arxiv.org/abs/1303.7435v1) argued that thermodynamics is not essential in the Kirchhoff-law-Johnson-noise (KLJN) classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive) attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional) security of the KLJN method has not been successfully challenged.

Critical Analysis of the Bennett–Riedel Attack on Secure Cryptographic Key Distributions via the Kirchhoff-Law–Johnson-Noise Scheme

PubMed Central

Kish, Laszlo B.; Abbott, Derek; Granqvist, Claes G.

2013-01-01

Recently, Bennett and Riedel (BR) (http://arxiv.org/abs/1303.7435v1) argued that thermodynamics is not essential in the Kirchhoff-law–Johnson-noise (KLJN) classical physical cryptographic exchange method in an effort to disprove the security of the KLJN scheme. They attempted to demonstrate this by introducing a dissipation-free deterministic key exchange method with two batteries and two switches. In the present paper, we first show that BR's scheme is unphysical and that some elements of its assumptions violate basic protocols of secure communication. All our analyses are based on a technically unlimited Eve with infinitely accurate and fast measurements limited only by the laws of physics and statistics. For non-ideal situations and at active (invasive) attacks, the uncertainly principle between measurement duration and statistical errors makes it impossible for Eve to extract the key regardless of the accuracy or speed of her measurements. To show that thermodynamics and noise are essential for the security, we crack the BR system with 100% success via passive attacks, in ten different ways, and demonstrate that the same cracking methods do not function for the KLJN scheme that employs Johnson noise to provide security underpinned by the Second Law of Thermodynamics. We also present a critical analysis of some other claims by BR; for example, we prove that their equations for describing zero security do not apply to the KLJN scheme. Finally we give mathematical security proofs for each BR-attack against the KLJN scheme and conclude that the information theoretic (unconditional) security of the KLJN method has not been successfully challenged. PMID:24358129

2007 Beyond SBIR Phase II: Bringing Technology Edge to the Warfighter

DTIC Science & Technology

2007-08-23

Systems Trade-Off Analysis and Optimization Verification and Validation On-Board Diagnostics and Self - healing Security and Anti-Tampering Rapid...verification; Safety and reliability analysis of flight and mission critical systems On-Board Diagnostics and Self - Healing Model-based monitoring and... self - healing On-board diagnostics and self - healing ; Autonomic computing; Network intrusion detection and prevention Anti-Tampering and Trust

Unmanned Systems Integrated Roadmap FY2011-2036

DTIC Science & Technology

2011-10-01

neuroscience , and cognition science may lead to the implementation of some of the most critical functionalities of heterogeneous, sensor net...Roadmap FY2011-2036 69 7.4.5.4 Encryption Unmanned systems incorporation of data encryption includes National Security Agency ( NSA ) Type 1 (for...see DODI 4660). Numerous other policies and initiatives are under development within the NSA to significantly streamline the certification processes

Navigation Ground Data System Engineering for the Cassini/Huygens Mission

NASA Technical Reports Server (NTRS)

Beswick, R. M.; Antreasian, P. G.; Gillam, S. D.; Hahn, Y.; Roth, D. C.; Jones, J. B.

2008-01-01

The launch of the Cassini/Huygens mission on October 15, 1997, began a seven year journey across the solar system that culminated in the entry of the spacecraft into Saturnian orbit on June 30, 2004. Cassini/Huygens Spacecraft Navigation is the result of a complex interplay between several teams within the Cassini Project, performed on the Ground Data System. The work of Spacecraft Navigation involves rigorous requirements for accuracy and completeness carried out often under uncompromising critical time pressures. To support the Navigation function, a fault-tolerant, high-reliability/high-availability computational environment was necessary to support data processing. Configuration Management (CM) was integrated with fault tolerant design and security engineering, according to the cornerstone principles of Confidentiality, Integrity, and Availability. Integrated with this approach are security benchmarks and validation to meet strict confidence levels. In addition, similar approaches to CM were applied in consideration of the staffing and training of the system administration team supporting this effort. As a result, the current configuration of this computational environment incorporates a secure, modular system, that provides for almost no downtime during tour operations.

Vulnerability of water supply systems to cyber-physical attacks

NASA Astrophysics Data System (ADS)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

Possible Impacts of Major Counter Terrorism Security Actions on Research, Development, and Higher Education

DTIC Science & Technology

2002-04-08

purpose is to avert the spread of weapons of mass destruction and missile delivery systems, maintain U.S. advantage in some militarily critical...the Production and Use of Nuclear Material for Military Applications, 3. Missile / missile Technology: Technologies Associated with Air Vehicles And...Unmanned Missile Systems. 4. Aircraft and Missile Propulsion and Vehicular Systems: Technologies Associated With Liquid and Solid Rocket Propulsion

Medical cyber-physical systems: A survey.

PubMed

Dey, Nilanjan; Ashour, Amira S; Shi, Fuqian; Fong, Simon James; Tavares, João Manuel R S

2018-03-10

Medical cyber-physical systems (MCPS) are healthcare critical integration of a network of medical devices. These systems are progressively used in hospitals to achieve a continuous high-quality healthcare. The MCPS design faces numerous challenges, including inoperability, security/privacy, and high assurance in the system software. In the current work, the infrastructure of the cyber-physical systems (CPS) are reviewed and discussed. This article enriched the researches of the networked Medical Device (MD) systems to increase the efficiency and safety of the healthcare. It also can assist the specialists of medical device to overcome crucial issues related to medical devices, and the challenges facing the design of the medical device's network. The concept of the social networking and its security along with the concept of the wireless sensor networks (WSNs) are addressed. Afterward, the CPS systems and platforms have been established, where more focus was directed toward CPS-based healthcare. The big data framework of CPSs is also included.

75 FR 21011 - Critical Infrastructure Partnership Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2010-04-22

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2010-0032] Critical Infrastructure Partnership... Infrastructure Partnership Advisory Council (CIPAC) charter renewal. SUMMARY: The Department of Homeland Security... and Outreach Division, Office of Infrastructure Protection, National Protection and Programs...

Regulatory Underpinnings of Global Health Security: FDA's Roles in Preventing, Detecting, and Responding to Global Health Threats

PubMed Central

Bond, Katherine C.; Maher, Carmen

2014-01-01

In February 2014, health officials from around the world announced the Global Health Security Agenda, a critical effort to strengthen national and global systems to prevent, detect, and respond to infectious disease threats and to foster stronger collaboration across borders. With its increasing global roles and broad range of regulatory responsibilities in ensuring the availability, safety, and security of medical and food products, the US Food and Drug Administration (FDA) is engaged in a range of efforts in support of global health security. This article provides an overview of FDA's global health security roles, focusing on its responsibilities related to the development and use of medical countermeasures (MCMs) for preventing, detecting, and responding to global infectious disease and other public health emergency threats. The article also discusses several areas—antimicrobial resistance, food safety, and supply chain integrity—in which FDA's global health security roles continue to evolve and extend beyond MCMs and, in some cases, beyond traditional infectious disease threats. PMID:25254912

Regulatory underpinnings of Global Health security: FDA's roles in preventing, detecting, and responding to global health threats.

PubMed

Courtney, Brooke; Bond, Katherine C; Maher, Carmen

2014-01-01

In February 2014, health officials from around the world announced the Global Health Security Agenda, a critical effort to strengthen national and global systems to prevent, detect, and respond to infectious disease threats and to foster stronger collaboration across borders. With its increasing global roles and broad range of regulatory responsibilities in ensuring the availability, safety, and security of medical and food products, the US Food and Drug Administration (FDA) is engaged in a range of efforts in support of global health security. This article provides an overview of FDA's global health security roles, focusing on its responsibilities related to the development and use of medical countermeasures (MCMs) for preventing, detecting, and responding to global infectious disease and other public health emergency threats. The article also discusses several areas-antimicrobial resistance, food safety, and supply chain integrity-in which FDA's global health security roles continue to evolve and extend beyond MCMs and, in some cases, beyond traditional infectious disease threats.

Critical Issues of Web-Enabled Technologies in Modern Organizations.

ERIC Educational Resources Information Center

Khosrow-Pour, Mehdi; Herman, Nancy

2001-01-01

Discusses results of a Delphi study that explored issues related to the utilization and management of Web-enabled technologies by modern organizations. Topics include bandwidth restrictions; security; data integrity; inadequate search facilities; system incompatibilities; failure to adhere to standards; email; use of metadata; privacy and…

76 FR 57615 - National Health Information Technology Week, 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-15

... Health Information Technology Week, 2011 #0; #0; #0; Presidential Documents #0; #0; #0;#0;Federal... Technology Week, 2011 By the President of the United States of America A Proclamation Technological advances... Week, we highlight the critical importance of secure and efficient information systems to improving the...

IT Security Support for Spaceport Command and Control System

NASA Technical Reports Server (NTRS)

McLain, Jeffrey

2013-01-01

During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

Remote Sensing for Food Security Monitoring in Afghanistan

NASA Technical Reports Server (NTRS)

Brown, Molly E.

2008-01-01

Two decades of war have severely weakened Afghanistan s economy and infrastructure. Along with larger impacts on civil stability, education and health care, the current conflict in Afghanistan has resulted in widespread hunger and destitution. The 2005 National Risk and Vulnerability Assessment conducted by the United Nations found that 6.6 million Afghans do not meet their minimum food requirements and approximately 400,000 people each year are seriously affected by natural disasters, such as droughts, floods and extreme weather conditions. Given the poor security situation in the country, systems that will enable remote observations of variations of climate and their impacts on food production are critical for providing an appropriate and timely response. This chapter describes the remote sensing systems and food security analyses that the US Agency for International Development s Famine Early Warning Systems Network (FEWS NET) conducts in Afghanistan to monitor and provide information to international donors to ensure that adequate assistance is provided during this time of development and recovery.

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills,more » and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between those threats and the defensive capabilities of control systems can be analyzed. The results of the gap analysis drive changes in the cyber security of critical infrastructure networks to close the gap between current exploits and existing defenses. The analysis also provides defenders with an idea of how threat technology is evolving and how defenses will need to be modified to address these emerging trends.« less

Resilience and legislation: Will IT security legislation boost critical infrastructure resilience in Germany?

PubMed

Kaschner, Holger; Jordan, Tim

The German government is seeking to enhance the resilience of critical national infrastructures via its new IT Security Law. This paper analyses the content of the law, as well as the limitations and constraints arising from the conflicting interests of affected stakeholders. The paper also offers solutions to help the IT Security Law fulfil its potential despite the constraints.

Food security -- an insurance approach.

PubMed

1979-01-01

An adequate standard of nutrition at national and individual level is a basic -- and not wholly altruistic -- objective for mankind. Its ingredients are food production and distribution. Of these the latter is currently considered the more limiting, but fluctuations in the former -- over various geographical and time scales -- can be the overriding factor when national supplies are critical. Under these conditions the automatic operations of a legal mandatory food support system -- free from political strings or connotations of welfare -- would be advantageous. A system for providing a measure of food security, using insurance principles and based on a compromise between international stockpiling and direct financial subventions, is outlined in a recent publication of the International Food Policy Research Institute. Essentially it is a means by which the international community could contribute to the food security of food deficit, developing countries without having to create large buffer stocks and stabilize world grain prices. Extracts from this publication are given below.

Methodology for Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Abercrombie, Robert K; Mili, Ali

2009-01-01

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing compliance pressures require careful consideration and adaptation. This paper proposes a Cyberspace Security Econometrics System (CSES) that provides a measure (i.e., a quantitative indication) of reliability, performance and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. Formore » a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. This paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs as well as the structural and mathematical underpinnings.« less

Secure Cryptographic Key Management System (CKMS) Considerations for Smart Grid Devices

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Aldridge, Hal

2011-01-01

In this paper, we examine some unique challenges associated with key management in the Smart Grid and concomitant research initiatives: 1) effectively model security requirements and their implementations, and 2) manage keys and key distribution for very large scale deployments such as Smart Meters over a long period of performance. This will set the stage to: 3) develop innovative, low cost methods to protect keying material, and 4) provide high assurance authentication services. We will present our perspective on key management and will discuss some key issues within the life cycle of a cryptographic key designed to achieve the following:more » 1) control systems designed, installed, operated, and maintained to survive an intentional cyber assault with no loss of critical function, and 2) widespread implementation of methods for secure communication between remote access devices and control centers that are scalable and cost-effective to deploy.« less

Cyberspace Security Econometrics System (CSES)

DOE Office of Scientific and Technical Information (OSTI.GOV)

2012-07-27

Information security continues to evolve in response to disruptive changes with a persistent focus on information-centric controls and a healthy debate about balancing endpoint and network protection, with a goal of improved enterprise/business risk management. Economic uncertainty, intensively collaborative styles of work, virtualization, increased outsourcing and ongoing complance pressures require careful consideration and adaption. The CSES provides a measure (i.e. a quantitative indication) of reliability, performance, and/or safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders' interests in that requirement. For a given stakeholder, CSES accounts for the variancemore » that may exist among the stakes one attaches to meeting each requirement.« less

The Influence of State Policies on Critical Infrastructure Resilience: An Approach for Analyzing Transportation and Capital Investment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wall, Thomas; Trail, Jessica; Gevondyan, Erna

During times of crisis, communities and regions rely heavily on critical infrastructure systems to support their emergency management response and recovery activities. Therefore, the resilience of critical infrastructure systems to crises is a pivotal factor to a community’s overall resilience. Critical infrastructure resilience can be influenced by many factors, including State policies – which are not always uniform in their structure or application across the United States – were identified by the U.S. Department of Homeland Security as an area of particular interest with respect to their the influence on the resilience of critical infrastructure systems. This study focuses onmore » developing an analytical methodology to assess links between policy and resilience, and applies that methodology to critical infrastructure in the Transportation Systems Sector. Specifically, this study seeks to identify potentially influential linkages between State transportation capital funding policies and the resilience of bridges located on roadways that are under the management of public agencies. This study yielded notable methodological outcomes, including the general capability of the analytical methodology to yield – in the case of some States – significant results connecting State policies with critical infrastructure resilience, with the suggestion that further refinement of the methodology may be beneficial.« less

Proactive Security Testing and Fuzzing

NASA Astrophysics Data System (ADS)

Takanen, Ari

Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

Security Enhancement Mechanism Based on Contextual Authentication and Role Analysis for 2G-RFID Systems

PubMed Central

Tang, Wan; Chen, Min; Ni, Jin; Yang, Ximin

2011-01-01

The traditional Radio Frequency Identification (RFID) system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID) system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC) by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system. PMID:22163983

Security enhancement mechanism based on contextual authentication and role analysis for 2G-RFID systems.

PubMed

Tang, Wan; Chen, Min; Ni, Jin; Yang, Ximin

2011-01-01

The traditional Radio Frequency Identification (RFID) system, in which the information maintained in tags is passive and static, has no intelligent decision-making ability to suit application and environment dynamics. The Second-Generation RFID (2G-RFID) system, referred as 2G-RFID-sys, is an evolution of the traditional RFID system to ensure better quality of service in future networks. Due to the openness of the active mobile codes in the 2G-RFID system, the realization of conveying intelligence brings a critical issue: how can we make sure the backend system will interpret and execute mobile codes in the right way without misuse so as to avoid malicious attacks? To address this issue, this paper expands the concept of Role-Based Access Control (RBAC) by introducing context-aware computing, and then designs a secure middleware for backend systems, named Two-Level Security Enhancement Mechanism or 2L-SEM, in order to ensure the usability and validity of the mobile code through contextual authentication and role analysis. According to the given contextual restrictions, 2L-SEM can filtrate the illegal and invalid mobile codes contained in tags. Finally, a reference architecture and its typical application are given to illustrate the implementation of 2L-SEM in a 2G-RFID system, along with the simulation results to evaluate how the proposed mechanism can guarantee secure execution of mobile codes for the system.

Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and securitymore » vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.« less

Health security as a public health concept: a critical analysis.

PubMed

Aldis, William

2008-11-01

There is growing acceptance of the concept of health security. However, there are various and incompatible definitions, incomplete elaboration of the concept of health security in public health operational terms, and insufficient reconciliation of the health security concept with community-based primary health care. More important, there are major differences in understanding and use of the concept in different settings. Policymakers in industrialized countries emphasize protection of their populations especially against external threats, for example terrorism and pandemics; while health workers and policymakers in developing countries and within the United Nations system understand the term in a broader public health context. Indeed, the concept is used inconsistently within the UN agencies themselves, for example the World Health Organization's restrictive use of the term 'global health security'. Divergent understandings of 'health security' by WHO's member states, coupled with fears of hidden national security agendas, are leading to a breakdown of mechanisms for global cooperation such as the International Health Regulations. Some developing countries are beginning to doubt that internationally shared health surveillance data is used in their best interests. Resolution of these incompatible understandings is a global priority.

On the security of semi-device-independent QKD protocols

NASA Astrophysics Data System (ADS)

Chaturvedi, Anubhav; Ray, Maharshi; Veynar, Ryszard; Pawłowski, Marcin

2018-06-01

While fully device-independent security in (BB84-like) prepare-and-measure quantum key distribution (QKD) is impossible, it can be guaranteed against individual attacks in a semi-device-independent (SDI) scenario, wherein no assumptions are made on the characteristics of the hardware used except for an upper bound on the dimension of the communicated system. Studying security under such minimal assumptions is especially relevant in the context of the recent quantum hacking attacks wherein the eavesdroppers can not only construct the devices used by the communicating parties but are also able to remotely alter their behavior. In this work, we study the security of a SDIQKD protocol based on the prepare-and-measure quantum implementation of a well-known cryptographic primitive, the random access code (RAC). We consider imperfect detectors and establish the critical values of the security parameters (the observed success probability of the RAC and the detection efficiency) required for guaranteeing security against eavesdroppers with and without quantum memory. Furthermore, we suggest a minimal characterization of the preparation device in order to lower the requirements for establishing a secure key.

Individual social security accounts: issues in assessing administrative feasibility and costs.

PubMed

Olsen, K A; Salisbury, D L

1998-11-01

Whether to add individual accounts (IAs) to the Social Security system is a highly political issue. But almost lost in the debate so far have been any practical considerations about how to administer such accounts. Any discussion of whether to create individual accounts must also address the basic but critical questions of how they would work: Who would run them? What would they cost? Logistically, are they even possible? This EBRI Issue Brief provides an overview of the most salient administrative issues facing the current Social Security reform debate--issues that challenge proponents to carefully think through how their proposals could be implemented so as to achieve their policy goals. The options and difficulties in administering IAs raise concerns that cut across ideology. The object of this report is neither to dissuade the advocates nor support the critics of individual accounts. Rather, it is to bring practical considerations to a political debate that has largely ignored the pragmatic challenges of whether IAs would be too complex for participants to understand or too difficult for record keepers to administer. The major findings in this analysis include: Adding individual accounts to Social Security could be the largest undertaking in the history of the U.S. financial market, and no system to date has the capacity to administer such a system. The number of workers currently covered by Social Security--the largest single entitlement program in the nation--is at least four times higher than the combined number of all tax-favored employment-based retirement accounts in the United States, which are administered by hundreds of entities. Direct comparisons between employment-based retirement savings plans and Social Security reform are tenuous at best. Social Security covers workers and businesses that are disproportionately excluded from employment-based plans. Because of these differences, a system of individual Social Security accounts would be more difficult to administer than employment-based plans, and total administrative expenses would be larger relative to benefits. Credit-based systems such as the current Social Security program are less difficult to administer than cash-based systems, which must account for every dollar. Inherent in the "privatization" debate is generally the presumption that IA benefits would be based on cash contributions and investment returns. The current credit-based system tolerates small errors in wage reporting, because they rarely affect benefits. But every dollar counts in a cash-based IA system. To ensure that benefits are properly provided, an IA system would require more regulation, oversight, and error reconciliation than the current Social Security program. Social Security individual accounts cannot be administered like 401(k) plans without adding significant employer burdens--especially on small businesses. Under the current wage reporting and tax collection process, it would take at least 7-19 months for every dollar contributed to an individual's account to be sorted out from aggregate payments and credited to his or her IA. This 7-19 month "float period" could result in substantial benefit losses over time. Options for preventing such losses involve difficult trade-offs, such as increased government responsibility, increased complexity, greater employer burdens, and/or investment restrictions for beneficiaries. If legally considered personal property, the IAs of married participants could pose significant administrative challenges. Social Security today must obtain proof of marriage only at the time spousal benefits are claimed. But some IA proposals would require contributions to be split between spouses' individual accounts, requiring records on participants' marital status to be continuously update to ensure that contributions are correctly directed. Also, dealing with claims on individual account contributions in divorce cases could place IA record keepers in the middle o

A Contextual Model for Identity Management (IdM) Interfaces

ERIC Educational Resources Information Center

Fuller, Nathaniel J.

2014-01-01

The usability of Identity Management (IdM) systems is highly dependent upon design that simplifies the processes of identification, authentication, and authorization. Recent findings reveal two critical problems that degrade IdM usability: (1) unfeasible techniques for managing various digital identifiers, and (2) ambiguous security interfaces.…

Leap Frog Digital Sensors and Definition, Integration & Testing FY 2003 Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Meitzler, Wayne D.; Ouderkirk, Steven J.; Shoemaker, Steven V.

2003-12-31

The objective of Leap Frog is to develop a comprehensive security tool that is transparent to the user community and more effective than current methods for preventing and detecting security compromises of critical physical and digital assets. Current security tools intrude on the people that interact with these critical assets by requiring them to perform additional functions or having additional visible sensors. Leap Frog takes security to the next level by being more effective and reducing the adverse impact on the people interacting with protected assets.

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

An access control model with high security for distributed workflow and real-time application

NASA Astrophysics Data System (ADS)

Han, Ruo-Fei; Wang, Hou-Xiang

2007-11-01

The traditional mandatory access control policy (MAC) is regarded as a policy with strict regulation and poor flexibility. The security policy of MAC is so compelling that few information systems would adopt it at the cost of facility, except some particular cases with high security requirement as military or government application. However, with the increasing requirement for flexibility, even some access control systems in military application have switched to role-based access control (RBAC) which is well known as flexible. Though RBAC can meet the demands for flexibility but it is weak in dynamic authorization and consequently can not fit well in the workflow management systems. The task-role-based access control (T-RBAC) is then introduced to solve the problem. It combines both the advantages of RBAC and task-based access control (TBAC) which uses task to manage permissions dynamically. To satisfy the requirement of system which is distributed, well defined with workflow process and critically for time accuracy, this paper will analyze the spirit of MAC, introduce it into the improved T&RBAC model which is based on T-RBAC. At last, a conceptual task-role-based access control model with high security for distributed workflow and real-time application (A_T&RBAC) is built, and its performance is simply analyzed.

KSC-2014-4816

NASA Image and Video Library

2014-12-10

SAN DIEGO, Calif. -- The Orion crew module has been secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover has been lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts. For more information, visit www.nasa.gov/orion Photo credit: NASA/Cory Huston

KSC-2014-4815

NASA Image and Video Library

2014-12-10

SAN DIEGO, Calif. -- The Orion crew module has been lowered and secured in the crew module transportation fixture at the Mole Pier at Naval Base San Diego in California. The fixture has been secured on the back of a flatbed truck and the cover is being lowered over the spacecraft. Orion is being prepared for the overland trip back to NASA's Kennedy Space Center in Florida. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. NASA, the U.S. Navy and Lockheed Martin coordinated efforts to recover Orion. The Ground Systems Development and Operations Program led the recovery, offload and pre-transportation efforts. For more information, visit www.nasa.gov/orion Photo credit: NASA/Cory Huston

Why food in health security (FIHS)?

PubMed

Wahlqvist, Mark L

2009-01-01

Health is intrinsic to human security (HumS) although it is somewhat anthropocentric and about our own psychosocial and biomedical status more than various external threats. The 1994 United Nations Development Program definition of HumS includes economic, food, environmental, personal, community and political security with freedom from fear and want. Environmental factors are critical for health security (HealS), especially with widespread socio-economic difficulty, and health systems less affordable or accessible. The nexus between nutritionally-related disorders and infectious disease is the most pervasive world health problem. Most if not all of the Millennium Development Goals are food-linked. Maternal nutrition has life-long health effects on the yet-to-be born child. The mix of essential nutrient deprivation and energy imbalance is rife across many societies. Food systems require deeper understanding and governance to overcome these food-related health risks which are matters of food security (FoodS). Nutritionally-related Disability Adjusted Life Years (DALYS) are improving markedly in many parts of the world, along with poverty and hunger reduction and health system advances. But recent economic, energy, food, water, climate change and health crises along with conflict are limiting. It is time for international and regional understanding of how households and communities can collectively manage these threats in affordable and sustainable ways. There is untapped problem-solving capacity at the international local level if supported by combined food--health systems expertise, innovation, infrastructure and governance. Principles of equity and ethics must apply. The Food in Health Security (FIHS) roundtable aims to develop a Network to facilitate this process.

Sensor-enabled chem/bio contamination detection system dedicated to situational awareness of water distribution security status

NASA Astrophysics Data System (ADS)

Ginsberg, Mark D.; Smith, Eddy D.; VanBlaricum, Vicki; Hock, Vincent F.; Kroll, Dan; Russell, Kevin J.

2010-04-01

Both real events and models have proven that drinking water systems are vulnerable to deliberate and/or accidental contamination. Additionally, homeland security initiatives and modeling efforts have determined that it is relatively easy to orchestrate the contamination of potable water supplies. Such contamination can be accomplished with classic and non-traditional chemical agents, toxic industrial chemicals (TICs), and/or toxic industrial materials (TIMs). Subsequent research and testing has developed a proven network for detection and response to these threats. The method uses offthe- shelf, broad-spectrum analytical instruments coupled with advanced interpretive algorithms. The system detects and characterizes any backflow events involving toxic contaminants by employing unique chemical signature (fingerprint) response data. This instrumentation has been certified by the Office of Homeland Security for detecting deliberate and/or accidental contamination of critical water infrastructure. The system involves integration of several mature technologies (sensors, SCADA, dynamic models, and the HACH HST Guardian Blue instrumentation) into a complete, real-time, management system that also can be used to address other water distribution concerns, such as corrosion. This paper summarizes the reasons and results for installing such a distribution-based detection and protection system.

Federal Funding for Health Security in FY2017.

PubMed

Boddie, Crystal; Watson, Matthew; Sell, Tara Kirk

2016-01-01

This latest article in the Federal Funding for Health Security series assesses FY2017 US government funding in 5 domains critical to strengthening health security: biosecurity, radiological and nuclear security, chemical security, pandemic influenza and emerging infectious disease, and multiple-hazard and general preparedness.

Analyzing Cyber-Physical Threats on Robotic Platforms.

PubMed

Ahmad Yousef, Khalil M; AlMajali, Anas; Ghalyon, Salah Abu; Dweik, Waleed; Mohd, Bassam J

2018-05-21

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBot TM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Analyzing Cyber-Physical Threats on Robotic Platforms †

PubMed Central

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. PMID:29883403

Security of electronic medical information and patient privacy: what you need to know.

PubMed

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Quality improvement and emerging global health priorities

PubMed Central

Mensah Abrampah, Nana; Syed, Shamsuzzoha Babar; Hirschhorn, Lisa R; Nambiar, Bejoy; Iqbal, Usman; Garcia-Elorrio, Ezequiel; Chattu, Vijay Kumar; Devnani, Mahesh; Kelley, Edward

2018-01-01

Abstract Quality improvement approaches can strengthen action on a range of global health priorities. Quality improvement efforts are uniquely placed to reorient care delivery systems towards integrated people-centred health services and strengthen health systems to achieve Universal Health Coverage (UHC). This article makes the case for addressing shortfalls of previous agendas by articulating the critical role of quality improvement in the Sustainable Development Goal era. Quality improvement can stimulate convergence between health security and health systems; address global health security priorities through participatory quality improvement approaches; and improve health outcomes at all levels of the health system. Entry points for action include the linkage with antimicrobial resistance and the contentious issue of the health of migrants. The work required includes focussed attention on the continuum of national quality policy formulation, implementation and learning; alongside strengthening the measurement-improvement linkage. Quality improvement plays a key role in strengthening health systems to achieve UHC. PMID:29873793

Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets

DTIC Science & Technology

2001-11-09

COMPUTER SECURITY Improvements Needed to Reduce Risk to Critical Federal Operations and Assets Statement of Robert F. Dacey Director, Information...Improvements Needed to Reduce Risk to Critical Federal Operations and Assets Contract Number Grant Number Program Element Number Author(s...The benefits have been enormous. Vast amounts of information are now literally at our fingertips, facilitating research on virtually every topic

Exploring the factors influencing the cloud computing adoption: a systematic study on cloud migration.

PubMed

Rai, Rashmi; Sahoo, Gadadhar; Mehfuz, Shabana

2015-01-01

Today, most of the organizations trust on their age old legacy applications, to support their business-critical systems. However, there are several critical concerns, as maintainability and scalability issues, associated with the legacy system. In this background, cloud services offer a more agile and cost effective platform, to support business applications and IT infrastructure. As the adoption of cloud services has been increasing recently and so has been the academic research in cloud migration. However, there is a genuine need of secondary study to further strengthen this research. The primary objective of this paper is to scientifically and systematically identify, categorize and compare the existing research work in the area of legacy to cloud migration. The paper has also endeavored to consolidate the research on Security issues, which is prime factor hindering the adoption of cloud through classifying the studies on secure cloud migration. SLR (Systematic Literature Review) of thirty selected papers, published from 2009 to 2014 was conducted to properly understand the nuances of the security framework. To categorize the selected studies, authors have proposed a conceptual model for cloud migration which has resulted in a resource base of existing solutions for cloud migration. This study concludes that cloud migration research is in seminal stage but simultaneously it is also evolving and maturing, with increasing participation from academics and industry alike. The paper also identifies the need for a secure migration model, which can fortify organization's trust into cloud migration and facilitate necessary tool support to automate the migration process.

Sandia SCADA Program -- High Surety SCADA LDRD Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

CARLSON, ROLF E.

2002-04-01

Supervisory Control and Data Acquisition (SCADA) systems are a part of the nation's critical infrastructure that is especially vulnerable to attack or disruption. Sandia National Laboratories is developing a high-security SCADA specification to increase the national security posture of the U.S. Because SCADA security is an international problem and is shaped by foreign and multinational interests, Sandia is working to develop a standards-based solution through committees such as the IEC TC 57 WG 15, the IEEE Substation Committee, and the IEEE P1547-related activity on communications and controls. The accepted standards are anticipated to take the form of a Common Criteriamore » Protection Profile. This report provides the status of work completed and discusses several challenges ahead.« less

Federal Funding for Health Security in FY2017

PubMed Central

Watson, Matthew; Sell, Tara Kirk

2016-01-01

This latest article in the Federal Funding for Health Security series assesses FY2017 US government funding in 5 domains critical to strengthening health security: biosecurity, radiological and nuclear security, chemical security, pandemic influenza and emerging infectious disease, and multiple-hazard and general preparedness. PMID:27575382

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. The USS Anchorage is nearby. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Critical event management with geographic information system technology

NASA Astrophysics Data System (ADS)

Booth, John F.; Young, Jeffrey M.

1997-02-01

Critical event management at the Los Angeles County Regional Criminal Information Clearinghouse (LACRCIC) provides for the deconfliction of operations, such as reverse stings, arrests, undercover buys/busts, searches, surveillances, and site surveys in the Los Angeles, Orange, Riverside, and San Bernardino county area. During these operations, the opportunity for officer-to-officer confrontation is high, possibly causing a worse case scenario -- officers drawing on each other resulting in friendly fire injuries or casualties. In order to prevent local, state, and federal agencies in the Los Angeles area from experiencing this scenario, the LACRCIC provides around the clock critical event management services via its secure war room. The war room maintains a multicounty detailed street-level map base and geographic information system (GIS) application to support this effort. Operations are telephoned in by the participating agencies and posted in the critical event management system by war room analysts. The application performs both a proximity search around the address and a commonality of suspects search. If a conflict is found, the system alerts the analyst by sounding an audible alarm and flashing the conflicting events on the automated basemap. The analyst then notifies the respective agencies of the conflicting critical events so coordination or rescheduling can occur.

Access Control Management for SCADA Systems

NASA Astrophysics Data System (ADS)

Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan

The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

Critical theory as an approach to the ethics of information security.

PubMed

Stahl, Bernd Carsten; Doherty, Neil F; Shaw, Mark; Janicke, Helge

2014-09-01

Information security can be of high moral value. It can equally be used for immoral purposes and have undesirable consequences. In this paper we suggest that critical theory can facilitate a better understanding of possible ethical issues and can provide support when finding ways of addressing them. The paper argues that critical theory has intrinsic links to ethics and that it is possible to identify concepts frequently used in critical theory to pinpoint ethical concerns. Using the example of UK electronic medical records the paper demonstrates that a critical lens can highlight issues that traditional ethical theories tend to overlook. These are often linked to collective issues such as social and organisational structures, which philosophical ethics with its typical focus on the individual does not tend to emphasise. The paper suggests that this insight can help in developing ways of researching and innovating responsibly in the area of information security.

76 FR 35229 - Intent to Request Renewal and Amendment From OMB of One Current Public Collection of Information...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-16

... from TSA's Corporate Security Review (CSR) in that a CSR looks at corporate or company-wide security... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Intent to Request Renewal... of the Top 100 Most Critical Pipelines AGENCY: Transportation Security Administration, DHS. ACTION...

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

PubMed

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

System Detects Vibrational Instabilities

NASA Technical Reports Server (NTRS)

Bozeman, Richard J., Jr.

1990-01-01

Sustained vibrations at two critical frequencies trigger diagnostic response or shutdown. Vibration-analyzing electronic system detects instabilities of combustion in rocket engine. Controls pulse-mode firing of engine and identifies vibrations above threshold amplitude at 5.9 and/or 12kHz. Adapted to other detection and/or control schemes involving simultaneous real-time detection of signals above or below preset amplitudes at two or more specified frequencies. Potential applications include rotating machinery and encoders and decoders in security systems.

Hierarchical data security in a Query-By-Example interface for a shared database.

PubMed

Taylor, Merwyn

2002-06-01

Whenever a shared database resource, containing critical patient data, is created, protecting the contents of the database is a high priority goal. This goal can be achieved by developing a Query-By-Example (QBE) interface, designed to access a shared database, and embedding within the QBE a hierarchical security module that limits access to the data. The security module ensures that researchers working in one clinic do not get access to data from another clinic. The security can be based on a flexible taxonomy structure that allows ordinary users to access data from individual clinics and super users to access data from all clinics. All researchers submit queries through the same interface and the security module processes the taxonomy and user identifiers to limit access. Using this system, two different users with different access rights can submit the same query and get different results thus reducing the need to create different interfaces for different clinics and access rights.

A life-cycle approach to food and nutrition security in India.

PubMed

Rai, Rajesh Kumar; Kumar, Sandhya; Sekher, Madhushree; Pritchard, Bill; Rammohan, Anu

2015-04-01

India's poor performance on critical food and nutrition security indicators despite substantial economic prosperity has been widely documented. These failings not only hamper national progress, but also contribute significantly to the global undernourished population, particularly children. While the recently passed National Food Security Act 2013 adopts a life-cycle approach to expand coverage of subsidized food grains to the most vulnerable households and address food security, there remains much to be desired in the legislation. Access to adequate food for 1.24 billion people is a multifaceted problem requiring an interconnected set of policy measures to tackle the various factors affecting food and nutrition security in India. In the present opinion paper, we discuss a fivefold strategy that incorporates a life-cycle approach, spanning reproductive health, bolstering citizen participation in existing national programmes, empowering women, advancing agriculture and better monitoring the Public Distribution System in order to fill the gaps in both access and adequacy of food and nutrition.

Cybersecurity: The Nation’s Greatest Threat to Critical Infrastructure

DTIC Science & Technology

2013-03-01

protection has become a matter of national security, public safety, and economic stability . It is imperative the U.S. Government (USG) examine current...recommendations for federal responsibilities and legislation to direct nation critical infrastructure efforts to ensure national security, public safety and economic stability .

Systemic Operational Design: Epistemological Bumpf or the Way Ahead for Operational Design?

DTIC Science & Technology

2006-05-25

facilitating the design of such architectural frames (meta-concepts), they are doomed to be trapped in a simplistic structuralist approach.”1...systems theory and complexity theory . SOD emerged and evolved in response to inherent challenges in the contemporary Israeli security environment...discussed in subsequent chapters. Theory . Theory is critical to this examination of the CEOD approach and SOD because theory underpins and informs

Action Guide for Emergency Management at Institutions of Higher Education

ERIC Educational Resources Information Center

US Department of Education, 2009

2009-01-01

Because of recent violent crimes, natural disasters, and other emergencies or crises, colleges and universities are convening committees and task forces to reexamine or conduct a comprehensive review of policies, procedures, and systems related to campus safety and security. As with many critical areas on the agendas of administrators, campus…

On-Line Water Quality Parameters as Indicators of Distribution System Contamination

EPA Science Inventory

At a time when the safety and security of services we have typically taken for granted are under question, a real-time or near real-time method of monitoring changes in water quality parameters could provide a critical line of defense in protecting public health. This study was u...

Global Maritime Awareness

DTIC Science & Technology

2009-06-01

to maritime information Mission: Act as a Maritime Awareness Coordinator and data critical to building situational awareness . We are...Maritime Awareness Technical Sub-committee (NMATS) July 2008 Desired Outcome Maritime Information Exchange Vision: Global maritime information ...Global Maritime Situational Awareness I i i i 1 Information Hubs n t at ves: . 2. MSSIS (Maritime Safety & Security Information Systems

Food security and cardioprotection: the polar lipid link.

PubMed

Zabetakis, Ioannis

2013-08-01

The projected increase in world population and therefore demand for food in the foreseeable future pose some risks on how secure is the food production system today. Millions of people are threatened by malnutrition, cardiovascular diseases (CVDs), diabetes, and obesity. This is a multidimensional challenge: the production of food needs to be increased but also the quality of food needs to be improved so less people suffer from undernourishment and CVDs. This hypothesis paper addresses this problem by critically evaluating recent developments on the role of food components against CVDs, presenting recent insights for assessing the nutritional value of food and suggesting novel approaches toward the sustainable production of food that would, in turn, lead to increased food security. The issue of the sustainability of lipid sources and genetically modified crops is also discussed from a food security point of view. © 2013 Institute of Food Technologists®

Control Systems Cyber Security:Defense in Depth Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

David Kuipers; Mark Fabro

2006-05-01

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

Control Systems Cyber Security: Defense-in-Depth Strategies

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mark Fabro

2007-10-01

Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

Motion effects in multistatic millimeter-wave imaging systems

NASA Astrophysics Data System (ADS)

Schiessl, Andreas; Ahmed, Sherif Sayed; Schmidt, Lorenz-Peter

2013-10-01

At airport security checkpoints, authorities are demanding improved personnel screening devices for increased security. Active mm-wave imaging systems deliver the high quality images needed for reliable automatic detection of hidden threats. As mm-wave imaging systems assume static scenarios, motion effects caused by movement of persons during the screening procedure can degrade image quality, so very short measurement time is required. Multistatic imaging array designs and fully electronic scanning in combination with digital beamforming offer short measurement time together with high resolution and high image dynamic range, which are critical parameters for imaging systems used for passenger screening. In this paper, operational principles of such systems are explained, and the performance of the imaging systems with respect to motion within the scenarios is demonstrated using mm-wave images of different test objects and standing as well as moving persons. Electronic microwave imaging systems using multistatic sparse arrays are suitable for next generation screening systems, which will support on the move screening of passengers.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Stewart, John; Halbgewachs, Ron; Chavez, Adrian

The manner in which the control systems are being designed and operated in the energy sector is undergoing some of the most significant changes in history due to the evolution of technology and the increasing number of interconnections to other system. With these changes however come two significant challenges that the energy sector must face; 1) Cyber security is more important than ever before, and 2) Cyber security is more complicated than ever before. A key requirement in helping utilities and vendors alike in meeting these challenges is interoperability. While interoperability has been present in much of the discussions relatingmore » to technology utilized within the energy sector and especially the Smart Grid, it has been absent in the context of cyber security. The Lemnos project addresses these challenges by focusing on the interoperability of devices utilized within utility control systems which support critical cyber security functions. In theory, interoperability is possible with many of the cyber security solutions available to utilities today. The reality is that the effort required to achieve cyber security interoperability is often a barrier for utilities. For example, consider IPSec, a widely-used Internet Protocol to define Virtual Private Networks, or tunnels , to communicate securely through untrusted public and private networks. The IPSec protocol suite has a significant number of configuration options and encryption parameters to choose from, which must be agreed upon and adopted by both parties establishing the tunnel. The exercise in getting software or devices from different vendors to interoperate is labor intensive and requires a significant amount of security expertise by the end user. Scale this effort to a significant number of devices operating over a large geographical area and the challenge becomes so overwhelming that it often leads utilities to pursue solutions from a single vendor. These single vendor solutions may inadvertently lock utilities into proprietary and closed systems.« less

Science, Technology, Engineering, and Mathematics (STEM) Education Reform to Enhance Security of the Global Cyberspace

DTIC Science & Technology

2014-05-01

economic stability , military defense, global influence, and trade or business efforts. A nation s education system is however the most critical precondition to achieving the elements listed. For these reasons, the protection of and the continued growth of the cyberspace as an international environment is cause for a secure global cyberspace. The Internet in particular, is a vehicle the nation uses to communicate, cooperate, and conduct business dealings involving our assets and for this reason cybersecurity is a major concern. In this paper, we choose to focus on adding

3 CFR 8460 - Proclamation 8460 of December 2, 2009. Critical Infrastructure Protection Month, 2009

Code of Federal Regulations, 2010 CFR

2010-01-01

... the United States of America A Proclamation Critical infrastructure protection is an essential element... have a debilitating effect on security, national economic security, public health or safety. From water... country's essential resources are safe and capable of recovering from disruptive incidents. The Department...

76 FR 63202 - Security Zones; Captain of the Port Lake Michigan Zone

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-12

...-AA87 Security Zones; Captain of the Port Lake Michigan Zone AGENCY: Coast Guard, DHS. ACTION: Final rule. SUMMARY: Based on a review of safety and security zones around critical infrastructure in the... Chicago Harbor & Burnham Park Harbor--Safety and Security Zone regulation and the Security Zones; Captain...

Orion Washdown & Arrival at LASF

NASA Image and Video Library

2014-12-18

NASA's Orion spacecraft arrives inside the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts.

Orion Washdown & Arrival at LASF

NASA Image and Video Library

2014-12-18

NASA's Orion spacecraft arrives at the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts.

Optimization of power systems with voltage security constraints

NASA Astrophysics Data System (ADS)

Rosehart, William Daniel

As open access market principles are applied to power systems, significant changes in their operation and control are occurring. In the new marketplace, power systems are operating under higher loading conditions as market influences demand greater attention to operating cost versus stability margins. Since stability continues to be a basic requirement in the operation of any power system, new tools are being considered to analyze the effect of stability on the operating cost of the system, so that system stability can be incorporated into the costs of operating the system. In this thesis, new optimal power flow (OPF) formulations are proposed based on multi-objective methodologies to optimize active and reactive power dispatch while maximizing voltage security in power systems. The effects of minimizing operating costs, minimizing reactive power generation and/or maximizing voltage stability margins are analyzed. Results obtained using the proposed Voltage Stability Constrained OPF formulations are compared and analyzed to suggest possible ways of costing voltage security in power systems. When considering voltage stability margins the importance of system modeling becomes critical, since it has been demonstrated, based on bifurcation analysis, that modeling can have a significant effect of the behavior of power systems, especially at high loading levels. Therefore, this thesis also examines the effects of detailed generator models and several exponential load models. Furthermore, because of its influence on voltage stability, a Static Var Compensator model is also incorporated into the optimization problems.

Advances in Raman spectroscopy for explosive identification in aviation security

NASA Astrophysics Data System (ADS)

Santillán, Javier D.; Brown, Christopher D.; Jalenak, Wayne

2007-04-01

In the operational airport environment, the rapid identification of potentially hazardous materials such as improvised explosive devices, chemical warfare agents and flammable and explosive liquids is increasingly critical. Peroxide-based explosives pose a particularly insidious threat because they can be made from commonly available and relatively innocuous household chemicals, such as bleach and hydrogen peroxide. Raman spectroscopy has been validated as a valuable tool for rapid identification of chemicals, explosives, and narcotics and their precursors while allowing "line-of-sight" interrogation through bottles or other translucent containers. This enables safe identification of both precursor substances, such as acetone, and end-products, such as TATP, without direct sampling, contamination and exposure by security personnel. To date, Raman systems have been laboratory-based, requiring careful operation and maintenance by technology experts. The capital and ongoing expenses of these systems is also significant. Recent advances in Raman component technologies have dramatically reduced the footprint and cost, while improving the reliability and ease of use of Raman spectroscopy systems. Such technologies are not only bringing the lab to the field, but are also protecting civilians and security personnel in the process.

Resource Optimization Techniques and Security Levels for Wireless Sensor Networks Based on the ARSy Framework.

PubMed

Parenreng, Jumadi Mabe; Kitagawa, Akio

2018-05-17

Wireless Sensor Networks (WSNs) with limited battery, central processing units (CPUs), and memory resources are a widely implemented technology for early warning detection systems. The main advantage of WSNs is their ability to be deployed in areas that are difficult to access by humans. In such areas, regular maintenance may be impossible; therefore, WSN devices must utilize their limited resources to operate for as long as possible, but longer operations require maintenance. One method of maintenance is to apply a resource adaptation policy when a system reaches a critical threshold. This study discusses the application of a security level adaptation model, such as an ARSy Framework, for using resources more efficiently. A single node comprising a Raspberry Pi 3 Model B and a DS18B20 temperature sensor were tested in a laboratory under normal and stressful conditions. The result shows that under normal conditions, the system operates approximately three times longer than under stressful conditions. Maintaining the stability of the resources also enables the security level of a network's data output to stay at a high or medium level.

Resource Optimization Techniques and Security Levels for Wireless Sensor Networks Based on the ARSy Framework

PubMed Central

Kitagawa, Akio

2018-01-01

Wireless Sensor Networks (WSNs) with limited battery, central processing units (CPUs), and memory resources are a widely implemented technology for early warning detection systems. The main advantage of WSNs is their ability to be deployed in areas that are difficult to access by humans. In such areas, regular maintenance may be impossible; therefore, WSN devices must utilize their limited resources to operate for as long as possible, but longer operations require maintenance. One method of maintenance is to apply a resource adaptation policy when a system reaches a critical threshold. This study discusses the application of a security level adaptation model, such as an ARSy Framework, for using resources more efficiently. A single node comprising a Raspberry Pi 3 Model B and a DS18B20 temperature sensor were tested in a laboratory under normal and stressful conditions. The result shows that under normal conditions, the system operates approximately three times longer than under stressful conditions. Maintaining the stability of the resources also enables the security level of a network’s data output to stay at a high or medium level. PMID:29772773

Laboratory-Directed Research and Development 2016 Summary Annual Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pillai, Rekha Sukamar; Jacobson, Julie Ann

The Laboratory-Directed Research and Development (LDRD) Program at Idaho National Laboratory (INL) reports its status to the U.S. Department of Energy (DOE) by March of each year. The program operates under the authority of DOE Order 413.2C, “Laboratory Directed Research and Development” (April 19, 2006), which establishes DOE’s requirements for the program while providing the laboratory director broad flexibility for program implementation. LDRD funds are obtained through a charge to all INL programs. This report includes summaries of all INL LDRD research activities supported during Fiscal Year (FY) 2016. INL is the lead laboratory for the DOE Office of Nuclearmore » Energy (DOE-NE). The INL mission is to discover, demonstrate, and secure innovative nuclear energy solutions, other clean energy options, and critical infrastructure with a vision to change the world’s energy future and secure our critical infrastructure. Operating since 1949, INL is the nation’s leading research, development, and demonstration center for nuclear energy, including nuclear nonproliferation and physical and cyber-based protection of energy systems and critical infrastructure, as well as integrated energy systems research, development, demonstration, and deployment. INL has been managed and operated by Battelle Energy Alliance, LLC (a wholly owned company of Battelle) for DOE since 2005. Battelle Energy Alliance, LLC, is a partnership between Battelle, BWX Technologies, Inc., AECOM, the Electric Power Research Institute, the National University Consortium (Massachusetts Institute of Technology, Ohio State University, North Carolina State University, University of New Mexico, and Oregon State University), and the Idaho university collaborators (i.e., University of Idaho, Idaho State University, and Boise State University). Since its creation, INL’s research and development (R&D) portfolio has broadened with targeted programs supporting national missions to advance nuclear energy, enable clean energy deployment, and secure and modernize critical infrastructure. INL’s research, development, and demonstration capabilities, its resources, and its unique geography enable integration of scientific discovery, innovation, engineering, operations, and controls into complex large-scale testbeds for discovery, innovation, and demonstration of transformational clean energy and security concepts. These attributes strengthen INL’s leadership as a demonstration laboratory. As a national resource, INL also applies its capabilities and skills to the specific needs of other federal agencies and customers through DOE’s Strategic Partnership Program.« less

Software For Computer-Security Audits

NASA Technical Reports Server (NTRS)

Arndt, Kate; Lonsford, Emily

1994-01-01

Information relevant to potential breaches of security gathered efficiently. Automated Auditing Tools for VAX/VMS program includes following automated software tools performing noted tasks: Privileged ID Identification, program identifies users and their privileges to circumvent existing computer security measures; Critical File Protection, critical files not properly protected identified; Inactive ID Identification, identifications of users no longer in use found; Password Lifetime Review, maximum lifetimes of passwords of all identifications determined; and Password Length Review, minimum allowed length of passwords of all identifications determined. Written in DEC VAX DCL language.

The inherent weaknesses in industrial control systems devices; hacking and defending SCADA systems

NASA Astrophysics Data System (ADS)

Bianco, Louis J.

The North American Electric Reliability Corporation (NERC) is about to enforce their NERC Critical Infrastructure Protection (CIP) Version Five and Six requirements on July 1st 2016. The NERC CIP requirements are a set of cyber security standards designed to protect cyber assets essential the reliable operation of the electric grid. The new Version Five and Six requirements are a major revision to the Version Three (currently enforced) requirements. The new requirements also bring substations into scope alongside Energy Control Centers. When the Version Five requirements were originally drafted they were vague, causing in depth discussions throughout the industry. The ramifications of these requirements has made owners look at their systems in depth, questioning how much money it will take to meet these requirements. Some owners saw backing down from routable networks to non-routable as a means to save money as they would be held to less requirements within the standards. Some owners saw removing routable connections as a proper security move. The purpose of this research was to uncover the inherent weaknesses in Industrial Control Systems (ICS) devices; to show how ICS devices can be hacked and figure out potential protections for these Critical Infrastructure devices. In addition, this research also aimed to validate the decision to move from External Routable connectivity to Non-Routable connectivity, as a security measure and not as a means of savings. The results reveal in order to ultimately protect Industrial Control Systems they must be removed from the Internet and all bi-directional external routable connections must be removed. Furthermore; non-routable serial connections should be utilized, and these non-routable serial connections should be encrypted on different layers of the OSI model. The research concluded that most weaknesses in SCADA systems are due to the inherent weaknesses in ICS devices and because of these weaknesses, human intervention is the biggest threat to SCADA systems.

A Hybrid Approach to Protect Palmprint Templates

PubMed Central

Sun, Dongmei; Xiong, Ke; Qiu, Zhengding

2014-01-01

Biometric template protection is indispensable to protect personal privacy in large-scale deployment of biometric systems. Accuracy, changeability, and security are three critical requirements for template protection algorithms. However, existing template protection algorithms cannot satisfy all these requirements well. In this paper, we propose a hybrid approach that combines random projection and fuzzy vault to improve the performances at these three points. Heterogeneous space is designed for combining random projection and fuzzy vault properly in the hybrid scheme. New chaff point generation method is also proposed to enhance the security of the heterogeneous vault. Theoretical analyses of proposed hybrid approach in terms of accuracy, changeability, and security are given in this paper. Palmprint database based experimental results well support the theoretical analyses and demonstrate the effectiveness of proposed hybrid approach. PMID:24982977

A hybrid approach to protect palmprint templates.

PubMed

Liu, Hailun; Sun, Dongmei; Xiong, Ke; Qiu, Zhengding

2014-01-01

Biometric template protection is indispensable to protect personal privacy in large-scale deployment of biometric systems. Accuracy, changeability, and security are three critical requirements for template protection algorithms. However, existing template protection algorithms cannot satisfy all these requirements well. In this paper, we propose a hybrid approach that combines random projection and fuzzy vault to improve the performances at these three points. Heterogeneous space is designed for combining random projection and fuzzy vault properly in the hybrid scheme. New chaff point generation method is also proposed to enhance the security of the heterogeneous vault. Theoretical analyses of proposed hybrid approach in terms of accuracy, changeability, and security are given in this paper. Palmprint database based experimental results well support the theoretical analyses and demonstrate the effectiveness of proposed hybrid approach.

System Dynamics Approach for Critical Infrastructure and Decision Support. A Model for a Potable Water System.

NASA Astrophysics Data System (ADS)

Pasqualini, D.; Witkowski, M.

2005-12-01

The Critical Infrastructure Protection / Decision Support System (CIP/DSS) project, supported by the Science and Technology Office, has been developing a risk-informed Decision Support System that provides insights for making critical infrastructure protection decisions. The system considers seventeen different Department of Homeland Security defined Critical Infrastructures (potable water system, telecommunications, public health, economics, etc.) and their primary interdependencies. These infrastructures have been modeling in one model called CIP/DSS Metropolitan Model. The modeling approach used is a system dynamics modeling approach. System dynamics modeling combines control theory and the nonlinear dynamics theory, which is defined by a set of coupled differential equations, which seeks to explain how the structure of a given system determines its behavior. In this poster we present a system dynamics model for one of the seventeen critical infrastructures, a generic metropolitan potable water system (MPWS). Three are the goals: 1) to gain a better understanding of the MPWS infrastructure; 2) to identify improvements that would help protect MPWS; and 3) to understand the consequences, interdependencies, and impacts, when perturbations occur to the system. The model represents raw water sources, the metropolitan water treatment process, storage of treated water, damage and repair to the MPWS, distribution of water, and end user demand, but does not explicitly represent the detailed network topology of an actual MPWS. The MPWS model is dependent upon inputs from the metropolitan population, energy, telecommunication, public health, and transportation models as well as the national water and transportation models. We present modeling results and sensitivity analysis indicating critical choke points, negative and positive feedback loops in the system. A general scenario is also analyzed where the potable water system responds to a generic disruption.

The longitudinal link between parenting and child aggression: the moderating effect of attachment security.

PubMed

Cyr, Maeve; Pasalich, Dave S; McMahon, Robert J; Spieker, Susan J

2014-10-01

This study examined whether infant attachment security moderates the association between parenting in preschool and later aggressive behavior among a sample of children at high risk for developing conduct problems. Participants were 82 adolescent mother-child dyads recruited from the community. Infant attachment status at age 1 year was measured using the Strange Situation. When children were aged 4.5 years, mothers reported on their self-efficacy in regards to parenting, and mothers' positive parenting and criticism were coded from direct observations of parent-child interactions. In grade 1, mothers reported on their children's aggressive behavior. Infant secure attachment significantly moderated the association between observed maternal criticism and child aggression. That is, among insecurely attached children, higher levels of maternal criticism were associated with more severe aggression. This longitudinal finding suggests that a secure attachment may buffer the deleterious effects of harsh parenting on child aggression.

Modernization at the Y-12 National Security Complex: A Case for Additional Experimental Benchmarks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thornbury, M. L.; Juarez, C.; Krass, A. W.

Efforts are underway at the Y-12 National Security Complex (Y-12) to modernize the recovery, purification, and consolidation of un-irradiated, highly enriched uranium metal. Successful integration of advanced technology such as Electrorefining (ER) eliminates many of the intermediate chemistry systems and processes that are the current and historical basis of the nuclear fuel cycle at Y-12. The cost of operations, the inventory of hazardous chemicals, and the volume of waste are significantly reduced by ER. It also introduces unique material forms and compositions related to the chemistry of chloride salts for further consideration in safety analysis and engineering. The work hereinmore » briefly describes recent investigations of nuclear criticality for 235UO2Cl2 (uranyl chloride) and 6LiCl (lithium chloride) in aqueous solution. Of particular interest is the minimum critical mass of highly enriched uranium as a function of the molar ratio of 6Li to 235U. The work herein also briefly describes recent investigations of nuclear criticality for 235U metal reflected by salt mixtures of 6LiCl or 7LiCl (lithium chloride), KCl (potassium chloride), and 235UCl3 or 238UCl3 (uranium tri-chloride). Computational methods for analysis of nuclear criticality safety and published nuclear data are employed in the absence of directly relevant experimental criticality benchmarks.« less

Personnel and Training Subsystem Integration in an Armor System

DTIC Science & Technology

1981-01-12

designated Uy other authorized documents. Unclasifi ed SECURITY CLASSIFICATION OF THIS PAGE (1Wh,or DVte Entered) RUNREAD INSTRUCTIONSREPORT...initial fielding. 9 Increased contractor responoibility for system design implies that Requests for Proposals be given wider and more careful review...5 4-3 XM1 Design Characteristics in Order of Priorlty (Advanced Development) 4-7 4-4 Comparative Data: Chrysler XM1, GMC XM1, M60A1 4-12 4-5 Critical

Critical Infrastructure Protection and Resilience Literature Survey: Modeling and Simulation

DTIC Science & Technology

2014-11-01

2013 Page 34 of 63 Below the yellow set is a purple cluster bringing together detection , anomaly , intrusion, sensors, monitoring and alerting (early...hazards and threats to security56 Water ADWICE, PSS®SINCAL ADWICE for real-time anomaly detection in water management systems57 One tool that...Systems. Cybernetics and Information Technologies. 2008;8(4):57-68. 57. Raciti M, Cucurull J, Nadjm-Tehrani S. Anomaly detection in water management

The Effect of Appropriately and Inappropriately Applied Automation for the Control of Unmanned Systems on Operator Performance

DTIC Science & Technology

2009-09-01

2.1 Participants Twelve civilians (7 men and 5 women ) with no prior experience with the Robotic NCO simulation participated in this study. The mean...operators in a multitasking environment. 15. SUBJECT TERMS design guidelines, robotics, simulation, unmanned systems, automation 16. SECURITY...model of operator performance, or a hybrid method which combines one or more of these different invocation techniques (e.g., critical events and

Purdue University graduate certificate program in Veterinary Homeland Security.

PubMed

Amass, Sandra F; Blossom, Thaddaeus D; Ash, Marianne; McCay, Don; Mattix, Marc E

2008-01-01

Our nation lacks a critical mass of professionals trained to prevent and respond to food- and animal-related emergencies. Training veterinarians provides an immediate means of addressing this shortage of experts. Achievement of critical mass to effectively address animal-related emergencies is expedited by concurrent training of professionals and graduate students in related areas. Purdue University offers a Web-based Graduate Certificate in Veterinary Homeland Security to address this special area of need. The program is a collaborative effort among the Purdue University School of Veterinary Medicine, the Purdue Homeland Security Institute, the Indiana State Board of Animal Health, the Indiana State Police, and others with the overall goal of increasing capacity and preparedness to manage animal-related emergencies. Individuals with expertise in veterinary medicine, public health, animal science, or homeland security are encouraged to participate. The Web-based system allows courses to be delivered efficiently and effectively around the world and allows participants to continue their graduate education while maintaining full-time jobs. Participants enhance their understanding of natural and intentional threats to animal health, strengthen their skills in managing animal-health emergencies, and develop problem-solving expertise to become effective members of animal emergency response teams and of their communities. Students receive graduate credit from Purdue University that can be used toward the certificate and toward an advanced graduate degree. Currently, 70 participants from 28 states; Washington, DC; Singapore; and Bermuda are enrolled.

caTIES: a grid based system for coding and retrieval of surgical pathology reports and tissue specimens in support of translational research.

PubMed

Crowley, Rebecca S; Castine, Melissa; Mitchell, Kevin; Chavan, Girish; McSherry, Tara; Feldman, Michael

2010-01-01

The authors report on the development of the Cancer Tissue Information Extraction System (caTIES)--an application that supports collaborative tissue banking and text mining by leveraging existing natural language processing methods and algorithms, grid communication and security frameworks, and query visualization methods. The system fills an important need for text-derived clinical data in translational research such as tissue-banking and clinical trials. The design of caTIES addresses three critical issues for informatics support of translational research: (1) federation of research data sources derived from clinical systems; (2) expressive graphical interfaces for concept-based text mining; and (3) regulatory and security model for supporting multi-center collaborative research. Implementation of the system at several Cancer Centers across the country is creating a potential network of caTIES repositories that could provide millions of de-identified clinical reports to users. The system provides an end-to-end application of medical natural language processing to support multi-institutional translational research programs.

Towards a Standard for Highly Secure SCADA Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carlson, R.

1998-09-25

The critical energy inkstructures include gas, OL and electric power. These Mrastructures are complex and interdependent nmvorks that are vital to the national secwiy and social well being of our nation. Many electric power systems depend upon gas and oil, while fossil energy delive~ systems depend upon elecnic power. The control mechanisms for these Mrastructures are often referred to as SCADA (Supmivry CkmdandDaU Ac@itz&z) systems. SCADA systems provide remote monitoring and centralized control for a distributed tmnsportation infmsmucture in order to facilitate delivery of a commodi~. AIthough many of the SCADA concepts developed in this paper can be applied tomore » automotive mmsponation systems, we will use transportation to refer to the movement of electrici~, gas, and oil. \\ Recently, there have been seveml reports suggesting that the widespread and increasing use of SCADA for control of energy systems provides an increasing opportuni~ for an advers~ to cause serious darnage to the energy inbstmcturei~. This damage could arise through cyber infiltration of the SCADA networks, by physically tampering with the control networks, or through a combination of both means. SCADA system threats decompose into cyber and physical threats. One solution to the SCADA security problem is to design a standard for a highly secure KA.DA system that is both cyber, and physdly secure. Not all-physical threats are possible to guard again% but of those threats that are, high security SCADA provides confidence that the system will continue to operate in their presence. One of the most important problems in SCADA securi~ is the relationship between the cyber and physical vulnerabilities. Cyber intrusion increases physical Vulnerabilities, while in the dual problem physical tampering increases cyber vulnerabilit.ies. There is potential for feedback and the precise dynamics need to be understood. As a first step towards a stan~ the goal of this paper is to facilitate a discussion of the requirements analysis for a highly secure SCADA system. The fi-arnework for the discussion consists of the identification of SCADA security investment areas coupled with the tradeoffs that will force compromises in the solution. For example, computational and bandwidth requirements of a security standard could force the replacement of entire SCADA systems. The requirements for a real-time response in a cascading electric power failure could pose limitations on authentication and encryption mechanisms. The shortest path to the development of a high securi~ SC.ADA standard will be achieved by leveraging existing standards efforts and ensuring that security is being properly addressed in those standards. The Utility Communications Architecture 2.o (UC@, for real-time utili~ decision control, represents one such standard. The development of a SCADA secwiy specification is a complex task that will benefit from a systems engineering approach.« less

Final Report, Next-Generation Mega-Voltage Cargo-Imaging System for Cargo Conainer Inspection, March 2007

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dr. James Clayton, Ph.D., Varian Medical Systems-Security & Inspection Products; Dr. Emma Regentova, Ph.D, University of Nevada Las Vegas; Dr. Evangelos Yfantis, Ph.D., University of Nevada, Las Vegas

The UNLV Research Foundation, as the primary award recipient, teamed with Varian Medical Systems-Security & Inspection Products and the University of Nevada Las Vegas (UNLV) for the purpose of conducting research and engineering related to a "next-generation" mega-voltage imaging (MVCI) system for inspection of cargo in large containers. The procurement and build-out of hardware for the MVCI project has been completed. The K-9 linear accelerator and an optimized X-ray detection system capable of efficiently detecting X-rays emitted from the accelerator after they have passed through the device is under test. The Office of Science financial assistance award has made possiblemore » the development of a system utilizing a technology which will have a profound positive impact on the security of U.S. seaports. The proposed project will ultimately result in critical research and development advances for the "next-generation" Linatron X-ray accelerator technology, thereby providing a safe, reliable and efficient fixed and mobile cargo inspection system, which will very significantly increase the fraction of cargo containers undergoing reliable inspection as the enter U.S. ports. Both NNSA/NA-22 and the Department of Homeland Security's Domestic Nuclear Detection Office are collaborating with UNLV and its team to make this technology available as soon as possible.« less

Protecting ICS Systems Within the Energy Sector from Cyber Attacks

NASA Astrophysics Data System (ADS)

Barnes, Shaquille

Advance persistent threat (APT) groups are continuing to attack the energy sector through cyberspace, which poses a risk to our society, national security, and economy. Industrial control systems (ICSs) are not designed to handle cyber-attacks, which is why asset owners need to implement the correct proactive and reactive measures to mitigate the risk to their ICS environments. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 290 incidents for fiscal year 2016, where 59 of those incidents came from the Energy Sector. APT groups know how vulnerable energy sector ICS systems are and the destruction they can cause when they go offline such as loss of production, loss of life, and economic impact. Defending against APT groups requires more than just passive controls such as firewalls and antivirus solutions. Asset owners should implement a combination of best practices and active defense in their environment to defend against APT groups. Cyber-attacks against critical infrastructure will become more complex and harder to detect and respond to with traditional security controls. The purpose of this paper was to provide asset owners with the correct security controls and methodologies to help defend against APT groups.

The Ecological Domain of Warfare

DTIC Science & Technology

2004-06-01

of military performance in terms of e.g., unpredictability, nonlinearity and self organized criticality. [4] The issues of complex interactions...WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Kockums AB,SE-371 82 Karlskrona,Sweden, , 8. PERFORMING ORGANIZATION REPORT...by the architechture for Open Computational Systems itself [Alberts & Hayes (2003)] Author: Jens-Olof Lindh, Security class: UNCLASSIFIED Status

Alternate wetting and drying in high yielding direct-seeded rice systems accomplishes multiple environmental and agronomic objectives

USDA-ARS?s Scientific Manuscript database

Rice (Oryza sativa L.) cultivation is critically important for global food security, yet it also represents a significant fraction of agricultural greenhouse gas (GHG) emissions and water resource use. Alternate wetting and drying (AWD) of rice fields has been shown to reduce both methane (CH4) emis...

Teaching and Assessment of Mathematical Principles for Software Correctness Using a Reasoning Concept Inventory

ERIC Educational Resources Information Center

Drachova-Strang, Svetlana V.

2013-01-01

As computing becomes ubiquitous, software correctness has a fundamental role in ensuring the safety and security of the systems we build. To design and develop software correctly according to their formal contracts, CS students, the future software practitioners, need to learn a critical set of skills that are necessary and sufficient for…

Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges

ERIC Educational Resources Information Center

Nilsen, Richard K.

2017-01-01

Organizational information system users (OISU) that are victimized by cyber threats are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, it has been argued that cybersecurity competency is critical for advancing economic prosperity and maintaining national security. The fact remains…

TA 55 Reinvestment Project II Phase C Update Project Status May 23, 2017

DOE Office of Scientific and Technical Information (OSTI.GOV)

Giordano, Anthony P.

The TA-55 Reinvestment Project (TRP) II Phase C is a critical infrastructure project focused on improving safety and reliability of the Los Alamos National Laboratory (LANL) TA-55 Complex. The Project recapitalizes and revitalizes aging and obsolete facility and safety systems providing a sustainable nuclear facility for National Security Missions.

Risk Assessment Planning for Airborne Systems: An Information Assurance Failure Mode, Effects and Criticality Analysis Methodology

DTIC Science & Technology

2012-06-01

Visa Investigate Data Breach March 30, 2012 Visa and MasterCard are investigating whether a data security breach at one of the main companies that...30). MasterCard and Visa Investigate Data Breach . New York Times . Stamatis, D. (2003). Failure Mode Effect Analysis: FMEA from Theory to Execution

The pharmaceuticalisation of security: Molecular biomedicine, antiviral stockpiles, and global health security.

PubMed

Elbe, Stefan

2014-12-01

Pharmaceuticals are now critical to the security of populations. Antivirals, antibiotics, next-generation vaccines, and antitoxins are just some of the new 'medical countermeasures' that governments are stockpiling in order to defend their populations against the threat of pandemics and bioterrorism. How has security policy come to be so deeply imbricated with pharmaceutical logics and solutions? This article captures, maps, and analyses the 'pharmaceuticalisation' of security. Through an in-depth analysis of the prominent antiviral medication Tamiflu , it shows that this pharmaceutical turn in security policy is intimately bound up with the rise of a molecular vision of life promulgated by the biomedical sciences. Caught in the crosshairs of powerful commercial, political, and regulatory pressures, governments are embracing a molecular biomedicine promising to secure populations pharmaceutically in the twenty-first century. If that is true, then the established disciplinary view of health as a predominantly secondary matter of 'low' international politics is mistaken. On the contrary, the social forces of health and biomedicine are powerful enough to influence the core practices of international politics - even those of security. For a discipline long accustomed to studying macrolevel processes and systemic structures, it is in the end also our knowledge of the minute morass of molecules that shapes international relations.

Orion Returns to KSC after Successful Mission

NASA Image and Video Library

2014-12-18

NASA's Orion crew module, enclosed in its crew module transportation fixture and secured on a flatbed truck nears the entrance gate to Kennedy Space Center in Florida. Orion made the overland trip from Naval Base San Diego in California. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts.

76 FR 62818 - Extension of Agency Information Collection Activity Under OMB Review: Critical Facility...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-11

... Review (CFSR) Form. The CFSR will differ from TSA's Corporate Security Review (CSR) in that a CSR looks at corporate or company-wide security management plans and practices while the CFSR will look at... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency...

A decision framework for managing risk to airports from terrorist attack.

PubMed

Shafieezadeh, Abdollah; Cha, Eun J; Ellingwood, Bruce R

2015-02-01

This article presents an asset-level security risk management framework to assist stakeholders of critical assets with allocating limited budgets for enhancing their safety and security against terrorist attack. The proposed framework models the security system of an asset, considers various threat scenarios, and models the sequential decision framework of attackers during the attack. Its novel contributions are the introduction of the notion of partial neutralization of attackers by defenders, estimation of total loss from successful, partially successful, and unsuccessful actions of attackers at various stages of an attack, and inclusion of the effects of these losses on the choices made by terrorists at various stages of the attack. The application of the proposed method is demonstrated in an example dealing with security risk management of a U.S. commercial airport, in which a set of plausible threat scenarios and risk mitigation options are considered. It is found that a combination of providing blast-resistant cargo containers and a video surveillance system on the airport perimeter fence is the best option based on minimum expected life-cycle cost considering a 10-year service period. © 2014 Society for Risk Analysis.

WeaselBoard :

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mulder, John C.; Schwartz, Moses Daniel; Berg, Michael J.

2013-10-01

Critical infrastructures, such as electrical power plants and oil refineries, rely on programmable logic controllers (PLCs) to control essential processes. State of the art security cannot detect attacks on PLCs at the hardware or firmware level. This renders critical infrastructure control systems vulnerable to costly and dangerous attacks. WeaselBoard is a PLC backplane analysis system that connects directly to the PLC backplane to capture backplane communications between modules. WeaselBoard forwards inter-module traffic to an external analysis system that detects changes to process control settings, sensor values, module configuration information, firmware updates, and process control program (logic) updates. WeaselBoard provides zero-daymore » exploit detection for PLCs by detecting changes in the PLC and the process. This approach to PLC monitoring is protected under U.S. Patent Application 13/947,887.« less

[Spatial-temporal pattern and obstacle factors of cultivated land ecological security in major grain producing areas of northeast China: a case study in Jilin Province].

PubMed

Zhao, Hong-Bo; Ma, Yan-Ji

2014-02-01

According to the cultivated land ecological security in major grain production areas of Northeast China, this paper selected 48 counties of Jilin Province as the research object. Based on the PSR-EES conceptual framework model, an evaluation index system of cultivated land ecological security was built. By using the improved TOPSIS, Markov chains, GIS spatial analysis and obstacle degree models, the spatial-temporal pattern of cultivated land ecological security and the obstacle factors were analyzed from 1995 to 2011 in Jilin Province. The results indicated that, the composite index of cultivated land ecological security appeared in a rising trend in Jilin Province from 1995 to 2011, and the cultivated land ecological security level changed from being sensitive to being general. There was a pattern of 'Club Convergence' in cultivated land ecological security level in each county and the spatial discrepancy tended to become larger. The 'Polarization' trend of cultivated land ecological security level was obvious. The distributions of sensitive level and critical security level with ribbon patterns tended to be dispersed, the general security level and relative security levels concentrated, and the distributions of security level scattered. The unstable trend of cultivated land ecological security level was more and more obvious. The main obstacle factors that affected the cultivated land ecological security level in Jilin Province were rural net income per capita, economic density, the proportion of environmental protection investment in GDP, degree of machinery cultivation and the comprehensive utilization rate of industrial solid wastes.

Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

PubMed

Harrop, Wayne; Matteson, Ashley

This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

Elements of ESA's policy on space and security

NASA Astrophysics Data System (ADS)

Giannopapa, Christina; Adriaensen, Maarten; Antoni, Ntorina; Schrogl, Kai-Uwe

2018-06-01

In the past decade Europe has been facing rising security threats, ranging from climate change, migrations, nearby conflicts and crises, to terrorism. The demand to tackle these critical challenges is increasing in Member States. Space is already contributing, and could further contribute with already existing systems and future ones. The increasing need for security in Europe and for safety and security of Europe's space activities has led to a growing number of activities in ESA in various domains. It has also driven new and strengthened partnerships with security stakeholders in Europe. At the European level, ESA is collaborating closely with the main European institutions dealing with space security. In addition, as an organisation ESA has evolved to conduct security-related projects and programmes and to address the threats to its own activities, thereby securing the investments of the Member States. Over the past years the Agency has set up a comprehensive regulatory framework in order to be able to cope with security related requirements. Over the past years, ESA has increased its exchanges with its Member States. The paper presents main elements of the ESA's policy on space and security. It introduces the current European context for space and security, the European goals in this domain and the specific objectives to which the Agency intends to contribute. Space and security in the ESA context is set out under two components: a) security from space and b) security in space, including the security of ESA's own activities (corporate security and the security of ESA's space missions). Subsequently, ESA's activities are elaborated around these two pillars, composed of different activities conducted in the most appropriate frameworks and in coordination with the relevant stakeholders and shareholders.

Embedding Secure Coding Instruction into the IDE: Complementing Early and Intermediate CS Courses with ESIDE

ERIC Educational Resources Information Center

Whitney, Michael; Lipford, Heather Richter; Chu, Bill; Thomas, Tyler

2018-01-01

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

Space and Time Partitioning with Hardware Support for Space Applications

NASA Astrophysics Data System (ADS)

Pinto, S.; Tavares, A.; Montenegro, S.

2016-08-01

Complex and critical systems like airplanes and spacecraft implement a very fast growing amount of functions. Typically, those systems were implemented with fully federated architectures, but the number and complexity of desired functions of todays systems led aerospace industry to follow another strategy. Integrated Modular Avionics (IMA) arose as an attractive approach for consolidation, by combining several applications into one single generic computing resource. Current approach goes towards higher integration provided by space and time partitioning (STP) of system virtualization. The problem is existent virtualization solutions are not ready to fully provide what the future of aerospace are demanding: performance, flexibility, safety, security while simultaneously containing Size, Weight, Power and Cost (SWaP-C).This work describes a real time hypervisor for space applications assisted by commercial off-the-shell (COTS) hardware. ARM TrustZone technology is exploited to implement a secure virtualization solution with low overhead and low memory footprint. This is demonstrated by running multiple guest partitions of RODOS operating system on a Xilinx Zynq platform.

Public health and national security: the critical role of increased federal support.

PubMed

Frist, Bill

2002-01-01

Protecting the public's health historically has been a state and local responsibility. However, the growing threat of bioterrorism has highlighted the importance of a strong public health infrastructure to the nation's homeland security and has focused increased attention on the preparedness of the public health system. As a result, federal public health funding has increased exponentially since the anthrax attacks of late 2001, and Congress has passed sweeping new federal legislation intended to strengthen the nation's public health system. This heightened level of federal interest and support should yield important public health benefits. Most recognize that after years of neglect the public health infrastructure cannot be rebuilt overnight. As we implement a comprehensive strategy to increase the capabilities and capacity of our nation's public health system, it is essential to address a series of important policy questions, including the appropriate level of ongoing public health investments from local, state, and federal sources.

A lightweight security scheme for wireless body area networks: design, energy evaluation and proposed microprocessor design.

PubMed

Selimis, Georgios; Huang, Li; Massé, Fabien; Tsekoura, Ioanna; Ashouei, Maryam; Catthoor, Francky; Huisken, Jos; Stuyt, Jan; Dolmans, Guido; Penders, Julien; De Groot, Harmke

2011-10-01

In order for wireless body area networks to meet widespread adoption, a number of security implications must be explored to promote and maintain fundamental medical ethical principles and social expectations. As a result, integration of security functionality to sensor nodes is required. Integrating security functionality to a wireless sensor node increases the size of the stored software program in program memory, the required time that the sensor's microprocessor needs to process the data and the wireless network traffic which is exchanged among sensors. This security overhead has dominant impact on the energy dissipation which is strongly related to the lifetime of the sensor, a critical aspect in wireless sensor network (WSN) technology. Strict definition of the security functionality, complete hardware model (microprocessor and radio), WBAN topology and the structure of the medium access control (MAC) frame are required for an accurate estimation of the energy that security introduces into the WBAN. In this work, we define a lightweight security scheme for WBAN, we estimate the additional energy consumption that the security scheme introduces to WBAN based on commercial available off-the-shelf hardware components (microprocessor and radio), the network topology and the MAC frame. Furthermore, we propose a new microcontroller design in order to reduce the energy consumption of the system. Experimental results and comparisons with other works are given.

Insecurity of Wireless Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Weber, John Mark; Yoo, Seong-Moo

Wireless is a powerful core technology enabling our global digital infrastructure. Wi-Fi networks are susceptible to attacks on Wired Equivalency Privacy, Wi-Fi Protected Access (WPA), and WPA2. These attack signatures can be profiled into a system that defends against such attacks on the basis of their inherent characteristics. Wi-Fi is the standard protocol for wireless networks used extensively in US critical infrastructures. Since the Wired Equivalency Privacy (WEP) security protocol was broken, the Wi-Fi Protected Access (WPA) protocol has been considered the secure alternative compatible with hardware developed for WEP. However, in November 2008, researchers developed an attack on WPA,more » allowing forgery of Address Resolution Protocol (ARP) packets. Subsequent enhancements have enabled ARP poisoning, cryptosystem denial of service, and man-in-the-middle attacks. Open source systems and methods (OSSM) have long been used to secure networks against such attacks. This article reviews OSSMs and the results of experimental attacks on WPA. These experiments re-created current attacks in a laboratory setting, recording both wired and wireless traffic. The article discusses methods of intrusion detection and prevention in the context of cyber physical protection of critical Internet infrastructure. The basis for this research is a specialized (and undoubtedly incomplete) taxonomy of Wi-Fi attacks and their adaptations to existing countermeasures and protocol revisions. Ultimately, this article aims to provide a clearer picture of how and why wireless protection protocols and encryption must achieve a more scientific basis for detecting and preventing such attacks.« less

Protecting and securing networked medical devices.

PubMed

Riha, Chris

2004-01-01

Designing, building, and maintaining a secure environment for medical devices is a critical component in health care technology management. This article will address several avenues to harden a health care information network to provide a secure enclave for medical devices.

Making Wireless Networks Secure for NASA Mission Critical Applications using Virtual Private Network (VPN) Technology

NASA Technical Reports Server (NTRS)

Nichols, Kelvin F.; Best, Susan; Schneider, Larry

2004-01-01

With so many security issues involved with wireless networks, the technology has not been fully utilized in the area of mission critical applications. These applications would include the areas of telemetry, commanding, voice and video. Wireless networking would allow payload operators the mobility to take computers outside of the control room to their offices and anywhere else in the facility that the wireless network was extended. But the risk is too great of having someone sit just inside of your wireless network coverage and intercept enough of your network traffic to steal proprietary data from a payload experiment or worse yet hack back into your system and do even greater harm by issuing harmful commands. Wired Equivalent Privacy (WEP) is improving but has a ways to go before it can be trusted to protect mission critical data. Today s hackers are becoming more aggressive and innovative, and in order to take advantage of the benefits that wireless networking offer, appropriate security measures need to be in place that will thwart hackers. The Virtual Private Network (VPN) offers a solution to the security problems that have kept wireless networks from being used for mission critical applications. VPN provides a level of encryption that will ensure that data is protected while it is being transmitted over a wireless local area network (IAN). The VPN allows a user to authenticate to the site that the user needs to access. Once this authentication has taken place the network traffic between that site and the user is encapsulated in VPN packets with the Triple Data Encryption Standard (3DES). 3DES is an encryption standard that uses a single secret key to encrypt and decrypt data. The length of the encryption key is 168 bits as opposed to its predecessor DES that has a 56-bit encryption key. Even though 3DES is the common encryption standard for today, the Advance Encryption Standard (AES), which provides even better encryption at a lower cycle cost is growing acceptance. The user computer running the VPN client and the. target site that is running the . VPN firewall exchange this encryption key and therefore are the only ones that are able to decipher the data. The level of encryption offered by the VPN is making it possible for wireless networks to pass the strict security policies that have kept them from being used in the past. Now people will be able to benefit from the many advantages that wireless networking has to offer in the area of mission critical applications.

Making Wireless Networks Secure for NASA Mission Critical Applications Using Virtual Private Network (VPN) Technology

NASA Technical Reports Server (NTRS)

Nichols, Kelvin F.; Best, Susan; Schneider, Larry

2004-01-01

With so many security issues involved with wireless networks, the technology has not been fully utilized in the area of mission critical applications. These applications would include the areas of telemetry, commanding, voice and video. Wireless networking would allow payload operators the mobility to take computers outside of the control room to their off ices and anywhere else in the facility that the wireless network was extended. But the risk is too great of having someone sit just inside of your wireless network coverage and intercept enough of your network traffic to steal proprietary data from a payload experiment or worse yet hack back into your system and do even greater harm by issuing harmful commands. Wired Equivalent Privacy (WEP) is improving but has a ways to go before it can be trusted to protect mission critical data. Today s hackers are becoming more aggressive and innovative, and in order to take advantage of the benefits that wireless networking offer, appropriate security measures need to be in place that will thwart hackers. The Virtual Private Network (VPN) offers a solution to the security problems that have kept wireless networks from being used for mission critical applications. VPN provides a level of encryption that will ensure that data is protected while it is being transmitted over a wireless local area network (LAN). The VPN allows a user to authenticate to the site that the user needs to access. Once this authentication has taken place the network traffic between that site and the user is encapsulated in VPN packets with the Triple Data Encryption Standard (3DES). 3DES is an encryption standard that uses a single secret key to encrypt and decrypt data. The length of the encryption key is 168 bits as opposed to its predecessor DES that has a 56-bit encryption key. Even though 3DES is the common encryption standard for today, the Advance Encryption Standard (AES), which provides even better encryption at a lower cycle cost is growing acceptance. The user computer running the VPN client and the target site that is running the VPN firewall exchange this encryption key and therefore are the only ones that are able to decipher the data. The level of encryption offered by the VPN is making it possible for wireless networks to pass the strict security policies that have kept them from being used in the past. Now people will be able to benefit from the many advantages that wireless networking has to offer in the area of mission critical applications.

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks.

PubMed

Elgenaidi, Walid; Newe, Thomas; O'Connell, Eoin; Toal, Daniel; Dooly, Gerard

2016-12-21

There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper.

Secure and Efficient Key Coordination Algorithm for Line Topology Network Maintenance for Use in Maritime Wireless Sensor Networks

PubMed Central

Elgenaidi, Walid; Newe, Thomas; O’Connell, Eoin; Toal, Daniel; Dooly, Gerard

2016-01-01

There has been a significant increase in the proliferation and implementation of Wireless Sensor Networks (WSNs) in different disciplines, including the monitoring of maritime environments, healthcare systems, and industrial sectors. It has now become critical to address the security issues of data communication while considering sensor node constraints. There are many proposed schemes, including the scheme being proposed in this paper, to ensure that there is a high level of security in WSNs. This paper presents a symmetric security scheme for a maritime coastal environment monitoring WSN. The scheme provides security for travelling packets via individually encrypted links between authenticated neighbors, thus avoiding a reiteration of a global rekeying process. Furthermore, this scheme proposes a dynamic update key based on a trusted node configuration, called a leader node, which works as a trusted third party. The technique has been implemented in real time on a Waspmote test bed sensor platform and the results from both field testing and indoor bench testing environments are discussed in this paper. PMID:28009834

Application of Hazard Analysis and Critical Control Points (HACCP) to the Cultivation Line of Mushroom and Other Cultivated Edible Fungi.

PubMed

Pardo, José E; de Figueirêdo, Vinícius Reis; Alvarez-Ortí, Manuel; Zied, Diego C; Peñaranda, Jesús A; Dias, Eustáquio Souza; Pardo-Giménez, Arturo

2013-09-01

The Hazard analysis and critical control points (HACCP) is a preventive system which seeks to ensure food safety and security. It allows product protection and correction of errors, improves the costs derived from quality defects and reduces the final overcontrol. In this paper, the system is applied to the line of cultivation of mushrooms and other edible cultivated fungi. From all stages of the process, only the reception of covering materials (stage 1) and compost (stage 3), the pre-fruiting and induction (step 6) and the harvest (stage 7) have been considered as critical control point (CCP). The main hazards found were the presence of unauthorized phytosanitary products or above the permitted dose (stages 6 and 7), and the presence of pathogenic bacteria (stages 1 and 3) and/or heavy metals (stage 3). The implementation of this knowledge will allow the self-control of their productions based on the system HACCP to any plant dedicated to mushroom or other edible fungi cultivation.

6 CFR 29.2 - Definitions.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 6 Domestic Security 1 2014-01-01 2014-01-01 false Definitions. 29.2 Section 29.2 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.2... Homeland Security Act of 2002 (referencing the term used in section 1016(e) of Public Law 107-56 (42 U.S.C...

6 CFR 29.2 - Definitions.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Definitions. 29.2 Section 29.2 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.2... Homeland Security Act of 2002 (referencing the term used in section 1016(e) of Public Law 107-56 (42 U.S.C...

6 CFR 29.2 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 6 Domestic Security 1 2012-01-01 2012-01-01 false Definitions. 29.2 Section 29.2 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.2... Homeland Security Act of 2002 (referencing the term used in section 1016(e) of Public Law 107-56 (42 U.S.C...

6 CFR 29.2 - Definitions.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 6 Domestic Security 1 2011-01-01 2011-01-01 false Definitions. 29.2 Section 29.2 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.2... Homeland Security Act of 2002 (referencing the term used in section 1016(e) of Public Law 107-56 (42 U.S.C...

6 CFR 29.2 - Definitions.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 6 Domestic Security 1 2013-01-01 2013-01-01 false Definitions. 29.2 Section 29.2 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY PROTECTED CRITICAL INFRASTRUCTURE INFORMATION § 29.2... Homeland Security Act of 2002 (referencing the term used in section 1016(e) of Public Law 107-56 (42 U.S.C...

Exploring Factors that Influence Students' Behaviors in Information Security

ERIC Educational Resources Information Center

Yoon, Cheolho; Hwang, Jae-Won; Kim, Rosemary

2012-01-01

Due to the ever-increasing use of the Internet, information security has become a critical issue in society. This is especially the case for young adults who have different attitudes towards information security practices. In this research, we examine factors that motivate college students' information security behaviors. Based on the concept of…

78 FR 66038 - Critical Infrastructure Partnership Advisory Council (CIPAC); Correction.

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-04

... DEPARTMENT OF HOMELAND SECURITY Critical Infrastructure Partnership Advisory Council (CIPAC... Critical Infrastructure Partnership Advisory Council (CIPAC) Plenary Meeting on November 5, 2013. The... Murphy, Critical Infrastructure Partnership Advisory Council Alternate Designated Federal Officer...

A Method for Evaluating Information Security Governance (ISG) Components in Banking Environment

NASA Astrophysics Data System (ADS)

Ula, M.; Ula, M.; Fuadi, W.

2017-02-01

As modern banking increasingly relies on the internet and computer technologies to operate their businesses and market interactions, the threats and security breaches have highly increased in recent years. Insider and outsider attacks have caused global businesses lost trillions of Dollars a year. Therefore, that is a need for a proper framework to govern the information security in the banking system. The aim of this research is to propose and design an enhanced method to evaluate information security governance (ISG) implementation in banking environment. This research examines and compares the elements from the commonly used information security governance frameworks, standards and best practices. Their strength and weakness are considered in its approaches. The initial framework for governing the information security in banking system was constructed from document review. The framework was categorized into three levels which are Governance level, Managerial level, and technical level. The study further conducts an online survey for banking security professionals to get their professional judgment about the ISG most critical components and the importance for each ISG component that should be implemented in banking environment. Data from the survey was used to construct a mathematical model for ISG evaluation, component importance data used as weighting coefficient for the related component in the mathematical model. The research further develops a method for evaluating ISG implementation in banking based on the mathematical model. The proposed method was tested through real bank case study in an Indonesian local bank. The study evidently proves that the proposed method has sufficient coverage of ISG in banking environment and effectively evaluates the ISG implementation in banking environment.

Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks.

PubMed

Saleem, Kashif; Derhab, Abdelouahid; Orgun, Mehmet A; Al-Muhtadi, Jalal; Rodrigues, Joel J P C; Khalil, Mohammed Sayim; Ali Ahmed, Adel

2016-03-31

The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs) composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP) involves an artificial immune system (AIS) that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP) that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2) and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks.

Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks

PubMed Central

Saleem, Kashif; Derhab, Abdelouahid; Orgun, Mehmet A.; Al-Muhtadi, Jalal; Rodrigues, Joel J. P. C.; Khalil, Mohammed Sayim; Ali Ahmed, Adel

2016-01-01

The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs) composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP) involves an artificial immune system (AIS) that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP) that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2) and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks. PMID:27043572

Critical Infrastructure Protection and Federal Statutory Authority for the Departments of Homeland Security and Defense to Perform Two Key Tasks

DTIC Science & Technology

2017-04-13

Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law , no person shall be...policy, and law . The research question is whether the Departments of Homeland Security (DHS) and Defense (DOD) have federal statutory authority to... law ); Department of Homeland Security; Department of Defense; establish standards; physical protection and security; national security 16. SECURITY

Finding Needles in Haystacks: Identity Mismatch Frequency and Facial Identity Verification

ERIC Educational Resources Information Center

Bindemann, Markus; Avetisyan, Meri; Blackwell, Kristy-Ann

2010-01-01

Accurate person identification is central to all security, police, and judicial systems. A commonplace method to achieve this is to compare a photo-ID and the face of its purported owner. The critical aspect of this task is to spot cases in which these two instances of a face do not match. Studies of person identification show that these instances…

DEAL annual report.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Misra, Shashank

2017-11-01

The digital electronics at the atomic limit (DEAL) project seeks to leverage Sandia's atomic-precision fabrication capability to realize the theorized orders-of-magnitude improvement in operating voltage for tunnel field effect transistors (TFETs) compared to CMOS. Not only are low-power digital circuits a critical element of many national security systems (e.g. satellites), TFETs can perform circuit functions inaccessible to CMOS (e.g. polymorphism).

Banding Together: Union City's Teachers and Administrators Work Together to Improve Student Achievement

ERIC Educational Resources Information Center

Kirp, David L.

2014-01-01

For years, points out David L. Kirp, critics have lambasted public schools as fossilized bureaucracies run by paper-pushers and filled with time-serving teachers preoccupied with their job security, not the lives of their students. Yet, as this article describes, running an exemplary school system does not demand heroes or heroics, just hard and…

2002 Industry Studies: Education

DTIC Science & Technology

2002-01-01

1 EDUCATION ABSTRACT United States schools are better than ever, but they are not assuring competitive advantage . Unequal access to quality...competitive advantage , and promote national security. • Demand for education continues to grow as the US transitions from an industrial to a knowledge... international assessments, pose challenges. With human capital constituting our most critical national resource, a world-class education system is vital to

Disordered Quantum Gases and Spin-Dependent Lattices

DTIC Science & Technology

2013-07-07

regarding the role of disorder in many-particle quantum systems, such as superconductors and electronic solids. These issues are of great technological...REPORT Disordered Quantum Gases and Spin-Dependent Lattices 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: This grant supported the first realization of...the disordered Bose-Hubbard models using ultra-cold atoms trapped in a disordered optical lattice. Several critical questions regarding this crucial

Operational Assessment of Color Vision

DTIC Science & Technology

2016-06-20

evaluated in this study. 15. SUBJECT TERMS Color vision, aviation, cone contrast test, Colour Assessment & Diagnosis , color Dx, OBVA 16. SECURITY...symbologies are frequently used to aid or direct critical activities such as aircraft landing approaches or railroad right-of-way designations...computer-generated display systems have facilitated the development of computer-based, automated tests of color vision [14,15]. The United Kingdom’s

Agriculture and food systems in sub-Saharan Africa in a 4°C+ world.

PubMed

Thornton, Philip K; Jones, Peter G; Ericksen, Polly J; Challinor, Andrew J

2011-01-13

Agricultural development in sub-Saharan Africa faces daunting challenges, which climate change and increasing climate variability will compound in vulnerable areas. The impacts of a changing climate on agricultural production in a world that warms by 4°C or more are likely to be severe in places. The livelihoods of many croppers and livestock keepers in Africa are associated with diversity of options. The changes in crop and livestock production that are likely to result in a 4°C+ world will diminish the options available to most smallholders. In such a world, current crop and livestock varieties and agricultural practices will often be inadequate, and food security will be more difficult to achieve because of commodity price increases and local production shortfalls. While adaptation strategies exist, considerable institutional and policy support will be needed to implement them successfully on the scale required. Even in the 2°C+ world that appears inevitable, planning for and implementing successful adaptation strategies are critical if agricultural growth in the region is to occur, food security be achieved and household livelihoods be enhanced. As part of this effort, better understanding of the critical thresholds in global and African food systems requires urgent research.

OSD CALS Architecture Master Plan Study. Concept Paper. Security. Volume 38

DOT National Transportation Integrated Search

1989-07-01

Developing and executing a well-thought-out security policy is critical to the success of CALS. Without appropriate security measures, the integration of technology, organizations, functions, and data envisioned as Phase II CALS can not occur. Theref...

76 FR 4079 - Information Technology (IT) Security

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-24

... Technology (IT) Security AGENCY: National Aeronautics and Space Administration. ACTION: Final rule. SUMMARY: NASA is revising the NASA FAR Supplement (NFS) to update requirements related to Information Technology... Security clause. However, due to the critical importance of protecting the Agency's Information Technology...

Surveillance data management system

NASA Astrophysics Data System (ADS)

Teague, Ralph

2002-10-01

On October 8, 2001, an Executive Order was signed creating the White House Office of Homeland Security. With its formaiton comes focused attention in setting goals and priorities for homeland security. Analysis, preparation, and implementation of strategies will hinge not only on how information is collected and analyzed, but more important, on how it is coordinated and shared. Military installations/facilities, Public safety agencies, airports, federal and local offices, public utilities, harbors, transportation and others critical areas must work either independently or as a team to ensure the safety of our citizens and visitor. In this new era of increased security, the key to interoperation is continuous information exchanged-events must be rapidly identified, reported and responded to by the appropriate agencies. For instance when a threat has been detected the security officers must be immediately alerted and must have access to the type of threat, location, movement, heading, threat size, etc to respond accordingly and the type of support required. This requires instant communications and teamwork with reliable and flexible technology.

[Basic consideration on the security checking of sick travelers at airports].

PubMed

Felkai, Péter; Mártai, István

2012-09-02

The authorities guarantee the safety of passengers during air travel by strict ground security measures. All of these measures are restrictive and can affect the health status of both healthy and ill travelers. Patients who are in critical condition or confined to a stretcher and have to be repatriated by stretcher on a regular flight, must pass the airport security check as well. But the developers of security system should take into account the medical safety of patients during the procedure. The relevant medical principles are painfully missing not only in Hungary, but unfortunately also at most international airports. On the basis of principles reviewed in the present publication, an unambiguous, professionally reconciled regulation is necessary that would serve as a guideline for airport management and authorities, as well as for the involved medical personnel. Although setting principles into practice requires a different solution at each airport, yet, passenger safety and patient safety have to be harmonized as soon as possible.

Critical Success Factors for an Effective Security Risk Management Program in an Organization: An Exploratory Case Study

ERIC Educational Resources Information Center

Zafar, Humayun

2010-01-01

This study investigates differences in perception between layers of management (executive, middle, and lower) and staff with regard to the influence of critical success factors (CSFs) on security risk management (SRM) effectiveness. This is an in-depth case study conducted at a Fortune 500 company. Rockart's (1979) CSF method is modified through…

Homeland security: sharing and managing critical incident information

NASA Astrophysics Data System (ADS)

Ashley, W. R., III

2003-09-01

Effective critical incident response for homeland security requires access to real-time information from many organizations. Command and control, as well as basic situational awareness, are all dependant on quickly communicating a dynamically changing picture to a variety of decision makers. For the most part, critical information management is not unfamiliar or new to the public safety community. However, new challenges present themselves when that information needs to be seamlessly shared across multiple organizations at the local, state and federal level in real-time. The homeland security problem does not lend itself to the traditional military joint forces planning model where activities shift from a deliberate planning process to a crisis action planning process. Rather, the homeland security problem is more similar to a traditional public safety model where the current activity state moves from complete inactivity or low-level attention to immediate crisis action planning. More often than not the escalation occurs with no warning or baseline information. This paper addresses the challenges of sharing critical incident information and the impacts new technologies will have on this problem. The value of current and proposed approaches will be critiqued for operational value and areas will be identified for further development.

Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'.

PubMed

Khan, Muhammad Khurram; Alghathbar, Khaled

2010-01-01

User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

77 FR 32656 - Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0008] Critical Infrastructure Partnership... Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal Register... Federal Officer, Critical Infrastructure Partnership Advisory Council, Sector Outreach and Programs...

77 FR 32655 - Critical Infrastructure Partnership Advisory Council (CIPAC)

Federal Register 2010, 2011, 2012, 2013, 2014

2012-06-01

... DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2012-0009] Critical Infrastructure Partnership... the Critical Infrastructure Partnership Advisory Council (CIPAC) by notice published in the Federal... CONTACT: Larry May, Designated Federal Officer, Critical Infrastructure Partnership Advisory Council...

Secure Video Surveillance System (SVSS) for unannounced safeguards inspections.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Galdoz, Erwin G.; Pinkalla, Mark

2010-09-01

The Secure Video Surveillance System (SVSS) is a collaborative effort between the U.S. Department of Energy (DOE), Sandia National Laboratories (SNL), and the Brazilian-Argentine Agency for Accounting and Control of Nuclear Materials (ABACC). The joint project addresses specific requirements of redundant surveillance systems installed in two South American nuclear facilities as a tool to support unannounced inspections conducted by ABACC and the International Atomic Energy Agency (IAEA). The surveillance covers the critical time (as much as a few hours) between the notification of an inspection and the access of inspectors to the location in facility where surveillance equipment is installed.more » ABACC and the IAEA currently use the EURATOM Multiple Optical Surveillance System (EMOSS). This outdated system is no longer available or supported by the manufacturer. The current EMOSS system has met the project objective; however, the lack of available replacement parts and system support has made this system unsustainable and has increased the risk of an inoperable system. A new system that utilizes current technology and is maintainable is required to replace the aging EMOSS system. ABACC intends to replace one of the existing ABACC EMOSS systems by the Secure Video Surveillance System. SVSS utilizes commercial off-the shelf (COTS) technologies for all individual components. Sandia National Laboratories supported the system design for SVSS to meet Safeguards requirements, i.e. tamper indication, data authentication, etc. The SVSS consists of two video surveillance cameras linked securely to a data collection unit. The collection unit is capable of retaining historical surveillance data for at least three hours with picture intervals as short as 1sec. Images in .jpg format are available to inspectors using various software review tools. SNL has delivered two SVSS systems for test and evaluation at the ABACC Safeguards Laboratory. An additional 'proto-type' system remains at SNL for software and hardware testing. This paper will describe the capabilities of the new surveillance system, application and requirements, and the design approach.« less

Information Technology and Community Restoration Studies/Task 1: Information Technology

DOE Office of Scientific and Technical Information (OSTI.GOV)

Upton, Jaki F.; Lesperance, Ann M.; Stein, Steven L.

2009-11-19

Executive Summary The Interagency Biological Restoration Demonstration—a program jointly funded by the Department of Defense's Defense Threat Reduction Agency and the Department of Homeland Security's (DHS's) Science and Technology Directorate—is developing policies, methods, plans, and applied technologies to restore large urban areas, critical infrastructures, and Department of Defense installations following the intentional release of a biological agent (anthrax) by terrorists. There is a perception that there should be a common system that can share information both vertically and horizontally amongst participating organizations as well as support analyses. A key question is: "How far away from this are we?" As partmore » of this program, Pacific Northwest National Laboratory conducted research to identify the current information technology tools that would be used by organizations in the greater Seattle urban area in such a scenario, to define criteria for use in evaluating information technology tools, and to identify current gaps. Researchers interviewed 28 individuals representing 25 agencies in civilian and military organizations to identify the tools they currently use to capture data needed to support operations and decision making. The organizations can be grouped into five broad categories: defense (Department of Defense), environmental/ecological (Environmental Protection Agency/Ecology), public health and medical services, emergency management, and critical infrastructure. The types of information that would be communicated in a biological terrorism incident include critical infrastructure and resource status, safety and protection information, laboratory test results, and general emergency information. The most commonly used tools are WebEOC (web-enabled crisis information management systems with real-time information sharing), mass notification software, resource tracking software, and NW WARN (web-based information to protect critical infrastructure systems). It appears that the current information management tools are used primarily for information gathering and sharing—not decision making. Respondents identified the following criteria for a future software system. It is easy to learn, updates information in real time, works with all agencies, is secure, uses a visualization or geographic information system feature, enables varying permission levels, flows information from one stage to another, works with other databases, feeds decision support tools, is compliant with appropriate standards, and is reasonably priced. Current tools have security issues, lack visual/mapping functions and critical infrastructure status, and do not integrate with other tools. It is clear that there is a need for an integrated, common operating system. The system would need to be accessible by all the organizations that would have a role in managing an anthrax incident to enable regional decision making. The most useful tool would feature a GIS visualization that would allow for a common operating picture that is updated in real time. To capitalize on information gained from the interviews, the following activities are recommended: • Rate emergency management decision tools against the criteria specified by the interviewees. • Identify and analyze other current activities focused on information sharing in the greater Seattle urban area. • Identify and analyze information sharing systems/tools used in other regions.« less

Modelling Groundwater Depletion at Regional and Global Scales: Present State and Future Prospects.

NASA Technical Reports Server (NTRS)

Wada, Yoshihide

2015-01-01

Except for frozen water in ice and glaciers, groundwater is the world's largest distributed store of freshwater and has strategic importance to global food and water security. In this paper, the most recent advances quantifying groundwater depletion (GWD) are comprehensively reviewed. This paper critically evaluates the recently advanced modeling approaches estimating GWD at regional and global scales, and the evidence of feedbacks to the Earth system including sea-level rise associated with GWD. Finally, critical challenges and opportunities in the use of groundwater are identified for the adaption to growing food demand and uncertain climate.

Challenges in Aeropropulsion

NASA Technical Reports Server (NTRS)

Campbell, Donald C.

1995-01-01

Aeropropulsion technologies must progress to satisfy increasingly stringent global environmental requirements with economically viable air transportation systems. In this paper, key propulsion technologies to meet future needs are identified and the associated challenges are briefly discussed. Also discussed are NASA's vision, NASA's changing role in meeting today's challenge of a shrinking research budget, and propulsion technology impacts on the environment and air transport economics. Critical aeropropulsion technology drivers are identified and their impact evaluated. The aviation industry is critical to the nation's economy, job creation, and national security. NASA's advanced aeropropulsion technology programs and their relation to the aviation industry are discussed.

Modeling Groundwater Depletion at Regional and Global Scales: Present State and Future Prospects

NASA Astrophysics Data System (ADS)

Wada, Yoshihide

2016-03-01

Except for frozen water in ice and glaciers, groundwater is the world's largest distributed store of freshwater and has strategic importance to global food and water security. In this paper, the most recent advances quantifying groundwater depletion (GWD) are comprehensively reviewed. This paper critically evaluates the recently advanced modeling approaches estimating GWD at regional and global scales, and the evidence of feedbacks to the Earth system including sea-level rise associated with GWD. Finally, critical challenges and opportunities in the use of groundwater are identified for the adaption to growing food demand and uncertain climate.

Constructing vulnerabilty and protective measures indices for the enhanced critical infrastructure protection program.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fisher, R. E.; Buehring, W. A.; Whitfield, R. G.

2009-10-14

The US Department of Homeland Security (DHS) has directed its Protective Security Advisors (PSAs) to form partnerships with the owners and operators of assets most essential to the Nation's well being - a subclass of critical infrastructure and key resources (CIKR) - and to conduct site visits for these and other high-risk assets as part of the Enhanced Critical Infrastructure Protection (ECIP) Program. During each such visit, the PSA documents information about the facility's current CIKR protection posture and overall security awareness. The primary goals for ECIP site visits (DHS 2009) are to: (1) inform facility owners and operators ofmore » the importance of their facilities as an identified high-priority CIKR and the need to be vigilant in light of the ever-present threat of terrorism; (2) identify protective measures currently in place at these facilities, provide comparisons of CIKR protection postures across like assets, and track the implementation of new protective measures; and (3) enhance existing relationships among facility owners and operators; DHS; and various Federal, State, local tribal, and territorial partners. PSAs conduct ECIP visits to assess overall site security; educate facility owners and operators about security; help owners and operators identify gaps and potential improvements; and promote communication and information sharing among facility owners and operators, DHS, State governments, and other security partners. Information collected during ECIP visits is used to develop metrics; conduct sector-by-sector and cross-sector vulnerability comparisons; identify security gaps and trends across CIKR sectors and subsectors; establish sector baseline security survey results; and track progress toward improving CIKR security through activities, programs, outreach, and training (Snyder 2009). The data being collected are used in a framework consistent with the National Infrastructure Protection Plan (NIPP) risk criteria (DHS 2009). The NIPP framework incorporates consequence, threat, and vulnerability components and addresses all hazards. The analysis of the vulnerability data needs to be reproducible, support risk analysis, and go beyond protection. It also needs to address important security/vulnerability topics, such as physical security, cyber security, systems analysis, and dependencies and interdependencies. This report provides an overview of the approach being developed to estimate vulnerability and provide vulnerability comparisons for sectors and subsectors. the information will be used to assist DHS in analyzing existing protective measures and vulnerability at facilities, to identify potential ways to reduce vulnerabilities, and to assist in preparing sector risk estimates. The owner/operator receives an analysis of the data collected for a specific asset, showing a comparison between the facility's protection posture/vulnerability index and those of DHS sector/subsector sites visited. This comparison gives the owner/operator an indication of the asset's security strengths and weaknesses that may be contributing factors to its vulnerability and protection posture. The information provided to the owner/operator shows how the asset compares to other similar assets within the asset's sector or subsector. A 'dashboard' display is used to illustrate the results in a convenient format. The dashboard allows the owner/operator to analyze the implementation of additional protective measures and to illustrate how such actions would impact the asset's Protective Measures Index (PMI) or Vulnerability Index (VI).« less

A Unified Cropland Layer at 250-m for global agriculture monitoring

USGS Publications Warehouse

Waldner, François; Fritz, Steffen; Di Gregorio, Antonio; Plotnikov, Dmitry; Bartalev, Sergey; Kussul, Nataliia; Gong, Peng; Thenkabail, Prasad S.; Hazeu, Gerard; Klein, Igor; Löw, Fabian; Miettinen, Jukka; Dadhwal, Vinay Kumar; Lamarche, Céline; Bontemps, Sophie; Defourny, Pierre

2016-01-01

Accurate and timely information on the global cropland extent is critical for food security monitoring, water management and earth system modeling. Principally, it allows for analyzing satellite image time-series to assess the crop conditions and permits isolation of the agricultural component to focus on food security and impacts of various climatic scenarios. However, despite its critical importance, accurate information on the spatial extent, cropland mapping with remote sensing imagery remains a major challenge. Following an exhaustive identification and collection of existing land cover maps, a multi-criteria analysis was designed at the country level to evaluate the fitness of a cropland map with regards to four dimensions: its timeliness, its legend, its resolution adequacy and its confidence level. As a result, a Unified Cropland Layer that combines the fittest products into a 250 m global cropland map was assembled. With an evaluated accuracy ranging from 82% to 95%, the Unified Cropland Layer successfully improved the accuracy compared to single global products.

URBAN-NET: A Network-based Infrastructure Monitoring and Analysis System for Emergency Management and Public Safety

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lee, Sangkeun; Chen, Liangzhe; Duan, Sisi

Abstract Critical Infrastructures (CIs) such as energy, water, and transportation are complex networks that are crucial for sustaining day-to-day commodity flows vital to national security, economic stability, and public safety. The nature of these CIs is such that failures caused by an extreme weather event or a man-made incident can trigger widespread cascading failures, sending ripple effects at regional or even national scales. To minimize such effects, it is critical for emergency responders to identify existing or potential vulnerabilities within CIs during such stressor events in a systematic and quantifiable manner and take appropriate mitigating actions. We present here amore » novel critical infrastructure monitoring and analysis system named URBAN-NET. The system includes a software stack and tools for monitoring CIs, pre-processing data, interconnecting multiple CI datasets as a heterogeneous network, identifying vulnerabilities through graph-based topological analysis, and predicting consequences based on what-if simulations along with visualization. As a proof-of-concept, we present several case studies to show the capabilities of our system. We also discuss remaining challenges and future work.« less

Frontiers of the food-energy-water trilemma: Sri Lanka as a microcosm of tradeoffs

NASA Astrophysics Data System (ADS)

Perrone, Debra; Hornberger, George

2016-01-01

Food, energy, and water are three critical resources for humanity. As climate variability, population growth, and lifestyle changes amplify the stress placed on each of the resources, the interrelationships among food, energy, and water systems become more pronounced. Political conflict, social and cultural norms, and spatial and temporal distribution of the resources add additional layers of complexity. It is in this context that the significance of understanding the impacts of water scarcity on the decisions around food and energy productions has emerged. Our work establishes tradeoff frontiers (TFs) as a method useful in illustrating the system-level tradeoffs between allocating water for food and water for energy. This paper illustrates how TFs can be used to (1) show how scarcity in water resources affects the tradeoffs between food and energy and (2) explore the political and social constraints that can move production away from what is feasible technically. We use Sri Lanka, a country where water resources are variable both in space and time and a country with relatively self-contained energy and agricultural sectors, as a microcosm of the food security, energy security, and water security trilemma. Nevertheless, our application of tradeoff frontiers is applicable widely to other systems.

A resilient and secure software platform and architecture for distributed spacecraft

NASA Astrophysics Data System (ADS)

Otte, William R.; Dubey, Abhishek; Karsai, Gabor

2014-06-01

A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

Registered File Support for Critical Operations Files at (Space Infrared Telescope Facility) SIRTF

NASA Technical Reports Server (NTRS)

Turek, G.; Handley, Tom; Jacobson, J.; Rector, J.

2001-01-01

The SIRTF Science Center's (SSC) Science Operations System (SOS) has to contend with nearly one hundred critical operations files via comprehensive file management services. The management is accomplished via the registered file system (otherwise known as TFS) which manages these files in a registered file repository composed of a virtual file system accessible via a TFS server and a file registration database. The TFS server provides controlled, reliable, and secure file transfer and storage by registering all file transactions and meta-data in the file registration database. An API is provided for application programs to communicate with TFS servers and the repository. A command line client implementing this API has been developed as a client tool. This paper describes the architecture, current implementation, but more importantly, the evolution of these services based on evolving community use cases and emerging information system technology.

Quantifying the Impact of Unavailability in Cyber-Physical Environments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Aissa, Anis Ben; Abercrombie, Robert K; Sheldon, Federick T.

2014-01-01

The Supervisory Control and Data Acquisition (SCADA) system discussed in this work manages a distributed control network for the Tunisian Electric & Gas Utility. The network is dispersed over a large geographic area that monitors and controls the flow of electricity/gas from both remote and centralized locations. The availability of the SCADA system in this context is critical to ensuring the uninterrupted delivery of energy, including safety, security, continuity of operations and revenue. Such SCADA systems are the backbone of national critical cyber-physical infrastructures. Herein, we propose adapting the Mean Failure Cost (MFC) metric for quantifying the cost of unavailability.more » This new metric combines the classic availability formulation with MFC. The resulting metric, so-called Econometric Availability (EA), offers a computational basis to evaluate a system in terms of the gain/loss ($/hour of operation) that affects each stakeholder due to unavailability.« less

Assessing uncertainties in surface water security: An empirical multimodel approach

NASA Astrophysics Data System (ADS)

Rodrigues, Dulce B. B.; Gupta, Hoshin V.; Mendiondo, Eduardo M.; Oliveira, Paulo Tarso S.

2015-11-01

Various uncertainties are involved in the representation of processes that characterize interactions among societal needs, ecosystem functioning, and hydrological conditions. Here we develop an empirical uncertainty assessment of water security indicators that characterize scarcity and vulnerability, based on a multimodel and resampling framework. We consider several uncertainty sources including those related to (i) observed streamflow data; (ii) hydrological model structure; (iii) residual analysis; (iv) the method for defining Environmental Flow Requirement; (v) the definition of critical conditions for water provision; and (vi) the critical demand imposed by human activities. We estimate the overall hydrological model uncertainty by means of a residual bootstrap resampling approach, and by uncertainty propagation through different methodological arrangements applied to a 291 km2 agricultural basin within the Cantareira water supply system in Brazil. Together, the two-component hydrograph residual analysis and the block bootstrap resampling approach result in a more accurate and precise estimate of the uncertainty (95% confidence intervals) in the simulated time series. We then compare the uncertainty estimates associated with water security indicators using a multimodel framework and the uncertainty estimates provided by each model uncertainty estimation approach. The range of values obtained for the water security indicators suggests that the models/methods are robust and performs well in a range of plausible situations. The method is general and can be easily extended, thereby forming the basis for meaningful support to end-users facing water resource challenges by enabling them to incorporate a viable uncertainty analysis into a robust decision-making process.

International Cyber Incident Repository System: Information Sharing on a Global Scale

DOE Office of Scientific and Technical Information (OSTI.GOV)

Joyce, Amanda L.; Evans, PhD, Nathaniel; Tanzman, Edward A.

According to the 2016 Internet Security Threat Report, the largest number of cyber attacks were recorded last year (2015), reaching a total of 430 million incidents throughout the world. As the number of cyber incidents increases, the need for information and intelligence sharing increases, as well. This fairly large increase in cyber incidents is driving the need for an international cyber incident data reporting system. The goal of the cyber incident reporting system is to make available shared and collected information about cyber events among participating international parties. In its 2014 report, Insurance Industry Working Session Readout Report-Insurance for CyberRelatedmore » Critical Infrastructure Loss: Key Issues, on the outcomes of a working session on cyber insurance, the U.S. Department of Homeland Security observed that “many participants cited the need for a secure method through which organizations could pool and share cyber incident information” and noted that one underwriter emphasized the importance of internationally harmonized data taxonomies. This cyber incident data reporting system could benefit all nations that take part in reporting incidents to provide a more common operating picture. In addition, this reporting system could allow for trending and anticipated attacks and could potentially benefit participating members by enabling them to get in front of potential attacks. The purpose of this paper is to identify options for consideration for such a system in fostering cooperative cyber defense.« less

The 12th International Conference on Computer Safety, Reliability and Security

DTIC Science & Technology

1993-10-29

then used [10]. The adequacy of the proposed methodology is shown through the design and the validation of a simple control system: a train set example...satisfying the safety condition. 4 Conclusions In this paper we have presented a methodology which can be used for the design of safety-critical systems...has a Burner but no Detector (or the Detector is permanently non -active). The PA: G1 for this design is shown in Fig 3a. The probability matrices are

ICS logging solution for network-based attacks using Gumistix technology

NASA Astrophysics Data System (ADS)

Otis, Jeremy R.; Berman, Dustin; Butts, Jonathan; Lopez, Juan

2013-05-01

Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., ShodanHQ search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already been carried out and the damage has been done. This research provides a method for introducing sensors into the ICS environment that collect information about network-based attacks. The sensors are developed using an inexpensive Gumstix platform that can be deployed and incorporated with production systems. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). Findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative.

Secure Distributed Human Computation

NASA Astrophysics Data System (ADS)

Gentry, Craig; Ramzan, Zulfikar; Stubblebine, Stuart

In Peha’s Financial Cryptography 2004 invited talk, he described the Cyphermint PayCash system (see www.cyphermint.com), which allows people without bank accounts or credit cards (a sizeable segment of the U.S. population) to automatically and instantly cash checks, pay bills, or make Internet transactions through publicly-accessible kiosks. Since PayCash offers automated financial transactions and since the system uses (unprotected) kiosks, security is critical. The kiosk must decide whether a person cashing a check is really the person to whom the check was made out, so it takes a digital picture of the person cashing the check and transmits this picture electronically to a central office, where a human worker compares the kiosk’s picture to one that was taken when the person registered with Cyphermint. If both pictures are of the same person, then the human worker authorizes the transaction.

78 FR 42101 - Boston Area Maritime Security Advisory Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-15

...: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and... years of experience related to maritime or port security operations. AMSC Membership The Boston AMSC has... security industries. In support of the USCG policy on gender and ethnic nondiscrimination, we encourage...

77 FR 39249 - Boston Area Maritime Security Advisory Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-02

...: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and... years of experience related to maritime or port security operations. AMSC Membership The Boston AMSC has... security industries. In support of the USCG policy on gender and ethnic diversity, we encourage qualified...

Software security checklist for the software life cycle

NASA Technical Reports Server (NTRS)

Gilliam, D. P.; Wolfe, T. L.; Sherif, J. S.

2002-01-01

A formal approach to security in the software life cycle is essential to protect corporate resources. However, little thought has been given to this aspect of software development. Due to its criticality, security should be integrated as a formal approach in the software life cycle.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. An H60-S Seahawk helicopter hovers above to communicate the spacecraft's location back to the USS Anchorage, in the distance. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. An H60-S Seahawk helicopter hovers above to communicate the spacecraft's location back to the USS Anchorage. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. The spacecraft completed a two-orbit, four-and-a-half-hour mission in Earth orbit. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion, the forward bay cover and main parachutes. Orion will be towed in and secure in the well deck of the nearby USS Anchorage. Orion's mission tested systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

U.S. Navy personnel aboard the USS Anchorage prepare for recovery of NASA's Orion spacecraft from the Pacific Ocean about 600 miles off the coast of San Diego, California. Orion splashed down after its first flight test in Earth orbit. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Technical analysis of US Army Weapons Systems and related advanced technologies of military interest. Final report

DOE Office of Scientific and Technical Information (OSTI.GOV)

NONE

1991-06-14

This report summarizes the activities and accomplishments of an US Army technology security project designed to identify and develop effective policy guidelines for militarily critical technologies in specific Army systems and in broad generic technology areas of military interest, Individual systems analyses are documented in separate Weapons Systems Technical Assessments (WSTAs) and the general generic technology areas are evaluated in the Advanced Technology Assessment Reports (ATARs), However, specific details of these assessments are not addressed here, only recommendations regarding aspects of the defined approach, methodology, and format are provided and discussed.

KSC-2014-4773

NASA Image and Video Library

2014-12-05

SAN DIEGO, Calif. -- NASA's Orion spacecraft floats in the Pacific Ocean after splashdown from its first flight test in Earth orbit. The USS Anchorage is nearby. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts. For more information, visit www.nasa.gov/orion Photo credit: NASA/Tony Gray

Orion Splashdown Recovery

NASA Image and Video Library

2014-12-05

U.S. Navy personnel aboard a rigid hull inflatable boat help recover NASA's Orion spacecraft following its splashdown in the Pacific Ocean after its first flight test in Earth orbit. The USS Anchorage is in the background. NASA, the U.S. Navy and Lockheed Martin are coordinating efforts to recover Orion and secure the spacecraft in the well deck of the USS Anchorage. Orion completed a two-orbit, four-and-a-half hour mission, to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program is leading the recovery efforts.

Future Data Communication Architectures for Safety Critical Aircraft Cabin Systems

NASA Astrophysics Data System (ADS)

Berkhahn, Sven-Olaf

2012-05-01

The cabin of modern aircraft is subject to increasing demands for fast reconfiguration and hence flexibility. These demands require studies for new network architectures and technologies of the electronic cabin systems, which consider also weight and cost reductions as well as safety constraints. Two major approaches are in consideration to reduce the complex and heavy wiring harness: the usage of a so called hybrid data bus technology, which enables the common usage of the same data bus for several electronic cabin systems with different safety and security requirements and the application of wireless data transfer technologies for electronic cabin systems.

Program for Critical Technologies in Breast Oncology

DTIC Science & Technology

1999-07-01

the tissues, and in a ethical manner that respects the patients’ rights . The Program for Critical Technologies in Breast Oncology helps address all of...diagnosis, database 15. NUMBER OF PAGES 148 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS...closer to clinical utility. Page 17 References Adida C. Crotty PL. McGrath J. Berrebi D. Diebold J. Altieri DC. Developmentally regulated

Protecting Defense Technologies: DOD Assessment Needed to Determine Requirement for Critical Technologies List

DTIC Science & Technology

2013-01-01

Service DTSA Defense Technology Security Administration MCTL Militarily Critical Technologies List This is a work of the U.S. government and is not...Respond to MCTL Weaknesses Page 8 GAO-13-157 Protecting Defense Technologies Administration ( DTSA ), military services, and DOD...implementation of technology security policies on international transfers of defense- related goods, services, and technologies; • directed DTSA to

Towards a Bio-inspired Security Framework for Mission-Critical Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Ren, Wei; Song, Jun; Ma, Zhao; Huang, Shiyong

Mission-critical wireless sensor networks (WSNs) have been found in numerous promising applications in civil and military fields. However, the functionality of WSNs extensively relies on its security capability for detecting and defending sophisticated adversaries, such as Sybil, worm hole and mobile adversaries. In this paper, we propose a bio-inspired security framework to provide intelligence-enabled security mechanisms. This scheme is composed of a middleware, multiple agents and mobile agents. The agents monitor the network packets, host activities, make decisions and launch corresponding responses. Middleware performs an infrastructure for the communication between various agents and corresponding mobility. Certain cognitive models and intelligent algorithms such as Layered Reference Model of Brain and Self-Organizing Neural Network with Competitive Learning are explored in the context of sensor networks that have resource constraints. The security framework and implementation are also described in details.

New parsimonious simulation methods and tools to assess future food and environmental security of farm populations

PubMed Central

Antle, John M.; Stoorvogel, Jetse J.; Valdivia, Roberto O.

2014-01-01

This article presents conceptual and empirical foundations for new parsimonious simulation models that are being used to assess future food and environmental security of farm populations. The conceptual framework integrates key features of the biophysical and economic processes on which the farming systems are based. The approach represents a methodological advance by coupling important behavioural processes, for example, self-selection in adaptive responses to technological and environmental change, with aggregate processes, such as changes in market supply and demand conditions or environmental conditions as climate. Suitable biophysical and economic data are a critical limiting factor in modelling these complex systems, particularly for the characterization of out-of-sample counterfactuals in ex ante analyses. Parsimonious, population-based simulation methods are described that exploit available observational, experimental, modelled and expert data. The analysis makes use of a new scenario design concept called representative agricultural pathways. A case study illustrates how these methods can be used to assess food and environmental security. The concluding section addresses generalizations of parametric forms and linkages of regional models to global models. PMID:24535388

New parsimonious simulation methods and tools to assess future food and environmental security of farm populations.

PubMed

Antle, John M; Stoorvogel, Jetse J; Valdivia, Roberto O

2014-04-05

This article presents conceptual and empirical foundations for new parsimonious simulation models that are being used to assess future food and environmental security of farm populations. The conceptual framework integrates key features of the biophysical and economic processes on which the farming systems are based. The approach represents a methodological advance by coupling important behavioural processes, for example, self-selection in adaptive responses to technological and environmental change, with aggregate processes, such as changes in market supply and demand conditions or environmental conditions as climate. Suitable biophysical and economic data are a critical limiting factor in modelling these complex systems, particularly for the characterization of out-of-sample counterfactuals in ex ante analyses. Parsimonious, population-based simulation methods are described that exploit available observational, experimental, modelled and expert data. The analysis makes use of a new scenario design concept called representative agricultural pathways. A case study illustrates how these methods can be used to assess food and environmental security. The concluding section addresses generalizations of parametric forms and linkages of regional models to global models.

Influence of Normative Commitment on English as a Second Language Teachers' Implementation of Learner-Centered Practices for Diverse Learners

ERIC Educational Resources Information Center

Tartt-Walker, Sheba Hollywood

2014-01-01

In light of the paradigm shift from teacher-centered to learner-centered instruction occurring globally, the need for committed teachers is critical. Due to the influx of foreign nationals securing positions in the U.S. educational system, the teacher workforce has become more diverse. This diversity manifests a broad range of beliefs and values…

Identification and Ranking of Critical Assets within an Electrical Grid under Threat of Cyber Attack

NASA Astrophysics Data System (ADS)

Boyer, Blake R.

This paper examines the ranking of critical assets within an electrical grid under threat of cyber attack.1 Critical to this analysis is the assumption of zero hour exploits namely, the threat of an immediate attack as soon as a vulnerability is discovered. Modeling shows that over time load fluctuations as well as other system variations will change the importance of each asset in the delivery of bulk power. As opposed to classic stability studies where risk can be shown to be greatest during high load periods, the zero hour exploit-cyber-risk assumes that vulnerabilities will be attacked as soon as they are discovered. The probability of attacks is made uniform over time to include any and all possible attacks. Examining the impact of an attack and how the grid reacts immediately following an attack will identify and determine the criticality of each asset. This work endeavors to fulfill the NERC Critical Infrastructure Protection Requirements CIP-001-1 through CIP-009-2, cyber security requirements for the reliable supply of bulk power to customers throughout North America. 1Critical assets will here refer to facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System, NERC Glossary of Terms Used in Reliability Standards, 2009

Under Secretary of Defense for Policy > OUSDP Offices > ASD for Homeland

Science.gov Websites

Defense Global Security > Defense Critical Infrastructure Program > Roles Skip to main for Asian and Pacific Security Affairs ASD for Homeland Defense Global Security DASD Defense -Intensity Conflict Counternarcotics and Global Threats Stability and Humanitarian Affairs Special Operations

Impacts of Base-Case and Post-Contingency Constraint Relaxations on Static and Dynamic Operational Security

NASA Astrophysics Data System (ADS)

Salloum, Ahmed

Constraint relaxation by definition means that certain security, operational, or financial constraints are allowed to be violated in the energy market model for a predetermined penalty price. System operators utilize this mechanism in an effort to impose a price-cap on shadow prices throughout the market. In addition, constraint relaxations can serve as corrective approximations that help in reducing the occurrence of infeasible or extreme solutions in the day-ahead markets. This work aims to capture the impact constraint relaxations have on system operational security. Moreover, this analysis also provides a better understanding of the correlation between DC market models and AC real-time systems and analyzes how relaxations in market models propagate to real-time systems. This information can be used not only to assess the criticality of constraint relaxations, but also as a basis for determining penalty prices more accurately. Constraint relaxations practice was replicated in this work using a test case and a real-life large-scale system, while capturing both energy market aspects and AC real-time system performance. System performance investigation included static and dynamic security analysis for base-case and post-contingency operating conditions. PJM peak hour loads were dynamically modeled in order to capture delayed voltage recovery and sustained depressed voltage profiles as a result of reactive power deficiency caused by constraint relaxations. Moreover, impacts of constraint relaxations on operational system security were investigated when risk based penalty prices are used. Transmission lines in the PJM system were categorized according to their risk index and each category was as-signed a different penalty price accordingly in order to avoid real-time overloads on high risk lines. This work also extends the investigation of constraint relaxations to post-contingency relaxations, where emergency limits are allowed to be relaxed in energy market models. Various scenarios were investigated to capture and compare between the impacts of base-case and post-contingency relaxations on real-time system performance, including the presence of both relaxations simultaneously. The effect of penalty prices on the number and magnitude of relaxations was investigated as well.

Secure and Trustable Electronic Medical Records Sharing using Blockchain.

PubMed

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost.

Secure and Trustable Electronic Medical Records Sharing using Blockchain

PubMed Central

Dubovitskaya, Alevtina; Xu, Zhigang; Ryu, Samuel; Schumacher, Michael; Wang, Fusheng

2017-01-01

Electronic medical records (EMRs) are critical, highly sensitive private information in healthcare, and need to be frequently shared among peers. Blockchain provides a shared, immutable and transparent history of all the transactions to build applications with trust, accountability and transparency. This provides a unique opportunity to develop a secure and trustable EMR data management and sharing system using blockchain. In this paper, we present our perspectives on blockchain based healthcare data management, in particular, for EMR data sharing between healthcare providers and for research studies. We propose a framework on managing and sharing EMR data for cancer patient care. In collaboration with Stony Brook University Hospital, we implemented our framework in a prototype that ensures privacy, security, availability, and fine-grained access control over EMR data. The proposed work can significantly reduce the turnaround time for EMR sharing, improve decision making for medical care, and reduce the overall cost. PMID:29854130

Access Control of Web and Java Based Applications

NASA Technical Reports Server (NTRS)

Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

2011-01-01

Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

A video-based system and method for improving aircraft security

NASA Astrophysics Data System (ADS)

Ebenstein, Samuel E.; Smith, Gregory H.; Zorka, Nicholas G.; Rodin, Yelena M.; Meitzler, Thomas J.

2004-08-01

Commercial airplanes are now a weapon of mass destruction to be used in asymmetric warfare against the United States. There is a clear need for enhanced situational awareness within the passenger cabin of airplanes. If the crew suspected that the security of an aircraft had been compromised it would be critical for a crew member to be able to clearly and rapidly see what is occurring inside the passenger cabin without having to open the door to the cockpit. In case of emergency it would also be extremely valuable for ground personnel and aircraft responding to the emergency to be able to visually monitor what is happening inside the aircraft cabin.

New perspectives in ecosystem services science as instruments to understand environmental securities

PubMed Central

Villa, Ferdinando; Voigt, Brian; Erickson, Jon D.

2014-01-01

As societal demand for food, water and other life-sustaining resources grows, the science of ecosystem services (ES) is seen as a promising tool to improve our understanding, and ultimately the management, of increasingly uncertain supplies of critical goods provided or supported by natural ecosystems. This promise, however, is tempered by a relatively primitive understanding of the complex systems supporting ES, which as a result are often quantified as static resources rather than as the dynamic expression of human–natural systems. This article attempts to pinpoint the minimum level of detail that ES science needs to achieve in order to usefully inform the debate on environmental securities, and discusses both the state of the art and recent methodological developments in ES in this light. We briefly review the field of ES accounting methods and list some desiderata that we deem necessary, reachable and relevant to address environmental securities through an improved science of ES. We then discuss a methodological innovation that, while only addressing these needs partially, can improve our understanding of ES dynamics in data-scarce situations. The methodology is illustrated and discussed through an application related to water security in the semi-arid landscape of the Great Ruaha river of Tanzania. PMID:24535393

Secure and lightweight network admission and transmission protocol for body sensor networks.

PubMed

He, Daojing; Chen, Chun; Chan, Sammy; Bu, Jiajun; Zhang, Pingxin

2013-05-01

A body sensor network (BSN) is a wireless network of biosensors and a local processing unit, which is commonly referred to as the personal wireless hub (PWH). Personal health information (PHI) is collected by biosensors and delivered to the PWH before it is forwarded to the remote healthcare center for further processing. In a BSN, it is critical to only admit eligible biosensors and PWH into the network. Also, securing the transmission from each biosensor to PWH is essential not only for ensuring safety of PHI delivery, but also for preserving the privacy of PHI. In this paper, we present the design, implementation, and evaluation of a secure network admission and transmission subsystem based on a polynomial-based authentication scheme. The procedures in this subsystem to establish keys for each biosensor are communication efficient and energy efficient. Moreover, based on the observation that an adversary eavesdropping in a BSN faces inevitable channel errors, we propose to exploit the adversary's uncertainty regarding the PHI transmission to update the individual key dynamically and improve key secrecy. In addition to the theoretical analysis that demonstrates the security properties of our system, this paper also reports the experimental results of the proposed protocol on resource-limited sensor platforms, which show the efficiency of our system in practice.

The need for integration of drought monitoring tools for proactive food security management in sub-Saharan Africa

USGS Publications Warehouse

Tadesse, T.; Haile, M.; Senay, G.; Wardlow, B.D.; Knutson, C.L.

2008-01-01

Reducing the impact of drought and famine remains a challenge in sub-Saharan Africa despite ongoing drought relief assistance in recent decades. This is because drought and famine are primarily addressed through a crisis management approach when a disaster occurs, rather than stressing preparedness and risk management. Moreover, drought planning and food security efforts have been hampered by a lack of integrated drought monitoring tools, inadequate early warning systems (EWS), and insufficient information flow within and between levels of government in many sub-Saharan countries. The integration of existing drought monitoring tools for sub-Saharan Africa is essential for improving food security systems to reduce the impacts of drought and famine on society in this region. A proactive approach emphasizing integration requires the collective use of multiple tools, which can be used to detect trends in food availability and provide early indicators at local, national, and regional scales on the likely occurrence of food crises. In addition, improving the ability to monitor and disseminate critical drought-related information using available modern technologies (e.g., satellites, computers, and modern communication techniques) may help trigger timely and appropriate preventive responses and, ultimately, contribute to food security and sustainable development in sub-Saharan Africa. ?? 2008 United Nations.

Criticality Safety Evaluation for the TACS at DAF

DOE Office of Scientific and Technical Information (OSTI.GOV)

Percher, C. M.; Heinrichs, D. P.

2011-06-10

Hands-on experimental training in the physical behavior of multiplying systems is one of ten key areas of training required for practitioners to become qualified in the discipline of criticality safety as identified in DOE-STD-1135-99, Guidance for Nuclear Criticality Safety Engineer Training and Qualification. This document is a criticality safety evaluation of the training activities and operations associated with HS-3201-P, Nuclear Criticality 4-Day Training Course (Practical). This course was designed to also address the training needs of nuclear criticality safety professionals under the auspices of the NNSA Nuclear Criticality Safety Program1. The hands-on, or laboratory, portion of the course will utilizemore » the Training Assembly for Criticality Safety (TACS) and will be conducted in the Device Assembly Facility (DAF) at the Nevada Nuclear Security Site (NNSS). The training activities will be conducted by Lawrence Livermore National Laboratory following the requirements of an Integrated Work Sheet (IWS) and associated Safety Plan. Students will be allowed to handle the fissile material under the supervision of an LLNL Certified Fissile Material Handler.« less

A Real-Time Health Monitoring System for Remote Cardiac Patients Using Smartphone and Wearable Sensors.

PubMed

Kakria, Priyanka; Tripathi, N K; Kitipawang, Peerapong

2015-01-01

Online telemedicine systems are useful due to the possibility of timely and efficient healthcare services. These systems are based on advanced wireless and wearable sensor technologies. The rapid growth in technology has remarkably enhanced the scope of remote health monitoring systems. In this paper, a real-time heart monitoring system is developed considering the cost, ease of application, accuracy, and data security. The system is conceptualized to provide an interface between the doctor and the patients for two-way communication. The main purpose of this study is to facilitate the remote cardiac patients in getting latest healthcare services which might not be possible otherwise due to low doctor-to-patient ratio. The developed monitoring system is then evaluated for 40 individuals (aged between 18 and 66 years) using wearable sensors while holding an Android device (i.e., smartphone under supervision of the experts). The performance analysis shows that the proposed system is reliable and helpful due to high speed. The analyses showed that the proposed system is convenient and reliable and ensures data security at low cost. In addition, the developed system is equipped to generate warning messages to the doctor and patient under critical circumstances.

A Real-Time Health Monitoring System for Remote Cardiac Patients Using Smartphone and Wearable Sensors

PubMed Central

Kakria, Priyanka; Tripathi, N. K.; Kitipawang, Peerapong

2015-01-01

Online telemedicine systems are useful due to the possibility of timely and efficient healthcare services. These systems are based on advanced wireless and wearable sensor technologies. The rapid growth in technology has remarkably enhanced the scope of remote health monitoring systems. In this paper, a real-time heart monitoring system is developed considering the cost, ease of application, accuracy, and data security. The system is conceptualized to provide an interface between the doctor and the patients for two-way communication. The main purpose of this study is to facilitate the remote cardiac patients in getting latest healthcare services which might not be possible otherwise due to low doctor-to-patient ratio. The developed monitoring system is then evaluated for 40 individuals (aged between 18 and 66 years) using wearable sensors while holding an Android device (i.e., smartphone under supervision of the experts). The performance analysis shows that the proposed system is reliable and helpful due to high speed. The analyses showed that the proposed system is convenient and reliable and ensures data security at low cost. In addition, the developed system is equipped to generate warning messages to the doctor and patient under critical circumstances. PMID:26788055

Security Informatics Research Challenges for Mitigating Cyber Friendly Fire

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carroll, Thomas E.; Greitzer, Frank L.; Roberts, Adam D.

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly re (FF). We dene cyber FF as intentional o*ensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission e*ectiveness of friendly or neutral forces. We describe examples of cyber FF and discuss how it ts within a general conceptual framework for cyber security failures. Because it involves human failure, cyber FF may be considered to belong to a sub-class of cyber security failures characterized as unintentional insider threats. Cyber FF is closelymore » related to combat friendly re in that maintaining situation awareness (SA) is paramount to avoiding unintended consequences. Cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and o*ensive countermeasures that may be applied to thwart network attacks. We describe a test bed designed to support empirical research on factors a*ecting cyber FF. Finally, we discuss mitigation strategies to combat cyber FF, including both training concepts and suggestions for decision aids and visualization approaches.« less

The Energy and Security Nexus: A Strategic Dilemma

DTIC Science & Technology

2012-11-01

constructive criticism where it was most needed. ix Joseph Caddell also provided crucial guidance in framing the conference proposal. Finally, my thanks...conflict. Critics of biofuels further claim that diversion of land for fuel in the United States has driven up world food prices and arguably triggered...recycle and consume all actinides may provide a solution. But they arguably carry a proliferation risk. Steps can be taken to safeguard and secure

A Tool for Rating the Resilience of Critical Infrastructures in Extreme Fires

DTIC Science & Technology

2014-05-01

provide a tool for NRC to help the Canadian industry to develop extreme fire protection materials and technologies for critical infrastructures. Future...supported by the Canadian Safety and Security Program (CSSP) which is led by Defence Research and Development Canada’s Centre for Security Science, in...in oil refinery and chemical industry facilities. The only available standard in North America that addresses the transportation infrastructure is

Internet Governance and National Security

DTIC Science & Technology

2012-01-01

the conflict created by headline- grabbing exploits of ad hoc hacker networks or nation-state-inspired cor­ porate espionage.5 Malicious actors add...governance of critical Internet re­ sources and their impact on US national security are often overlooked. Foreign efforts to alter the technical...crime, espio­ nage, and other forms of cyber conflict rather than on the issues related to governance of critical Internet resources, development of

Data Privacy and Security in Higher Education

ERIC Educational Resources Information Center

Williams, Tracy

2003-01-01

As institutions review and strengthen their plans to secure confidential data, what proactive role does the human resource professional play as a strategic partner? Why are employees a critical part of the solution? And how are they educated regarding their responsibilities with data security? Datatel's HR product manager shares some…

Reducing Incongruity of Perceptions Related to Information Risk: Dialogical Action Research in Organizations

ERIC Educational Resources Information Center

Sedlack, Derek J.

2012-01-01

A critical overreliance on the technical dimension of information security has recently shifted toward more robust, organizationally focused information security methods to countermand $54 billion lost from computer security incidents. Developing a more balanced approach is required since protecting information is not an all or nothing…

DOE Office of Scientific and Technical Information (OSTI.GOV)

Billings, Jay J.; Bonior, Jason D.; Evans, Philip G.

Securely transferring timing information in the electrical grid is a critical component of securing the nation's infrastructure from cyber attacks. One solution to this problem is to use quantum information to securely transfer the timing information across sites. This software provides such an infrastructure using a standard Java webserver that pulls the quantum information from associated hardware.

Network Security: What Non-Technical Administrators Must Know

ERIC Educational Resources Information Center

Council, Chip

2005-01-01

Now it is increasingly critical that community college leaders become involved in network security and partner with their directors of information technology (IT). Network security involves more than just virus protection software and firewalls. It involves vigilance and requires top executive support. Leaders can help their IT directors to…

Racing to the Future: Security in the Gigabit Race?

ERIC Educational Resources Information Center

Gregory, Mark A; Cradduck, Lucy

2016-01-01

This research seeks to identify the differing national perspectives towards security and the "gigabit race" as those nations transition to their next generation broadband networks. Its aim is to critically appraise the rationales for their existing digital security frameworks in order to determine whether (and what) Australia can learn…

KSC-2014-4854

NASA Image and Video Library

2014-12-18

CAPE CANAVERAL, Fla. -- NASA's Orion spacecraft arrives at the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts. For more information, visit www.nasa.gov/orion. Photo credit: NASA/Kim Shiflett

KSC-2014-4856

NASA Image and Video Library

2014-12-18

CAPE CANAVERAL, Fla. -- NASA's Orion spacecraft arrives inside the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts. For more information, visit www.nasa.gov/orion. Photo credit: NASA/Kim Shiflett

Orion Washdown & Arrival at LASF

NASA Image and Video Library

2014-12-18

NASA's Orion crew module, enclosed in its crew module transportation fixture and secured on a flatbed truck, leaves the Multi-Operation Support Building and is being transported to the Launch Abort System Facility at NASA's Kennedy Space Center in Florida. Orion was transported 2,700 miles overland from Naval Base San Diego in California. Orion was recovered from the Pacific Ocean after completing a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts.

KSC-2014-4855

NASA Image and Video Library

2014-12-18

CAPE CANAVERAL, Fla. -- NASA's Orion spacecraft arrives at the Launch Abort System Facility at Kennedy Space Center in Florida. The spacecraft was transported 2,700 miles overland from Naval Base San Diego in California, on a flatbed truck secured in its crew module transportation fixture for the trip. During its first flight test, Orion completed a two-orbit, four-and-a-half hour mission Dec. 5 to test systems critical to crew safety, including the launch abort system, the heat shield and the parachute system. The Ground Systems Development and Operations Program led the recovery, offload and transportation efforts. For more information, visit www.nasa.gov/orion. Photo credit: NASA/Kim Shiflett

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

An assessment of the cyber security legislation and its impact on the United States electrical sector

NASA Astrophysics Data System (ADS)

Born, Joshua

The purpose of this research was to examine the cyber-security posture for the United States' electrical grid, which comprises a major component of critical infrastructure for the country. The United States electrical sector is so vast, that the Department of Homeland Security (DHS) estimates, it contains more than 6,413 power plants (this includes 3,273 traditional electric utilities and 1,738 nonutility power producers) with approximately 1,075 gigawatts of energy produced on a daily basis. A targeted cyber-security attack against the electric grid would likely have catastrophic results and could even serve as a precursor to a physical attack against the United States. A recent report by the consulting firm Black and Veatch found that one of the top five greatest concerns for United States electric utilities is the risk that cybersecurity poses to their industry and yet, only one-third state they are currently prepared to meet the increasingly likely threat. The report goes on to state, "only 32% of electric utilities surveyed had integrated security systems with the proper segmentation, monitoring and redundancies needed for cyber threat protection. Another 48 % said they did not" Recent estimates indicate that a large-scale cyber-attack against this sector could cost the United States economy as much as a trillion dollars within a weeks' time. Legislative efforts in the past have primarily been focused on creating mandates that encourage public and private partnership, which have been not been adopted as quickly as desired. With 85 % of all electric utilities being privately owned, it is key that the public and private sector partner in order to mitigate risks and respond as a cohesive unit in the event of a major attack. Keywords: Cybersecurity, Professor Riddell, cyber security, energy, intelligence, outlook, electrical, compliance, legislation, partnerships, critical infrastructure.

Security practices and regulatory compliance in the healthcare industry.

PubMed

Kwon, Juhee; Johnson, M Eric

2013-01-01

Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Hospitals in the highest level of compliance were significantly managing third parties' breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption.

Security practices and regulatory compliance in the healthcare industry

PubMed Central

Kwon, Juhee; Johnson, M Eric

2013-01-01

Objective Securing protected health information is a critical responsibility of every healthcare organization. We explore information security practices and identify practice patterns that are associated with improved regulatory compliance. Design We employed Ward's cluster analysis using minimum variance based on the adoption of security practices. Variance between organizations was measured using dichotomous data indicating the presence or absence of each security practice. Using t tests, we identified the relationships between the clusters of security practices and their regulatory compliance. Measurement We utilized the results from the Kroll/Healthcare Information and Management Systems Society telephone-based survey of 250 US healthcare organizations including adoption status of security practices, breach incidents, and perceived compliance levels on Health Information Technology for Economic and Clinical Health, Health Insurance Portability and Accountability Act, Red Flags rules, Centers for Medicare and Medicaid Services, and state laws governing patient information security. Results Our analysis identified three clusters (which we call leaders, followers, and laggers) based on the variance of security practice patterns. The clusters have significant differences among non-technical practices rather than technical practices, and the highest level of compliance was associated with hospitals that employed a balanced approach between technical and non-technical practices (or between one-off and cultural practices). Conclusions Hospitals in the highest level of compliance were significantly managing third parties’ breaches and training. Audit practices were important to those who scored in the middle of the pack on compliance. Our results provide security practice benchmarks for healthcare administrators and can help policy makers in developing strategic and practical guidelines for practice adoption. PMID:22955497

Measuring Information Security Performance with 10 by 10 Model for Holistic State Evaluation.

PubMed

Bernik, Igor; Prislan, Kaja

Organizations should measure their information security performance if they wish to take the right decisions and develop it in line with their security needs. Since the measurement of information security is generally underdeveloped in practice and many organizations find the existing recommendations too complex, the paper presents a solution in the form of a 10 by 10 information security performance measurement model. The model-ISP 10×10M is composed of ten critical success factors, 100 key performance indicators and 6 performance levels. Its content was devised on the basis of findings presented in the current research studies and standards, while its structure results from an empirical research conducted among information security professionals from Slovenia. Results of the study show that a high level of information security performance is mostly dependent on measures aimed at managing information risks, employees and information sources, while formal and environmental factors have a lesser impact. Experts believe that information security should evolve systematically, where it's recommended that beginning steps include technical, logical and physical security controls, while advanced activities should relate predominantly strategic management activities. By applying the proposed model, organizations are able to determine the actual level of information security performance based on the weighted indexing technique. In this manner they identify the measures they ought to develop in order to improve the current situation. The ISP 10×10M is a useful tool for conducting internal system evaluations and decision-making. It may also be applied to a larger sample of organizations in order to determine the general state-of-play for research purposes.

Relevance of Clean Coal Technology for India’s Energy Security: A Policy Perspective

NASA Astrophysics Data System (ADS)

Garg, Amit; Tiwari, Vineet; Vishwanathan, Saritha

2017-07-01

Climate change mitigation regimes are expected to impose constraints on the future use of fossil fuels in order to reduce greenhouse gas (GHG) emissions. In 2015, 41% of total final energy consumption and 64% of power generation in India came from coal. Although almost a sixth of the total coal based thermal power generation is now super critical pulverized coal technology, the average CO2 emissions from the Indian power sector are 0.82 kg-CO2/kWh, mainly driven by coal. India has large domestic coal reserves which give it adequate energy security. There is a need to find options that allow the continued use of coal while considering the need for GHG mitigation. This paper explores options of linking GHG emission mitigation and energy security from 2000 to 2050 using the AIM/Enduse model under Business-as-Usual scenario. Our simulation analysis suggests that advanced clean coal technologies options could provide promising solutions for reducing CO2 emissions by improving energy efficiencies. This paper concludes that integrating climate change security and energy security for India is possible with a large scale deployment of advanced coal combustion technologies in Indian energy systems along with other measures.