Providing security assurance in line with national DBT assumptions

NASA Astrophysics Data System (ADS)

Bajramovic, Edita; Gupta, Deeksha

2017-01-01

As worldwide energy requirements are increasing simultaneously with climate change and energy security considerations, States are thinking about building nuclear power to fulfill their electricity requirements and decrease their dependence on carbon fuels. New nuclear power plants (NPPs) must have comprehensive cybersecurity measures integrated into their design, structure, and processes. In the absence of effective cybersecurity measures, the impact of nuclear security incidents can be severe. Some of the current nuclear facilities were not specifically designed and constructed to deal with the new threats, including targeted cyberattacks. Thus, newcomer countries must consider the Design Basis Threat (DBT) as one of the security fundamentals during design of physical and cyber protection systems of nuclear facilities. IAEA NSS 10 describes the DBT as "comprehensive description of the motivation, intentions and capabilities of potential adversaries against which protection systems are designed and evaluated". Nowadays, many threat actors, including hacktivists, insider threat, cyber criminals, state and non-state groups (terrorists) pose security risks to nuclear facilities. Threat assumptions are made on a national level. Consequently, threat assessment closely affects the design structures of nuclear facilities. Some of the recent security incidents e.g. Stuxnet worm (Advanced Persistent Threat) and theft of sensitive information in South Korea Nuclear Power Plant (Insider Threat) have shown that these attacks should be considered as the top threat to nuclear facilities. Therefore, the cybersecurity context is essential for secure and safe use of nuclear power. In addition, States should include multiple DBT scenarios in order to protect various target materials, types of facilities, and adversary objectives. Development of a comprehensive DBT is a precondition for the establishment and further improvement of domestic state nuclear-related regulations in the field of physical and cyber protection. These national regulations have to be met later on by I&C platform suppliers, electrical systems suppliers, system integrators and turn-key providers.

From Serpent to CEO: Improving First-Term Security Forces Airman Performance Through Neuroscience Education

DTIC Science & Technology

2017-06-09

full ability to inhibit ANS and limbic response are prone to be impulsive, 25 unintentional, or hesitant when faced with high -threat decisions...graduate degrees in Criminal Justice, a Graduate Certificate in Organizational Leadership, and a current American Society for Industrial Security...experience and full ability to inhibit ANS and limbic response are prone to be impulsive, unintentional, or hesitant when faced with high -threat

Safe: a status update on information security and the hospital community.

PubMed

Fundner, Rita

2003-01-01

IT Security and Privacy are becoming increasingly visible "hot topics" across the full spectrum of industry and service sectors. Legislation and global "best practices" are working hard to defend organizations and individuals against escalating, rapidly evolving cyber-threats. Predictably, the threat landscape is having an impact on all levels to varying degrees: governmental, organizational and individual. This article introduces the basic context for information security and offers insight into how a number of hospitals are addressing the situation, what barriers they currently face and what opportunities they see unfolding.

Insider Threat and Information Security Management

NASA Astrophysics Data System (ADS)

Coles-Kemp, Lizzie; Theoharidou, Marianthi

The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.

49 CFR 1548.15 - Access to cargo: Security threat assessments for individuals having unescorted access to cargo.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for... SECURITY CIVIL AVIATION SECURITY INDIRECT AIR CARRIER SECURITY § 1548.15 Access to cargo: Security threat... must successfully complete a security threat assessment or comparable security threat assessment...

HIV/AIDS Securitization: Outcomes and Current Challenges.

PubMed

Shadyab, Aladdin H; Hale, Braden R; Shaffer, Richard A

2017-01-01

The securitization (i.e., framing of a health issue as a security threat) of HIV/AIDS by the United Nations Security Council in 2000 changed the belief that HIV/AIDS is only a health issue. Although now accepted that HIV/AIDS represents a security threat, the consequences of securitization are still not widely established. The purpose of this paper was to present an evidence-based review of the outcomes and current challenges associated with HIV/AIDS securitization in the context of national security. We provided an overview of HIV/AIDS securitization, followed by a discussion of the impact of securitization on peacekeeping personnel and uniformed services. We also reviewed the United States Government's response to securitization and potential risks and benefits of securitization. Copyright© Bentham Science Publishers; For any queries, please email at epub@benthamscience.org.

Personal privacy, information assurance, and the threat posed by malware techology

NASA Astrophysics Data System (ADS)

Stytz, Martin R.; Banks, Sheila B.

2006-04-01

In spite of our best efforts to secure the cyber world, the threats posed to personal privacy by attacks upon networks and software continue unabated. While there are many reasons for this state of affairs, clearly one of the reasons for continued vulnerabilities in software is the inability to assess their security properties and test their security systems while they are in development. A second reason for this growing threat to personal privacy is the growing sophistication and maliciousness of malware coupled with the increasing difficulty of detecting malware. The pervasive threat posed by malware coupled with the difficulties faced when trying to detect its presence or an attempted intrusion make addressing the malware threat one of the most pressing issues that must be solved in order to insure personal privacy to users of the internet. In this paper, we will discuss the threat posed by malware, the types of malware found in the wild (outside of computer laboratories), and current techniques that are available for from a successful malware penetration. The paper includes a discussion of anti-malware tools and suggestions for future anti-malware efforts.

Medicare privatization and the erosion of retirement security.

PubMed

Polivka, Larry; Kwak, Jung

2008-01-01

This paper describes initiatives to privatize the Medicare program over the last 10 years and the implications of these initiatives for the future of retirement security. Our analysis focuses on the privatization provisions of the Medicare Modernization Act, which is largely designed to benefit the corporate health care sector without containing costs or significantly reducing the threat of rising health care costs to the economic security of current and future retirees. In fact, as designed, the Medicare Modernization Act is likely to increase the threat to retirement security in the years ahead. We conclude with a series of policy alternatives to the neoliberal agenda for the privatization of Medicare.

33 CFR 104.220 - Company or vessel personnel with security duties.

Code of Federal Regulations, 2013 CFR

2013-07-01

... measures; (e) Crowd management and control techniques; (f) Security related communications; (g) Knowledge... duties must maintain a TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: (a) Knowledge of current security threats and patterns; (b) Recognition...

33 CFR 104.220 - Company or vessel personnel with security duties.

Code of Federal Regulations, 2014 CFR

2014-07-01

... measures; (e) Crowd management and control techniques; (f) Security related communications; (g) Knowledge... duties must maintain a TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: (a) Knowledge of current security threats and patterns; (b) Recognition...

33 CFR 104.220 - Company or vessel personnel with security duties.

Code of Federal Regulations, 2012 CFR

2012-07-01

... measures; (e) Crowd management and control techniques; (f) Security related communications; (g) Knowledge... duties must maintain a TWIC, and must have knowledge, through training or equivalent job experience, in the following, as appropriate: (a) Knowledge of current security threats and patterns; (b) Recognition...

Security analysis of cyber-physical system

NASA Astrophysics Data System (ADS)

Li, Bo; Zhang, Lichen

2017-05-01

In recent years, Cyber-Physical System (CPS) has become an important research direction of academic circles and scientific and technological circles at home and abroad, is considered to be following the third wave of world information technology after the computer, the Internet. PS is a multi-dimensional, heterogeneous, deep integration of open systems, Involving the computer, communication, control and other disciplines of knowledge. As the various disciplines in the research theory and methods are significantly different, so the application of CPS has brought great challenges. This paper introduces the definition and characteristics of CPS, analyzes the current situation of CPS, analyzes the security threats faced by CPS, and gives the security solution for security threats. It also discusses CPS-specific security technology, to promote the healthy development of CPS in information security.

49 CFR 1540.205 - Procedures for security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

... threat; (ii) The basis for the determination; (iii) Information about how the applicant may appeal the... 49 Transportation 9 2010-10-01 2010-10-01 false Procedures for security threat assessment. 1540... SECURITY: GENERAL RULES Security Threat Assessments § 1540.205 Procedures for security threat assessment...

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 9 2011-10-01 2011-10-01 false Security threat assessment. 1540.203 Section 1540... Security Threat Assessments § 1540.203 Security threat assessment. (a) Each operator subject to this subpart must ensure that each of the following undergoes a security threat assessment or a comparable...

Public views on multiple dimensions of security : nuclear waepons, terrorism, energy, and the environment : 2007.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Herron, Kerry Gale; Jenkins-Smith, Hank C.

2008-01-01

We analyze and compare findings from identical national surveys of the US general public on nuclear security and terrorism administered by telephone and Internet in mid-2007. Key areas of investigation include assessments of threats to US security; valuations of US nuclear weapons and nuclear deterrence; perspectives on nuclear proliferation, including the specific cases of North Korea and Iran; and support for investments in nuclear weapons capabilities. Our analysis of public views on terrorism include assessments of the current threat, progress in the struggle against terrorism, preferences for responding to terrorist attacks at different levels of assumed casualties, and support formore » domestic policies intended to reduce the threat of terrorism. Also we report findings from an Internet survey conducted in mid 2007 that investigates public views of US energy security, to include: energy supplies and reliability; energy vulnerabilities and threats, and relationships among security, costs, energy dependence, alternative sources, and research and investment priorities. We analyze public assessments of nuclear energy risks and benefits, nuclear materials management issues, and preferences for the future of nuclear energy in the US. Additionally, we investigate environmental issues as they relate to energy security, to include expected implications of global climate change, and relationships among environmental issues and potential policy options.« less

49 CFR 1540.209 - Fees for security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Fees for security threat assessment. 1540.209...: GENERAL RULES Security Threat Assessments § 1540.209 Fees for security threat assessment. This section describes the payment process for completion of the security threat assessments required under subpart. (a...

Counter-Intelligence as a Chaotic Phenomenon and Its Importance in National Security

NASA Astrophysics Data System (ADS)

Kuloğlu, Gökhan; Gül, Zakir; Erçetin, Şefika Şule

In today's rapidly changing globalized world, remarkably fast and important developments have been faced in the area of national security as in almost all other areas. Advancements in communication and transportation technologies have removed physical boundaries almost completely. National security institutions now have to fight against new and complicated security threats that go beyond the boundaries such as organized crimes and terror crimes. These ever-changing threats and dangerous environment which become more and more complex every single day force nations to review their current security structures and to take new and effective measures in the required areas in order to ensure their national security. As a matter of fact, counter-intelligence, which was quite important due to the frequency of spying acts during the Cold War but lost its importance after the Cold War had ended, has been one of these measures. Today, counterintelligence has once again become one of the most important functions in the fight against national security threats with changing dimensions. It is only possible for a nation to ensure its national security fully by having not only a defensive and passive approach but also offensive counter-intelligence.

Department of Defense Information Network (DODIN): A Study of Current Cyber Threats and Best Practices for Network Security

DTIC Science & Technology

2016-06-10

DODIN) is being threatened by state actors, non-state actors, and continuous hacking and cyber-attacks. These threats against the network come in a...variety of forms; physical attacks from radio jamming, logical cyber threats from hacking , or a combination of both physical and logical attacks. Each...year the number of hacking attacks is increasing. Corporations like Symantec publish annual reports on cyber threats and provide tips for best

Risk-Based Models for Managing Data Privacy in Healthcare

ERIC Educational Resources Information Center

AL Faresi, Ahmed

2011-01-01

Current research in health care lacks a systematic investigation to identify and classify various sources of threats to information privacy when sharing health data. Identifying and classifying such threats would enable the development of effective information security risk monitoring and management policies. In this research I put the first step…

Aviation Security: Implementation of Recommendations Is Under Way, but Completion Will Take Several Years

DOT National Transportation Integrated Search

1998-04-01

As the threat of terrorist activities has increased in the United States, the need to improve domestic aviation security has grown. Currently, the Federal Aviation Administration (FAA), other federal agencies, and the aviation industry are implementi...

Semiannual Report to Congress on the Effectiveness of the Civil Aviation Security Program

DTIC Science & Technology

1991-02-01

enforcement support for airline and airport security measures. Airline passengers, as the ultimate beneficiaries of the security program. pay for the...environment for these air carriers. Airport security programs are designed to meet the threat to the specific airport. Of the 4(02 airports. 18...essential to many passengers. " FAA is currently reviewing Parts 107 and 108 of the Federal Aviation Regulations, covering airport security and airplane

49 CFR 1548.16 - Security threat assessments for each proprietor, general partner, officer, director, and certain...

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security threat assessments for each proprietor..., or owner of the entity must successfully complete a security threat assessment or comparable security... owner of the entity has successfully completed a Security Threat Assessment under part 1540, subpart C...

Novel Threat-risk Index Using Probabilistic Risk Assessment and Human Reliability Analysis - Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

George A. Beitel

2004-02-01

In support of a national need to improve the current state-of-the-art in alerting decision makers to the risk of terrorist attack, a quantitative approach employing scientific and engineering concepts to develop a threat-risk index was undertaken at the Idaho National Engineering and Environmental Laboratory (INEEL). As a result of this effort, a set of models has been successfully integrated into a single comprehensive model known as Quantitative Threat-Risk Index Model (QTRIM), with the capability of computing a quantitative threat-risk index on a system level, as well as for the major components of the system. Such a threat-risk index could providemore » a quantitative variant or basis for either prioritizing security upgrades or updating the current qualitative national color-coded terrorist threat alert.« less

49 CFR 1572.9 - Applicant information required for HME security threat assessment.

Code of Federal Regulations, 2011 CFR

2011-10-01

... threat assessment. 1572.9 Section 1572.9 Transportation Other Regulations Relating to Transportation... TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Procedures and General Standards § 1572.9 Applicant information required for HME security threat assessment. An applicant must supply the information...

Patient-Centered Access to Secure Systems Online (PCASSO): a secure approach to clinical data access via the World Wide Web.

PubMed Central

Masys, D. R.; Baker, D. B.

1997-01-01

The Internet's World-Wide Web (WWW) provides an appealing medium for the communication of health related information due to its ease of use and growing popularity. But current technologies for communicating data between WWW clients and servers are systematically vulnerable to certain types of security threats. Prominent among these threats are "Trojan horse" programs running on client workstations, which perform some useful and known function for a user, while breaching security via background functions that are not apparent to the user. The Patient-Centered Access to Secure Systems Online (PCASSO) project of SAIC and UCSD is a research, development and evaluation project to exploit state-of-the-art security and WWW technology for health care. PCASSO is designed to provide secure access to clinical data for healthcare providers and their patients using the Internet. PCASSO will be evaluated for both safety and effectiveness, and may provide a model for secure communications via public data networks. PMID:9357644

Effectiveness of the Civil Aviation Security Program.

DTIC Science & Technology

1976-09-20

commerce--a pr per balance appears to exist. Moreover, airline and airport security programs appear to be capable of responding to changes in the nature...Moreover, airline and airport security programs appear to be capable of responding to changes in the nature and level of current and future threats. The...delays and diversions were experienced. Airline and airport security measures continued to afford the necessary level of protection to U.S. air

Supporting Research and Development of Security Technologies through Network and Security Data Collection

DTIC Science & Technology

Research and development targeted at identifying and mitigating Internet security threats require current network data. To fulfill this need... researchers working for the Center for Applied Internet Data Analysis (CAIDA), a program at the San Diego Supercomputer Center (SDSC) which is based at the...vetted network and security researchers using the PREDICT/IMPACT portal and legal framework. We have also contributed to community building efforts that

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for...: Security threat assessments for cargo personnel in the United States. This section applies in the United...— (1) Each individual must successfully complete a security threat assessment or comparable security...

49 CFR 1572.500 - Scope.

Code of Federal Regulations, 2010 CFR

2010-10-01

..., DEPARTMENT OF HOMELAND SECURITY MARITIME AND LAND TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Fees for Security Threat Assessments for Transportation Worker Identification Credential (TWIC... Transportation Worker Identification Credential and must undergo a security threat assessment under 49 CFR part...

Cybersecurity: The Nation’s Greatest Threat to Critical Infrastructure

DTIC Science & Technology

2013-03-01

protection has become a matter of national security, public safety, and economic stability . It is imperative the U.S. Government (USG) examine current...recommendations for federal responsibilities and legislation to direct nation critical infrastructure efforts to ensure national security, public safety and economic stability .

Infectious diseases and securitization: WHO's dilemma.

PubMed

Jin, Jiyong; Karackattu, Joe Thomas

2011-06-01

The threat posed by infectious diseases has been increasingly framed as a security issue. The UN Security Council's Resolution 1308, which designated HIV/AIDS as a threat to international security, evidenced the securitization process. Using securitization theory as a theoretical tool, this article explores the securitization of infectious diseases in the World Health Organization (WHO). While WHO has tended to securitize infectious diseases since 2000, it has encountered a dilemma in the process because of the inherent asymmetry of interest between developed and developing countries. The act of securitization in WHO currently remains mostly a rhetorical device, since WHO's norms emblematic of securitization have not been backed by operational measures for verification or enforcement due to these asymmetric interests.

Context aware adaptive security service model

NASA Astrophysics Data System (ADS)

Tunia, Marcin A.

2015-09-01

Present systems and devices are usually protected against different threats concerning digital data processing. The protection mechanisms consume resources, which are either highly limited or intensively utilized by many entities. The optimization of these resources usage is advantageous. The resources that are saved performing optimization may be utilized by other mechanisms or may be sufficient for longer time. It is usually assumed that protection has to provide specific quality and attack resistance. By interpreting context situation of business services - users and services themselves, it is possible to adapt security services parameters to countermeasure threats associated with current situation. This approach leads to optimization of used resources and maintains sufficient security level. This paper presents architecture of adaptive security service, which is context-aware and exploits quality of context data issue.

49 CFR 1515.3 - Terms used in this part.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... Applicant means an individual who has applied for one of the security threat assessments identified in 49... for the security threat assessment but TSA later determined that the individual poses a security.... Security threat assessment means the threat assessment for which the applicant has applied, as described in...

Bioterrorism and biological threats dominate federal health security research; other priorities get scant attention.

PubMed

Shelton, Shoshana R; Connor, Kathryn; Uscher-Pines, Lori; Pillemer, Francesca Matthews; Mullikin, James M; Kellermann, Arthur L

2012-12-01

The federal government plays a critical role in achieving national health security by providing strategic guidance and funding research to help prevent, respond to, mitigate, and recover from disasters, epidemics, and acts of terrorism. In this article we describe the first-ever inventory of nonclassified national health security-related research funded by civilian agencies of the federal government. Our analysis revealed that the US government's portfolio of health security research is currently weighted toward bioterrorism and emerging biological threats, laboratory methods, and development of biological countermeasures. Eight of ten other priorities identified in the Department of Health and Human Services' National Health Security Strategy-such as developing and maintaining a national health security workforce or incorporating recovery into planning and response-receive scant attention. We offer recommendations to better align federal spending with health security research priorities, including the creation of an interagency working group charged with minimizing research redundancy and filling persistent gaps in knowledge.

49 CFR 1572.13 - State responsibilities for issuance of hazardous materials endorsement.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Information System (CDLIS) operator of the results of the security threat assessment. (3) Revoke or deny the... TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Procedures and General Standards § 1572.13... security threat assessment in 49 CFR 1572.5 and issues an Initial Determination of Threat Assessment and...

Joint Interagency Coordination Group - Cyber: Empowering the Combatant Commanders against the no-borders threat

DTIC Science & Technology

2009-05-04

inconvenience and denial of Internet service, CNAs pose a threat to national security, if the right computer is hacked , to every day operations, if baking...expert J3: Current Operations Rep Private Sector/Civilian: cyber/CNA SME J5 Future Operations Rep Private Sector/Civilian: cyber/CND SME Table 2

Nuclear threat in the post cold-war era. Monograph

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kurey, W.S.

1995-05-14

This monograph discusses the nuclear threat that the United States faces following the downfall of the Soviet Union. The Russian and Chinese nuclear arsenals represent a formidable threat that must be countered and a new threat is emerging in the third world despite efforts to counter the proliferation of weapons of mass destruction. The monograph reviews the current status of both the Russian and Chinese arsenals and lists the programs that are being undertaken to modernize and improve their respective nuclear capabilities. Both nations are taking significant steps to preserve and improve their nuclear strike capability. The proliferation of nuclearmore » weapons technology, fissile material, and ballistic missiles in the third world is an emerging threat to national security interests. The lack of appropriate security measures during the on-going dismantling of the former Soviet nuclear arsenal presents an opportunity for rogue states and terrorist organizations to readily obtain the materials to produce their own nuclear weapons.« less

49 CFR 1549.103 - Qualifications and training of individuals with security-related duties.

Code of Federal Regulations, 2010 CFR

2010-10-01

... with security-related duties. (a) Security threat assessments. Each certified cargo screening facility... certified cargo screening facility complete a security threat assessment or comparable security threat... acuity, physical coordination, and motor skills to the extent required to effectively operate cargo...

Security Threat Assessment of an Internet Security System Using Attack Tree and Vague Sets

PubMed Central

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete—the traditional approach for calculating reliability—is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods. PMID:25405226

Security threat assessment of an Internet security system using attack tree and vague sets.

PubMed

Chang, Kuei-Hu

2014-01-01

Security threat assessment of the Internet security system has become a greater concern in recent years because of the progress and diversification of information technology. Traditionally, the failure probabilities of bottom events of an Internet security system are treated as exact values when the failure probability of the entire system is estimated. However, security threat assessment when the malfunction data of the system's elementary event are incomplete--the traditional approach for calculating reliability--is no longer applicable. Moreover, it does not consider the failure probability of the bottom events suffered in the attack, which may bias conclusions. In order to effectively solve the problem above, this paper proposes a novel technique, integrating attack tree and vague sets for security threat assessment. For verification of the proposed approach, a numerical example of an Internet security system security threat assessment is adopted in this paper. The result of the proposed method is compared with the listing approaches of security threat assessment methods.

Towards an Enhancement of Organizational Information Security through Threat Factor Profiling (TFP) Model

NASA Astrophysics Data System (ADS)

Sidi, Fatimah; Daud, Maslina; Ahmad, Sabariah; Zainuddin, Naqliyah; Anneisa Abdullah, Syafiqa; Jabar, Marzanah A.; Suriani Affendey, Lilly; Ishak, Iskandar; Sharef, Nurfadhlina Mohd; Zolkepli, Maslina; Nur Majdina Nordin, Fatin; Amat Sejani, Hashimah; Ramadzan Hairani, Saiful

2017-09-01

Information security has been identified by organizations as part of internal operations that need to be well implemented and protected. This is because each day the organizations face a high probability of increase of threats to their networks and services that will lead to information security issues. Thus, effective information security management is required in order to protect their information assets. Threat profiling is a method that can be used by an organization to address the security challenges. Threat profiling allows analysts to understand and organize intelligent information related to threat groups. This paper presents a comparative analysis that was conducted to study the existing threat profiling models. It was found that existing threat models were constructed based on specific objectives, thus each model is limited to only certain components or factors such as assets, threat sources, countermeasures, threat agents, threat outcomes and threat actors. It is suggested that threat profiling can be improved by the combination of components found in each existing threat profiling model/framework. The proposed model can be used by an organization in executing a proactive approach to incident management.

49 CFR 1549.7 - Approval, amendment, renewal of the security program and certification of a certified cargo...

Code of Federal Regulations, 2010 CFR

2010-10-01

... information requested by TSA concerning Security Threat Assessments. (viii) A statement acknowledging and ensuring that each individual will successfully complete a Security Threat Assessment under § 1549.111... Security Coordinator for an applicant successfully completes a security threat assessment, TSA will provide...

Operation Noble Eagle and the Use of Combat Air Patrols for Homeland Defense

DTIC Science & Technology

2008-12-01

aviation security , together with the absence of terrorist attacks on the homeland and of no actionable intelligence indicating an imminent air threat in America. The following sub-areas were researched to help evaluate and recommend changes to the current ONE CAP policy: the history of air defense in America; U.S. air defense mistakes on 9/11 and the evolution of ONE; improvements in the intelligence community and aviation security since 9/11; specific threats to aviation and the risk of another 9/11-style attack in the United States; and the cost and

Improving Insider Threat Training Awareness and Mitigation Programs at Nuclear Facilities.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abbott, Shannon

In recent years, insider threat programs have become an important aspect of nuclear security, and nuclear security training courses. However, many nuclear security insider threat programs fail to address the insider threat attack and monitoring potential that exists on information technology (IT) systems. This failure is critical because of the importance of information technology and networks in today’s world. IT systems offer an opportunity to perpetrate dangerous insider attacks, but they also present an opportunity to monitor for them and prevent them. This paper suggests a number of best practices for monitoring and preventing insider attacks on IT systems, andmore » proposes the development of a new IT insider threat tabletop that can be used to help train nuclear security practitioners on how best to implement IT insider threat prevention best practices. The development of IT insider threat best practices and a practical tabletop exercise will allow nuclear security practitioners to improve nuclear security trainings as it integrates a critical part of insider threat prevention into the broader nuclear security system.« less

Violent Extremism, National Security and Prevention. Institutional Discourses and Their Implications for Schooling

ERIC Educational Resources Information Center

Mattsson, Christer; Säljö, Roger

2018-01-01

Currently, threats to societal security from extremist groups are high on the political agenda in many countries. Politicians, policymakers at various levels and communities are searching for methods to counteract recruitment to violent organizations. These efforts are often referred to as Prevention of Violent Extremism (PVE-programmes). One of…

49 CFR 1522.107 - Application.

Code of Federal Regulations, 2010 CFR

2010-10-01

... security threat assessments. (8) A statement acknowledging that all personnel of the applicant who must successfully complete a security threat assessment under the requirements of this part must do so before the... the Security Coordinator successfully completes a security threat assessment, TSA will provide to the...

49 CFR 1548.7 - Approval, amendment, annual renewal, and withdrawal of approval of the security program.

Code of Federal Regulations, 2010 CFR

2010-10-01

... requested by TSA concerning Security Threat Assessments. (ix) A statement acknowledging and ensuring that each employee and agent will successfully complete a Security Threat Assessment under § 1548.15 before... training and Security Threat Assessments by relevant personnel. (4) Duration of security program. The...

Overview of Accelerator Applications for Security and Defense

DOE PAGES

Antolak, Arlyn J.

2015-01-01

Particle accelerators play a key role in a broad set of defense and security applications including war-fighter and asset protection, cargo inspection, nonproliferation, materials characterization and stockpile stewardship. Accelerators can replace the high activity radioactive sources that pose a security threat for developing a radiological dispersal device and be used to produce isotopes for medical, industrial, and re-search purposes. Lastly, we present an overview of current and emerging accelerator technologies relevant to addressing the needs of defense and security.

Automating Risk Analysis of Software Design Models

PubMed Central

Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P.

2014-01-01

The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance. PMID:25136688

Automating risk analysis of software design models.

PubMed

Frydman, Maxime; Ruiz, Guifré; Heymann, Elisa; César, Eduardo; Miller, Barton P

2014-01-01

The growth of the internet and networked systems has exposed software to an increased amount of security threats. One of the responses from software developers to these threats is the introduction of security activities in the software development lifecycle. This paper describes an approach to reduce the need for costly human expertise to perform risk analysis in software, which is common in secure development methodologies, by automating threat modeling. Reducing the dependency on security experts aims at reducing the cost of secure development by allowing non-security-aware developers to apply secure development with little to no additional cost, making secure development more accessible. To automate threat modeling two data structures are introduced, identification trees and mitigation trees, to identify threats in software designs and advise mitigation techniques, while taking into account specification requirements and cost concerns. These are the components of our model for automated threat modeling, AutSEC. We validated AutSEC by implementing it in a tool based on data flow diagrams, from the Microsoft security development methodology, and applying it to VOMS, a grid middleware component, to evaluate our model's performance.

Examining the Relationship of Business Operations and the Information Security Culture in the United States

ERIC Educational Resources Information Center

Wynn, Cynthia L.

2017-01-01

An increase in information technology has caused and increased in threats towards information security. Threats are malware, viruses, sabotage from employees, and hacking into computer systems. Organizations have to find new ways to combat vulnerabilities and threats of internal and external threats to protect their information security and…

49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

Code of Federal Regulations, 2010 CFR

2010-10-01

... threat assessments for cargo personnel in the United States. 1544.228 Section 1544.228 Transportation... COMMERCIAL OPERATORS Operations § 1544.228 Access to cargo and cargo screening: Security threat assessments... paragraph (b) of this section— (1) Each individual must successfully complete a security threat assessment...

75 FR 63192 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Air Cargo...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-14

... programs, security threat assessments (STA), known shipper data via the Known Shipper Management System... baggage, and other articles, that will be carried aboard a passenger aircraft; and (2) to establish a system to screen, inspect, report, or otherwise ensure the security of all cargo that is to be...

Security, Violent Events, and Anticipated Surge Capabilities of Emergency Departments in Washington State.

PubMed

Weyand, Jonathan S; Junck, Emily; Kang, Christopher S; Heiner, Jason D

2017-04-01

Over the past 15 years, violent threats and acts against hospital patients, staff, and providers have increased and escalated. The leading area for violence is the emergency department (ED) given its 24/7 operations, role in patient care, admissions gateway, and center for influxes during acute surge events. This investigation had three objectives: to assess the current security of Washington State EDs; to estimate the prevalence of and response to threats and violence in Washington State EDs; and to appraise the Washington State ED security capability to respond to acute influxes of patients, bystanders, and media during acute surge events. A voluntary, blinded, 28-question Web-based survey developed by emergency physicians was electronically delivered to all 87 Washington State ED directors in January 2013. We evaluated responses by descriptive statistical analyses. Analyses occurred after 90% (78/87) of ED directors responded. Annual censuses of the EDs ranged from < 20,000 to 100,000 patients and represented the entire spectrum of practice environments, including critical access hospitals and a regional quaternary referral medical center. Thirty-four of 75 (45%) reported the current level of security was inadequate, based on the general consensus of their ED staff. Nearly two-thirds (63%) of EDs had 24-hour security personnel coverage, while 28% reported no assigned security personnel. Security personnel training was provided by 45% of hospitals or healthcare systems. Sixty-nine of 78 (88%) respondents witnessed or heard about violent threats or acts occurring in their ED. Of these, 93% were directed towards nursing staff, 90% towards physicians, 74% towards security personnel, and 51% towards administrative personnel. Nearly half (48%) noted incidents directed towards another patient, and 50% towards a patient's family or friend. These events were variably reported to the hospital administration. After an acute surge event, 35% believed the initial additional security response would not be adequate, with 26% reporting no additional security would be available within 15 minutes. Our study reveals the variability of ED security staffing and a heterogeneity of capabilities throughout Washington State. These deficiencies and vulnerabilities highlight the need for other EDs and regional emergency preparedness planners to conduct their own readiness assessments.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Antolak, Arlyn J.

Particle accelerators play a key role in a broad set of defense and security applications including war-fighter and asset protection, cargo inspection, nonproliferation, materials characterization and stockpile stewardship. Accelerators can replace the high activity radioactive sources that pose a security threat for developing a radiological dispersal device and be used to produce isotopes for medical, industrial, and re-search purposes. Lastly, we present an overview of current and emerging accelerator technologies relevant to addressing the needs of defense and security.

Identifying changing aviation threat environments within an adaptive Homeland Security Advisory System.

PubMed

Lee, Adrian J; Jacobson, Sheldon H

2012-02-01

A critical component of aviation security consists of screening passengers and baggage to protect airports and aircraft from terrorist threats. Advancements in screening device technology have increased the ability to detect these threats; however, specifying the operational configurations of these devices in response to changes in the threat environment can become difficult. This article proposes to use Fisher information as a statistical measure for detecting changes in the threat environment. The perceived risk of passengers, according to prescreening information and behavior analysis, is analyzed as the passengers sequentially enter the security checkpoint. The alarm responses from the devices used to detect threats are also analyzed to monitor significant changes in the frequency of threat items uncovered. The key results are that this information-based measure can be used within the Homeland Security Advisory System to indicate changes in threat conditions in real time, and provide the flexibility of security screening detection devices to responsively and automatically adapt operational configurations to these changing threat conditions. © 2012 Society for Risk Analysis. All rights reserved.

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Security threat assessment. 1540.203 Section 1540.203 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CIVIL AVIATION SECURITY: GENERAL RULES...

Emerging oomycete threats to plants and animals

PubMed Central

Chaparro-Garcia, Angela

2016-01-01

Oomycetes, or water moulds, are fungal-like organisms phylogenetically related to algae. They cause devastating diseases in both plants and animals. Here, we describe seven oomycete species that are emerging or re-emerging threats to agriculture, horticulture, aquaculture and natural ecosystems. They include the plant pathogens Phytophthora infestans, Phytophthora palmivora, Phytophthora ramorum, Plasmopara obducens, and the animal pathogens Aphanomyces invadans, Saprolegnia parasitica and Halioticida noduliformans. For each species, we describe its pathology, importance and impact, discuss why it is an emerging threat and briefly review current research activities. This article is part of the themed issue ‘Tackling emerging fungal threats to animal health, food security and ecosystem resilience’. PMID:28080985

U.S. Maritime Security: Sustainability Challenges

DTIC Science & Technology

2011-09-01

Security Council ICE Immigration and Customs Enforcement IOC Interagency Operation Center JHOC Joint Harbor Operation Center JIATF-S Joint...maritime threats into nation threats, transnational criminal and piracy threats, environmental destruction, and illegal seaborne immigration (U.S...safe and secure borders, welcome lawful immigrants and visitors and promote the free-flow of commerce (U.S. Department of Homeland Security, 2011

49 CFR 1540.209 - Fees for security threat assessment.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Fees for security threat assessment. 1540.209 Section 1540.209 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CIVIL AVIATION SECURITY...

Cyber secure systems approach for NPP digital control systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCreary, T. J.; Hsu, A.

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant andmore » distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

Characterizing, Classifying, and Understanding Information Security Laws and Regulations: Considerations for Policymakers and Organizations Protecting Sensitive Information Assets

ERIC Educational Resources Information Center

Thaw, David Bernard

2011-01-01

Current scholarly understanding of information security regulation in the United States is limited. Several competing mechanisms exist, many of which are untested in the courts and before state regulators, and new mechanisms are being proposed on a regular basis. Perhaps of even greater concern, the pace at which technology and threats change far…

CrossTalk. The Journal of Defense Software Engineering. Volume 25, Number 6

DTIC Science & Technology

2012-12-01

Cyber Security Threat Definition Communicable Noncommunicable Based on Risky Behavior Coordinated Trojan horse programs Threats hidden in a...for Cyber Security Threats Cyber Security Threat Communicable Noncommunicable Risky Behaviors Coordinated Type of Intervention (at the System...types of data are breached. Further, educational materials on risky behaviors (e.g., for home Internet users) as well as recommended guide- lines for

Information security for compliance with select agent regulations.

PubMed

Lewis, Nick; Campbell, Mark J; Baskin, Carole R

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as "select agents." While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts--still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment.

Information Security for Compliance with Select Agent Regulations

PubMed Central

Lewis, Nick; Campbell, Mark J.

2015-01-01

The past decade has seen a significant rise in research on high-consequence human and animal pathogens, many now known as “select agents.” While physical security around these agents is tightly regulated, information security standards are still lagging. The understanding of the threats unique to the academic and research environment is still evolving, in part due to poor communication between the various stakeholders. Perhaps as a result, information security guidelines published by select agent regulators lack the critical details and directives needed to achieve even the lowest security level of the Federal Information Security Management Act (FISMA). While only government agencies are currently required to abide by the provisions of FISMA (unless specified as preconditions for obtaining government grants or contracts—still a relatively rare or narrowly scoped occurrence), the same strategies were recently recommended by executive order for others. We propose that information security guidelines for select agent research be updated to promulgate and detail FISMA standards and processes and that the latter be ultimately incorporated into select agent regulations. We also suggest that information security in academic and research institutions would greatly benefit from active efforts to improve communication among the biosecurity, security, and information technology communities, and from a secure venue for exchange of timely information on emerging threats and solutions in the research environment. PMID:26042864

49 CFR 1554.103 - Security Directives.

Code of Federal Regulations, 2014 CFR

2014-10-01

... necessary to respond to a threat assessment or to a specific threat against civil aviation, TSA issues a..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRCRAFT REPAIR STATION SECURITY Security Measures... each Security Directive TSA issues to the repair station within the time prescribed. Each repair...

76 FR 44944 - Intent To Request Renewal From OMB of One Current Public Collection of Information: TSA Airspace...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-07-27

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0033, abstracted below that we will submit to OMB for renewal in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. This collection of information allows TSA to conduct security threat assessments on individuals on board aircraft operating in restricted airspace pursuant to an airspace waiver. This collection will enhance aviation security and protect assets on the ground that are within the restricted airspace.

Automated X-ray image analysis for cargo security: Critical review and future promise.

PubMed

Rogers, Thomas W; Jaccard, Nicolas; Morton, Edward J; Griffin, Lewis D

2017-01-01

We review the relatively immature field of automated image analysis for X-ray cargo imagery. There is increasing demand for automated analysis methods that can assist in the inspection and selection of containers, due to the ever-growing volumes of traded cargo and the increasing concerns that customs- and security-related threats are being smuggled across borders by organised crime and terrorist networks. We split the field into the classical pipeline of image preprocessing and image understanding. Preprocessing includes: image manipulation; quality improvement; Threat Image Projection (TIP); and material discrimination and segmentation. Image understanding includes: Automated Threat Detection (ATD); and Automated Contents Verification (ACV). We identify several gaps in the literature that need to be addressed and propose ideas for future research. Where the current literature is sparse we borrow from the single-view, multi-view, and CT X-ray baggage domains, which have some characteristics in common with X-ray cargo.

Monitoring Malware Activity on the LAN Network

NASA Astrophysics Data System (ADS)

Skrzewski, Mirosław

Many security related organizations periodically publish current network and systems security information, with the lists of top malware programs. These lists raises the question how these threats spreads out, if the worms (the only threat with own communication abilities) are low or missing on these lists. The paper discuss the research on malware network activity, aimed to deliver the answer to the question, what is the main infection channel of modern malware, done with the usage of virtual honeypot systems on dedicated, unprotected network. Systems setup, network and systems monitoring solutions, results of over three months of network traffic and malware monitoring are presented, along with the proposed answer to our research question.

49 CFR 1540.205 - Procedures for security threat assessment.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Procedures for security threat assessment. 1540.205 Section 1540.205 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY CIVIL AVIATION...

R2U2: Monitoring and Diagnosis of Security Threats for Unmanned Aerial Systems

NASA Technical Reports Server (NTRS)

Schumann, Johann; Moosbruger, Patrick; Rozier, Kristin Y.

2015-01-01

We present R2U2, a novel framework for runtime monitoring of security properties and diagnosing of security threats on-board Unmanned Aerial Systems (UAS). R2U2, implemented in FPGA hardware, is a real-time, REALIZABLE, RESPONSIVE, UNOBTRUSIVE Unit for security threat detection. R2U2 is designed to continuously monitor inputs from the GPS and the ground control station, sensor readings, actuator outputs, and flight software status. By simultaneously monitoring and performing statistical reasoning, attack patterns and post-attack discrepancies in the UAS behavior can be detected. R2U2 uses runtime observer pairs for linear and metric temporal logics for property monitoring and Bayesian networks for diagnosis of security threats. We discuss the design and implementation that now enables R2U2 to handle security threats and present simulation results of several attack scenarios on the NASA DragonEye UAS.

Population growth and global security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mumford, S.

A new threat to international and domestic security has emerged in the past three decades: uncontrolled world population growth. Current world population growth control efforts are ineffective. Unchecked growth will threaten global security by depleting food, energy, and other resources. Immigration is another complicating factor that is straining the carrying capacity of some overpopulated regions. Barriers to effective action include the desire of decision-makers to avoid the controversy of abortion and the role of the Catholic church in lobbying against birth control. (3 graphs, 12 photos, 2 tables)

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills,more » and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between those threats and the defensive capabilities of control systems can be analyzed. The results of the gap analysis drive changes in the cyber security of critical infrastructure networks to close the gap between current exploits and existing defenses. The analysis also provides defenders with an idea of how threat technology is evolving and how defenses will need to be modified to address these emerging trends.« less

33 CFR 101.405 - Maritime Security (MARSEC) Directives.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Maritime Security (MARSEC... SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Control Measures for Security § 101.405 Maritime... necessary to respond to a threat assessment or to a specific threat against the maritime elements of the...

Cyber threats to health information systems: A systematic review.

PubMed

Luna, Raul; Rhine, Emily; Myhra, Matthew; Sullivan, Ross; Kruse, Clemens Scott

2016-01-01

Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Current and Projected National Security Threats to the United States. Hearing before the Select Committee on Intelligence of the United States Senate, One Hundred Eleventh Congress, Second Session

DTIC Science & Technology

2010-02-02

attacks at Fort Hood and the Little Rock recruiting station to the failed attack on Christmas Day, we have seen an alarming number of terrorist threats...performances, so we must create new methods and tradecraft to recognize terror threats we haven’t seen before. Unfortunately, the process of intelligence...about al-Qa’ida itself, al-Qa’ida-associated groups and al-Qa’ida-inspired terrorists striking the United States. And we’ve seen the reality of all

Information Security Issues in Higher Education and Institutional Research

ERIC Educational Resources Information Center

Custer, William L.

2010-01-01

Information security threats to educational institutions and their data assets have worsened significantly over the past few years. The rich data stores of institutional research are especially vulnerable, and threats from security breaches represent no small risk. New genres of threat require new kinds of controls if the institution is to prevent…

78 FR 50077 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Pipeline...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... maps, security plans, etc.); and Actual or suspected cyber-attacks that could impact pipeline... suspected attacks on pipeline systems, facilities, or assets; Bomb threats or weapons of mass destruction...

Security, Violent Events, and Anticipated Surge Capabilities of Emergency Departments in Washington State

PubMed Central

Weyand, Jonathan S.; Junck, Emily; Kang, Christopher S.; Heiner, Jason D.

2017-01-01

Introduction Over the past 15 years, violent threats and acts against hospital patients, staff, and providers have increased and escalated. The leading area for violence is the emergency department (ED) given its 24/7 operations, role in patient care, admissions gateway, and center for influxes during acute surge events. This investigation had three objectives: to assess the current security of Washington State EDs; to estimate the prevalence of and response to threats and violence in Washington State EDs; and to appraise the Washington State ED security capability to respond to acute influxes of patients, bystanders, and media during acute surge events. Methods A voluntary, blinded, 28-question Web-based survey developed by emergency physicians was electronically delivered to all 87 Washington State ED directors in January 2013. We evaluated responses by descriptive statistical analyses. Results Analyses occurred after 90% (78/87) of ED directors responded. Annual censuses of the EDs ranged from < 20,000 to 100,000 patients and represented the entire spectrum of practice environments, including critical access hospitals and a regional quaternary referral medical center. Thirty-four of 75 (45%) reported the current level of security was inadequate, based on the general consensus of their ED staff. Nearly two-thirds (63%) of EDs had 24-hour security personnel coverage, while 28% reported no assigned security personnel. Security personnel training was provided by 45% of hospitals or healthcare systems. Sixty-nine of 78 (88%) respondents witnessed or heard about violent threats or acts occurring in their ED. Of these, 93% were directed towards nursing staff, 90% towards physicians, 74% towards security personnel, and 51% towards administrative personnel. Nearly half (48%) noted incidents directed towards another patient, and 50% towards a patient’s family or friend. These events were variably reported to the hospital administration. After an acute surge event, 35% believed the initial additional security response would not be adequate, with 26% reporting no additional security would be available within 15 minutes. Conclusion Our study reveals the variability of ED security staffing and a heterogeneity of capabilities throughout Washington State. These deficiencies and vulnerabilities highlight the need for other EDs and regional emergency preparedness planners to conduct their own readiness assessments. PMID:28435498

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

... prevent completion of the threat assessment). (5) Gender. (6) Country of citizenship. (7) If the applicant... subpart remains valid for five years from the date that TSA issues a Determination of No Security Threat...

49 CFR 1548.19 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... CARRIER SECURITY § 1548.19 Security Directives and Information Circulars. (a) TSA may issue an Information... security measures are necessary to respond to a threat assessment, or to a specific threat against civil...

Information Technology Security and Human Risk: Exploring Factors of Unintended Insider Threat and Organizational Resilience

ERIC Educational Resources Information Center

Thompson, Eleanor Elizabeth

2014-01-01

That organizations face threats to the security of their computer systems from external hackers is well documented. Intentional or unintentional behaviors by organizational insiders can severely compromise computer security as well. Less is known, however, about the nature of this threat from insiders. The purpose of this study was to bridge this…

Insider Threat Security Reference Architecture

DTIC Science & Technology

2012-04-01

this challenge. CMU/SEI-2012-TR-007 | 2 2 The Components of the ITSRA Figure 2 shows the four layers of the ITSRA. The Business Security layer......organizations improve their level of preparedness to address the insider threat. Business Security Architecture Data Security Architecture

SAFER Under Vehicle Inspection Through Video Mosaic Building

DTIC Science & Technology

2004-01-01

this work were taken using a Polaris Wp-300c Lipstick video camera mounted on a mobile platform. Infrared video was taken using a Raytheon PalmIR PRO...Tank- Automotive Research, Development and Engineering Center, US Army RDECOM, Warren, Michigan, USA. Keywords Inspection, Road vehicles, State...security, Robotics Abstract The current threats to US security, both military and civilian, have led to an increased interest in the development of

AR.Drone: security threat analysis and exemplary attack to track persons

NASA Astrophysics Data System (ADS)

Samland, Fred; Fruth, Jana; Hildebrandt, Mario; Hoppe, Tobias; Dittmann, Jana

2012-01-01

In this article we illustrate an approach of a security threat analysis of the quadrocopter AR.Drone, a toy for augmented reality (AR) games. The technical properties of the drone can be misused for attacks, which may relate security and/or privacy aspects. Our aim is to sensitize for the possibility of misuses and the motivation for an implementation of improved security mechanisms of the quadrocopter. We focus primarily on obvious security vulnerabilities (e.g. communication over unencrypted WLAN, usage of UDP, live video streaming via unencrypted WLAN to the control device) of this quadrocopter. We could practically verify in three exemplary scenarios that this can be misused by unauthorized persons for several attacks: high-jacking of the drone, eavesdropping of the AR.Drones unprotected video streams, and the tracking of persons. Amongst other aspects, our current research focuses on the realization of the attack of tracking persons and objects with the drone. Besides the realization of attacks, we want to evaluate the potential of this particular drone for a "safe-landing" function, as well as potential security enhancements. Additionally, in future we plan to investigate an automatic tracking of persons or objects without the need of human interactions.

A threat intelligence framework for access control security in the oil industry

NASA Astrophysics Data System (ADS)

Alaskandrani, Faisal T.

The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

Children and adolescents facing a continuous security threat: Aggressive behavior and post-traumatic stress symptoms.

PubMed

Nuttman-Shwartz, Orit

2017-07-01

There is extensive research evidence indicating that children and youth are the most vulnerable population for developing psychological symptoms relating to war and terror. Although studies have documented a wide range of detrimental emotional and behavioral effects of such exposure, much less is known about the effects of exposure to a continuous security threat for children and adolescents. Against this background, the current article examined the implications of continuous exposure to missile attacks among 1096 children and adolescents enrolled in public schools near the Israeli border with Gaza. Participants filled out quantitative questionnaires, which relate to the pathological consequences of continuous exposure to security threats, and to the role of the school and the community as a protective environment against disruptive behavior resulting from such exposure. The findings revealed that PTSS responses were mainly related to the security threat, whereas interpersonal aggression resulted from other types of traumatic events. Significant differences were found between aggression and posttraumatic symptoms, by age and gender. PTSS was found to be lower for older participants and higher for girls, whereas aggression was higher for boys and higher for older participants. Furthermore, the sense of belonging to the place of residence was negatively associated with PTSS as well as with aggressive behavior: the higher the participants' sense of belonging, the lower their levels of PTSS and aggressive responses. In contrast, the sense of belonging to the school was negatively associated only with aggressive behavior: the higher the participants' sense of belonging to the school, the lower their aggressive responses. The findings are discussed in the light of trauma theories and in light of the results of previous research. The study contributed to knowledge about the differential consequences of exposure to a security threat, and highlighted the importance of differential interventions with children who show post-traumatic symptoms versus those who show aggressive behavior. Accordingly, the security situation should not overshadow social issues that need to be addressed, such as family violence and aggression among school children. Copyright © 2017 Elsevier Ltd. All rights reserved.

One health security: an important component of the global health security agenda.

PubMed

Gronvall, Gigi; Boddie, Crystal; Knutsson, Rickard; Colby, Michelle

2014-01-01

The objectives of the Global Health Security Agenda (GHSA) will require not only a "One Health" approach to counter natural disease threats against humans, animals, and the environment, but also a security focus to counter deliberate threats to human, animal, and agricultural health and to nations' economies. We have termed this merged approach "One Health Security." It will require the integration of professionals with expertise in security, law enforcement, and intelligence to join the veterinary, agricultural, environmental, and human health experts essential to One Health and the GHSA. Working across such different professions, which occasionally have conflicting aims and different professional cultures, poses multiple challenges, but a multidisciplinary and multisectoral approach is necessary to prevent disease threats; detect them as early as possible (when responses are likely to be most effective); and, in the case of deliberate threats, find who may be responsible. This article describes 2 project areas that exemplify One Health Security that were presented at a workshop in January 2014: the US government and private industry efforts to reduce vulnerabilities to foreign animal diseases, especially foot-and-mouth disease; and AniBioThreat, an EU project to counter deliberate threats to agriculture by raising awareness and implementing prevention and response policies and practices.

Physician office readiness for managing Internet security threats.

PubMed

Keshavjee, K; Pairaudeau, N; Bhanji, A

2006-01-01

Internet security threats are evolving toward more targeted and focused attacks.Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done.

Physician Office Readiness for Managing Internet Security Threats

PubMed Central

Keshavjee, K; Pairaudeau, N; Bhanji, A

2006-01-01

Internet security threats are evolving toward more targeted and focused attacks. Increasingly, organized crime is involved and they are interested in identity theft. Physicians who use Internet in their practice are at risk for being invaded. We studied 16 physician practices in Southern Ontario for their readiness to manage internet security threats. Overall, physicians have an over-inflated sense of preparedness. Security practices such as maintaining a firewall and conducting regular virus checks were not consistently done. PMID:17238600

Susceptibility of SCADA systems and the energy sector

NASA Astrophysics Data System (ADS)

Goike, Lindsay

The research in this paper focused on analyzing SCADA systems in the energy sector for susceptibility to cyber attacks, in furtherance of providing suggestions to mitigate current and future cyber attacks. The research will be addressing the questions: how are SCADA systems susceptible to cyber attacks, and what are the suggested ways to mitigate both current and future cyber attacks. The five main categories of security vulnerabilities facing current SCADA systems were found to be: connectivity to the Internet, failure to plan, interdependency of sectors, numerous different types of threats, and outdated software. Some of the recommendations mentioned to mitigate current and future risks were: virtual private networks, risk assessments, increased physical security, updating of software, and firewalls.

49 CFR 1572.203 - Transportation of explosives from Canada to the United States via railroad carrier.

Code of Federal Regulations, 2010 CFR

2010-10-01

... to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY MARITIME AND LAND TRANSPORTATION SECURITY CREDENTIALING AND SECURITY THREAT ASSESSMENTS Transportation of... determines is not known or is a threat to security. (e) At the border. (1) Train crew members who are not U.S...

Threats to information security of real-time disease surveillance systems.

PubMed

Henriksen, Eva; Johansen, Monika A; Baardsgaard, Anders; Bellika, Johan G

2009-01-01

This paper presents the main results from a qualitative risk assessment of information security aspects for a new real-time disease surveillance approach in general, and for the Snow surveillance system in particular. All possible security threats and acceptable solutions, and the implications these solutions had to the design of the system, were discussed. Approximately 30 threats were identified. None of these got an unacceptable high risk level originally, but two got medium risk level, of which one was concluded to be unacceptable after further investigation. Of the remaining low risk threats, some have severe consequence, thus requiring particular assessment. Since it is very important to identify and solve all security threats before real-time solutions can be used in a wide scale, additional investigations are needed.

Implementing an Information Security Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Lenaeus, Joseph D.; Landine, Guy P.

The threats to information security have dramatically increased with the proliferation of information systems and the internet. Chemical, biological, radiological, nuclear, and explosives (CBRNe) facilities need to address these threats in order to protect themselves from the loss of intellectual property, theft of valuable or hazardous materials, and sabotage. Project 19 of the European Union CBRN Risk Mitigation Centres of Excellence Initiative is designed to help CBRN security managers, information technology/cybersecurity managers, and other decision-makers deal with these threats through the application of cost-effective information security programs. Project 19 has developed three guidance documents that are publically available to covermore » information security best practices, planning for an information security management system, and implementing security controls for information security.« less

Resurrecting Letters of Marque and Reprisal to Address Modern Threats

DTIC Science & Technology

2013-03-01

history 4 and economics. Unfortunately, bringing maritime pirates and cyber criminals to justice has proven difficult under current norms of... cyber criminals have cost companies and consumers hundreds of millions of dollars and valuable intellectual property.79 The National Security Strategy

What Are the Security Threats to Further Development of Nuclear Power Plants in the U.S.

DTIC Science & Technology

2010-03-01

as-a-secure- fuel -alternative &catid=94:0409content&itemid=342. (accessed May 2009). Bush, President George W. “Expand the Circle of Development by...SECURITY THREATS TO FURTHER DEVELOPMENT OF NUCLEAR POWER PLANTS IN THE U.S.? by Tammie L. Nottestad March 2010 Thesis Advisor: Robert Looney...Master’s Thesis 4. TITLE AND SUBTITLE What Are the Security Threats to Further Development of Nuclear Power Plants in the U.S.? 6. AUTHOR(S

49 CFR 1544.305 - Security Directives and Information Circulars.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Security Directives and Information Circulars... SECURITY: AIR CARRIERS AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.305 Security Directives and Information Circulars. (a) TSA may issue an Information Circular to notify aircraft operators of...

77 FR 11146 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Certified...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-24

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0053, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. The collections include: (1) Applications from entities that wish to become Certified Cargo Screening Facilities (CCSF); (2) personal information to allow TSA to conduct security threat assessments on key individuals employed by the CCSFs; (3) acceptance of a standard security program or submission of a proposed modified security program; (4) information on the amount of cargo screened; and (5) recordkeeping requirements for CCSFs. TSA is seeking the renewal of the ICR for the continuation of the program in order to secure passenger aircraft carrying cargo.

A Security Strategy for Cyber Threats on Neighbor Discovery in 6Lowpan Networks

DTIC Science & Technology

2017-12-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release. Distribution is unlimited. A SECURITY...STRATEGY FOR CYBER THREATS ON NEIGHBOR DISCOVERY IN 6LOWPAN NETWORKS by Cheng Hai Ang December 2017 Thesis Advisor: Preetha Thulasiraman...REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE A SECURITY STRATEGY FOR CYBER THREATS ON NEIGHBOR DISCOVERY IN 6LOWPAN

49 CFR 1515.11 - Review by administrative law judge and TSA Final Decision Maker.

Code of Federal Regulations, 2010 CFR

2010-10-01

... PROCEDURAL RULES APPEAL AND WAIVER PROCEDURES FOR SECURITY THREAT ASSESSMENTS FOR INDIVIDUALS § 1515.11... Threat Assessment on the grounds that he or she poses a security threat after an appeal as described in... been issued a Final Determination of Threat Assessment after an appeal as described in 49 CFR 1515.9...

Defense Space Acquisitions: Too Early to Determine if Recent Changes Will Resolve Persistent Fragmentation in Management and Oversight

DTIC Science & Technology

2016-07-27

effectively respond to these threats has increased the importance of focused leadership in national security space. In Senate Report 114-49 accompanying...review the effectiveness of the current DOD space acquisition and oversight model and to evaluate what changes, if any, could be considered to... effectively consolidate space leadership. Some of these responsibilities include reviewing all service budgets for conformity with national security

Tag ID Subdivision Scheme for Efficient Authentication and Security-Enhancement of RFID System in USN

NASA Astrophysics Data System (ADS)

Lee, Kijeong; Park, Byungjoo; Park, Gil-Cheol

Radio frequency identification (RFID) is a generic term that is used to describe a system that transmits the identity (in the form of a unique serial number) of an object or person wirelessly, using radio waves. However, there are security threats in the RFID system related to its technical components. For example, illegal RFID tag readers can read tag ID and recognize most RFID Readers, a security threat that needs in-depth attention. Previous studies show some ideas on how to minimize these security threats like studying the security protocols between tag, reader and Back-end DB. In this research, the team proposes an RFID Tag ID Subdivision Scheme to authenticate the permitted tag only in USN (Ubiquitous Sensor Network). Using the proposed scheme, the Back-end DB authenticates selected tags only to minimize security threats like eavesdropping and decreasing traffic in Back-end DB.

Three Essays on Information Security Policies

ERIC Educational Resources Information Center

Yang, Yubao

2011-01-01

Information security breaches pose a significant and increasing threat to national security and economic well-being. In the Symantec Internet Security Threat Report (2003), companies surveyed experienced an average of about 30 attacks per week. Anecdotal evidence suggests that losses from cyber-attacks can run into millions of dollars. The CSI-FBI…

Security systems engineering overview

NASA Astrophysics Data System (ADS)

Steele, Basil J.

1997-01-01

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at 70 billion dollars in direct costs and up to 300 billion dollars in indirect costs. Health insurance fraud alone is estimated to cost American businesses 100 billion dollars. Theft, warranty fraud, and counterfeiting of computer hardware totaled 3 billion dollars in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies; industrial espionage detection and prevention; security barrier technology.

Security risks associated with radio frequency identification in medical environments.

PubMed

Hawrylak, Peter J; Schimke, Nakeisha; Hale, John; Papa, Mauricio

2012-12-01

Radio frequency identification (RFID) is a form of wireless communication that is used to identify assets and people. RFID has significant benefits to the medical environment. However, serious security threats are present in RFID systems that must be addressed in a medical environment. Of particular interest are threats to patient privacy and safety based on interception of messages, interruption of communication, modification of data, and fabrication of messages and devices. This paper presents an overview of these security threats present in RFID systems in a medical environment and provides guidance on potential solutions to these threats. This paper provides a roadmap for researchers and implementers to address the security issues facing RFID in the medical space.

76 FR 81516 - Homeland Security Advisory Council

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-28

... security; and provide information on the threat of an electromagnetic pulse attack and its associated... Operational Update. Electromagnetic Pulse (EMP) Threat--Lessons Learned and Areas of Vulnerability, and... and the potential threat of an electromagnetic pulse attack. Both will include lessons learned and...

Spousal Coping Strategies in the Shadow of Terrorism.

PubMed

Shechory-Bitton, Mally; Cohen-Louck, Keren

2017-11-01

The present study focuses on spousal differences in reaction to ongoing exposure to terror and security threats. Sixty-eight married couples with children living in a region exposed to ongoing security threats were evaluated. All participants completed questionnaires on objective exposure (number of incidents) and subjective exposure (sense of fear) to terrorism and security threats, posttraumatic stress disorder (PTSD) symptoms, and their coping strategies with this ongoing exposure. Mothers reported higher levels of fear and PTSD symptoms, although their objective levels of exposure did not differ from those of their husbands. Similarities were found in coping strategies adopted by mothers and fathers to cope with life in the shadow of terrorism. Both mothers and fathers integrated emotion- and problem-focused coping strategies, with greater use of the latter. These similarities partially contradict research findings suggesting gender differences in coping with exposure to security threats. The results support the need for further research into investigating the role of dyadic coping in the context of prolonged exposure to security threats.

International Nuclear Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Doyle, James E.

2012-08-14

This presentation discusses: (1) Definitions of international nuclear security; (2) What degree of security do we have now; (3) Limitations of a nuclear security strategy focused on national lock-downs of fissile materials and weapons; (4) What do current trends say about the future; and (5) How can nuclear security be strengthened? Nuclear security can be strengthened by: (1) More accurate baseline inventories; (2) Better physical protection, control and accounting; (3) Effective personnel reliability programs; (4) Minimize weapons-usable materials and consolidate to fewer locations; (5) Consider local threat environment when siting facilities; (6) Implement pledges made in the NSS process; andmore » (7) More robust interdiction, emergency response and special operations capabilities. International cooperation is desirable, but not always possible.« less

TeraSCREEN: multi-frequency multi-mode Terahertz screening for border checks

NASA Astrophysics Data System (ADS)

Alexander, Naomi E.; Alderman, Byron; Allona, Fernando; Frijlink, Peter; Gonzalo, Ramón; Hägelen, Manfred; Ibáñez, Asier; Krozer, Viktor; Langford, Marian L.; Limiti, Ernesto; Platt, Duncan; Schikora, Marek; Wang, Hui; Weber, Marc Andree

2014-06-01

The challenge for any security screening system is to identify potentially harmful objects such as weapons and explosives concealed under clothing. Classical border and security checkpoints are no longer capable of fulfilling the demands of today's ever growing security requirements, especially with respect to the high throughput generally required which entails a high detection rate of threat material and a low false alarm rate. TeraSCREEN proposes to develop an innovative concept of multi-frequency multi-mode Terahertz and millimeter-wave detection with new automatic detection and classification functionalities. The system developed will demonstrate, at a live control point, the safe automatic detection and classification of objects concealed under clothing, whilst respecting privacy and increasing current throughput rates. This innovative screening system will combine multi-frequency, multi-mode images taken by passive and active subsystems which will scan the subjects and obtain complementary spatial and spectral information, thus allowing for automatic threat recognition. The TeraSCREEN project, which will run from 2013 to 2016, has received funding from the European Union's Seventh Framework Programme under the Security Call. This paper will describe the project objectives and approach.

77 FR 513 - Intent To Request Renewal From OMB of One Current Public Collection of Information; Maryland...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-01-05

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0029, abstracted below that we will submit to OMB for renewal in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. This collection requires individuals to successfully complete a security threat assessment in order to operate an aircraft to or from one of the three Maryland airports that are located within the Washington, DC, Metropolitan Area Flight Restricted Zone (Maryland Three Airports), or to serve as an airport security coordinator at one of these three airports.

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2011 CFR

2011-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

49 CFR 15.5 - Sensitive security information.

Code of Federal Regulations, 2012 CFR

2012-10-01

... sources and methods used to gather or develop threat information, including threats against cyber infrastructure. (8) Security measures. Specific details of aviation or maritime transportation security measures... infrastructure asset information. Any list identifying systems or assets, whether physical or virtual, so vital...

Countering MANPADS: study of new concepts and applications: part two

NASA Astrophysics Data System (ADS)

Maltese, Dominique; Vergnolle, Jean-François; Aragones, Julien; Renaudat, Mathieu

2007-04-01

The latest events of ground-to-air Man Portable Air Defense (MANPAD) attacks against aircraft have revealed a new threat both for military and civilian aircraft. Consequently, the implementation of protecting systems (i.e. Directed Infra Red Counter Measure - DIRCM) in order to face IR guided missiles turns out to be now inevitable. In a near future, aircraft will have to possess detection, tracking, identification, targeting and jamming capabilities to face MANPAD threats. Besides, Multiple Missiles attacks become more and more current scenarios to deal with. In this paper, a practical example of DIRCM systems under study at SAGEM DEFENSE & SECURITY Company is presented. The article is the continuation of a previous SPIE one. Self-protection solutions include built-in and automatic locking-on, tracking, identification and laser jamming capabilities, including defeat assessment. Target Designations are provided by a Missile Warning System. Targets scenarios including multiple threats are considered to design systems architectures. In a first step, the article reminds the context, current and future threats (IR seekers of different generations...), and scenarios for system definition. Then, it focuses on potential self-protection systems under study at SAGEM DEFENSE & SECURITY Company. Different strategies including target identification, multi band laser and active imagery have been previously studied in order to design DIRCM System solutions. Thus, results of self-protection scenarios are provided for different MANPAD scenarios to highlight key problems to solve. Data have been obtained from simulation software modeling full DIRCM systems architectures on technical and operational scenarios (parametric studies).

77 FR 11145 - Intent to Request Renewal From OMB of One Current Public Collection of Information: Air Cargo...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-02-24

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0040, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. This ICR involves five broad categories of affected populations: airports, passenger aircraft operators, foreign air carriers, indirect air carriers operating under a security program, and all-cargo carriers. The collections of information that make up this ICR are security programs, security threat assessments (STA), known shipper data via the Known Shipper Management System (KSMS), Air Cargo Data Management System (ACDMS), Cargo Reporting Tool for cargo screening reporting, and evidence of compliance recordkeeping. TSA seeks continued OMB approval in order to secure passenger aircraft carrying cargo as authorized in the Aviation and Transportation Security Act.

Elements of ESA's policy on space and security

NASA Astrophysics Data System (ADS)

Giannopapa, Christina; Adriaensen, Maarten; Antoni, Ntorina; Schrogl, Kai-Uwe

2018-06-01

In the past decade Europe has been facing rising security threats, ranging from climate change, migrations, nearby conflicts and crises, to terrorism. The demand to tackle these critical challenges is increasing in Member States. Space is already contributing, and could further contribute with already existing systems and future ones. The increasing need for security in Europe and for safety and security of Europe's space activities has led to a growing number of activities in ESA in various domains. It has also driven new and strengthened partnerships with security stakeholders in Europe. At the European level, ESA is collaborating closely with the main European institutions dealing with space security. In addition, as an organisation ESA has evolved to conduct security-related projects and programmes and to address the threats to its own activities, thereby securing the investments of the Member States. Over the past years the Agency has set up a comprehensive regulatory framework in order to be able to cope with security related requirements. Over the past years, ESA has increased its exchanges with its Member States. The paper presents main elements of the ESA's policy on space and security. It introduces the current European context for space and security, the European goals in this domain and the specific objectives to which the Agency intends to contribute. Space and security in the ESA context is set out under two components: a) security from space and b) security in space, including the security of ESA's own activities (corporate security and the security of ESA's space missions). Subsequently, ESA's activities are elaborated around these two pillars, composed of different activities conducted in the most appropriate frameworks and in coordination with the relevant stakeholders and shareholders.

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2013 CFR

2013-10-01

.... (3) Date and place of birth. (4) Social security number (submission is voluntary, although failure to provide it may delay or prevent completion of the threat assessment). (5) Gender. (6) Country of... Border Protection. (i) If asserting completion of a comparable threat assessment listed in paragraph (h...

49 CFR 1540.203 - Security threat assessment.

Code of Federal Regulations, 2012 CFR

2012-10-01

.... (3) Date and place of birth. (4) Social security number (submission is voluntary, although failure to provide it may delay or prevent completion of the threat assessment). (5) Gender. (6) Country of... Border Protection. (i) If asserting completion of a comparable threat assessment listed in paragraph (h...

Communicating Homeland Security Threats: Government and Public Efforts

DTIC Science & Technology

2010-12-01

States has never operated at a threat level lower than blue - guarded risk. The Homeland Security Advisory Council’s primary recommendations included...changing the alert level baseline to blue (guarded risk). Their rationale for resetting the threat level baseline includes acknowledging that a...accustomed to the guarded blue level indicative of a general threat of terrorist attack. To assume that public officials and citizens would ever

The Cybercitizen Dimension: A Quantitative Study Using a Threat Avoidance Perspective

ERIC Educational Resources Information Center

Manzano, Debbie L.

2012-01-01

The importance of information security is understated and theory-based empirical research that explains computer users voluntary IT threat avoidance behavior is lacking. Most existing information security research on individual behaviors has been focused in organizational settings where the threat avoidance behavior is mandatory and dictated by…

The Role of Self-Efficacy in Computer Security Behavior: Developing the Construct of Computer Security Self-Efficacy (CSSE)

ERIC Educational Resources Information Center

Clarke, Marlon

2011-01-01

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

The Threat of Security: Hindering Technology Integration in the Classroom

ERIC Educational Resources Information Center

Robinson, LeAnne K.; Brown, Abbie; Green, Tim

2007-01-01

For the last year the authors have been gathering examples of how perceived "threats of security" are hampering the integration of technology in teaching and learning. They hope that educators will examine both the challenges of increased security demands and ways in which security might enhance, rather than detract from, the use of technology for…

Regulatory Underpinnings of Global Health Security: FDA's Roles in Preventing, Detecting, and Responding to Global Health Threats

PubMed Central

Bond, Katherine C.; Maher, Carmen

2014-01-01

In February 2014, health officials from around the world announced the Global Health Security Agenda, a critical effort to strengthen national and global systems to prevent, detect, and respond to infectious disease threats and to foster stronger collaboration across borders. With its increasing global roles and broad range of regulatory responsibilities in ensuring the availability, safety, and security of medical and food products, the US Food and Drug Administration (FDA) is engaged in a range of efforts in support of global health security. This article provides an overview of FDA's global health security roles, focusing on its responsibilities related to the development and use of medical countermeasures (MCMs) for preventing, detecting, and responding to global infectious disease and other public health emergency threats. The article also discusses several areas—antimicrobial resistance, food safety, and supply chain integrity—in which FDA's global health security roles continue to evolve and extend beyond MCMs and, in some cases, beyond traditional infectious disease threats. PMID:25254912

Regulatory underpinnings of Global Health security: FDA's roles in preventing, detecting, and responding to global health threats.

PubMed

Courtney, Brooke; Bond, Katherine C; Maher, Carmen

2014-01-01

In February 2014, health officials from around the world announced the Global Health Security Agenda, a critical effort to strengthen national and global systems to prevent, detect, and respond to infectious disease threats and to foster stronger collaboration across borders. With its increasing global roles and broad range of regulatory responsibilities in ensuring the availability, safety, and security of medical and food products, the US Food and Drug Administration (FDA) is engaged in a range of efforts in support of global health security. This article provides an overview of FDA's global health security roles, focusing on its responsibilities related to the development and use of medical countermeasures (MCMs) for preventing, detecting, and responding to global infectious disease and other public health emergency threats. The article also discusses several areas-antimicrobial resistance, food safety, and supply chain integrity-in which FDA's global health security roles continue to evolve and extend beyond MCMs and, in some cases, beyond traditional infectious disease threats.

An Information Policy for the Information Age.

ERIC Educational Resources Information Center

Blake, Virgil; Surprenant, Thomas

1988-01-01

Discusses recent federal information policies that pose a threat to access to information. A short-lived policy for protection of sensitive but unclassified information is criticized, and the Computer Security Act of 1987, currently under consideration in Congress, is described. Involvement by the library and information community in developing…

Threats to US energy security: the challenge of Arab oil

DOE Office of Scientific and Technical Information (OSTI.GOV)

Phillips, J.

1979-08-13

Assured access to foreign oil supplies is a vital national interest of the United States which has been repeatedly jeopardized in the 1970s and one that will face additional critical challenges in the 1980s. This paper identifies and analyzes various threats to US energy security both in terms of their past use and future usability. Since the most ominous threat to US energy security is posed in connection with the Arab-Israeli conflict, the paper focuses on the Arab oil weapon, although the energy-security implications of the Iranian revolution are also assessed.

The Threat Among Us: Insiders Intensify Aviation Terrorism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Krull, Katie E.

Aviation terrorism is powerful and symbolic, and will likely remain a staple target for terrorists aiming to inflict chaos and cause mass casualties similar to the 9/11 attacks on the U.S. The majority of international and domestic aviation terrorist attacks involves outsiders, or people who do not have direct access to or affiliation with a target through employment. However, several significant attacks and plots against the industry involved malicious employees motivated by suicide or devotion to a terrorist organization. Malicious insiders’ access and knowledge of aviation security, systems, networks, and infrastructure is valuable to terrorists, providing a different pathway formore » attacking the industry through the insider threat. Indicators and warnings of insider threats in these cases exist, providing insight into how security agencies, such as the Transportation Security Administration, can better predict and identify insider involvement. Understanding previous aviation insider threat events will likely aid in stimulating proactive security measures, rather than reactive responses. However, similar to traditional airport security measures, there are social, political, and economic challenges in protecting against the insider threat, including privacy concerns and cost-benefit analysis.« less

The MANPAD Threat to Civilian Airliners

DTIC Science & Technology

2006-03-03

PAGES: 19 KEY TERMS: Homeland Security; Non-Proliferation; Airport Security CLASSIFICATION: Unclassified This paper investigates strategic approaches...technological solutions and law enforcement operations to provide a competent airport security perimeter.”18 To combat this ominous threat of MANPADS...sites for phone and computer tips should be established with access for airport security , local and federal law enforcement, as well as intelligence

Kaliningrad and Baltic Security

DTIC Science & Technology

2001-06-01

Kennedy-Minott, Thesis Co-Advisor ___________________________________________ James Wirtz , Chairman Department of National Security Affairs iv...39 Jochen Prantl, �Security and Stability in Northern Europe � A Threat Assessment,� Program on the Northern Dimension of the CFSP, 29...www.usis.usemb.se/ wireless/500/eur508.htm Prantl, Jochen . �Security and Stability in Northern Europe � A Threat Assessment.� Program on the Northern Dimension

Addressing Software Security

NASA Technical Reports Server (NTRS)

Bailey, Brandon

2015-01-01

Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2012 CFR

2012-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2012-10-01 2012-10-01 false Access to cargo: Security threat assessments for...

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2014 CFR

2014-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2014-10-01 2014-10-01 false Access to cargo: Security threat assessments for...

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2013 CFR

2013-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2013-10-01 2013-10-01 false Access to cargo: Security threat assessments for...

49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

Code of Federal Regulations, 2011 CFR

2011-10-01

... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2011-10-01 2011-10-01 false Access to cargo: Security threat assessments for...

Workshop on Current Issues in Predictive Approaches to Intelligence and Security Analytics: Fostering the Creation of Decision Advantage through Model Integration and Evaluation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sanfilippo, Antonio P.

2010-05-23

The increasing asymmetric nature of threats to the security, health and sustainable growth of our society requires that anticipatory reasoning become an everyday activity. Currently, the use of anticipatory reasoning is hindered by the lack of systematic methods for combining knowledge- and evidence-based models, integrating modeling algorithms, and assessing model validity, accuracy and utility. The workshop addresses these gaps with the intent of fostering the creation of a community of interest on model integration and evaluation that may serve as an aggregation point for existing efforts and a launch pad for new approaches.

The cyber threat, trophy information and the fortress mentality.

PubMed

Scully, Tim

2011-10-01

'It won't happen to me' is a prevalent mindset among senior executives in the private and public sectors when considering targeted cyber intrusions. This is exacerbated by the long-term adoption of a 'fortress mentality' towards cyber security, and by the attitude of many of our cyber-security professionals, who speak a different language when it comes to communicating cyber-security events to senior executives. The prevailing approaches to cyber security have clearly failed. Almost every week another serious, targeted cyber intrusion is reported, but reported intrusions are only the tip of the iceberg. Why have we got it so wrong? It must be acknowledged that cyber security is no longer the domain of cyber-security experts alone. Many more of us at various levels of leadership must understand, and be more deeply engaged in, the cyber-security challenge if we are to deal with the threat holistically and effectively. Governments cannot combat the cyber threat alone, particularly the so-called advanced persistent threat; they must work closely with industry as trusted partners. Industry will be the 'boots on the ground' in cyber security, but there are challenges to building this relationship, which must be based on sound principles.

African Security Challenges: Now and Over the Horizon. Refugees, Internally-Displaced Persons, and Militancy in Africa: Current and/or Future Threat?

DTIC Science & Technology

2010-01-01

asserted that in Africa, the general form this problem takes today might be different than the form it took in the past. Citing the 1994 Rwanda case as...community in promoting U.S. response to the genocide there. African Security Challenges: Now and Over the Horizon Working Group Discussion Report...nightmare scenario for humanitarian organizations and ultimately led to international war between Rwanda and Zaire. Using Rwanda as a reference

Analyzing Future Complex National Security Challenges within the Joint, Interagency, Intergovernmental, and Multinational Environment. Proteus Futures Academic Workshop Held in Carlisle Barracks, Pennsylvania on 22-24 August 2006

DTIC Science & Technology

2006-08-01

AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY...threats, or financial insecurities. Yankee Going Home: The world of 2020 looks like a confused mess! Little is clear except that the world has... statements from Proteus: Insights from 2020 are highly releant when thinking about the current strategic picture in the context of Power: “When Power

Analysis on the threats and spatiotemporal distribution pattern of security in World Natural Heritage Sites.

PubMed

Wang, Zhaoguo; Yang, Zhaoping; Du, Xishihui

2015-01-01

World Natural Heritage Sites (WNHS) are treasures that need human protection and invite appreciation, which makes conservation of WNHS an urgent task. This paper assesses where in the world threats are most pressing and which WNHS require emergency assistance. Using an analysis of "hot spots" and inverse distance weighting, it finds that Africa is the region where WNHS are least secure. Reports of the state of the conservation of WNHS describe the many threats that exist. Of these, management activities and institutional factors are the primary threats. The paper suggests relevant measures to improve the WNHS security.

Materialism and food security.

PubMed

Allen, M W; Wilson, M

2005-12-01

The present studies examined if materialists have an elevated concern about food availability, presumably stemming from a general survival security motivation. Study 1 found that materialists set a greater life goal of food security, and reported more food insecurity during their childhood. Materialists reported less present-day food insecurity. Study 2 revealed that materialists stored/hoarded more food at home, and that obese persons endorsed materialism more than low/normal weight persons. Study 3 found that experimentally decreasing participants' feelings of survival security (via a mortality salience manipulation) led to greater endorsement of materialism, food security as goal, and using food for emotional comfort. The results imply that materialists overcame the food insecurity of their childhood by making food security a top life goal, but that materialists' current concerns about food security may not wholly stem from genuine threats to their food supply.

Russia’s Security Relations with Finland, Norway, and Sweden

DTIC Science & Technology

2017-09-01

and the United States as threats to its national security. The thesis encompasses economic and political consideration; the historical context...threats to its national security. The thesis encompasses economic and political consideration; the historical context between Russia and Finland...15 A. ECONOMIC RELATIONS ....................................................................15 B. POLITICAL

Security systems engineering overview

DOE Office of Scientific and Technical Information (OSTI.GOV)

Steele, B.J.

Crime prevention is on the minds of most people today. The concern for public safety and the theft of valuable assets are being discussed at all levels of government and throughout the public sector. There is a growing demand for security systems that can adequately safeguard people and valuable assets against the sophistication of those criminals or adversaries who pose a threat. The crime in this country has been estimated at $70 billion in direct costs and up to $300 billion in indirect costs. Health insurance fraud alone is estimated to cost American businesses $100 billion. Theft, warranty fraud, andmore » counterfeiting of computer hardware totaled $3 billion in 1994. A threat analysis is a prerequisite to any security system design to assess the vulnerabilities with respect to the anticipated threat. Having established a comprehensive definition of the threat, crime prevention, detection, and threat assessment technologies can be used to address these criminal activities. This talk will outline the process used to design a security system regardless of the level of security. This methodology has been applied to many applications including: government high security facilities; residential and commercial intrusion detection and assessment; anti-counterfeiting/fraud detection technologies (counterfeit currency, cellular phone billing, credit card fraud, health care fraud, passport, green cards, and questionable documents); industrial espionage detection and prevention (intellectual property, computer chips, etc.); and security barrier technology (creation of delay such as gates, vaults, etc.).« less

Health Security and Risk Aversion.

PubMed

Herington, Jonathan

2016-09-01

Health security has become a popular way of justifying efforts to control catastrophic threats to public health. Unfortunately, there has been little analysis of the concept of health security, nor the relationship between health security and other potential aims of public health policy. In this paper I develop an account of health security as an aversion to risky policy options. I explore three reasons for thinking risk avoidance is a distinctly worthwhile aim of public health policy: (i) that security is intrinsically valuable, (ii) that it is necessary for social planning and (iii) that it is an appropriate response to decision-making in contexts of very limited information. Striking the right balance between securing and maximizing population health thus requires a substantive, and hitherto unrecognized, value judgment. Finally, I critically evaluate the current health security agenda in light of this new account of the concept and its relationship to the other aims of public health policy. © 2016 John Wiley & Sons Ltd.

Insider Threat to Computer Security at Nuclear Facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

West, Rebecca Lynn

After completing this session, you should be able to: Describe the Insider Threat; Characterize the cyber insider threat; Describe preventive measures against the insider threat; Describe protective measures against the insider threat.

Review of July 2013 Nuclear Security Insider Threat Exercise November 2013

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pederson, Ann C.; Snow, Catherine L.; Townsend, Jeremy

2013-11-01

This document is a review of the Nuclear Security Insider Threat Exercise which was hosted at ORNL in July 2013. Nuclear security culture and the insider threat are best learned through experience. Culture is inherently difficult to teach, and as such is best learned through modeled behaviors and learning exercise. This TTX, NSITE, is a tool that strives to aid students in learning what an effective (and ineffective) nuclear security culture might look like by simulating dynamic events that strengthen or weaken the nuclear security regime. The goals of NSITE are to stimulate complex thought and discussion and assist decisionmore » makers and management in determining the most effective policies and procedures for their country or facility.« less

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Security model for VM in cloud

NASA Astrophysics Data System (ADS)

Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

2013-03-01

Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

Video calls from lay bystanders to dispatch centers - risk assessment of information security.

PubMed

Bolle, Stein R; Hasvold, Per; Henriksen, Eva

2011-09-30

Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers.

Video calls from lay bystanders to dispatch centers - risk assessment of information security

PubMed Central

2011-01-01

Background Video calls from mobile phones can improve communication during medical emergencies. Lay bystanders can be instructed and supervised by health professionals at Emergency Medical Communication Centers. Before implementation of video mobile calls in emergencies, issues of information security should be addressed. Methods Information security was assessed for risk, based on the information security standard ISO/IEC 27005:2008. A multi-professional team used structured brainstorming to find threats to the information security aspects confidentiality, quality, integrity, and availability. Results Twenty security threats of different risk levels were identified and analyzed. Solutions were proposed to reduce the risk level. Conclusions Given proper implementation, we found no risks to information security that would advocate against the use of video calls between lay bystanders and Emergency Medical Communication Centers. The identified threats should be used as input to formal requirements when planning and implementing video calls from mobile phones for these call centers. PMID:21958387

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gibbs, P. W.

Secure Transport Management Course (STMC) course provides managers with information related to procedures and equipment used to successfully transport special nuclear material. This workshop outlines these procedures and reinforces the information presented with the aid of numerous practical examples. The course focuses on understanding the regulatory framework for secure transportation of special nuclear materials, identifying the insider and outsider threat(s) to secure transportation, organization of a secure transportation unit, management and supervision of secure transportation units, equipment and facilities required, training and qualification needed.

Strategies to Minimize the Effects of Information Security Threats on Business Performance

ERIC Educational Resources Information Center

Okoye, Stella Ifeyinwa

2017-01-01

Business leaders in Nigeria are concerned about the high rates of business failure and economic loss from security incidents and may not understand strategies for reducing the effects of information security threats on business performance. Guided by general systems theory and transformational leadership theory, the focus of this exploratory…

Forgery quality and its implications for behavioral biometric security.

PubMed

Ballard, Lucas; Lopresti, Daniel; Monrose, Fabian

2007-10-01

Biometric security is a topic of rapidly growing importance in the areas of user authentication and cryptographic key generation. In this paper, we describe our steps toward developing evaluation methodologies for behavioral biometrics that take into account threat models that have been largely ignored. We argue that the pervasive assumption that forgers are minimally motivated (or, even worse, naive) is too optimistic and even dangerous. Taking handwriting as a case in point, we show through a series of experiments that some users are significantly better forgers than others, that such forgers can be trained in a relatively straightforward fashion to pose an even greater threat, that certain users are easy targets for forgers, and that most humans are a relatively poor judge of handwriting authenticity, and hence, their unaided instincts cannot be trusted. Additionally, to overcome current labor-intensive hurdles in performing more accurate assessments of system security, we present a generative attack model based on concatenative synthesis that can provide a rapid indication of the security afforded by the system. We show that our generative attacks match or exceed the effectiveness of forgeries rendered by the skilled humans we have encountered.

Global challenges/chemistry solutions: Promoting personal safety and national security

USDA-ARS?s Scientific Manuscript database

Joe Alper: Can you provide a little background about why there is a need for this type of assay? Mark Carter: Ricin is considered a biosecurity threat agent. A more efficient detection method was required. Joe Alper: How are these type of assays done today, or are current methods unsuitable for ...

The Educational Challenge of Unraveling the Fantasies of Ontological Security

ERIC Educational Resources Information Center

Stein, Sharon; Hunt, Dallas; Suša, Rene; de Oliveira Andreotti, Vanessa

2017-01-01

In this article we address the current context of intensified racialized state securitization by tracing its roots to the naturalized colonial architectures of everyday modern life--which we present through the metaphor of "the house modernity built." While contemporary crises are often perceived to derive from external threats to the…

Chemical Sniffing Instrumentation for Security Applications.

PubMed

Giannoukos, Stamatios; Brkić, Boris; Taylor, Stephen; Marshall, Alan; Verbeck, Guido F

2016-07-27

Border control for homeland security faces major challenges worldwide due to chemical threats from national and/or international terrorism as well as organized crime. A wide range of technologies and systems with threat detection and monitoring capabilities has emerged to identify the chemical footprint associated with these illegal activities. This review paper investigates artificial sniffing technologies used as chemical sensors for point-of-use chemical analysis, especially during border security applications. This article presents an overview of (a) the existing available technologies reported in the scientific literature for threat screening, (b) commercially available, portable (hand-held and stand-off) chemical detection systems, and (c) their underlying functional and operational principles. Emphasis is given to technologies that have been developed for in-field security operations, but laboratory developed techniques are also summarized as emerging technologies. The chemical analytes of interest in this review are (a) volatile organic compounds (VOCs) associated with security applications (e.g., illegal, hazardous, and terrorist events), (b) chemical "signatures" associated with human presence, and (c) threat compounds (drugs, explosives, and chemical warfare agents).

Three tenets for secure cyber-physical system design and assessment

NASA Astrophysics Data System (ADS)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

Advances in chemical sensing technologies for VOCs in breath for security/threat assessment, illicit drug detection, and human trafficking activity.

PubMed

Giannoukos, S; Agapiou, A; Taylor, S

2018-01-17

On-site chemical sensing of compounds associated with security and terrorist attacks is of worldwide interest. Other related bio-monitoring topics include identification of individuals posing a threat from illicit drugs, explosive manufacturing, as well as searching for victims of human trafficking and collapsed buildings. The current status of field analytical technologies is directed towards the detection and identification of vapours and volatile organic compounds (VOCs). Some VOCs are associated with exhaled breath, where research is moving from individual breath testing (volatilome) to cell breath (microbiome) and most recently to crowd breath metabolites (exposome). In this paper, an overview of field-deployable chemical screening technologies (both stand-alone and those with portable characteristics) is given with application to early detection and monitoring of human exposome in security operations. On-site systems employed in exhaled breath analysis, i.e. mass spectrometry (MS), optical spectroscopy and chemical sensors are reviewed. Categories of VOCs of interest include (a) VOCs in human breath associated with exposure to threat compounds, and (b) VOCs characteristic of, and associated with, human body odour (e.g. breath, sweat). The latter are relevant to human trafficking scenarios. New technological approaches in miniaturised detection and screening systems are also presented (e.g. non-scanning digital light processing linear ion trap MS (DLP-LIT-MS), nanoparticles, mid-infrared photo-acoustic spectroscopy and hyphenated technologies). Finally, the outlook for rapid and precise, real-time field detection of threat traces in exhaled breath is revealed and discussed.

Data threats analysis and prevention on iOS platform

NASA Astrophysics Data System (ADS)

Gao, Bo; Wang, Yi; Chen, Zhou; Tang, Jiqiang

2015-12-01

Background: The rapid growth of mobile internet has driven the rapid popularity of smart mobiles. iOS device is chosen by more and more people for its humanity, stability and excellent industrial design, and the data security problem that followed it has gradually attracted the researchers' attention. Method & Result: This thesis focuses on the analysis of current situation of data security on iOS platform, from both security mechanism and data risk, and proposes countermeasures. Conclusion: From practical work, many problems of data security mechanism on iOS platform still exist. At present, the problem of malicious software towards iOS system has not been severe, but how to ensure the security of data on iOS platform will inevitably become one of the directions for our further study.

Cyber Threat Assessment of Uplink and Commanding System for Mission Operation

NASA Technical Reports Server (NTRS)

Ko, Adans Y.; Tan, Kymie M. C.; Cilloniz-Bicchi, Ferner; Faris, Grant

2014-01-01

Most of today's Mission Operations Systems (MOS) rely on Ground Data System (GDS) segment to mitigate cyber security risks. Unfortunately, IT security design is done separately from the design of GDS' mission operational capabilities. This incoherent practice leaves many security vulnerabilities in the system without any notice. This paper describes a new way to system engineering MOS, to include cyber threat risk assessments throughout the MOS development cycle, without this, it is impossible to design a dependable and reliable MOS to meet today's rapid changing cyber threat environment.

Maritime Security in the Gulf of Guinea Subregion: Threats, Challenges and Solutions

DTIC Science & Technology

2011-03-16

the GoG maritime domain. These threats adversely impact the socio-economic and political fabrics of most countries within the region. Poaching ...geographical location as well as environmental and demographic factors. Poaching , piracy, transnational crime, boundary disputes and environmental...and demographic factors. Poaching , piracy, transnational crime, boundary disputes and environmental degradation are common threats to security of the

Organizational Security Threats Related to Portable Data Storage Devices: Qualitative Exploratory Inquiry

ERIC Educational Resources Information Center

Cooper, Paul K.

2017-01-01

There has been a significant growth of portable devices capable of storing both personal data as well as sensitive organizational data. This growth of these portable devices has led to an increased threat of cyber-criminal activity. The purpose of this study was to gain a better understanding of security threats to the data assets of organizations…

Cyber threats within civil aviation

NASA Astrophysics Data System (ADS)

Heitner, Kerri A.

Existing security policies in civil aviation do not adequately protect against evolving cyber threats. Cybersecurity has been recognized as a top priority among some aviation industry leaders. Heightened concerns regarding cyber threats and vulnerabilities surround components utilized in compliance with the Federal Aviation Administration's (FAA) Next Generation Air Transportation (NextGen) implementation. Automated Dependent Surveillance-B (ADS-B) and Electronic Flight Bags (EFB) have both been exploited through the research of experienced computer security professionals. Civil aviation is essential to international infrastructure and if its critical assets were compromised, it could pose a great risk to public safety and financial infrastructure. The purpose of this research was to raise awareness of aircraft system vulnerabilities in order to provoke change among current national and international cybersecurity policies, procedures and standards. Although the education of cyber threats is increasing in the aviation industry, there is not enough urgency when creating cybersecurity policies. This project intended to answer the following questions: What are the cyber threats to ADS-B of an aircraft in-flight? What are the cyber threats to EFB? What is the aviation industry's response to the issue of cybersecurity and in-flight safety? ADS-B remains unencrypted while the FAA's mandate to implement this system is rapidly approaching. The cyber threat of both portable and non-portable EFB's have received increased publicity, however, airlines are not responding quick enough (if at all) to create policies for the use of these devices. Collectively, the aviation industry is not being proactive enough to protect its aircraft or airport network systems. That is not to say there are not leaders in cybersecurity advancement. These proactive organizations must set the standard for the future to better protect society and it's most reliable form of transportation.

Analyzing Cyber-Physical Threats on Robotic Platforms.

PubMed

Ahmad Yousef, Khalil M; AlMajali, Anas; Ghalyon, Salah Abu; Dweik, Waleed; Mohd, Bassam J

2018-05-21

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBot TM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications.

Analyzing Cyber-Physical Threats on Robotic Platforms †

PubMed Central

2018-01-01

Robots are increasingly involved in our daily lives. Fundamental to robots are the communication link (or stream) and the applications that connect the robots to their clients or users. Such communication link and applications are usually supported through client/server network connection. This networking system is amenable of being attacked and vulnerable to the security threats. Ensuring security and privacy for robotic platforms is thus critical, as failures and attacks could have devastating consequences. In this paper, we examine several cyber-physical security threats that are unique to the robotic platforms; specifically the communication link and the applications. Threats target integrity, availability and confidential security requirements of the robotic platforms, which use MobileEyes/arnlServer client/server applications. A robot attack tool (RAT) was developed to perform specific security attacks. An impact-oriented approach was adopted to analyze the assessment results of the attacks. Tests and experiments of attacks were conducted in simulation environment and physically on the robot. The simulation environment was based on MobileSim; a software tool for simulating, debugging and experimenting on MobileRobots/ActivMedia platforms and their environments. The robot platform PeopleBotTM was used for physical experiments. The analysis and testing results show that certain attacks were successful at breaching the robot security. Integrity attacks modified commands and manipulated the robot behavior. Availability attacks were able to cause Denial-of-Service (DoS) and the robot was not responsive to MobileEyes commands. Integrity and availability attacks caused sensitive information on the robot to be hijacked. To mitigate security threats, we provide possible mitigation techniques and suggestions to raise awareness of threats on the robotic platforms, especially when the robots are involved in critical missions or applications. PMID:29883403

Gulf Cooperation Council: search for security in the Persian Gulf

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kechichian, J.A.

1985-01-01

This study purports to analyze the conservative Arab monarchies' search for regional security in the Persian Gulf. It speculates on the GCC's future prospects as a vehicle of cooperation in the field of security. Threats to the member states of the GCC stem from the policies pursued by revolutionary Iran, Israel, the Soviet Union and its proxies, and a regime in Iraq. The proposition is developed that these sources of threat present an overwhelming challenge to the security and stability of GCC states. Second, it examines the capabilities of the GCC member states for coping with threats. Conceived broadly, bothmore » military and non-military capabilities are examined. Security relations of the GCC states with external powers as a means of enhancing their abilities to cope more effectively with both internal and external threats are examined. Particular attention is devoted to the domestic consequences of these special relations. Third, it discusses the GCC's reactions to perceived regional threats. These include the Iran-Iraq War, the Arab-Israeli conflict, the Soviet threat, and potential political sources of dissidence in member states. It is argued that although GCC states have adopted a number of joint policies, they did not respond to or initiate action on either the Iranian Revolution, the Palestine conflict, the Soviet occupation of Afghanistan, the Gulf war or the recent Israeli invasion of Lebanon.« less

Effect of security threats on primary care access in Logar province, Afghanistan.

PubMed

Morikawa, Masahiro J

2008-01-01

Security threats are a major concern for access to health care in many war-torn communities; however, there is little quantified data on actual access to care in rural communities during war. Kinderberg International e.V. provided primary care in rural Logar province, Afghanistan, for these three years in eight districts until they were integrated into the new health care structure led by the Ministry of Health in early 2005. We examined the number of patients visiting our clinic before and during the security threats related to the parliamentary election and subsequent national assembly in 2004. The number of patients declined in remote clinics while the number increased in central locations. This finding has an important practical implication: the monitoring of access to care should include remote clinics, otherwise it may potentially underestimate compromised access to health care due to security threats.

Information Security Trends and Issues in the Moodle E-Learning Platform: An Ethnographic Content Analysis

ERIC Educational Resources Information Center

Schultz, Christopher

2012-01-01

Empirical research on information security trends and practices in e-learning is scarce. Many articles that have been published apply basic information security concepts to e-learning and list potential threats or propose frameworks for classifying threats. The purpose of this research is to identify, categorize and understand trends and issues in…

MEMS and MOEMS for national security applications

NASA Astrophysics Data System (ADS)

Scott, Marion W.

2003-01-01

Major opportunities for microsystem insertion into commercial applications, such as telecommunications and medical prosthesis, are well known. Less well known are applications that ensure the security of our nation, the protection of its armed forces, and the safety of its citizens. Microsystems enable entirely new possibilities to meet National Security needs, which can be classed along three lines: anticipating security needs and threats, deterring the efficacy of identified threats, and defending against the application of these threats. In each of these areas, specific products that are enabled by MEMS and MOEMS are discussed. In the area of anticipating needs and threats, sensored microsystems designed for chem/bio/nuclear threats, and sensors for border and asset protection can significantly secure our borders, ports, and transportation systems. Key features for these applications include adaptive optics and spectroscopic capabilities. Microsystems to monitor soil and water quality can be used to secure critical infrastructure, food safety can be improved by in-situ identification of pathogens, and sensored buildings can ensure the architectural safety of our homes and workplaces. A challenge to commercializing these opportunities, and thus making them available for National Security needs, is developing predictable markets and predictable technology roadmaps. The integrated circuit manufacturing industry provides an example of predictable technology maturation and market insertion, primarily due to the existence of a "unit cell" that allows volume manufacturing. It is not clear that microsystems can follow an analogous path. The possible paths to affordable low-volume production, as well as the prospects of a microsystems unit cell, are discussed.

Assessing Detecting and Deterring the Threat of Maritime Nuclear and Radiological Smuggling in the Western Indian Ocean Region

DOE Office of Scientific and Technical Information (OSTI.GOV)

Khan, M. Umer

This paper proposes that current maritime smuggling routes in the western Indian Ocean region are similar to those in the past and that the motivations of terrorist groups and the presence of radioactive sources in the Indian Ocean littoral and other states present a significant security threat. The majority of regional terrorist groups have a hybrid structure, piggybacking on criminal activity to fund their terror activities. Additionally, states have used maritime routes in the Indian Ocean region to transport nuclear materials and missiles. Thus, the maritime dimension of such threats remains, and may be increasing. This paper focuses on issues,more » motivations, pathways, and methods to detect and interdict nuclear and radiological trafficking. It analyzes the potential use of maritime technology applications for radiation detection and presents recommendations for states and multinational nonproliferation advocacy organizations to address the threat in the Indian Ocean region.« less

Distributed Maritime Capability: Optimized U.S. Navy-U.S. Coast Guard Interoperability, a Case in the South China Sea

DTIC Science & Technology

2017-12-01

poses a threat to regional security and economic stability—major U.S. national interests. Distributed maritime capability is demonstrated by applying...regional security, economic stability, fisheries enforcement 15. NUMBER OF PAGES 95 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT...a dominant aggressor in the South China Sea that poses a threat to regional security and economic stability—major U.S. national interests

Safe teleradiology: information assurance as project planning methodology.

PubMed

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David

2005-01-01

The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVE, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVE, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

China’s Pursuit for World Power Status: Is the Transformation of the People’s Liberation Army a Threat to the United States Global Interest and Security?

DTIC Science & Technology

2008-01-01

and Derek Mitchel, China and the Developing World, New York: M.E. Sharpe Inc, (2007), xv. 4 Ellis Joffe, "Roundtable; Sizing-the Chinese Military...Research, http://asiapolicy.nbr.org/current.html, (July 2007), 58-59. 12 Russell Ong , China’s Security Interests in the 21 51 Century, Routledge, (2007...Joffe, 59. 30 Joffe, 60. 31 Ong , 45. 23 Bibliography Bergsten, C. Fred, Institute for International Economics (U.S.), and Centre for Strategic and

Characterization of potential security threats in modern automobiles: a composite modeling approach

DOT National Transportation Integrated Search

2014-10-01

The primary objective of the work detailed in this report is to describe a composite modeling approach for potential cybersecurity threats in modern vehicles. Threat models, threat descriptions, and examples of various types of conceivable threats to...

Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods

PubMed Central

Alsaleh, Mansour; Alomar, Noura; Alarifi, Abdulrahman

2017-01-01

Protecting smartphones against security threats is a multidimensional problem involving human and technological factors. This study investigates how smartphone users’ security- and privacy-related decisions are influenced by their attitudes, perceptions, and understanding of various security threats. In this work, we seek to provide quantified insights into smartphone users’ behavior toward multiple key security features including locking mechanisms, application repositories, mobile instant messaging, and smartphone location services. To the best of our knowledge, this is the first study that reveals often unforeseen correlations and dependencies between various privacy- and security-related behaviors. Our work also provides evidence that making correct security decisions might not necessarily correlate with individuals’ awareness of the consequences of security threats. By comparing participants’ behavior and their motives for adopting or ignoring certain security practices, we suggest implementing additional persuasive approaches that focus on addressing social and technological aspects of the problem. On the basis of our findings and the results presented in the literature, we identify the factors that might influence smartphone users’ security behaviors. We then use our understanding of what might drive and influence significant behavioral changes to propose several platform design modifications that we believe could improve the security levels of smartphones. PMID:28297719

Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods.

PubMed

Alsaleh, Mansour; Alomar, Noura; Alarifi, Abdulrahman

2017-01-01

Protecting smartphones against security threats is a multidimensional problem involving human and technological factors. This study investigates how smartphone users' security- and privacy-related decisions are influenced by their attitudes, perceptions, and understanding of various security threats. In this work, we seek to provide quantified insights into smartphone users' behavior toward multiple key security features including locking mechanisms, application repositories, mobile instant messaging, and smartphone location services. To the best of our knowledge, this is the first study that reveals often unforeseen correlations and dependencies between various privacy- and security-related behaviors. Our work also provides evidence that making correct security decisions might not necessarily correlate with individuals' awareness of the consequences of security threats. By comparing participants' behavior and their motives for adopting or ignoring certain security practices, we suggest implementing additional persuasive approaches that focus on addressing social and technological aspects of the problem. On the basis of our findings and the results presented in the literature, we identify the factors that might influence smartphone users' security behaviors. We then use our understanding of what might drive and influence significant behavioral changes to propose several platform design modifications that we believe could improve the security levels of smartphones.

Children and Poverty in South Africa: The Right to Social Security

ERIC Educational Resources Information Center

Du Plessis, Pierre; Conley, Lloyd

2007-01-01

Poverty is one of the major threats to the realization of children's rights worldwide and in South Africa. Currently, 66% of South African children live in severe poverty. This places all other rights at risk; the rights guaranteed by the South African Constitution and by the UN Convention. Poverty and inequality in South Africa continue to…

Domestic Security Cooperation: A Unified Approach to Homeland Security and Defense

DTIC Science & Technology

2012-09-01

counter the threats to homeland security that included the Espionage Act of 1917 and the Sedition Act of 1918. National Defense Act of 1916...the threats to homeland security that included the Espionage Act of 1917 and the Sedition Act of 1918. The Espionage Act of 1917 outlawed interfering...years or both.”12 The Sedition Act of 1918 broadened this law by including the U.S. government and prohibited uttering, printing, writing, or

Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

NASA Astrophysics Data System (ADS)

Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

2016-12-01

Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

Ecological and evolutionary approaches to managing honeybee disease.

PubMed

Brosi, Berry J; Delaplane, Keith S; Boots, Michael; de Roode, Jacobus C

2017-09-01

Honeybee declines are a serious threat to global agricultural security and productivity. Although multiple factors contribute to these declines, parasites are a key driver. Disease problems in honeybees have intensified in recent years, despite increasing attention to addressing them. Here we argue that we must focus on the principles of disease ecology and evolution to understand disease dynamics, assess the severity of disease threats, and control these threats via honeybee management. We cover the ecological context of honeybee disease, including both host and parasite factors driving current transmission dynamics, and then discuss evolutionary dynamics including how beekeeping management practices may drive selection for more virulent parasites. We then outline how ecological and evolutionary principles can guide disease mitigation in honeybees, including several practical management suggestions for addressing short- and long-term disease dynamics and consequences.

Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector

DTIC Science & Technology

2005-06-01

as a computer fraud case investigated by the Secret Service. Each case was analyzed from a behavioral and a technical perspective to identify...insider threat and address the issue from an approach that draws on human resources, corporate security, and information security perspectives. The ... Secret Service National Threat Assessment Center and the CERT Coordination Center of Carnegie Mellon University’s Software Engineering Institute joined

The National Guard State Partnership Program and Regional Security in the Western Balkans

DTIC Science & Technology

2014-12-12

expand at the expense of its neighbors, or threaten regional peace and security. Today’s threats in the Western Balkans conceptually resemble the...general threats to the majority of governments in the EU, such as terrorism, arms and human trafficking, international criminal activities, and other...arms and human trafficking, international criminal activities, and other transnational threats . For stakeholders within the region as well as for

Security Information and Event Management Tools and Insider Threat Detection

DTIC Science & Technology

2013-09-01

Orebaugh, A., Scholl , M., & Stine, K. (2011, September). Information security continuous monitoring (ISCM) for federal information systems and...E., Conway, T., Keverline, S., Williams , M., Capelli, D., Willke, B., & Moore, A. (2008, January). Insider threat study: illicit cyber activity in

Threat driven modeling framework using petri nets for e-learning system.

PubMed

Khamparia, Aditya; Pandey, Babita

2016-01-01

Vulnerabilities at various levels are main cause of security risks in e-learning system. This paper presents a modified threat driven modeling framework, to identify the threats after risk assessment which requires mitigation and how to mitigate those threats. To model those threat mitigations aspects oriented stochastic petri nets are used. This paper included security metrics based on vulnerabilities present in e-learning system. The Common Vulnerability Scoring System designed to provide a normalized method for rating vulnerabilities which will be used as basis in metric definitions and calculations. A case study has been also proposed which shows the need and feasibility of using aspect oriented stochastic petri net models for threat modeling which improves reliability, consistency and robustness of the e-learning system.

Is the biggest security threat to medical information simply a lack of understanding?

PubMed

Williams, Patricia A H

2011-01-01

Connecting Australian health services and the e-health initiative is a major focus in the current health environment. Many issues are presented as key to its success including solving issues with confidentiality and privacy. However, the main problem may not be these issues in sharing information but the fact that the point of origin of such records is still relatively insecure. This paper highlights why this may be the case. Research into the security of medical information has shown that many primary healthcare providers are unable to create an environment with effective information security. Numerous factors contribute to this complex situation including a trustful environment, the resultant security culture and the capability of individual healthcare organisations. Further, the growing importance of new directions in the use of patient information is considered. This paper discusses these issues and positions them within the complex environment that is healthcare. In our current health system infrastructure, the points of origin of patient information are our most vulnerable. This entwined with progressively new uses of this information expose additional security concerns, such as re-identification of information, that require attention.

75 FR 63191 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Certified...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-14

...The Transportation Security Administration (TSA) invites public comment on one currently approved Information Collection Request (ICR), OMB control number 1652-0053, abstracted below that we will submit to the Office of Management and Budget (OMB) for renewal in compliance with the Paperwork Reduction Act. The ICR describes the nature of the information collection and its expected burden. The collections include: (1) Applications from entities that wish to become Certified Cargo Screening Facilities (CCSF) or operate as a TSA- approved validation firm; (2) personal information to allow TSA to conduct security threat assessments on key individuals employed by the CCSFs and validation firms; (3) implementation of a standard security program or submission of a proposed modified security program; (4) information on the amount of cargo screened; (5) recordkeeping requirements for CCSFs and validation firms; and (6) submission of validation reports to TSA. TSA is seeking the renewal of the ICR for the continuation of the program in order to secure passenger aircraft carrying cargo by the deadlines set out in the Implementing Recommendations of the 9/11 Commission Act of 2007.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

PubMed

Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

2013-08-09

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy.

After Globalization Future Security in a Technology Rich World

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilmartin,T J

2001-08-17

Over the course of the year 2000, five workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats to international security in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. The participants included US national leaders and experts from the Department of Energy National Laboratories; the Department of Defense: Army, Navy, Air Force, Office of the Secretary of Defense, Defense Threat Reduction Agency,more » and Defense Advanced Research Projects Agency; the Department of State, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. The threats ranged from local/regional to global, from intentional to unintended to natural, from merely economic to massively destructive, and from individual and group to state actions. We were not concerned in this exercise with defining responses to the threats, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be executed or countered. At the concluding review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and national responsibility, and discussed the workshop findings to determine what is most certain or uncertain, and what might be needed to resolve our uncertainties. This paper summarizes the consenses and important variations of both the reviewers and the participants.« less

49 CFR 1544.303 - Bomb or air piracy threats.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Bomb or air piracy threats. 1544.303 Section 1544... AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.303 Bomb or air piracy threats. (a) Flight.... (d) Notification. Upon receipt of any bomb threat against the security of a flight or facility, or...

49 CFR 1544.303 - Bomb or air piracy threats.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 9 2012-10-01 2012-10-01 false Bomb or air piracy threats. 1544.303 Section 1544... AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.303 Bomb or air piracy threats. (a) Flight.... (d) Notification. Upon receipt of any bomb threat against the security of a flight or facility, or...

49 CFR 1544.303 - Bomb or air piracy threats.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 9 2011-10-01 2011-10-01 false Bomb or air piracy threats. 1544.303 Section 1544... AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.303 Bomb or air piracy threats. (a) Flight.... (d) Notification. Upon receipt of any bomb threat against the security of a flight or facility, or...

49 CFR 1544.303 - Bomb or air piracy threats.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Bomb or air piracy threats. 1544.303 Section 1544... AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.303 Bomb or air piracy threats. (a) Flight.... (d) Notification. Upon receipt of any bomb threat against the security of a flight or facility, or...

49 CFR 1544.303 - Bomb or air piracy threats.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 49 Transportation 9 2013-10-01 2013-10-01 false Bomb or air piracy threats. 1544.303 Section 1544... AND COMMERCIAL OPERATORS Threat and Threat Response § 1544.303 Bomb or air piracy threats. (a) Flight.... (d) Notification. Upon receipt of any bomb threat against the security of a flight or facility, or...

The MAGTF’s Reliance on the Global Positioning System: A Critical Vulnerability

DTIC Science & Technology

2013-05-02

Reference&ItemId=+++1 499015&Pubabbrev=JC4IJ 45 “AURA Mobile Communications GPS/ WiFi Jammer”, Jane’s Police and Homeland Security Equipment, last...securityaffairs.co/wordpress/2845/ hacking /gps-spoofing- old-threat-and-new-problems.html 52“GPS Spoofing, Old Threat and New Problems”, Pierluigi...Paganini, Security Affairs, last modified February 23, 2012, http://securityaffairs.co/wordpress/2845/ hacking /gps-spoofing- old-threat-and-new

Failure Impact Analysis of Key Management in AMI Using Cybernomic Situational Assessment (CSA)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Hauser, Katie R

2013-01-01

In earlier work, we presented a computational framework for quantifying the security of a system in terms of the average loss a stakeholder stands to sustain as a result of threats to the system. We named this system, the Cyberspace Security Econometrics System (CSES). In this paper, we refine the framework and apply it to cryptographic key management within the Advanced Metering Infrastructure (AMI) as an example. The stakeholders, requirements, components, and threats are determined. We then populate the matrices with justified values by addressing the AMI at a higher level, rather than trying to consider every piece of hardwaremore » and software involved. We accomplish this task by leveraging the recently established NISTR 7628 guideline for smart grid security. This allowed us to choose the stakeholders, requirements, components, and threats realistically. We reviewed the literature and selected an industry technical working group to select three representative threats from a collection of 29 threats. From this subset, we populate the stakes, dependency, and impact matrices, and the threat vector with realistic numbers. Each Stakeholder s Mean Failure Cost is then computed.« less

EMP Threats to US National Security: Congressional Responses

NASA Astrophysics Data System (ADS)

Huessy, Peter

2011-04-01

The US Congress is considering how best to respond to concerns that EMP is a real and present danger to US security. The threats come from a variety of areas: solar storms, non-nuclear EMP from man-made machines and devices; and nuclear EMP from a nuclear device exploded above CONUS or other critical areas important to the United States and its allies. Responses have to date included passage in the House of legislation to protect the electrical grid in the United States from such threats and hearings before the Homeland Security Committee. Additional efforts include examining missile defense responses, protection of the maritime domain, and hardening of US military and related civilian infrastructure. The House of Representatives has also examined what Europe, the European Union and NATO, both government and private industry, have done in these areas. Complicating matters are related issues of cyber-security and overall homeland security priorities.

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

Seven layers of security to help protect biomedical research facilities.

PubMed

Mortell, Norman

2010-04-01

In addition to risks such as theft and fire that can confront any type of business, the biomedical research community often faces additional concerns over animal rights extremists, infiltrations, data security and intellectual property rights. Given these concerns, it is not surprising that the industry gives a high priority to security. This article identifies security threats faced by biomedical research companies and shows how these threats are ranked in importance by industry stakeholders. The author then goes on to discuss seven key 'layers' of security, from the external environment to the research facility itself, and how these layers all contribute to the creation of a successfully secured facility.

A wireless electronic monitoring system for securing milk from farm to processor

NASA Astrophysics Data System (ADS)

Womble, Phillip; Hopper, Lindsay; Thompson, Chris; Alexander, Suraj M.; Crist, William; Payne, Fred; Stombaugh, Tim; Paschal, Jon; Moore, Ryan; Luck, Brian; Tabayehnejab, Nasrin

2008-04-01

The Department of Homeland Security and the Department of Health and Human Services have targeted bulk food contamination as a focus for attention. The contamination of bulk food poses a high consequence threat to our society. Milk transport falls into three of the 17 targeted NIPP (National Infrastructure Protection Plan) sectors including agriculture-food, public health, and commercial facilities. Minimal security safeguards have been developed for bulk milk transport. The current manual methods of securing milk are paper intensive and prone to errors. The bulk milk transportation sector requires a security enhancement that will both reduce recording errors and enable normal transport activities to occur while providing security against unauthorized access. Milk transportation companies currently use voluntary seal programs that utilize plastic, numbered seals on milk transport tank openings. Our group has developed a Milk Transport Security System which is an electromechanical access control and communication system that assures the secure transport of milk, milk samples, milk data, and security data between locations and specifically between dairy farms, transfer stations, receiving stations, and milk plants. It includes a security monitoring system installed on the milk transport tank, a hand held device, optional printers, data server, and security evaluation software. The system operates automatically and requires minimal or no attention by the bulk milk hauler/sampler. The system is compatible with existing milk transport infrastructure, and has the support of the milk producers, milk transportation companies, milk marketing agencies, and dairy processors. The security protocol developed is applicable for transport of other bulk foods both nationally and internationally. This system adds significantly to the national security infrastructure for bulk food transport. We are currently demonstrating the system in central Kentucky and will report on the results of the demonstration.

Technologies to counter aviation security threats

NASA Astrophysics Data System (ADS)

Karoly, Steve

2017-11-01

The Aviation and Transportation Security Act (ATSA) makes TSA responsible for security in all modes of transportation, and requires that TSA assess threats to transportation, enforce security-related regulations and requirements, and ensure the adequacy of security measures at airports and other transportation facilities. Today, TSA faces a significant challenge and must address a wide range of commercial, military grade, and homemade explosives and these can be presented in an infinite number of configurations and from multiple vectors. TSA screens 2 million passengers and crew, and screens almost 5 million carry-on items and 1.2 million checked bags daily. As TSA explores new technologies for improving efficiency and security, those on the forefront of research and development can help identify unique and advanced methods to combat terrorism. Research and Development (R&D) drives the development of future technology investments that can address an evolving adversary and aviation threat. The goal is to rethink the aviation security regime in its entirety, and rather than focusing security at particular points in the enterprise, distribute security from the time a reservation is made to the time a passenger boards the aircraft. The ultimate objective is to reengineer aviation security from top to bottom with a continued focus on increasing security throughout the system.

PNNLs Data Intensive Computing research battles Homeland Security threats

ScienceCinema

David Thurman; Joe Kielman; Katherine Wolf; David Atkinson

2018-05-11

The Pacific Northwest National Laboratorys (PNNL's) approach to data intensive computing (DIC) is focused on three key research areas: hybrid hardware architecture, software architectures, and analytic algorithms. Advancements in these areas will help to address, and solve, DIC issues associated with capturing, managing, analyzing and understanding, in near real time, data at volumes and rates that push the frontiers of current technologies.

The Current Status Of The United States Foreign Military Sales (FMS) Program

DTIC Science & Technology

2004-06-01

changing domestic and global security environment. Strengths, Weaknesses, Opportunities and Threats ( SWOT ) analysis was used to analyze: the information...gathered from the literature review; the importance of various players (domestic and international competitors, interests groups , decision makers...Foreign military assistance, Gulf Wars, the September 11 incidents, Market share, Decision Makers, Interest Groups , Major West European suppliers group

CYBER DETERRENCE

DTIC Science & Technology

2016-02-11

directed.36 Protected systems operating on secure networks will weigh into the adversaries calculus of risk and cost of their actions versus this... calculus deterring them from attack. Our extended defense with forts and lookouts searching outside the perimeter providing current intelligence of any...Last accessed 30 January 2016). 51 Phil Stewart , U.S. Defense Chief says pre-emptive action possible over cyber threat, Oct 11, 2012, http

Spot Rare Occurrences More Frequently by Lessening Inattentional Blindness

DTIC Science & Technology

2013-04-29

with weapon slip through airport security , not hearing a siren when driving conditions are complicated by fog, or not seeing explosives on a truck...awareness of potential actual threats has been implemented in airport security for several years. The effectiveness of this Threat Image Projection

8 CFR 212.1 - Documentary requirements for nonimmigrants.

Code of Federal Regulations, 2010 CFR

2010-01-01

... special humanitarian concern; and (iv) Poses no threat to the welfare, safety or security of the United States, its territories, or commonwealths. Any potential threats to the welfare, safety, or security of...) of this section: Australia, Brunei, Indonesia, Japan, Malaysia, Nauru, New Zealand, Papua New Guinea...

Measuring Transnational Organized Crime Threats to US National Security

DTIC Science & Technology

2016-05-26

typology is not designed to score TOC networks, so it is not an obvious choice, but it could be easily modified by the TMWG to rank-order TOC networks...States Strategy to Combat Transnational Organized Crime (SCTOC). The strategy identified Transnational Organized Crime ( TOC ) as a national security...identify the TOC groups that present the national security threat defined in the SCTOC? A literature review of existing organized crime assessments

Risk analysis of information security in a mobile instant messaging and presence system for healthcare.

PubMed

Bønes, Erlend; Hasvold, Per; Henriksen, Eva; Strandenaes, Thomas

2007-09-01

Instant messaging (IM) is suited for immediate communication because messages are delivered almost in real time. Results from studies of IM use in enterprise work settings make us believe that IM based services may prove useful also within the healthcare sector. However, today's public instant messaging services do not have the level of information security required for adoption of IM in healthcare. We proposed MedIMob, our own architecture for a secure enterprise IM service for use in healthcare. MedIMob supports IM clients on mobile devices in addition to desktop based clients. Security threats were identified in a risk analysis of the MedIMob architecture. The risk analysis process consists of context identification, threat identification, analysis of consequences and likelihood, risk evaluation, and proposals for risk treatment. The risk analysis revealed a number of potential threats to the information security of a service like this. Many of the identified threats are general when dealing with mobile devices and sensitive data; others are threats which are more specific to our service and architecture. Individual threats identified in the risks analysis are discussed and possible counter measures presented. The risk analysis showed that most of the proposed risk treatment measures must be implemented to obtain an acceptable risk level; among others blocking much of the additional functionality of the smartphone. To conclude on the usefulness of this IM service, it will be evaluated in a trial study of the human-computer interaction. Further work also includes an improved design of the proposed MedIMob architecture. 2006 Elsevier Ireland Ltd

SPCC- Software Elements for Security Partition Communication Controller

NASA Astrophysics Data System (ADS)

Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

2016-08-01

Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

Technical solutions for mitigating security threats caused by health professionals in clinical settings.

PubMed

Fernandez-Aleman, Jose Luis; Belen Sanchez Garcia, Ana; Garcia-Mateos, Gines; Toval, Ambrosio

2015-08-01

The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Analysis of CSIRT/SOC Incidents and Continuous Monitoring of Threats

NASA Technical Reports Server (NTRS)

Wang, John; Ishisoko, Katsutoshi C.

2012-01-01

Security Operations Centers (SOC) contain a wealth of data which, if properly classified and tagged upfront, can yield a wealth of real-time information about your organizations IT Security posture, risks, and threats. These include answers to relevant and actionable questions such as: What are our biggest threats? Who is attacking us and what do they want? What controls are working or not working? How effective was the new technology we just implemented? What is our ROI?

EVALUATION OF WATER MONITORING INSTRUMENTATION AT EPA'S WATER AWARENESS TECHNOLOGY EVALUATION RESEARCH SECURITY CENTER

EPA Science Inventory

The safety and security of distribution systems has come under reassessment in the past year. Several chemical and biological agents have been identified that might constitute a credible threat against water supply systems. There have also been a few reported threats against wate...

49 CFR 1572.9 - Applicant information required for HME security threat assessment.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... (13) Passport number. This information is voluntary and may expedite the adjudication process for... information is voluntary and may expedite the adjudication process for applicants who are U.S. citizens born... adjudication process for applicants who have completed a TSA security threat assessment. (16) Whether the...

28 CFR 540.15 - Restricted general correspondence.

Code of Federal Regulations, 2010 CFR

2010-07-01

... proposed correspondent would be a threat to the security or good order of the institution, or that the... without paying for the subscription; (3) Being a security risk; (4) Threatening a government official; or... the correspondent is involved in any violation of correspondence regulations, or would be a threat to...

Homeland security and virtual reality: building a Strategic Adaptive Response System (STARS).

PubMed

Swift, Christopher; Rosen, Joseph M; Boezer, Gordon; Lanier, Jaron; Henderson, Joseph V; Liu, Alan; Merrell, Ronald C; Nguyen, Sinh; Demas, Alex; Grigg, Elliot B; McKnight, Matthew F; Chang, Janelle; Koop, C Everett

2005-01-01

The advent of the Global War on Terrorism (GWOT) underscored the need to improve the U.S. disaster response paradigm. Existing systems involve numerous agencies spread across disparate functional and geographic jurisdictions. The current architecture remains vulnerable to sophisticated terrorist strikes. To address these vulnerabilities, we must continuously adapt and improve our Homeland Security architecture. Virtual Reality (VR) technologies will help model those changes and integrate technologies. This paper provides a broad overview of the strategic threats, together with a detailed examination of how specific VR technologies could be used to ensure successful disaster responses.

The policy of import substitution as the basis for economic security and well-being of society

NASA Astrophysics Data System (ADS)

Makasheva, Yu S.; Makasheva, N. P.; Gromova, A. S.; Andreeva, N. V.; Ishtunov, S. A.

2016-09-01

The study presents the analysis of import substitution opportunities on separate branches of economic activity, preceding the realization of import substitution policy with the aim to support national economic security, which is essential for the contemporary society welfare insurance. Currently, social well-being is considered to be the reflection of economic activity, the instrument of state influence on the society, as well as an indicator of the social security system. Due to the fact that Russia is integrated into the world economy, the foreign-economic policy currently is playing an important role in the development of national security and the state's interest to the spheres of economy considering external and internal threats. Decline in external economic conditions may result in serious consequences for the functioning and development of the country as well as for the trade and investment activities, which will further lead to the decline in export, withdrawal of capital, recession of industrial production, trade and investment sphere, fall of GDP and living standards. Thus, considering the current state of instability in the world economy and the growing political tension in relation to Russian Federation, the measures to increase economic security in the country should be taken. The policy of import substitution is considered to be one of the major solutions nowadays.

Detection and Prevention of Insider Threats in Database Driven Web Services

NASA Astrophysics Data System (ADS)

Chumash, Tzvi; Yao, Danfeng

In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.

Ecological and evolutionary approaches to managing honey bee disease

PubMed Central

Brosi, Berry J.; Delaplane, Keith S.; Boots, Michael; de Roode, Jacobus C.

2017-01-01

Honey bee declines are a serious threat to global agricultural security and productivity. While multiple factors contribute to these declines, parasites are a key driver. Disease problems in honey bees have intensified in recent years, despite increasing attention to addressing them. Here we argue that we must focus on the principles of disease ecology and evolution to understand disease dynamics, assess the severity of disease threats, and manage these threats via honey bee management. We cover the ecological context of honey bee disease, including both host and parasite factors driving current transmission dynamics, and then discuss evolutionary dynamics including how beekeeping management practices may drive selection for more virulent parasites. We then outline how ecological and evolutionary principles can guide disease mitigation in honey bees, including several practical management suggestions for addressing short- and long-term disease dynamics and consequences. PMID:29046562

Mobile Device Security: Perspectives of Future Healthcare Workers

PubMed Central

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients’ protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students’ perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants’ perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority. PMID:28566992

Mobile Device Security: Perspectives of Future Healthcare Workers.

PubMed

Hewitt, Barbara; Dolezel, Diane; McLeod, Alexander

2017-01-01

Healthcare data breaches on mobile devices continue to increase, yet the healthcare industry has not adopted mobile device security standards. This increase is disturbing because individuals are often accessing patients' protected health information on personal mobile devices, which could lead to a data breach. This deficiency led the researchers to explore the perceptions of future healthcare workers regarding mobile device security. To determine healthcare students' perspectives on mobile device security, the investigators designed and distributed a survey based on the Technology Threat Avoidance Theory. Three hundred thirty-five students participated in the survey. The data were analyzed to determine participants' perceptions about security threats, effectiveness and costs of safeguards, self-efficacy, susceptibility, severity, and their motivation and actions to secure their mobile devices. Awareness of interventions to protect mobile devices was also examined. Results indicate that while future healthcare professionals perceive the severity of threats to their mobile data, they do not feel personally susceptible. Additionally, participants were knowledgeable about security safeguards, but their knowledge of costs and problems related to the adoption of these measures was mixed. These findings indicate that increasing security awareness of healthcare professionals should be a priority.

Managing the Aviation Insider Threat

DTIC Science & Technology

2010-12-01

World Airport NSAS National Strategy for Aviation Security OIS Office of Intelligence SIDA Security Identification Display Area STA Security...Security of the secured area”, 1542.205, “Security of the security identification display area ( SIDA )”, and 1542.209, “Fingerprint-based criminal

The Dissemination of Terrorist Threat Information: Who Should Be Warned

DTIC Science & Technology

1990-05-01

within the Government that should be receiving more attention. ENDNOTES 1. U.S., Cong., House, Committee on Foreign Affairs, Foreign Airport Security , Hearing...A16. 3. U.S., Cong., House, Committee on Foreign Affairs, Foreign Airport Security , 55. For additional information on the threat and other related...Journal, 30 January 1989: A14. 8. U.S., Cong., House, Committee on Foreign Affairs, Foreign Airport Security , 55. 9. U.S., Cong., Senate, Committee on

A risk management approach to CAIS development

NASA Technical Reports Server (NTRS)

Hart, Hal; Kerner, Judy; Alden, Tony; Belz, Frank; Tadman, Frank

1986-01-01

The proposed DoD standard Common APSE Interface Set (CAIS) was developed as a framework set of interfaces that will support the transportability and interoperability of tools in the support environments of the future. While the current CAIS version is a promising start toward fulfilling those goals and current prototypes provide adequate testbeds for investigations in support of completing specifications for a full CAIS, there are many reasons why the proposed CAIS might fail to become a usable product and the foundation of next-generation (1990'S) project support environments such as NASA's Space Station software support environment. The most critical threats to the viability and acceptance of the CAIS include performance issues (especially in piggybacked implementations), transportability, and security requirements. To make the situation worse, the solution to some of these threats appears to be at conflict with the solutions to others.

Non-Traditional Security Threats in the Border Areas: Terrorism, Piracy, Environmental Degradation in Southeast Asian Maritime Domain

NASA Astrophysics Data System (ADS)

Dabova, E. L.

2013-11-01

In addition to facilitating peaceful trade and economic development, sovereign territory, territorial waters and international waters are being used by various criminal groups that pose threats to governments, businesses and civilian population in Southeast Asia. Nonstate criminal maritime activities were not receiving appropriate attention as they were overshadowed by traditional military security challenges. Yet more and more frequently, the non-traditional actors challenge lines of communication, jeopardize access to strategic resources, complicate traditional defence tasks, and harm the environment. Understanding the nature of non-traditional threats, and the ways to combat them, requires international legal, historical and political science analysis within a united problem-oriented approach. A fair critique to pure interest, power and knowledge -based theories of regime formation was developed by E.K. Leonard's1, who explained the evolution of the international system from the global governance perspective. The present study is based on the premise that pure nation-state approaches are incapable of providing a theoretical ground for addressing the growing influence of international criminal networks in South East Asia. From an international relations theory perspective, the author of this study agrees with D.Snidal2 that the hegemonic stability theory has "limits" and is insufficient in describing modern challenges to sustainable international security regime, including non-traditional threats, where collective action is more efficient from an interest and capability standpoint. At the same time the author of this study does not share the viewpoint on "marginalization"3 of international law in current international order due to its fragmentation and regionalization4 and "global power shifts"5 . The United Nations, as a global institution at the top of the vertical hierarchy of international legal order, and the EU as an example of "self-contained" regime along with other subsystems like South East Asia may have different approaches to global governance, international constitutional order, or particular cases such as the measure of infringement of human rights when targeting individuals suspected of terrorist links. Yet international law remains the key part of the Asian and global security regime. The hypothesis of this study is that the "void of governance" regime in territorial and international waters provides lucrative environment for developing terrorism, piracy, environmental degradation, and other criminal activities that pose untraditional threats to the regional security. This "void of governance" regime can be caused by either, or both, de jure or de facto insufficient control over particular marine territories.

Cyber-security Considerations for Real-Time Physiological Status Monitoring: Threats, Goals, and Use Cases

DTIC Science & Technology

2016-11-01

low- power RF transmissions used by the OBAN system. B. Threat Analysis Methodology To analyze the risk presented by a particular threat we use a... power efficiency5 and in the absolute worst case a compromise of the wireless channel could result in death. Fitness trackers on the other hand are...analysis is intended to inform the development of secure RT-PSM architectures. I. INTRODUCTION The development of very low- power computing devices and

Dogs That Haven't Barked: Towards an Understanding of the Absence of Expected Technological Threats Workshop Bibliography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Roseman, Mallory; Zikry, Fareeda

Lawrence Livermore National Laboratory’s Center for Global Security Research hosted a workshop to investigate why some consistently predicted threats from science and technology (S&T) have not manifested with the impacts to international security as forecasted. During the workshop, “Dogs That Haven’t Barked: Towards an Understanding of the Absence of Expected Technological Threats,” participants used two specific cases to focus the discussion: biotechnology and man-portable air defense systems (MANPADS).

A comprehensive approach to managing threats of violence on a university or college campus.

PubMed

Regehr, Cheryl; Glancy, Graham D; Carter, Andrea; Ramshaw, Lisa

Horrifying, high profile acts of violence on campuses remain relatively rare, nevertheless, academic administrators are required to manage threats of violence on campus on an increasingly regular basis. These threats take two primary forms, those in which the perpetrator and the intended victim(s) are clearly identified, often involving repeated threats and threatening behaviour towards an individual; and those involving anonymous threats to commit acts of larger scale violence. Complicating factors in managing these threats include: fear contagion; mass media and social media attention; responsibilities to all members of the university community sometimes including individuals issuing the threat and the intended victims; demands for safety and security measures that are often at odds with professional advice; and permeable campus boundaries that cause security challenges. This paper considers the changing landscape of threat assessment and risk assessment on university and college campuses and suggests opportunities for partnerships between forensic mental health professionals and academic administrators. Copyright © 2017 Elsevier Ltd. All rights reserved.

Cyber Vulnerabilities Within Critical Infrastructure: The Flaws of Industrial Control Systems in the Oil and Gas Industry

NASA Astrophysics Data System (ADS)

Alpi, Danielle Marie

The 16 sectors of critical infrastructure in the US are susceptible to cyber-attacks. Potential attacks come from internal and external threats. These attacks target the industrial control systems (ICS) of companies within critical infrastructure. Weakness in the energy sector's ICS, specifically the oil and gas industry, can result in economic and ecological disaster. The purpose of this study was to establish means for oil companies to identify and stop cyber-attacks specifically APT threats. This research reviewed current cyber vulnerabilities and ways in which a cyber-attack may be deterred. This research found that there are insecure devices within ICS that are not regularly updated. Therefore, security issues have amassed. Safety procedures and training thereof are often neglected. Jurisdiction is unclear in regard to critical infrastructure. The recommendations this research offers are further examination of information sharing methods, development of analytic platforms, and better methods for the implementation of defense-in-depth security measures.

Current and potential cyber attacks on medical journals; guidelines for improving security.

PubMed

Dadkhah, Mehdi; Seno, Seyed Amin Hosseini; Borchardt, Glenn

2017-03-01

At the moment, scholarly publishing is faced with much academic misconduct and threats such as predatory journals, hijacked journals, phishing, and other scams. In response, we have been discussing this misconduct and trying to increase the awareness of researchers, but it seems that there is a lack of research that presents guidelines for editors to help them protect themselves against these threats. It seems that information security is missing in some parts of scholarly publishing that particularly involves medical journals. In this paper, we explain different types of cyber-attacks that especially threaten editors and academic journals. We then explain the details involved in each type of attack. Finally, we present general guidelines for detection and prevention of the attacks. In some cases, we use small experiments to show that our claim is true. Finally, we conclude the paper with a prioritization of these attacks. Copyright © 2016 European Federation of Internal Medicine. Published by Elsevier B.V. All rights reserved.

Computing Legacy Software Behavior to Understand Functionality and Security Properties: An IBM/370 Demonstration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Linger, Richard C; Pleszkoch, Mark G; Prowell, Stacy J

Organizations maintaining mainframe legacy software can benefit from code modernization and incorporation of security capabilities to address the current threat environment. Oak Ridge National Laboratory is developing the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are in fact specialized functional behaviors of software. Oak Ridge is collaborating with MITRE Corporation to conduct a demonstration project to compute behavior of legacy IBM Assembly Language code for a federal agency. The ultimate goal is to understand functionality and securitymore » vulnerabilities as a basis for code modernization. This paper reports on the first phase, to define functional semantics for IBM Assembly instructions and conduct behavior computation experiments.« less

Software To Secure Distributed Propulsion Simulations

NASA Technical Reports Server (NTRS)

Blaser, Tammy M.

2003-01-01

Distributed-object computing systems are presented with many security threats, including network eavesdropping, message tampering, and communications middleware masquerading. NASA Glenn Research Center, and its industry partners, has taken an active role in mitigating the security threats associated with developing and operating their proprietary aerospace propulsion simulations. In particular, they are developing a collaborative Common Object Request Broker Architecture (CORBA) Security (CORBASec) test bed to secure their distributed aerospace propulsion simulations. Glenn has been working with its aerospace propulsion industry partners to deploy the Numerical Propulsion System Simulation (NPSS) object-based technology. NPSS is a program focused on reducing the cost and time in developing aerospace propulsion engines

Nuclear and radiological Security: Introduction.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Miller, James Christopher

Nuclear security includes the prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer, or other malicious acts involving nuclear or other radioactive substances or their associated facilities. The presentation begins by discussing the concept and its importance, then moves on to consider threats--insider threat, sabotage, diversion of materials--with considerable emphasis on the former. The intrusion at Pelindaba, South Africa, is described as a case study. The distinction between nuclear security and security of radiological and portable sources is clarified, and the international legal framework is touched upon. The paper concludes by discussing the responsibilities of themore » various entities involved in nuclear security.« less

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education

PubMed Central

2013-01-01

Background Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient’s TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Methods Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO’s standard for information security risk management. Results A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Conclusions Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality risks in home are different from in a more controlled environment such as a hospital; and electronic equipment located in private homes and communicating via Internet, is more exposed to unauthorised access. By implementing the proposed measures, it has been possible to design a home-based service which ensures the necessary level of information security and privacy. PMID:23937965

Emergency Management Standards for NCAA Division I-A Football Stadia

ERIC Educational Resources Information Center

Hoogstra, Joshua R.

2012-01-01

In the best of times, emergency managers of athletic event venues struggle with the responsibilities of venue security. The possibility of terrorist threats exacerbates the situation, especially when security threats can involve a critical mass of spectators at an event. Emergency managers at the National Collegiate Athletic Association (NCAA)…

Relationship between Trustworthiness, Transparency, and Security in Cloud Computing Environments: A Regression Analysis

ERIC Educational Resources Information Center

Ibrahim, Sara

2017-01-01

The insider security threat causes new and dangerous dimensions in cloud computing. Those internal threats are originated from contractors or the business partners' input that have access to the systems. A study of trustworthiness and transparency might assist the organizations to monitor employees' activity more cautiously on cloud technologies…

Piracy and Maritime Terrorism; A Seamless Transition

DTIC Science & Technology

2004-05-18

1/.html>. [24 April 2004]. Cropley , Ed. “Asia eyes sea security after threats, US warning.” Reuters. 22 Apr 2004. <http://www.marketnewzealand.com...stm>. ii Ed Cropley , “Asia eyes sea security after threats, US warning,” Reuters, 22 Apr 2004. <http://www.marketnewzealand.com/mnz/News/Story.aspx

Cyber threat model for tactical radio networks

NASA Astrophysics Data System (ADS)

Kurdziel, Michael T.

2014-05-01

The shift to a full information-centric paradigm in the battlefield has allowed ConOps to be developed that are only possible using modern network communications systems. Securing these Tactical Networks without impacting their capabilities has been a challenge. Tactical networks with fixed infrastructure have similar vulnerabilities to their commercial counterparts (although they need to be secure against adversaries with greater capabilities, resources and motivation). However, networks with mobile infrastructure components and Mobile Ad hoc Networks (MANets) have additional unique vulnerabilities that must be considered. It is useful to examine Tactical Network based ConOps and use them to construct a threat model and baseline cyber security requirements for Tactical Networks with fixed infrastructure, mobile infrastructure and/or ad hoc modes of operation. This paper will present an introduction to threat model assessment. A definition and detailed discussion of a Tactical Network threat model is also presented. Finally, the model is used to derive baseline requirements that can be used to design or evaluate a cyber security solution that can be scaled and adapted to the needs of specific deployments.

An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

PubMed

Barrett, Jason R; French, P Edward

2013-01-01

The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

Information Security Risk Assessment in Hospitals.

PubMed

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

Urban phosphorus sustainability: Systemically incorporating social, ecological, and technological factors into phosphorus flow analysis

Treesearch

Genevieve S. Metson; David M. Iwaniec; Lawrence A. Baker; Elena M. Bennett; Daniel L. Childers; Dana Cordell; Nancy B. Grimm; J. Morgan Grove; Daniel A. Nidzgorski; Stuart White

2015-01-01

Phosphorus (P) is an essential fertilizer for agricultural production but is also a potent aquatic pollutant. Current P management fails to adequately address both the issue of food security due to P scarcity and P pollution threats to water bodies. As centers of food consumption and waste production, cities transport and store much P and thus provide important...

Bridging the health security divide: department of defense support for the global health security agenda.

PubMed

Moudy, Robin M; Ingerson-Mahar, Michael; Kanter, Jordan; Grant, Ashley M; Fisher, Dara R; Jones, Franca R

2014-01-01

In 2011, President Obama addressed the United Nations General Assembly and urged the global community to come together to prevent, detect, and fight every kind of biological danger, whether a pandemic, terrorist threat, or treatable disease. Over the past decade, the United States and key international partners have addressed these dangers through a variety of programs and strategies aimed at developing and enhancing countries' capacity to rapidly detect, assess, report, and respond to acute biological threats. Despite our collective efforts, however, an increasingly interconnected world presents heightened opportunities for human, animal, and zoonotic diseases to emerge and spread globally. Further, the technical capabilities required to develop biological agents into a weapon are relatively low. The launch of the Global Health Security Agenda (GHSA) provides an opportunity for the international community to enhance the linkages between the health and security sectors, accelerating global efforts to prevent avoidable epidemics and bioterrorism, detect threats early, and respond rapidly and effectively to biological threats. The US Department of Defense (DoD) plays a key role in achieving GHSA objectives through its force health protection, threat reduction, and biodefense efforts at home and abroad. This article focuses on GHSA activities conducted in the DoD Office of the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense.

33 CFR 105.255 - Security measures for access control.

Code of Federal Regulations, 2010 CFR

2010-07-01

... and facilities; (4) Granting access to only those responding to the security incident or threat... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security measures for access... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Requirements § 105.255 Security...

Security Concepts for Satellite Links

NASA Astrophysics Data System (ADS)

Tobehn, C.; Penné, B.; Rathje, R.; Weigl, A.; Gorecki, Ch.; Michalik, H.

2008-08-01

The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services. This paper describes the key points of current satellite control and operations, that are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods. For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC- DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data provides download data rates up to Nx250 Mbps. The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi- satellite system and German-French SAR-Lupe-Helios- II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES).

Stand Up and Be Counted: The Continuing Challenge of Building the Iraqi Security Forces

DTIC Science & Technology

2007-01-01

forces in conjunction with neutralizing Iraq’s insurgency and developing Iraqi forces capable of securing the country . From the fall of 2003...effort to develop the Iraqi Security Forces (ISF), we cannot assess the operational capability of these forces. We are actually left with more...First we trained the army for threats from outside the country . But we realized the true threats were inside the country …. It’s the Iraqis

Research review of nongovernmental organizations' security policies for humanitarian programs in war, conflict, and postconflict environments.

PubMed

Rowley, Elizabeth; Burns, Lauren; Burnham, Gilbert

2013-06-01

To identify the most and least commonly cited security management messages that nongovernmental organizations (NGOs) are communicating to their field staff, to determine the types of documentation that NGOs most often use to communicate key security messages, and to distinguish the points of commonality and divergence across organizations in the content of key security messages. The authors undertook a systematic review of available security policies, manuals, and training materials from 20 international humanitarian NGOs using the InterAction Minimum Operating Security Standards as the basis for a review framework. The most commonly cited standards include analytical security issues such as threat and risk assessment processes and guidance on acceptance, protection, and deterrence approaches. Among the least commonly cited standards were considering security threats to national staff during staffing decision processes, incorporating security awareness into job descriptions, and ensuring that national staff security issues are addressed in trainings. NGO staff receive security-related messages through multiple document types, but only 12 of the 20 organizations have a distinct security policy document. Points of convergence across organizations in the content of commonly cited standards were found in many areas, but differences in security risk and threat assessment guidance may undermine communication between aid workers about changes in local security environments. Although the humanitarian community has experienced significant progress in the development of practical staff security guidance during the past 10 years, gaps remain that can hinder efforts to garner needed resources, clarify security responsibilities, and ensure that the distinct needs of national staff are recognized and addressed.

Securitizing the Arctic indigenous peoples: A community security perspective with special reference to the Sámi of the European high north

NASA Astrophysics Data System (ADS)

Hossain, Kamrul

2016-09-01

The theory of securitization-the so-called Copenhagen school-centers the concept of security on various identified threats. Security based on the collective identity by which a society preserves its essential characteristics has been defined as community security, or societal security. The underlying principle of the Copenhagen school is that state-based, sovereignty-oriented security is ineffective unless the other components of security threats are addressed. The concept of human security, developed nearly simultaneously to that of securitization, identifies threat components at the sub-state level which are not traditionally understood as security concerns. Both schools of security thought are similar as they offer nontraditional approaches to understanding the concept of security. In this article, I explore securitization theory and the concept of human security to elaborate community perspectives in the understanding of security. In a case study, I investigate the security concerns of the indigenous peoples of the Arctic. The transformation of the Arctic by climate change and its impacts has resulted in new challenges and opportunities, so I explore how indigenous peoples in general and the Sámi in particular understand security which promotes their societal security. Although I show that this group of people deserves recognition and the ability to exercise greater authority, I conclude that diverse concepts of security do not by any means undermine the core traditional concept of security. These aspects of security remain subject to scrutiny by states and exist in a vertical structure. The Sámi, therefore, rely on affirmative actions by states to enjoy greater rights to maintain their community security.

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks.

PubMed

Baig, Ahmed Fraz; Hassan, Khwaja Mansoor Ul; Ghani, Anwar; Chaudhry, Shehzad Ashraf; Khan, Imran; Ashraf, Muhammad Usman

2018-01-01

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.'s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols.

A lightweight and secure two factor anonymous authentication protocol for Global Mobility Networks

PubMed Central

2018-01-01

Global Mobility Networks(GLOMONETs) in wireless communication permits the global roaming services that enable a user to leverage the mobile services in any foreign country. Technological growth in wireless communication is also accompanied by new security threats and challenges. A threat-proof authentication protocol in wireless communication may overcome the security flaws by allowing only legitimate users to access a particular service. Recently, Lee et al. found Mun et al. scheme vulnerable to different attacks and proposed an advanced secure scheme to overcome the security flaws. However, this article points out that Lee et al. scheme lacks user anonymity, inefficient user authentication, vulnerable to replay and DoS attacks and Lack of local password verification. Furthermore, this article presents a more robust anonymous authentication scheme to handle the threats and challenges found in Lee et al.’s protocol. The proposed protocol is formally verified with an automated tool(ProVerif). The proposed protocol has superior efficiency in comparison to the existing protocols. PMID:29702675

Aerial surveillance vehicles augment security at shipping ports

NASA Astrophysics Data System (ADS)

Huck, Robert C.; Al Akkoumi, Muhammad K.; Cheng, Samuel; Sluss, James J., Jr.; Landers, Thomas L.

2008-10-01

With the ever present threat to commerce, both politically and economically, technological innovations provide a means to secure the transportation infrastructure that will allow efficient and uninterrupted freight-flow operations for trade. Currently, freight coming into United States ports is "spot checked" upon arrival and stored in a container yard while awaiting the next mode of transportation. For the most part, only fences and security patrols protect these container storage yards. To augment these measures, the authors propose the use of aerial surveillance vehicles equipped with video cameras and wireless video downlinks to provide a birds-eye view of port facilities to security control centers and security patrols on the ground. The initial investigation described in this paper demonstrates the use of unmanned aerial surveillance vehicles as a viable method for providing video surveillance of container storage yards. This research provides the foundation for a follow-on project to use autonomous aerial surveillance vehicles coordinated with autonomous ground surveillance vehicles for enhanced port security applications.

A secured e-tendering modeling using misuse case approach

NASA Astrophysics Data System (ADS)

Mohd, Haslina; Robie, Muhammad Afdhal Muhammad; Baharom, Fauziah; Darus, Norida Muhd; Saip, Mohamed Ali; Yasin, Azman

2016-08-01

Major risk factors relating to electronic transactions may lead to destructive impacts on trust and transparency in the process of tendering. Currently, electronic tendering (e-tendering) systems still remain uncertain in issues relating to legal and security compliance and most importantly it has an unclear security framework. Particularly, the available systems are lacking in addressing integrity, confidentiality, authentication, and non-repudiation in e-tendering requirements. Thus, one of the challenges in developing an e-tendering system is to ensure the system requirements include the function for secured and trusted environment. Therefore, this paper aims to model a secured e-tendering system using misuse case approach. The modeling process begins with identifying the e-tendering process, which is based on the Australian Standard Code of Tendering (AS 4120-1994). It is followed by identifying security threats and their countermeasure. Then, the e-tendering was modelled using misuse case approach. The model can contribute to e-tendering developers and also to other researchers or experts in the e-tendering domain.

The role of the health physicist in nuclear security.

PubMed

Waller, Edward J; van Maanen, Jim

2015-04-01

Health physics is a recognized safety function in the holistic context of the protection of workers, members of the public, and the environment against the hazardous effects of ionizing radiation, often generically designated as radiation protection. The role of the health physicist as protector dates back to the Manhattan Project. Nuclear security is the prevention and detection of, and response to, criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities, or associated activities. Its importance has become more visible and pronounced in the post 9/11 environment, and it has a shared purpose with health physics in the context of protection of workers, members of the public, and the environment. However, the duties and responsibilities of the health physicist in the nuclear security domain are neither clearly defined nor recognized, while a fundamental understanding of nuclear phenomena in general, nuclear or other radioactive material specifically, and the potential hazards related to them is required for threat assessment, protection, and risk management. Furthermore, given the unique skills and attributes of professional health physicists, it is argued that the role of the health physicist should encompass all aspects of nuclear security, ranging from input in the development to implementation and execution of an efficient and effective nuclear security regime. As such, health physicists should transcend their current typical role as consultants in nuclear security issues and become fully integrated and recognized experts in the nuclear security domain and decision making process. Issues regarding the security clearances of health physics personnel and the possibility of insider threats must be addressed in the same manner as for other trusted individuals; however, the net gain from recognizing and integrating health physics expertise in all levels of a nuclear security regime far outweighs any negative aspects. In fact, it can be argued that health physics is essential in achieving an integrated approach toward nuclear safety, security, and safeguards.

The Role of the Health Physicist in Nuclear Security

PubMed Central

Waller, Edward J.; van Maanen, Jim

2015-01-01

Abstract Health physics is a recognized safety function in the holistic context of the protection of workers, members of the public, and the environment against the hazardous effects of ionizing radiation, often generically designated as radiation protection. The role of the health physicist as protector dates back to the Manhattan Project. Nuclear security is the prevention and detection of, and response to, criminal or intentional unauthorized acts involving or directed at nuclear material, other radioactive material, associated facilities, or associated activities. Its importance has become more visible and pronounced in the post 9/11 environment, and it has a shared purpose with health physics in the context of protection of workers, members of the public, and the environment. However, the duties and responsibilities of the health physicist in the nuclear security domain are neither clearly defined nor recognized, while a fundamental understanding of nuclear phenomena in general, nuclear or other radioactive material specifically, and the potential hazards related to them is required for threat assessment, protection, and risk management. Furthermore, given the unique skills and attributes of professional health physicists, it is argued that the role of the health physicist should encompass all aspects of nuclear security, ranging from input in the development to implementation and execution of an efficient and effective nuclear security regime. As such, health physicists should transcend their current typical role as consultants in nuclear security issues and become fully integrated and recognized experts in the nuclear security domain and decision making process. Issues regarding the security clearances of health physics personnel and the possibility of insider threats must be addressed in the same manner as for other trusted individuals; however, the net gain from recognizing and integrating health physics expertise in all levels of a nuclear security regime far outweighs any negative aspects. In fact, it can be argued that health physics is essential in achieving an integrated approach toward nuclear safety, security, and safeguards. PMID:25706142

Process Security in Chemical Engineering Education

ERIC Educational Resources Information Center

Piluso, Cristina; Uygun, Korkut; Huang, Yinlun; Lou, Helen H.

2005-01-01

The threats of terrorism have greatly alerted the chemical process industries to assure plant security at all levels: infrastructure-improvement-focused physical security, information-protection-focused cyber security, and design-and-operation-improvement-focused process security. While developing effective plant security methods and technologies…

Not All Threats Are Equal

ERIC Educational Resources Information Center

Surface, Jeanne L.

2011-01-01

School leaders must be fully prepared to respond to all types of threats that occur. In order to respond to threats most appropriately, the school needs to have a systematic approach that combines education, prevention, intervention, discipline, security, and crisis preparedness measures. All threats must be assessed carefully and swiftly,…

Mitigation Policy Scenario of Space Debris Threat Related with National Security

NASA Astrophysics Data System (ADS)

Herdiansyah, Herdis; Frimawaty, Evy; Munir, Ahmad

2016-02-01

The development of air space recently entered a new phase, when the space issues correlated with the future of a country. In past time, the space authorization was related with advancing technology by many space mission and various satellite launchings, or it could be said that who ruled technology will rule the space. Therefore, the numerous satellites in the space could be a threat for the countries which are mainly located in the path of the satellite, especially in the equatorial region including Indonesia. This study aims to create a policy scenario in mitigating the threat of space debris. The results showed that although space debris was not threatened national security for now, but the potential and its impact on the future potentially harmful. The threats of orbit circulation for some experts considered as a threat for national security, because its danger potential which caused by space debris could significantly damage the affected areas. However, until now Indonesia has no comprehensive mitigation strategy for space matters although it has been ratified by the United Nations Convention.

Security inspection in ports by anomaly detection using hyperspectral imaging technology

NASA Astrophysics Data System (ADS)

Rivera, Javier; Valverde, Fernando; Saldaña, Manuel; Manian, Vidya

2013-05-01

Applying hyperspectral imaging technology in port security is crucial for the detection of possible threats or illegal activities. One of the most common problems that cargo suffers is tampering. This represents a danger to society because it creates a channel to smuggle illegal and hazardous products. If a cargo is altered, security inspections on that cargo should contain anomalies that reveal the nature of the tampering. Hyperspectral images can detect anomalies by gathering information through multiple electromagnetic bands. The spectrums extracted from these bands can be used to detect surface anomalies from different materials. Based on this technology, a scenario was built in which a hyperspectral camera was used to inspect the cargo for any surface anomalies and a user interface shows the results. The spectrum of items, altered by different materials that can be used to conceal illegal products, is analyzed and classified in order to provide information about the tampered cargo. The image is analyzed with a variety of techniques such as multiple features extracting algorithms, autonomous anomaly detection, and target spectrum detection. The results will be exported to a workstation or mobile device in order to show them in an easy -to-use interface. This process could enhance the current capabilities of security systems that are already implemented, providing a more complete approach to detect threats and illegal cargo.

Sabotage at Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Purvis, James W.

1999-07-21

Recently there has been a noted worldwide increase in violent actions including attempted sabotage at nuclear power plants. Several organizations, such as the International Atomic Energy Agency and the US Nuclear Regulatory Commission, have guidelines, recommendations, and formal threat- and risk-assessment processes for the protection of nuclear assets. Other examples are the former Defense Special Weapons Agency, which used a risk-assessment model to evaluate force-protection security requirements for terrorist incidents at DOD military bases. The US DOE uses a graded approach to protect its assets based on risk and vulnerability assessments. The Federal Aviation Administration and Federal Bureau of Investigationmore » conduct joint threat and vulnerability assessments on high-risk US airports. Several private companies under contract to government agencies use formal risk-assessment models and methods to identify security requirements. The purpose of this paper is to survey these methods and present an overview of all potential types of sabotage at nuclear power plants. The paper discusses emerging threats and current methods of choice for sabotage--especially vehicle bombs and chemical attacks. Potential consequences of sabotage acts, including economic and political; not just those that may result in unacceptable radiological exposure to the public, are also discussed. Applicability of risk-assessment methods and mitigation techniques are also presented.« less

XRIndex: a brief screening tool for individual differences in security threat detection in x-ray images

PubMed Central

Rusconi, Elena; Ferri, Francesca; Viding, Essi; Mitchener-Nissen, Timothy

2015-01-01

X-ray imaging is a cost-effective technique at security checkpoints that typically require the presence of human operators. We have previously shown that self-reported attention to detail can predict threat detection performance with small-vehicle x-ray images (Rusconi et al., 2012). Here, we provide evidence for the generality of such a link by having a large sample of naïve participants screen more typical dual-energy x-ray images of hand luggage. The results show that the Attention to Detail score from the autism-spectrum quotient (AQ) questionnaire (Baron-Cohen et al., 2001) is a linear predictor of threat detection accuracy. We then develop and fine-tune a novel self-report scale for security screening: the XRIndex, which improves on the Attention to Detail scale for predictive power and opacity to interpretation. The XRIndex is not redundant with any of the Big Five personality traits. We validate the XRIndex against security x-ray images with an independent sample of untrained participants and suggest that the XRIndex may be a useful aid for the identification of suitable candidates for professional security training with a focus on x-ray threat detection. Further studies are needed to determine whether this can also apply to trained professionals. PMID:26321935

When trust defies common security sense.

PubMed

Williams, Patricia A H

2008-09-01

Primary care medical practices fail to recognize the seriousness of security threats to their patient and practice information. This can be attributed to a lack of understanding of security concepts, underestimation of potential threats and the difficulty in configuration of security technology countermeasures. To appreciate the factors contributing to such problems, research into general practitioner security practice and perceptions of security was undertaken. The investigation focused on demographics, actual practice, issues and barriers, and practitioner perception. Poor implementation, lack of relevant knowledge and inconsistencies between principles and practice were identified as key themes. Also the results revealed an overwhelming reliance on trust in staff and in computer information systems. This clearly identified that both cultural and technical attributes contribute to the deficiencies in information security practice. The aim of this research is to understand user needs and problems when dealing with information security practice.

Analysis of security and threat of underwater wireless sensor network topology

NASA Astrophysics Data System (ADS)

Yang, Guang; Wei, Zhiqiang; Cong, Yanping; Jia, Dongning

2012-04-01

Underwater wireless sensor networks (UWSNs) are a subclass of wireless sensor networks. Underwater sensor deployment is a significant challenge due to the characteristics of UWSNs and underwater environment. Recent researches for UWSNs deployment mostly focus on the maintenance of network connectivity and maximum communication coverage. However, the broadcast nature of the transmission medium incurs various types of security attacks. This paper studies the security issues and threats of UWSNs topology. Based on the cluster-based topology, an underwater cluster-based security scheme (U-CBSS) is presented to defend against these attacks. and safety.

Proceedings Second Annual Cyber Security and Information Infrastructure Research Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Krings, Axel; Yoo, Seong-Moo

2006-01-01

The workshop theme is Cyber Security: Beyond the Maginot Line Recently the FBI reported that computer crime has skyrocketed costing over $67 billion in 2005 alone and affecting 2.8M+ businesses and organizations. Attack sophistication is unprecedented along with availability of open source concomitant tools. Private, academic, and public sectors invest significant resources in cyber security. Industry primarily performs cyber security research as an investment in future products and services. While the public sector also funds cyber security R&D, the majority of this activity focuses on the specific mission(s) of the funding agency. Thus, broad areas of cyber security remain neglectedmore » or underdeveloped. Consequently, this workshop endeavors to explore issues involving cyber security and related technologies toward strengthening such areas and enabling the development of new tools and methods for securing our information infrastructure critical assets. We aim to assemble new ideas and proposals about robust models on which we can build the architecture of a secure cyberspace including but not limited to: * Knowledge discovery and management * Critical infrastructure protection * De-obfuscating tools for the validation and verification of tamper-proofed software * Computer network defense technologies * Scalable information assurance strategies * Assessment-driven design for trust * Security metrics and testing methodologies * Validation of security and survivability properties * Threat assessment and risk analysis * Early accurate detection of the insider threat * Security hardened sensor networks and ubiquitous computing environments * Mobile software authentication protocols * A new "model" of the threat to replace the "Maginot Line" model and more . . .« less

Compliance with HIPAA security standards in U.S. Hospitals.

PubMed

Davis, Diane; Having, Karen

2006-01-01

With the widespread use of computer networks, the amount of information stored electronically has grown exponentially, resulting in increased concern for privacy and security of information. The healthcare industry has been put to the test with the federally mandated Health Insurance Portability and Accountability Act (HIPAA) of 1996. To assess the compliance status of HIPAA security standards, a random sample of 1,000 U.S. hospitals was surveyed in January 2004, yielding a return rate of 29 percent. One year later, a follow-up survey was sent to all previous respondents, with 50 percent replying. HIPAA officers'perceptions of security compliance in 2004 and 2005 are compared in this article. The security standards achieving the highest level of compliance in both 2004 and 2005 were obtaining required business associate agreements and physical safeguards to limit access to electronic information systems. Respondents indicated least compliance both years in performing periodic evaluation of security practices governed by the Security Rule. Roadblocks, threats, problems and solutions regarding HIPAA compliance are discussed. This information may be applied to current and future strategies toward maintaining security of information systems throughout the healthcare industry.

Human Reliability Program Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Landers, John; Rogers, Erin; Gerke, Gretchen

A Human Reliability Program (HRP) is designed to protect national security as well as worker and public safety by continuously evaluating the reliability of those who have access to sensitive materials, facilities, and programs. Some elements of a site HRP include systematic (1) supervisory reviews, (2) medical and psychological assessments, (3) management evaluations, (4) personnel security reviews, and (4) training of HRP staff and critical positions. Over the years of implementing an HRP, the Department of Energy (DOE) has faced various challenges and overcome obstacles. During this 4-day activity, participants will examine programs that mitigate threats to nuclear security andmore » the insider threat to include HRP, Nuclear Security Culture (NSC) Enhancement, and Employee Assistance Programs. The focus will be to develop an understanding of the need for a systematic HRP and to discuss challenges and best practices associated with mitigating the insider threat.« less

Water Security - National and Global Issues

NASA Astrophysics Data System (ADS)

Tindall, J. A.; Campbell, A. A.; Moran, E. H.

2010-12-01

Water is fundamental to human life. Disruption of water supplies by the Water Threats and Hazards Triad (WTHT) — man-made, natural, and technological hazards — could threaten the delivery of vital human services, endanger public health and the environment, potentially cause mass casualties, and threaten population sustainability, social stability, and homeland security. Water distribution systems extend over vast areas and are therefore vulnerable to a wide spectrum of threats — from natural hazards such as large forest fires that result in runoff and debris flow that clog reservoirs, and reduce, disrupt, or contaminate water supply and quality to threats from natural, man-made, or political extremist attacks. Our research demonstrates how devising concepts and counter measures to protect water supplies will assist the public, policy makers, and planners at local, Tribal, State, and Federal levels to develop solutions for national and international water-security and sustainability issues. Water security is an issue in which the entire global community is stakeholders.

The International Test Commission Guidelines on the Security of Tests, Examinations, and Other Assessments

ERIC Educational Resources Information Center

International Journal of Testing, 2016

2016-01-01

The amount and severity of security threats have increased considerably over the past two decades, calling into question the validity of assessments administered around the world. These threats have increased for a number of reasons, including the popular use of computerized and online technologies for test administration and the use of almost…

From the Weakest Link to the Best Defense: Exploring the Factors That Affect Employee Intention to Comply with Information Security Policies

ERIC Educational Resources Information Center

Aurigemma, Salvatore

2013-01-01

Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the reliance on information technology has increased, so too have the threats and costs associated with protecting organizational information resources. To combat potential information security threats, organizations rely…

DHS S&T First Responders Group and NATO Counter UAS Proposal Interest Response.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Salton, Jonathan R.

The capability, speed, size, and widespread availability of small unmanned aerial systems (sUAS) makes them a serious security concern. The enabling technologies for sUAS are rapidly evolving and so too are the threats they pose to national security. Potential threat vehicles have a small cross-section, and are difficult to reliably detect using purely ground-based systems (e.g. radar or electro-optical) and challenging to target using conventional anti-aircraft defenses. Ground-based sensors are static and suffer from interference with the earth, vegetation and other man-made structures which obscure objects at low altitudes. Because of these challenges, sUAS pose a unique and rapidly evolvingmore » threat to national security.« less

Designing the Army’s Future Active Duty Weapons of Mass Destruction Response: Is the Defense Chemical, Biological, Radiological, Nuclear and High-Yield Explosives Response Force (DCRF) the Right Force at the Right Time?

DTIC Science & Technology

2013-06-14

ever-evolving contemporary nature of external and internal threats to the safety and security of the American homeland, it becomes increasingly...Major Justin P. Hurt, 146 pages. With the ever-evolving contemporary nature of external and internal threats to the safety and security of the American...HAZMAT Hazardous Materials HRF Homeland Response Force HSPD Homeland Security Presidential Directive JFHQ Joint Force

Security in Logistics

NASA Astrophysics Data System (ADS)

Cempírek, Václav; Nachtigall, Petr; Široký, Jaromír

2016-12-01

This paper deals with security of logistic chains according to incorrect declaration of transported goods, fraudulent transport and forwarding companies and possible threats caused by political influences. The main goal of this paper is to highlight possible logistic costs increase due to these fraudulent threats. An analysis of technological processes will beis provided, and an increase of these transport times considering the possible threatswhich will beis evaluated economic costs-wise. In the conclusion, possible threat of companies'` efficiency in logistics due to the costs`, means of transport and increase in human resources` increase will beare pointed out.

Research on computer virus database management system

NASA Astrophysics Data System (ADS)

Qi, Guoquan

2011-12-01

The growing proliferation of computer viruses becomes the lethal threat and research focus of the security of network information. While new virus is emerging, the number of viruses is growing, virus classification increasing complex. Virus naming because of agencies' capture time differences can not be unified. Although each agency has its own virus database, the communication between each other lacks, or virus information is incomplete, or a small number of sample information. This paper introduces the current construction status of the virus database at home and abroad, analyzes how to standardize and complete description of virus characteristics, and then gives the information integrity, storage security and manageable computer virus database design scheme.

Information Security Risk Assessment in Hospitals

PubMed Central

Ayatollahi, Haleh; Shagerdi, Ghazal

2017-01-01

Background: To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals. Objective: The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran. Method: This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78). Results: The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%). Conclusion: The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies. PMID:29204226

Bio-Inspired Innovation and National Security

DTIC Science & Technology

2010-01-01

legal and illegal, to enhance athlete performance. While legality is not a critical issue for combat soldiers, safety is. Current strength...Operating critical infrastructure? How do we operate when the families of our Servicepeople are exposed to the same threat? Clearly, we are unprepared to...against their will because of the belief that Iraq would use weapons of mass destruction against American forces. After the war, it was discovered that

Illicit Trafficking in the Western Hemisphere: Developing an Operational Approach to Defeat Smuggling within the Region

DTIC Science & Technology

2017-03-31

and political stability. The threat is currently so pervasive that solving it is impossible without significant strategic reframing. A design ...approach will offer a better understanding of the functions and systems used for illicit trafficking. An operational design will be useful for developing a...illicit drugs, human trafficking, USSOUTHCOM, trafficking, operational design 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT

UCLA High Speed, High Volume Laboratory Network for Infectious Diseases. Addendum

DTIC Science & Technology

2009-08-01

s) and should not be construed as an official Department of the Army position, policy or decision unless so designated by other documentation... Design : Because of current public health and national security threats, influenza surveillance and analysis will be the initial focus. In the upcoming...throughput and automated systems will enable processing of tens of thousands of samples and provide critical laboratory capacity. Its overall design and

Protecting Critical Rail Infrastructure

DTIC Science & Technology

2006-12-01

Gulliver.Trb.Org/Publications/Sr/Sr270.Pdf. 38. Allan J. DeBlasio, Terrance J. Regan, Margaret E . Zirker, Katherine S. Fichter, Kristin Lovejoy ...getrpt?GAO-04-598T. 4. Ibid. 5. Thomas H. Kean, Lee H. Hamilton, Richard Ben-Veniste, Fred F. Fielding, Jamie S. Gorelick, Slade Gorton, Bob Kerrey...Committee, Current and Projected National Security Threats to the United States, Vice Admiral Lowell E . Jacoby, United States Navy, Director, Defense

Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

NASA Technical Reports Server (NTRS)

Roy, Sandip; Sridhar, Banavar

2016-01-01

Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure, and indeed security solutions are being implemented in the current system. While these security solutions are important, they only provide a piecemeal solution. Particular computers or communication channels are protected from particular attacks, without a holistic view of the air transportation infrastructure. On the other hand, the above-listed incidents highlight that a holistic approach is needed, for several reasons. First, the air transportation infrastructure is a large scale cyber-physical system with multiple stakeholders and diverse legacy assets. It is impractical to protect every cyber- asset from known and unknown disruptions, and instead a strategic view of security is needed. Second, disruptions to the cyber- system can incur complex propagative impacts across the air transportation network, including its physical and human assets. Also, these implications of cyber- events are exacerbated or modulated by other disruptions and operational specifics, e.g. severe weather, operator fatigue or error, etc. These characteristics motivate a holistic and strategic perspective on protecting the air transportation infrastructure from cyber- events. The analysis of cyber- threats to the air traffic system is also inextricably tied to the integration of new autonomy into the airspace. The replacement of human operators with cyber functions leaves the network open to new cyber threats, which must be modeled and managed. Paradoxically, the mitigation of cyber events in the airspace will also likely require additional autonomy, given the fast time scale and myriad pathways of cyber-attacks which must be managed. The assessment of new vulnerabilities upon integration of new autonomy is also a key motivation for a holistic perspective on cyber threats.

IEC 61850: Technology Standards and Cyber-Security Threats

DOE Office of Scientific and Technical Information (OSTI.GOV)

Youssef, Tarek A; El Hariri, mohamed; Bugay, Nicole

Substations constitute a fundamental part in providing reliable electricity to consumers. For a substation to maintain electricity reliability and its own real-time operability, communication between its components is inevitable. Before the emergence of IEC 61850, inter-substation communication was established via expensive copper wires with limited capabilities. IEC 61850 is the standard set by the International Electrotechnical Commission (IEC) Technical Committee Number 57 Working Group 10 and IEEE for Ethernet (IEEE 802.3)-based communication in electrical substations. Like many power grid systems standards, IEC 61850 was set without extensive consideration for critical security measures. This paper discusses IEC 61850 technology standards andmore » applications thoroughly and points out major security vulnerabilities it introduces in the context of current cyber-physical smart grid systems.« less

Building a Secure Library System.

ERIC Educational Resources Information Center

Benson, Allen C.

1998-01-01

Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

49 CFR 1522.5 - TSA inspection authority.

Code of Federal Regulations, 2010 CFR

2010-10-01

... threats to transportation; (ii) Enforce security-related regulations, directives, and requirements: (iii... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY SECURITY RULES FOR ALL MODES OF TRANSPORTATION TSA-APPROVED VALIDATION FIRMS...

A Survey on Cyber Security awareness among college students in Tamil Nadu

NASA Astrophysics Data System (ADS)

Senthilkumar, K.; Easwaramoorthy, Sathishkumar

2017-11-01

The aim of the study is to analyse the awareness of cyber security on college students in Tamil Nadu by focusing various security threats in the internet. In recent years cybercrime is an enormous challenge in all areas including national security, public safety and personal privacy. To prevent from a victim of cybercrime everyone must know about their own security and safety measures to protect by themselves. A well-structured questionnaire survey method will be applied to analyse the college student’s awareness in the area of cyber security. This survey will be going to conducted in major cities of Tamil Nadu by focusing various security threats like email, virus, phishing, fake advertisement, popup windows and other attacks in the internet. This survey examines the college students’ awareness and the level of awareness about the security issues and some suggestions are set forth to overcome these issues.

3 CFR - Continuation of the National Emergency With Respect to the Actions of the Government of Syria

Code of Federal Regulations, 2013 CFR

2013-01-01

... extraordinary threat to the national security, foreign policy, and economy of the United States. As a result... of May 1, 2012. The President took these actions to deal with the unusual and extraordinary threat to the national security, foreign policy, and economy of the United States constituted by the actions of...

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids

PubMed Central

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham- Yahalom logic. PMID:27007951

Elliptic Curve Cryptography-Based Authentication with Identity Protection for Smart Grids.

PubMed

Zhang, Liping; Tang, Shanyu; Luo, He

2016-01-01

In a smart grid, the power service provider enables the expected power generation amount to be measured according to current power consumption, thus stabilizing the power system. However, the data transmitted over smart grids are not protected, and then suffer from several types of security threats and attacks. Thus, a robust and efficient authentication protocol should be provided to strength the security of smart grid networks. As the Supervisory Control and Data Acquisition system provides the security protection between the control center and substations in most smart grid environments, we focus on how to secure the communications between the substations and smart appliances. Existing security approaches fail to address the performance-security balance. In this study, we suggest a mitigation authentication protocol based on Elliptic Curve Cryptography with privacy protection by using a tamper-resistant device at the smart appliance side to achieve a delicate balance between performance and security of smart grids. The proposed protocol provides some attractive features such as identity protection, mutual authentication and key agreement. Finally, we demonstrate the completeness of the proposed protocol using the Gong-Needham-Yahalom logic.

Attachment, self-esteem, worldviews, and terror management: evidence for a tripartite security system.

PubMed

Hart, Joshua; Shaver, Phillip R; Goldenberg, Jamie L

2005-06-01

On the basis of prior work integrating attachment theory and terror management theory, the authors propose a model of a tripartite security system consisting of dynamically interrelated attachment, self-esteem, and worldview processes. Four studies are presented that, combined with existing evidence, support the prediction derived from the model that threats to one component of the security system result in compensatory defensive activation of other components. Further, the authors predicted and found that individual differences in attachment style moderate the defenses. In Studies 1 and 2, attachment threats motivated worldview defense among anxiously attached participants and motivated self-enhancement (especially among avoidant participants), effects similar to those caused by mortality salience. In Studies 3 and 4, a worldview threat and a self-esteem threat caused attachment-related proximity seeking among fearful participants and avoidance of proximity among dismissing participants. The authors' model provides an overarching framework within which to study attachment, self-esteem, and worldviews.

Medical countermeasures for unwanted CBRN exposures: Part I chemical and biological threats with review of recent countermeasure patents.

PubMed

Singh, Vijay K; Garcia, Melissa; Wise, Stephen Y; Seed, Thomas M

2016-12-01

The threat of chemical, biological, radiological, and nuclear (CBRN) warfare has been addressed as the uppermost risk to national security since the terrorist attacks on 11 September 2001. Despite significant scientific advances over the past several decades toward the development of safe, non-toxic and effective countermeasures to combat CBRN threats, relatively few countermeasures have been approved by the US Food and Drug Administration (US FDA). Therefore, countermeasures capable of protecting the population from the effects of CBRN attack remain a significant unmet medical need. Chemical and biological (CB) threat agents can be particularly hazardous due to their effectiveness in small quantities and ease of distribution. Area covered: This article reviews the development of countermeasures for CB threats and highlights specific threats for which at least one countermeasure has been approved following the FDA Animal Rule. Patents of CB countermeasures since 2010 have been included. Expert opinion: Nine CB countermeasures have received FDA approval for use in humans following the Animal Rule, and a number of promising CB countermeasures are currently under development. In the next few years, we should expect to have multiple countermeasures approved by the FDA for each indication allowing for more flexible and effective treatment options.

A novel two-stage evaluation system based on a Group-G1 approach to identify appropriate emergency treatment technology schemes in sudden water source pollution accidents.

PubMed

Qu, Jianhua; Meng, Xianlin; Hu, Qi; You, Hong

2016-02-01

Sudden water source pollution resulting from hazardous materials has gradually become a major threat to the safety of the urban water supply. Over the past years, various treatment techniques have been proposed for the removal of the pollutants to minimize the threat of such pollutions. Given the diversity of techniques available, the current challenge is how to scientifically select the most desirable alternative for different threat degrees. Therefore, a novel two-stage evaluation system was developed based on a circulation-correction improved Group-G1 method to determine the optimal emergency treatment technology scheme, considering the areas of contaminant elimination in both drinking water sources and water treatment plants. In stage 1, the threat degree caused by the pollution was predicted using a threat evaluation index system and was subdivided into four levels. Then, a technique evaluation index system containing four sets of criteria weights was constructed in stage 2 to obtain the optimum treatment schemes corresponding to the different threat levels. The applicability of the established evaluation system was tested by a practical cadmium-contaminated accident that occurred in 2012. The results show this system capable of facilitating scientific analysis in the evaluation and selection of emergency treatment technologies for drinking water source security.

National Security Science and Technology Initiative: Air Cargo Screening

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bingham, Philip R; White, Tim; Cespedes, Ernesto

The non-intrusive inspection (NII) of consolidated air cargo carried on commercial passenger aircraft continues to be a technically challenging, high-priority requirement of the Department of Homeland Security's Science and Technology Directorate (DHS S&T), the Transportation Security Agency and the Federal Aviation Administration. The goal of deploying a screening system that can reliably and cost-effectively detect explosive threats in consolidated cargo without adversely affecting the flow of commerce will require significant technical advances that will take years to develop. To address this critical National Security need, the Battelle Memorial Institute (Battelle), under a Cooperative Research and Development Agreement (CRADA) with fourmore » of its associated US Department of Energy (DOE) National Laboratories (Oak Ridge, Pacific Northwest, Idaho, and Brookhaven), conducted a research and development initiative focused on identifying, evaluating, and integrating technologies for screening consolidated air cargo for the presence of explosive threats. Battelle invested $8.5M of internal research and development funds during fiscal years 2007 through 2009. The primary results of this effort are described in this document and can be summarized as follows: (1) Completed a gap analysis that identified threat signatures and observables, candidate technologies for detection, their current state of development, and provided recommendations for improvements to meet air cargo screening requirements. (2) Defined a Commodity/Threat/Detection matrix that focuses modeling and experimental efforts, identifies technology gaps and game-changing opportunities, and provides a means of summarizing current and emerging capabilities. (3) Defined key properties (e.g., elemental composition, average density, effective atomic weight) for basic commodity and explosive benchmarks, developed virtual models of the physical distributions (pallets) of three commodity types and three explosive benchmarks combinations, and conducted modeling and simulation studies to begin populating the matrix of commodities, threats, and detection technologies. (4) Designed and fabricated basic (homogeneous) commodity test pallets and fabricated inert stimulants to support experiments and to validate modeling/simulation results. (5) Developed/expanded the team's capabilities to conduct full-scale imaging (neutron and x-ray) experiments of air cargo commodities and explosive benchmarks. (6) Conducted experiments to improve the collection of trace particles of explosives from a variety of surfaces representative of air cargo materials by means of mechanical (air/vibration/pressure), thermal, and electrostatic methods. Air cargo screening is a difficult challenge that will require significant investment in both research and development to find a suitable solution to ensure the safety of passengers without significantly hindering the flow of commodities. The initiative funded by Battelle has positioned this group to make major contributions in meeting the air cargo challenge by developing collaborations, developing laboratory test systems, improving knowledge of the challenges (both technical and business) for air cargo screening, and increasing the understanding of the capabilities for current inspection methods (x-ray radiography, x-ray backscatter, etc.) and potential future inspection methods (neutron radiography, fusion of detector modalities, advanced trace detection, etc.). Lastly, air cargo screening is still an issue that will benefit from collaboration between Department of Energy Laboratories and Battelle. On January 7, 2010, DHS Secretary Napolitano joined White House Press Secretary Robert Gibbs and Assistant to the President for Counterterrorism and Homeland Security John Brennan to announce several recommendations DHS has made to the President for improving the technology and procedures used to protect air travel from acts of terrorism. (This announcement followed the 25 Dec'09 Delta/Northwest Airlines Flight 253 terror attack.) Secretary Napolitano outlined five recommendations DHS will pursue to enhance the safety of the traveling public. One of the five recommendations, read as follows: 'Establish a partnership on aviation security between DHS and the Department of Energy and its National Laboratories in order to develop new and more effective technologies to deter and disrupt known threats and proactively anticipate and protect against new ways by which terrorists could seek to board an aircraft.' In conclusion, it appears very timely that Battelle and its DOE lab partners initiated a serious collaboration on the air cargo topic, and that we should continue to work toward future collaboration in response to the government's needs.« less

The cyber security threat stops in the boardroom.

PubMed

Scully, Tim

The attitude that 'it won't happen to me' still prevails in the boardrooms of industry when senior executives consider the threat of targeted cyber intrusions. Not much has changed in the commercial world of cyber security over the past few years; hackers are not being challenged to find new ways to steal companies' intellectual property and confidential information. The consequences of even major security breaches seem not to be felt by the leaders of victim companies. Why is this so? Surely IT security practitioners are seeking new ways to detect and prevent targeted intrusions into companies' networks? Are the consequences of targeted intrusions so insignificant that the captains of industry tolerate them? Or do only others feel the pain of their failure? This paper initially explores the failure of cyber security in industry and contends that, while industry leaders should not be alone in accepting responsibility for this failure, they must take the initiative to make life harder for cyber threat actors. They cannot wait for government leadership on policy, strategy or coordination. The paper then suggests some measures that a CEO can adopt to build a new corporate approach to cyber security.

Open-area concealed-weapon detection system

NASA Astrophysics Data System (ADS)

Pati, P.; Mather, P.

2011-06-01

Concealed Weapon Detection (CWD) has become a significant challenge to present day security needs; individuals carrying weapons into airplanes, schools, and secured establishments are threat to public security. Although controlled screening, of people for concealed weapons, has been employed in many establishments, procedures and equipment are designed to work in restricted environments like airport passport control, military checkpoints, hospitals, school and university entrance. Furthermore, screening systems do not effectively decipher between threat and non-threat metal objects, thus leading to high rate of false alarms which can become a liability to daily operational needs of establishments. Therefore, the design and development of a new CWD system to operate in a large open area environment with large numbers of people reduced incidences of false alarms and increased location accuracy is essential.

Information Systems, Security, and Privacy.

ERIC Educational Resources Information Center

Ware, Willis H.

1984-01-01

Computer security and computer privacy issues are discussed. Among the areas addressed are technical and human security threats, security and privacy issues for information in electronic mail systems, the need for a national commission to examine these issues, and security/privacy issues relevant to colleges and universities. (JN)

Leveraging the laboratory response network model for the global health security agenda.

PubMed

Mangal, Chris N; Maryogo-Robinson, Lucy

2014-01-01

Promoting global health security as an international priority is a challenge; the US Centers for Disease Control and Prevention (CDC) in its Global Health Security Agenda has articulated the importance of accelerating progress toward a world safe and secure from infectious disease threats. The goals are to (1) prevent and reduce the likelihood of outbreaks-natural, accidental, or intentional; (2) detect threats early to save lives; and (3) respond rapidly and effectively using multisectoral, international coordination and communication. Foundational to this agenda is the World Health Organization (WHO) Revised International Health Regulations (IHR) of 2005, which provide the legal framework for countries to strengthen their health systems in order to be able to respond to any public health emergency of international concern. This article proposes leveraging the distributed structure of the US-managed Laboratory Response Network for Biological Threats Preparedness (LRN-B) to develop the core capacity of laboratory testing and to fulfill the laboratory-strengthening component of the Global Health Security Agenda. The LRN model offers an effective mechanism to detect and respond to public health emergencies of international concern.

Leveraging the Laboratory Response Network Model for the Global Health Security Agenda

PubMed Central

Maryogo-Robinson, Lucy

2014-01-01

Promoting global health security as an international priority is a challenge; the US Centers for Disease Control and Prevention (CDC) in its Global Health Security Agenda has articulated the importance of accelerating progress toward a world safe and secure from infectious disease threats. The goals are to (1) prevent and reduce the likelihood of outbreaks—natural, accidental, or intentional; (2) detect threats early to save lives; and (3) respond rapidly and effectively using multisectoral, international coordination and communication. Foundational to this agenda is the World Health Organization (WHO) Revised International Health Regulations (IHR) of 2005, which provide the legal framework for countries to strengthen their health systems in order to be able to respond to any public health emergency of international concern. This article proposes leveraging the distributed structure of the US-managed Laboratory Response Network for Biological Threats Preparedness (LRN-B) to develop the core capacity of laboratory testing and to fulfill the laboratory-strengthening component of the Global Health Security Agenda. The LRN model offers an effective mechanism to detect and respond to public health emergencies of international concern. PMID:25254916

Managing Complex IT Security Processes with Value Based Measures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Abercrombie, Robert K; Sheldon, Frederick T; Mili, Ali

2009-01-01

Current trends indicate that IT security measures will need to greatly expand to counter the ever increasingly sophisticated, well-funded and/or economically motivated threat space. Traditional risk management approaches provide an effective method for guiding courses of action for assessment, and mitigation investments. However, such approaches no matter how popular demand very detailed knowledge about the IT security domain and the enterprise/cyber architectural context. Typically, the critical nature and/or high stakes require careful consideration and adaptation of a balanced approach that provides reliable and consistent methods for rating vulnerabilities. As reported in earlier works, the Cyberspace Security Econometrics System provides amore » comprehensive measure of reliability, security and safety of a system that accounts for the criticality of each requirement as a function of one or more stakeholders interests in that requirement. This paper advocates a dependability measure that acknowledges the aggregate structure of complex system specifications, and accounts for variations by stakeholder, by specification components, and by verification and validation impact.« less

77 FR 24506 - Extension of Agency Information Collection Activity Under OMB Review: Air Cargo Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-24

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0040, abstracted below to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on February 24, 2012, 77 FR 11145. TSA has not received any comments. The collection of information that make up this ICR involve five broad categories affecting airports, passenger aircraft operators, foreign air carriers, indirect air carriers and all-cargo carriers operating under a TSA-approved security program. These five categories are: Security programs, security threat assessments (STAs), known shipper data via the Known Shipper Management System (KSMS), cargo screening reporting, and evidence of compliance recordkeeping.

Analyzing the threat of unmanned aerial vehicles (UAV) to nuclear facilities

DOE PAGES

Solodov, Alexander; Williams, Adam; Al Hanaei, Sara; ...

2017-04-18

Unmanned aerial vehicles (UAV) are among the major growing technologies that have many beneficial applications, yet they can also pose a significant threat. Recently, several incidents occurred with UAVs violating privacy of the public and security of sensitive facilities, including several nuclear power plants in France. The threat of UAVs to the security of nuclear facilities is of great importance and is the focus of this work. This paper presents an overview of UAV technology and classification, as well as its applications and potential threats. We show several examples of recent security incidents involving UAVs in France, USA, and Unitedmore » Arab Emirates. Further, the potential threats to nuclear facilities and measures to prevent them are evaluated. The importance of measures for detection, delay, and response (neutralization) of UAVs at nuclear facilities are discussed. An overview of existing technologies along with their strength and weaknesses are shown. Finally, the results of a gap analysis in existing approaches and technologies is presented in the form of potential technological and procedural areas for research and development. Furthermore based on this analysis, directions for future work in the field can be devised and prioritized.« less

Shape-based human detection for threat assessment

NASA Astrophysics Data System (ADS)

Lee, Dah-Jye; Zhan, Pengcheng; Thomas, Aaron; Schoenberger, Robert B.

2004-07-01

Detection of intrusions for early threat assessment requires the capability of distinguishing whether the intrusion is a human, an animal, or other objects. Most low-cost security systems use simple electronic motion detection sensors to monitor motion or the location of objects within the perimeter. Although cost effective, these systems suffer from high rates of false alarm, especially when monitoring open environments. Any moving objects including animals can falsely trigger the security system. Other security systems that utilize video equipment require human interpretation of the scene in order to make real-time threat assessment. Shape-based human detection technique has been developed for accurate early threat assessments for open and remote environment. Potential threats are isolated from the static background scene using differential motion analysis and contours of the intruding objects are extracted for shape analysis. Contour points are simplified by removing redundant points connecting short and straight line segments and preserving only those with shape significance. Contours are represented in tangent space for comparison with shapes stored in database. Power cepstrum technique has been developed to search for the best matched contour in database and to distinguish a human from other objects from different viewing angles and distances.

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 10 Energy 2 2011-01-01 2011-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 10 Energy 2 2013-01-01 2013-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 10 Energy 2 2012-01-01 2012-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

10 CFR 95.33 - Security education.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 10 Energy 2 2010-01-01 2010-01-01 false Security education. 95.33 Section 95.33 Energy NUCLEAR... INFORMATION AND RESTRICTED DATA Physical Security § 95.33 Security education. All cleared employees must be... information. The facility may obtain defensive security, threat awareness, and other education and training...

School Security and Crisis Preparedness: Make It Your Business.

ERIC Educational Resources Information Center

Trump, Kenneth S.

1999-01-01

The top five security risks in today's schools include aggressive behavior, weapons possession or use, drug trafficking, gangs, and "stranger danger." Home-made bomb threats are common. This article also discusses security system costs, risk-reduction frameworks, security assessments, crisis-preparedness guidelines, and security-related…

Illicit Drug Trade-Impact on United States National Health Care

DTIC Science & Technology

2013-03-01

pobreza en Mexico sube a 52 milliones,” CNN Expansion, July 29, 2011, http://www.cnnexpansion.com/ economia /2011/07/29/pobreza- mexico -2010 (accessed...Unlimited. 13. SUPPLEMENTARY NOTES Word Count: 5,569 14. ABSTRACT The United States and Mexico face a myriad of threats to national security...Policy Classification: Unclassified The United States and Mexico face a myriad of threats to national security

Beyond a series of security nets: Applying STAMP & STPA to port security

DOE PAGES

Williams, Adam D.

2015-11-17

Port security is an increasing concern considering the significant role of ports in global commerce and today’s increasingly complex threat environment. Current approaches to port security mirror traditional models of accident causality -- ‘a series of security nets’ based on component reliability and probabilistic assumptions. Traditional port security frameworks result in isolated and inconsistent improvement strategies. Recent work in engineered safety combines the ideas of hierarchy, emergence, control and communication into a new paradigm for understanding port security as an emergent complex system property. The ‘System-Theoretic Accident Model and Process (STAMP)’ is a new model of causality based on systemsmore » and control theory. The associated analysis process -- System Theoretic Process Analysis (STPA) -- identifies specific technical or procedural security requirements designed to work in coordination with (and be traceable to) overall port objectives. This process yields port security design specifications that can mitigate (if not eliminate) port security vulnerabilities related to an emphasis on component reliability, lack of coordination between port security stakeholders or economic pressures endemic in the maritime industry. As a result, this article aims to demonstrate how STAMP’s broader view of causality and complexity can better address the dynamic and interactive behaviors of social, organizational and technical components of port security.« less

Beyond a series of security nets: Applying STAMP & STPA to port security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Williams, Adam D.

Port security is an increasing concern considering the significant role of ports in global commerce and today’s increasingly complex threat environment. Current approaches to port security mirror traditional models of accident causality -- ‘a series of security nets’ based on component reliability and probabilistic assumptions. Traditional port security frameworks result in isolated and inconsistent improvement strategies. Recent work in engineered safety combines the ideas of hierarchy, emergence, control and communication into a new paradigm for understanding port security as an emergent complex system property. The ‘System-Theoretic Accident Model and Process (STAMP)’ is a new model of causality based on systemsmore » and control theory. The associated analysis process -- System Theoretic Process Analysis (STPA) -- identifies specific technical or procedural security requirements designed to work in coordination with (and be traceable to) overall port objectives. This process yields port security design specifications that can mitigate (if not eliminate) port security vulnerabilities related to an emphasis on component reliability, lack of coordination between port security stakeholders or economic pressures endemic in the maritime industry. As a result, this article aims to demonstrate how STAMP’s broader view of causality and complexity can better address the dynamic and interactive behaviors of social, organizational and technical components of port security.« less

49 CFR 1580.107 - Chain of custody and control requirements.

Code of Federal Regulations, 2010 CFR

2010-10-01

... businesses, housing, schools, and hospitals. (4) Any information regarding threats to the facility. (5) Other...) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY MARITIME AND LAND TRANSPORTATION SECURITY RAIL TRANSPORTATION SECURITY Freight Rail Including Freight Railroad Carriers, Rail Hazardous Materials...

Implementing the global health security agenda: lessons from global health and security programs.

PubMed

Paranjape, Suman M; Franz, David R

2015-01-01

The Global Health Security Agenda (GHSA) describes a vision for a world that is safe and secure from infectious disease threats; it underscores the importance of developing the international capacity to prevent, detect, and respond to pandemic agents. In February 2014, the United States committed to support the GHSA by expanding and intensifying ongoing efforts across the US government. Implementing these goals will require interagency coordination and harmonization of diverse health security elements. Lessons learned from the Global Health Initiative (GHI), the President's Emergency Program for AIDS Relief (PEPFAR), and the Cooperative Threat Reduction (CTR) program underscore that centralized political, technical, and fiscal authority will be key to developing robust, sustainable, and integrated global health security efforts across the US government. In this article, we review the strengths and challenges of GHI, PEPFAR, and CTR and develop recommendations for implementing a unified US global health security program.

Surveillance data management system

NASA Astrophysics Data System (ADS)

Teague, Ralph

2002-10-01

On October 8, 2001, an Executive Order was signed creating the White House Office of Homeland Security. With its formaiton comes focused attention in setting goals and priorities for homeland security. Analysis, preparation, and implementation of strategies will hinge not only on how information is collected and analyzed, but more important, on how it is coordinated and shared. Military installations/facilities, Public safety agencies, airports, federal and local offices, public utilities, harbors, transportation and others critical areas must work either independently or as a team to ensure the safety of our citizens and visitor. In this new era of increased security, the key to interoperation is continuous information exchanged-events must be rapidly identified, reported and responded to by the appropriate agencies. For instance when a threat has been detected the security officers must be immediately alerted and must have access to the type of threat, location, movement, heading, threat size, etc to respond accordingly and the type of support required. This requires instant communications and teamwork with reliable and flexible technology.

Opaque Communities: A Framework for Assessing Potential Homeland Security Threats from Voids on the Map

DTIC Science & Technology

2014-09-01

prophecies and statements contained in the King James Version of the Bible were applicable to current events and could be deciphered to predict the...Davidians maintained SDA traditions of being distrustful of both governmental authority and secularism while promoting a Bible -centric lifestyle.66 The group...extent possible. Through their unique religious practices, devotion to Bible study, and special diet, members maintained a regimented lifestyle that

Defending Against Advanced Persistent Threats Using Game-Theory.

PubMed

Rass, Stefan; König, Sandra; Schauer, Stefan

2017-01-01

Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker's incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an advanced persistent threat (APT) defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APTs, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system's protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest.

Combating terrorism : linking threats to strategies and resources testimony

DOT National Transportation Integrated Search

2000-07-26

This is the statement of Norman J. Rabkin, Director, National Security Preparedness Issues, National Security and International Affairs division before the Subcommittee on National Security, Veterans Affairs, and International Relations, Committee on...

Addressing socioeconomic and political challenges posed by climate change

NASA Astrophysics Data System (ADS)

Fernando, Harindra Joseph; Klaic, Zvjezdana Bencetic

2011-08-01

NATO Advanced Research Workshop: Climate Change, Human Health and National Security; Dubrovnik, Croatia, 28-30 April 2011; Climate change has been identified as one of the most serious threats to humanity. It not only causes sea level rise, drought, crop failure, vector-borne diseases, extreme events, degradation of water and air quality, heat waves, and other phenomena, but it is also a threat multiplier wherein concatenation of multiple events may lead to frequent human catastrophes and intranational and international conflicts. In particular, urban areas may bear the brunt of climate change because of the amplification of climate effects that cascade down from global to urban scales, but current modeling and downscaling capabilities are unable to predict these effects with confidence. These were the main conclusions of a NATO Advanced Research Workshop (ARW) sponsored by the NATO Science for Peace and Security program. Thirty-two invitees from 17 counties, including leading modelers; natural, political, and social scientists; engineers; politicians; military experts; urban planners; industry analysts; epidemiologists; and health care professionals, parsed the topic on a common platform.

SAFER vehicle inspection: a multimodal robotic sensing platform

NASA Astrophysics Data System (ADS)

Page, David L.; Fougerolle, Yohan; Koschan, Andreas F.; Gribok, Andrei; Abidi, Mongi A.; Gorsich, David J.; Gerhart, Grant R.

2004-09-01

The current threats to U.S. security both military and civilian have led to an increased interest in the development of technologies to safeguard national facilities such as military bases, federal buildings, nuclear power plants, and national laboratories. As a result, the Imaging, Robotics, and Intelligent Systems (IRIS) Laboratory at The University of Tennessee (UT) has established a research consortium, known as SAFER (Security Automation and Future Electromotive Robotics), to develop, test, and deploy sensing and imaging systems for unmanned ground vehicles (UGV). The targeted missions for these UGV systems include -- but are not limited to --under vehicle threat assessment, stand-off check-point inspections, scout surveillance, intruder detection, obstacle-breach situations, and render-safe scenarios. This paper presents a general overview of the SAFER project. Beyond this general overview, we further focus on a specific problem where we collect 3D range scans of under vehicle carriages. These scans require appropriate segmentation and representation algorithms to facilitate the vehicle inspection process. We discuss the theory for these algorithms and present results from applying them to actual vehicle scans.

Threat, security and attitude formation among the young

NASA Astrophysics Data System (ADS)

Radin, Furio

1985-12-01

The perception of threat to security on the part of young people reflects a central aspect of the societal phenomenon of attitude formation, whose primary function is, ideally, to meet the need for security. In all modern societies, however, the process of socialization — which by its very nature is educational in that it prepares individuals to function as members of society — operates on the principle of systematically frustrating this need by employing a system of reward and punishment based on competition. This system creates a fundamental insecurity and a corresponding attitude (de)formation in the individual, which is exploited by the state in order to consolidate the power of the dominant groups. Due to this fundamental insecurity, the individual is incapable of coping rationally with threat and seeks pseudo-security, e.g., in conformity. Threat — particularly global threat — is perceived as an external factor over which the individual has no control, i.e., it is perceived as falling exclusively within the province of those in power, whose control is further strengthened by this perception. Since the essential damage to the individual's attitude system has been done by the time he leaves school, this undesirable condition of modern societies can only be rectified by a socialization process in general — and an educational process in particular — which cultivates in the individual the development of critical judgment, free self-realization and the spirit of co-operation instead of competition.

Security Techniques for the Electronic Health Records.

PubMed

Kruse, Clemens Scott; Smith, Brenna; Vanderlinden, Hannah; Nealand, Alexandra

2017-08-01

The privacy of patients and the security of their information is the most imperative barrier to entry when considering the adoption of electronic health records in the healthcare industry. Considering current legal regulations, this review seeks to analyze and discuss prominent security techniques for healthcare organizations seeking to adopt a secure electronic health records system. Additionally, the researchers sought to establish a foundation for further research for security in the healthcare industry. The researchers utilized the Texas State University Library to gain access to three online databases: PubMed (MEDLINE), CINAHL, and ProQuest Nursing and Allied Health Source. These sources were used to conduct searches on literature concerning security of electronic health records containing several inclusion and exclusion criteria. Researchers collected and analyzed 25 journals and reviews discussing security of electronic health records, 20 of which mentioned specific security methods and techniques. The most frequently mentioned security measures and techniques are categorized into three themes: administrative, physical, and technical safeguards. The sensitive nature of the information contained within electronic health records has prompted the need for advanced security techniques that are able to put these worries at ease. It is imperative for security techniques to cover the vast threats that are present across the three pillars of healthcare.

A cost effective FBG-based security fence with fire alarm function

NASA Astrophysics Data System (ADS)

Wu, H. J.; Li, S. S.; Lu, X. L.; Wu, Y.; Rao, Y. J.

2012-02-01

Fiber Bragg Grating (FBG) is sensitive to the temperature as well when it is measuring the strain change, which is always avoided in most measurement applications. However, in this paper strain/temperature dual sensitivity is utilized to construct a special security fence with a second function of fire threat prediction. In an FBG-based fiber fence configuration, only by characteristics analysis and identification method, it can intelligently distinguish the different effects of personal threats and fires from their different trends of the wavelength drifts. Thus without any additional temperature sensing fittings or other fire alarm systems integrated, a normal perimeter security system can possess a second function of fire prediction, which can not only monitor the intrusion induced by personal actions but also predict fire threats in advance. The experimental results show the effectiveness of the method.

Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glenn, Colleen; Sterbentz, Dane; Wright, Aaron

With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. The potential for malicious actors to access and adversely affect physical electricity assets of U.S. electricity generation, transmission, or distribution systems via cyber means is a primary concern for utilities contributing to the bulk electric system. This paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks,more » the likelihood of cyber attacks, and the impacts cyber events and threat actors can achieve on the power grid. In addition, this paper highlights utility perspectives, perceived challenges, and requests for assistance in addressing cyber threats to the electric sector. There have been no reported targeted cyber attacks carried out against utilities in the U.S. that have resulted in permanent or long term damage to power system operations thus far, yet electric utilities throughout the U.S. have seen a steady rise in cyber and physical security related events that continue to raise concern. Asset owners and operators understand that the effects of a coordinated cyber and physical attack on a utility’s operations would threaten electric system reliability–and potentially result in large scale power outages. Utilities are routinely faced with new challenges for dealing with these cyber threats to the grid and consequently maintain a set of best practices to keep systems secure and up to date. Among the greatest challenges is a lack of knowledge or strategy to mitigate new risks that emerge as a result of an exponential rise in complexity of modern control systems. This paper compiles an open-source analysis of cyber threats and risks to the electric grid, utility best practices for prevention and response to cyber threats, and utility suggestions about how the federal government can aid utilities in combating and mitigating risks.« less

75 FR 33629 - Agency Information Collection Activities: Submission for Review; Information Collection Request...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-14

... Infrastructure against Cyber Threats (PREDICT) Program AGENCY: Science and Technology Directorate, DHS. ACTION... Infrastructure Against Cyber Threats (PREDICT) initiative. PREDICT is an initiative to facilitate the... effective threat assessment and increase cyber security capabilities. (4) An estimate of the total number of...

For telehealth to succeed, privacy and security risks must be identified and addressed.

PubMed

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

Migrants, refugees and insecurity. Current threats to peace?

PubMed

Lohrmann, R

2000-01-01

Since the early 1980s, international migration has moved beyond humanitarian, economic development, labor market and societal integration concerns, raising complex interactive security implications for governments of migrant sending, receiving and transit countries, as well as for multilateral bodies. This article examines the effects of international migration on varied understandings and perceptions of international security. It discusses why international migration has come to be perceived as a security issue, both in industrialized and developing countries. Questions are raised on the migration-security nexus and the way in which the concepts "security" and "migration" are used. The real and perceived impacts of international migration upon national and regional security, both in industrialized and developing countries, are analyzed. The policies developed by governments and multilateral agencies since the mid-1980s to mitigate the destabilizing effects of certain kinds of international population movement and human displacement are examined. The conclusions stress the need for the establishment of a comprehensive framework of international cooperation among origin and receiving countries and international organizations to address the destabilizing implications of international migration.

Attachment anxiety and reactions to relationship threat: the benefits and costs of inducing guilt in romantic partners.

PubMed

Overall, Nickola C; Girme, Yuthika U; Lemay, Edward P; Hammond, Matthew D

2014-02-01

The current research tested whether individuals high in attachment anxiety react to relationship threats in ways that can help them feel secure and satisfied in their relationship. Individuals higher in attachment anxiety experienced greater hurt feelings on days they faced partner criticism or conflict (Study 1) and during observed conflict discussions (Study 2). These pronounced hurt feelings triggered exaggerated expressions of hurt to induce guilt in the partner. Partners perceived the hurt feelings of more anxious individuals to be more intense than low anxious individuals' hurt and, in turn, experienced greater levels of guilt (Study 1). More anxious individuals were also rated by objective coders as exhibiting more guilt-induction strategies during conflict, which led to increases in partner guilt (Study 2). Moreover, partner guilt helped anxious individuals maintain more positive relationship evaluations. Although greater partner guilt had detrimental effects for individuals low in anxiety, more anxious individuals experienced more stable perceptions of their partner's commitment and more positive relationship evaluations when their partner felt more guilt. Unfortunately, these benefits were accompanied by significant declines in the partner's relationship satisfaction. These results illustrate that anxious reactions to threat are not uniformly destructive; instead, the reassuring emotions their reactions induce in relationship partners help anxious individuals feel satisfied and secure in their partner's commitment. PsycINFO Database Record (c) 2014 APA, all rights reserved

76 FR 70469 - Extension of Agency Information Collection Activity Under OMB Review: TSA Airspace Waiver Program

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-14

...This notice announces that the Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0033, abstracted below to OMB for review and approval of an extension of the currently approved collection under the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. TSA published a Federal Register notice, with a 60-day comment period soliciting comments, of the following collection of information on July 27, 2011, 76 FR 44944. This collection of information allows TSA to conduct security threat assessments on individuals on board aircraft operating in restricted airspace pursuant to an airspace waiver. This collection will enhance aviation security and protect assets on the ground that are within the restricted airspace.

A Geant4 model of backscatter security imaging systems

NASA Astrophysics Data System (ADS)

Leboffe, Eric Matthew

The operating characteristics of x ray security scanner systems that utilize backscatter signal in order to distinguish person borne threats have never been made fully available to the general public. By designing a model using Geant4, studies can be performed which will shed light on systems such as security scanners and allow for analysis of the performance and safety of the system without access to any system data. Despite the fact that the systems are no longer in use at airports in the United States, the ability to design and validate detector models and phenomena is an important capability that can be applied to many current real world applications. The model presented provides estimates for absorbed dose, effective dose and dose depth distribution that are comparable to previously published work and explores imaging capabilities for the system embodiment modeled.

U.S. Army Special Forces Roles in Asymmetric Warfare

DTIC Science & Technology

2001-06-01

1Jonathan B . Tucker, “Asymmetric Warfare: An Emerging Threat to U.S. Security,” Forum For Applied Research and Public Policy (Monterey...8Ibid., 34. 9Tucker, 11. 10Ibid., 2. 11 Henry H . Shelton, GEN, USA, Commander in Chief, U.S. Special Operations Command...the Senate Armed Services Committee, “Military Threats and Security Challenges Through 2015,” (Washington: 3 February 2000), 3. 26GEN Henry H

HIV/AIDS: A Nontraditional Security Threat for AFRICOM

DTIC Science & Technology

2008-05-22

Infectious Disease Threat, estimates, “Sub-Saharan Africa will remain the region most affected by the global infectious disease phenomenon--accounting for...nearly one-half of infectious disease-caused deaths worldwide.”24 Elbe notes that these estimates were provided by the U.S. Defense Intelligence...national security of those states because, “military organizations are anchors of for Economics and Global Issues, NIE 99-17D, “The Global Infectiou

The distinctive sequelae of children's coping with interparental conflict: Testing the reformulated emotional security theory.

PubMed

Davies, Patrick T; Martin, Meredith J; Sturge-Apple, Melissa L; Ripple, Michael T; Cicchetti, Dante

2016-10-01

Two studies tested hypotheses about the distinctive psychological consequences of children's patterns of responding to interparental conflict. In Study 1, 174 preschool children (M = 4.0 years) and their mothers participated in a cross-sectional design. In Study 2, 243 preschool children (M = 4.6 years) and their parents participated in 2 annual measurement occasions. Across both studies, multiple informants assessed children's psychological functioning. Guided by the reformulated version of emotional security theory, behavioral observations of children's coping with interparental conflict assessed their tendencies to exhibit 4 patterns based on their function in defusing threat: secure (i.e., efficiently address direct instances of threat), mobilizing (i.e., react to potential threat and social opportunities), dominant (i.e., directly defeat threat), and demobilizing (i.e., reduce salience as a target of hostility). As hypothesized, each profile predicted unique patterns of adjustment. Greater security was associated with lower levels of internalizing and externalizing symptoms and greater social competence, whereas higher dominance was associated with externalizing problems and extraversion. In contrast, mobilizing patterns of reactivity predicted more problems with self-regulation, internalizing symptoms, externalizing difficulties, but also greater extraversion. Finally, higher levels of demobilizing reactivity were linked with greater internalizing problems and lower extraversion but also better self-regulation. (PsycINFO Database Record (c) 2016 APA, all rights reserved).

The Distinctive Sequelae of Children’s Coping with Interparental Conflict: Testing the Reformulated Emotional Security Theory

PubMed Central

Davies, Patrick T.; Martin, Meredith J.; Sturge-Apple, Melissa L.; Ripple, Michael T.; Cicchetti, Dante

2016-01-01

Two studies tested hypotheses about the distinctive psychological consequences of children’s patterns of responding to interparental conflict. In Study 1, 174 preschool children (M = 4.0 years) and their mothers participated in a cross-sectional design. In Study 2, 243 preschool children (M = 4.6 years) and their parents participated in two annual measurement occasions. Across both studies, multiple informants assessed children’s psychological functioning. Guided by the reformulated version of emotional security theory, behavioral observations of children’s coping with interparental conflict assessed their tendencies to exhibit four patterns based on their function in defusing threat: secure (i.e., efficiently address direct instances of threat), mobilizing (i.e., react to potential threat and social opportunities), dominant (i.e., directly defeat threat), and demobilizing (i.e., reduce salience as a target of hostility). As hypothesized, each profile predicted unique patterns of adjustment. Greater security was associated with lower levels of internalizing and externalizing symptoms and greater social competence, whereas higher dominance was associated with externalizing problems and extraversion. In contrast, mobilizing patterns of reactivity predicted more problems with self-regulation, internalizing symptoms, externalizing difficulties, but also greater extraversion. Finally, higher levels of demobilizing reactivity were linked with greater internalizing problems and lower extraversion but also better self-regulation. PMID:27598256

A Computer Security Course in the Undergraduate Computer Science Curriculum.

ERIC Educational Resources Information Center

Spillman, Richard

1992-01-01

Discusses the importance of computer security and considers criminal, national security, and personal privacy threats posed by security breakdown. Several examples are given, including incidents involving computer viruses. Objectives, content, instructional strategies, resources, and a sample examination for an experimental undergraduate computer…

Making Technology Work for Campus Security

ERIC Educational Resources Information Center

Floreno, Jeff; Keil, Brad

2010-01-01

The challenges associated with securing schools from both on- and off-campus threats create constant pressure for law enforcement, campus security professionals, and administrators. And while security technology choices are plentiful, many colleges and universities are operating with limited dollars and information needed to select and integrate…

76 FR 65740 - Extension of Agency Information Collection Activity Under OMB Review: Employment Standards

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-24

... standards. The collection also requires airport operators to comply with a security directive by maintaining... airport operators maintain records of criminal history records checks and security threat assessments in... DEPARTMENT OF HOMELAND SECURITY Transportation Security Administration Extension of Agency...

The Ingenuity Imperative

ERIC Educational Resources Information Center

Hansen, John W.

2005-01-01

The author discusses three threats to the American way of life: the first threat is related to human and technological growth; the second is a new division of labor; and the third threat is security and safety. The author suggests two solutions to address these challenges: (1) better technological planning and decisions based on technological…

A Methodology for Dynamic Security Risk Quantification and Optimal Resource Allocation of Security Assets

DOE Office of Scientific and Technical Information (OSTI.GOV)

Brigantic, Robert T.; Betzsold, Nick J.; Bakker, Craig KR

In this presentation we overview a methodology for dynamic security risk quantification and optimal resource allocation of security assets for high profile venues. This methodology is especially applicable to venues that require security screening operations such as mass transit (e.g., train or airport terminals), critical infrastructure protection (e.g., government buildings), and largescale public events (e.g., concerts or professional sports). The method starts by decomposing the three core components of risk -- threat, vulnerability, and consequence -- into their various subcomponents. For instance, vulnerability can be decomposed into availability, accessibility, organic security, and target hardness and each of these can bemore » evaluated against the potential threats of interest for the given venue. Once evaluated, these subcomponents are rolled back up to compute the specific value for the vulnerability core risk component. Likewise, the same is done for consequence and threat, and then risk is computed as the product of these three components. A key aspect of our methodology is dynamically quantifying risk. That is, we incorporate the ability to uniquely allow the subcomponents and core components, and in turn, risk, to be quantified as a continuous function of time throughout the day, week, month, or year as appropriate.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Laughlin, Gary L.

The International, Homeland, and Nuclear Security (IHNS) Program Management Unit (PMU) oversees a broad portfolio of Sandia’s programs in areas ranging from global nuclear security to critical asset protection. We use science and technology, innovative research, and global engagement to counter threats, reduce dangers, and respond to disasters. The PMU draws on the skills of scientists and engineers from across Sandia. Our programs focus on protecting US government installations, safeguarding nuclear weapons and materials, facilitating nonproliferation activities, securing infrastructures, countering chemical and biological dangers, and reducing the risk of terrorist threats. We conduct research in risk and threat analysis, monitoringmore » and detection, decontamination and recovery, and situational awareness. We develop technologies for verifying arms control agreements, neutralizing dangerous materials, detecting intruders, and strengthening resiliency. Our programs use Sandia’s High-Performance Computing resources for predictive modeling and simulation of interdependent systems, for modeling dynamic threats and forecasting adaptive behavior, and for enabling decision support and processing large cyber data streams. In this report, we highlight four advanced computation projects that illustrate the breadth of the IHNS mission space.« less

Examining the Impact of Non-Technical Security Management Factors on Information Security Management in Health Informatics

ERIC Educational Resources Information Center

Imam, Abbas H.

2013-01-01

Complexity of information security has become a major issue for organizations due to incessant threats to information assets. Healthcare organizations are particularly concerned with security owing to the inherent vulnerability of sensitive information assets in health informatics. While the non-technical security management elements have been at…

A Study of BYOD adoption from the lens of threat and coping appraisal of its security policy

NASA Astrophysics Data System (ADS)

Cho, Vincent; Ip, W. H.

2018-07-01

Why would employees adopt bring your own device (BYOD)? Would employees feel risk-taking to perform their work by using their own devices? Would peer pressure and company policy help encourage their employees to BYOD and how? Using the Technology Threat Avoidance Theory (TTAT), we hypothesize the intention of adopting BYOD is due to the accessing of security policy by threat and coping appraisal. Moreover, we predict perceived usefulness, perceived ease of use, social influence, organizational commitment and job security are essential for formulating the adoption intention. In this study, 450 random employees were surveyed on their adoption perception of BYOD in their respective companies. The results support most of our hypotheses. We uncover perceived cost and privacy protection within the TTAT framework reflect no significance while organizational commitment and job security posit the strongest influences on employees' BYOD adoption intention. This finding suggested that in order to roll out a successful and sustainable adoption intention on BYOD, organizations must consider measurements to build up employees' job security as well as generate a strong sense of organization commitment. Specifically, our analyses show adoption intention is also affected by gender, age, and education level.

Technology-Enabled Crime, Policing and Security

ERIC Educational Resources Information Center

McQuade, Sam

2006-01-01

Crime, policing and security are enabled by and co-evolve with technologies that make them possible. As criminals compete with security and policing officials for technological advantage perpetually complex crime, policing and security results in relatively confusing and therefore unmanageable threats to society. New, adaptive and ordinary crimes…

75 FR 63499 - Extension of Agency Information Collection Activity Under OMB Review: Sensitive Security...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-15

... Information Collection Activity Under OMB Review: Sensitive Security Information Threat Assessments AGENCY... Transportation Security Administration (TSA) has forwarded the Information Collection Request (ICR), Office of... of a party seeking access to sensitive security information (SSI) in a civil proceeding in Federal...

Teaching RFID Information Systems Security

ERIC Educational Resources Information Center

Thompson, Dale R.; Di, Jia; Daugherty, Michael K.

2014-01-01

The future cyber security workforce needs radio frequency identification (RFID) information systems security (INFOSEC) and threat modeling educational materials. A complete RFID security course with new learning materials and teaching strategies is presented here. A new RFID Reference Model is used in the course to organize discussion of RFID,…

Influenza Pandemic: Gaps in Pandemic Planning and Preparedness Need to Be Addressed. Testimony before the Committee on Homeland Security, House of Representatives. GAO-09-909T

ERIC Educational Resources Information Center

Steinhardt, Bernice

2009-01-01

As the current H1N1 outbreak underscores, an influenza pandemic remains a real threat to our nation. Over the past 3 years, the US Government Accountability Office (GAO) conducted a body of work, consisting of 12 reports and 4 testimonies, to help the nation better prepare for a possible pandemic. In February 2009, GAO synthesized the results of…

Alexa, Can I Trust You?

PubMed Central

Chung, Hyunji; Iorga, Michaela; Voas, Jeffrey; Lee, Sangjin

2017-01-01

Security diagnostics expose vulnerabilities and privacy threats that exist in commercial Intelligent Virtual Assistants (IVA) – diagnostics offer the possibility of securer IVA ecosystems. PMID:29213147

Smart Push, Smart Pull, Sensor to Shooter in a Multi-Level Secure/Safe (MLS) Infrastructure

DTIC Science & Technology

2006-05-04

policy violation with respect to: Security Safety Financial Posture Infrastructure The IATF identifies five levels: V1: Negligible effect V2: Minimal...MLS) Infrastructure Step 2: Determine Threat Levels Best practices also in the IATF Threats are ranked by assessing: Capability Resources Motivation...Risk Willingness The IATF identifies seven levels: T1: Inadvertent or accidental events Tripping over a power cord T2: Minimal resources – willing to

Fisk-based criteria to support validation of detection methods for drinking water and air.

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonell, M.; Bhattacharyya, M.; Finster, M.

2009-02-18

This report was prepared to support the validation of analytical methods for threat contaminants under the U.S. Environmental Protection Agency (EPA) National Homeland Security Research Center (NHSRC) program. It is designed to serve as a resource for certain applications of benchmark and fate information for homeland security threat contaminants. The report identifies risk-based criteria from existing health benchmarks for drinking water and air for potential use as validation targets. The focus is on benchmarks for chronic public exposures. The priority sources are standard EPA concentration limits for drinking water and air, along with oral and inhalation toxicity values. Many contaminantsmore » identified as homeland security threats to drinking water or air would convert to other chemicals within minutes to hours of being released. For this reason, a fate analysis has been performed to identify potential transformation products and removal half-lives in air and water so appropriate forms can be targeted for detection over time. The risk-based criteria presented in this report to frame method validation are expected to be lower than actual operational targets based on realistic exposures following a release. Note that many target criteria provided in this report are taken from available benchmarks without assessing the underlying toxicological details. That is, although the relevance of the chemical form and analogues are evaluated, the toxicological interpretations and extrapolations conducted by the authoring organizations are not. It is also important to emphasize that such targets in the current analysis are not health-based advisory levels to guide homeland security responses. This integrated evaluation of chronic public benchmarks and contaminant fate has identified more than 200 risk-based criteria as method validation targets across numerous contaminants and fate products in drinking water and air combined. The gap in directly applicable values is considerable across the full set of threat contaminants, so preliminary indicators were developed from other well-documented benchmarks to serve as a starting point for validation efforts. By this approach, at least preliminary context is available for water or air, and sometimes both, for all chemicals on the NHSRC list that was provided for this evaluation. This means that a number of concentrations presented in this report represent indirect measures derived from related benchmarks or surrogate chemicals, as described within the many results tables provided in this report.« less

Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders

NASA Astrophysics Data System (ADS)

White, Jonathan; Panda, Brajendra

A major concern for computer system security is the threat from malicious insiders who target and abuse critical data items in the system. In this paper, we propose a solution to enable automatic identification of critical data items in a database by way of data dependency relationships. This identification of critical data items is necessary because insider threats often target mission critical data in order to accomplish malicious tasks. Unfortunately, currently available systems fail to address this problem in a comprehensive manner. It is more difficult for non-experts to identify these critical data items because of their lack of familiarity and due to the fact that data systems are constantly changing. By identifying the critical data items automatically, security engineers will be better prepared to protect what is critical to the mission of the organization and also have the ability to focus their security efforts on these critical data items. We have developed an algorithm that scans the database logs and forms a directed graph showing which items influence a large number of other items and at what frequency this influence occurs. This graph is traversed to reveal the data items which have a large influence throughout the database system by using a novel metric based formula. These items are critical to the system because if they are maliciously altered or stolen, the malicious alterations will spread throughout the system, delaying recovery and causing a much more malignant effect. As these items have significant influence, they are deemed to be critical and worthy of extra security measures. Our proposal is not intended to replace existing intrusion detection systems, but rather is intended to complement current and future technologies. Our proposal has never been performed before, and our experimental results have shown that it is very effective in revealing critical data items automatically.

Is Your Security Budget Used Effectively?

ERIC Educational Resources Information Center

Kaufer, Steve

1997-01-01

Presents survey information showing where school districts have invested their security budgets. Included are the rankings of the various threats school districts see as requiring security action and the areas most often covered by closed circuit television systems are pointed. (GR)

E-mail security. An overview of threats and safeguards.

PubMed

Stine, Kevin; Scholl, Matthew

2010-04-01

Not everyone in the organization needs to know how to secure the e-mail service, but anyone who handles patient information must understand e-mail's vulnerabilities and recognize when a system is secure enough to transmit sensitive information.

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2014 CFR

2014-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2012 CFR

2012-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2011 CFR

2011-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

49 CFR 1520.5 - Sensitive security information.

Code of Federal Regulations, 2013 CFR

2013-10-01

..., including threats against cyber infrastructure. (8) Security measures. Specific details of aviation...) Critical aviation, maritime, or rail infrastructure asset information. Any list identifying systems or...

Assistant Secretary of Defense for Homeland Defense and Global Security

Science.gov Websites

Defense for Policy ASD for Asian and Pacific Security Affairs ASD for Homeland Defense Global Security Special Operations/Low-Intensity Conflict Counternarcotics and Global Threats Stability and Humanitarian HomeOUSDP OfficesASD for Homeland Defense Global Security Assistant Secretary of Defense for Homeland

Security Management Strategies for Protecting Your Library's Network.

ERIC Educational Resources Information Center

Ives, David J.

1996-01-01

Presents security procedures for protecting a library's computer system from potential threats by patrons or personnel, and describes how security can be breached. A sidebar identifies four areas of concern in security management: the hardware, the operating system, the network, and the user interface. A selected bibliography of sources on…

49 CFR 1580.105 - Reporting significant security concerns.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Reporting significant security concerns. 1580.105... Hazardous Materials Receivers, and Private Cars § 1580.105 Reporting significant security concerns. (a... threats and significant security concerns to DHS by telephoning the Freedom Center at 1-866-615-5150. (c...

Information Management and the Biological Warfare Threat

DTIC Science & Technology

2002-03-01

24 2. Scientific-Security Paradigm Interaction........................................ 25 3. Business - Security Paradigm...policies of openness and guardedness and discuss the three paradigms (scientific, business , security ) as a developing factor for information sharing...Trade Center. 3. Business - Security Paradigm Interaction Gene patenting (discussed previously) is utilized by business to protect their

Silent Warning: Understanding the National Terrorism Advisory System

DTIC Science & Technology

2014-12-01

Business ( New York: Harper Business, 2011), 185–197. xiv ACKNOWLEDGMENTS Completing this Naval...Advisory System (HSAS). This new system “effectively communicates information about terrorist threats by providing timely, detailed information to the...occurrence of threat, such as hurricanes, earthquakes , floods, etc. Deliberate 10 Homeland Security Advisory System: Threat Codes and Public

Self-Reliability and Motivation in a Nuclear Security Culture Enhancement Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rogers,E.; deBoer,G.; Crawford, C.

2009-10-19

The threat of nuclear terrorism has become a global concern. Many countries continue to make efforts to strengthen nuclear security by enhancing systems of nuclear material protection, control, and accounting (MPC&A). Though MPC&A systems can significantly upgrade nuclear security, they do not eliminate the "human factor." Gen. Eugene Habiger, a former "Assistant Secretary for Safeguards and Security" at the U.S. Department of Energy’s (DOE) nuclear-weapons complex and a former commander of U.S. strategic nuclear forces, has observed that "good security is 20% equipment and 80% people." Although eliminating the "human factor" is not possible, accounting for and mitigating the riskmore » of the insider threat is an essential element in establishing an effective nuclear security culture. This paper will consider the organizational role in mitigating the risk associated with the malicious insider through monitoring and enhancing human reliability and motivation as well as enhancing the nuclear security culture.« less

A genetic epidemiology approach to cyber-security.

PubMed

Gil, Santiago; Kott, Alexander; Barabási, Albert-László

2014-07-16

While much attention has been paid to the vulnerability of computer networks to node and link failure, there is limited systematic understanding of the factors that determine the likelihood that a node (computer) is compromised. We therefore collect threat log data in a university network to study the patterns of threat activity for individual hosts. We relate this information to the properties of each host as observed through network-wide scans, establishing associations between the network services a host is running and the kinds of threats to which it is susceptible. We propose a methodology to associate services to threats inspired by the tools used in genetics to identify statistical associations between mutations and diseases. The proposed approach allows us to determine probabilities of infection directly from observation, offering an automated high-throughput strategy to develop comprehensive metrics for cyber-security.

A genetic epidemiology approach to cyber-security

PubMed Central

Gil, Santiago; Kott, Alexander; Barabási, Albert-László

2014-01-01

While much attention has been paid to the vulnerability of computer networks to node and link failure, there is limited systematic understanding of the factors that determine the likelihood that a node (computer) is compromised. We therefore collect threat log data in a university network to study the patterns of threat activity for individual hosts. We relate this information to the properties of each host as observed through network-wide scans, establishing associations between the network services a host is running and the kinds of threats to which it is susceptible. We propose a methodology to associate services to threats inspired by the tools used in genetics to identify statistical associations between mutations and diseases. The proposed approach allows us to determine probabilities of infection directly from observation, offering an automated high-throughput strategy to develop comprehensive metrics for cyber-security. PMID:25028059

Security for whom? Stabilisation and civilian protection in Colombia.

PubMed

Elhawary, Samir

2010-10-01

This paper focuses on three periods of stabilisation in Colombia: the Alliance for Progress (1961-73) that sought to stem the threat of communist revolution in Latin America; Plan Colombia and President Alvaro Uribe's 'democratic security' policy (2000-07) aimed at defeating the guerrillas and negotiating a settlement with the paramilitaries; and the current 'integrated approach', adopted from 2007, to consolidate more effectively the state's control of its territory.(1) The paper assesses the extent to which these stabilisation efforts have enhanced the protection of civilians and ultimately finds that in all three periods there has been a disconnect between the discourse and the practice of stabilisation. While they have all sought to enhance security, in actual fact, they have privileged the security of the state and its allies at the expense of the effective protection of the civilian population. This has not only led to widespread human rights abuses but also has undermined the long-term stability being pursued. © 2010 The Author(s). Journal compilation © Overseas Development Institute, 2010.

Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hadley, Mark D.; Clements, Samuel L.

2009-01-01

Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

Maintaining Space Superiority

DTIC Science & Technology

2014-02-01

object that may present a threat to his or h er satellites must still provide direction that responds to that threat This article discusses a dilemma...space-based threats .ŕ The Air Force achieves space superiority by conducting operations that support the war fighter (space force enhancement); by...the space era, threats and issues have arisen to chal- lenge US operations in these areas. Indeed, as declared in the National Security Space Strategy

Security Systems Consideration: A Total Security Approach

NASA Astrophysics Data System (ADS)

Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

2007-12-01

The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

Leveraging Global Maritime Partnerships to Increase Global Security in the Maritime Domain

DTIC Science & Technology

2008-04-04

global interdependency (ways to counter the threat), along with the agility and elusiveness of the maritime threat to utilize the vastness of the...is that all of these costs cut into their profit margins and are therefore passed along by way of increased prices for goods purchased by the...costs of security measures and initiatives without cutting into their profit margins . Because of this they are more apt to take on the added risk

Carcass of Dead Policies: The Irrelevance of NATO

DTIC Science & Technology

2003-01-01

busyness ” that provide the lifeblood of institutions trying to justify their exis- tence. At the same time, the theological mantra changed . Since there was... change was taking place in the post-Cold War security environment. In 1949, a genu- ine, measurable security threat justified NATO for all its members. Now...has changed so fundamentally that it has outgrown NATO-type alliances. For the first time in about 1,800 years, there is no world-class threat to or

Towards the cyber security paradigm of ehealth: Resilience and design aspects

NASA Astrophysics Data System (ADS)

Rajamäki, Jyri; Pirinen, Rauno

2017-06-01

Digital technologies have significantly changed the role of healthcare clients in seeking and receiving medical help, as well as brought up more cooperative policy issues in healthcare cross-border services. Citizens continue to take a more co-creative role in decisions about their own healthcare, and new technologies can enable and facilitate this emergent trend. In this study, healthcare services have been intended as a critical societal sector and therefore healthcare systems are focused on as critical infrastructures that ought to be protected from all types of fears, including cyber security threats and attacks. Despite continual progress in the systemic risk management of cyber domain, it is clear that anticipation and prevention of all possible types of attack and malfunction are not achievable for current or future cyber infrastructures. This study focuses on the investigation of a cyber security paradigm, adaptive systems and sense of resilience in a healthcare critical information infrastructure.

Terrorism: Its Evolving Nature

DTIC Science & Technology

1989-01-01

the adequacy of the Foreign Airport Security Act, an overall evaluation of the required foreign airport security assessments, and several others can...procedures envisioned by the Foreign Airport Security Act of 1985, which your committee helped initiate, played a useful role in this security...case of a threat to an airline, we get that information into the hands of airport security officials responsible for aviation security. This is the

Tackling emerging fungal threats to animal health, food security and ecosystem resilience.

PubMed

Fisher, Matthew C; Gow, Neil A R; Gurr, Sarah J

2016-12-05

Emerging infections caused by fungi have become a widely recognized global phenomenon. Their notoriety stems from their causing plagues and famines, driving species extinctions, and the difficulty in treating human mycoses alongside the increase of their resistance to antifungal drugs. This special issue comprises a collection of articles resulting from a Royal Society discussion meeting examining why pathogenic fungi are causing more disease now than they did in the past, and how we can tackle this rapidly emerging threat to the health of plants and animals worldwide.This article is part of the themed issue 'Tackling emerging fungal threats to animal health, food security and ecosystem resilience'. © 2016 The Author(s).

Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities.

PubMed

Dunn Cavelty, Myriam

2014-09-01

Current approaches to cyber-security are not working. Rather than producing more security, we seem to be facing less and less. The reason for this is a multi-dimensional and multi-faceted security dilemma that extends beyond the state and its interaction with other states. It will be shown how the focus on the state and "its" security crowds out consideration for the security of the individual citizen, with detrimental effects on the security of the whole system. The threat arising from cyberspace to (national) security is presented as possible disruption to a specific way of life, one building on information technologies and critical functions of infrastructures, with relatively little consideration for humans directly. This non-focus on people makes it easier for state actors to militarize cyber-security and (re-)assert their power in cyberspace, thereby overriding the different security needs of human beings in that space. Paradoxically, the use of cyberspace as a tool for national security, both in the dimension of war fighting and the dimension of mass-surveillance, has detrimental effects on the level of cyber-security globally. A solution out of this dilemma is a cyber-security policy that is decidedly anti-vulnerability and at the same time based on strong considerations for privacy and data protection. Such a security would have to be informed by an ethics of the infosphere that is based on the dignity of information related to human beings.

Revolutions in Science and Technology: Future Threats to US National Security

DTIC Science & Technology

2011-04-01

34Ultrafast ytterbium-doped bulk lasers and laser amplifiers, " Applied Physics B. Vol. 69, 1999. pp. 3-17. 47 See Martin Richardson et al. page 15...breakout and surprise 53 Martin Richardson, Timothy McComb, and Vikas Sudesh, "High Power Fiber Lasers and Applications to Manufacturing," Conference...Journal of Applied Physics, Vol. 49, 2010. ss1n 2008, Martin Richardson, et al. stated that the "high power fiber laser market, currently estimated to

Sowing the Seeds of Strategic Success Across West Africa: Propagating the State Partnership Program to Shape the Security Environment

DTIC Science & Technology

2017-06-09

ORGANIZATION NAME(S) AND ADDRESS(ES) U.S. Army Command and General Staff College ATTN: ATZL-SWD-GD Fort Leavenworth, KS 66027-2301 8. PERFORMING...The threat to U.S. national interests by the ISIL-affiliated group, Boko Haram and by transnational criminal organizations continue to plague...the ISIL-affiliated group, Boko Haram and by transnational criminal organizations continue to plague West Africa. In the current era of fiscal

Toward an Air and Space Force: Naval Aviation and the Implications for Space Power

DTIC Science & Technology

1999-09-01

People’s Republic of China currently pose only indirect threats to vital security inter - ests. 6. In the 1920s, there was a limited commercial market for...military aviation products, so the aviation industry depended on government orders for survival. Although the market for space services is growing...commercial space market ap- pears to be on the verge of expansion. 7. In the early days of wood and fabric biplanes, naval avia - tion was

A decoy chain deployment method based on SDN and NFV against penetration attack

PubMed Central

Zhao, Qi; Zhang, Chuanhao

2017-01-01

Penetration attacks are one of the most serious network security threats. However, existing network defense technologies do not have the ability to entirely block the penetration behavior of intruders. Therefore, the network needs additional defenses. In this paper, a decoy chain deployment (DCD) method based on SDN+NFV is proposed to address this problem. This method considers about the security status of networks, and deploys decoy chains with the resource constraints. DCD changes the attack surface of the network and makes it difficult for intruders to discern the current state of the network. Simulation experiments and analyses show that DCD can effectively resist penetration attacks by increasing the time cost and complexity of a penetration attack. PMID:29216257

A decoy chain deployment method based on SDN and NFV against penetration attack.

PubMed

Zhao, Qi; Zhang, Chuanhao; Zhao, Zheng

2017-01-01

Penetration attacks are one of the most serious network security threats. However, existing network defense technologies do not have the ability to entirely block the penetration behavior of intruders. Therefore, the network needs additional defenses. In this paper, a decoy chain deployment (DCD) method based on SDN+NFV is proposed to address this problem. This method considers about the security status of networks, and deploys decoy chains with the resource constraints. DCD changes the attack surface of the network and makes it difficult for intruders to discern the current state of the network. Simulation experiments and analyses show that DCD can effectively resist penetration attacks by increasing the time cost and complexity of a penetration attack.

The Continuing Evolution of Effective IT Security Practices

ERIC Educational Resources Information Center

Voloudakis, John

2006-01-01

In the past three years, higher education institutions have made a number of moves to secure their critical systems and protect their users, resulting in a marked change in the techniques used to combat security threats. Today, continued progress may depend on the development of an enterprise IT security program. (Contains 10 notes.)

Development of Security Measures: Implementation Instructions for MIL-STD on Physical Security for DCS Facilities.

DTIC Science & Technology

1981-07-01

security measures to in- crease the survivability of these assets. However, sabotage, terrorism and vandalism continue to be serious threats to DCS and its...Closed circuit television. e. Comunication cables. f. Fuel storage. g. Fuel lines. h. Air conditioning. The primary benefits of security measures

The African Peace and Security Architecture: Myth or Reality

DTIC Science & Technology

2013-03-01

resolving the conflicts. Efforts by African leaders to create continental peace and security mechanisms failed miserably . Consequently, Africans depended...Framework Document, October 2001), 14. 6 Andre Le Sage, “Africa’s Irregular Security Threats: Challenges for U.S. Engagement,” (Strategic Forum

Defending Against Advanced Persistent Threats Using Game-Theory

PubMed Central

König, Sandra; Schauer, Stefan

2017-01-01

Advanced persistent threats (APT) combine a variety of different attack forms ranging from social engineering to technical exploits. The diversity and usual stealthiness of APT turns them into a central problem of contemporary practical system security, since information on attacks, the current system status or the attacker’s incentives is often vague, uncertain and in many cases even unavailable. Game theory is a natural approach to model the conflict between the attacker and the defender, and this work investigates a generalized class of matrix games as a risk mitigation tool for an advanced persistent threat (APT) defense. Unlike standard game and decision theory, our model is tailored to capture and handle the full uncertainty that is immanent to APTs, such as disagreement among qualitative expert risk assessments, unknown adversarial incentives and uncertainty about the current system state (in terms of how deeply the attacker may have penetrated into the system’s protective shells already). Practically, game-theoretic APT models can be derived straightforwardly from topological vulnerability analysis, together with risk assessments as they are done in common risk management standards like the ISO 31000 family. Theoretically, these models come with different properties than classical game theoretic models, whose technical solution presented in this work may be of independent interest. PMID:28045922

Security Strategy of the Bureau of Diplomatic Security.

DTIC Science & Technology

2011-06-10

Williams, M.A. , Member John A. Dyson, MBA , Member Gregory Scott Hospodor, Ph.D Accepted this 10th day of June 2011 by...ACRONYMS AAR After Action Review ASOS Advance Security Overseas Seminar ATA Antiterrorism Assistance Program BRSO Regional Security Officer Course ...BSAC Basic Special Agent Course DS Bureau of Diplomatic Security FACT Foreign Affairs Counter Threat FAH Foreign Affairs Handbook FAM Foreign

National Strategy for Aviation Security

DTIC Science & Technology

2007-03-26

for Aviation Security (hereafter referred to as the Strategy) to protect the Nation and its interests from threats in the Air Domain. The Secretary of... Aviation security is best achieved by integrating public and private aviation security global activities into a coordinated effort to detect, deter...might occur. The Strategy aligns Federal government aviation security programs and initiatives into a comprehensive and cohesive national effort

33 CFR 104.210 - Company Security Officer (CSO).

Code of Federal Regulations, 2011 CFR

2011-07-01

... threats and patterns; (ix) Recognition and detection of dangerous substances and devices; (x) Recognition of characteristics and behavioral patterns of persons who are likely to threaten security; (xi...

33 CFR 104.210 - Company Security Officer (CSO).

Code of Federal Regulations, 2010 CFR

2010-07-01

... threats and patterns; (ix) Recognition and detection of dangerous substances and devices; (x) Recognition of characteristics and behavioral patterns of persons who are likely to threaten security; (xi...

A U.S. Biodefense Strategy Primer

DOE Office of Scientific and Technical Information (OSTI.GOV)

Poulin, D

2009-05-11

The anthrax mailings that followed the attacks of September 11, 2001 highlighted the need for a comprehensive national strategy to prevent, prepare for, respond to, and mitigate the effects of biological attacks. The goal of U.S. biodefense strategy is to reduce the likelihood of a future biological event, improve overall U.S. public health security, and minimize the economic and social disruption of a biological incident. Presidential communications, federal legislation, and executive agency planning documents provide the foundation for this strategy. Central to current U.S. biodefense strategy is the 2004 Homeland Security Presidential Directive (HSPD) 10, Biodefense for the 21st Century,more » which states that ''the United States will use all means necessary to prevent, protect against, and mitigate biological weapons attacks perpetrated against our homeland and our global interests.'' HSPD-10 also sets forth four pillars of U.S. biodefense: {sm_bullet} Threat awareness includes timely, accurate, and relevant intelligence, threat assessment, and the anticipation of future threats. {sm_bullet} Prevention and protection involve continuing and expanding efforts to limit access to agents, technologies, and knowledge to certain groups and countries as well as protecting critical infrastructure from the effects of biological attacks. {sm_bullet} Surveillance and detection provide early warning or recognition of biological attacks to permit a timely response and mitigation of consequences as well as attribution. {sm_bullet} Response and recovery include pre-attack planning and preparedness, capabilities to treat casualties, risk communications, physical control measures, medical countermeasures, and decontamination capabilities.« less

Countering MANPADS: study of new concepts and applications

NASA Astrophysics Data System (ADS)

Maltese, Dominique; Robineau, Jacques; Audren, Jean-Thierry; Aragones, Julien; Sailliot, Christophe

2006-05-01

The latest events of ground-to-air Man Portable Air Defense (MANPAD) attacks against aircraft have revealed a new threat both for military and civilian aircraft. Consequently, the implementation of Protecting systems (i.e. Directed InfraRed Counter Measure - DIRCM) in order to face IR guided missiles turns out to be now inevitable. In a near future, aircraft will have to possess detection, tracking, targeting and jamming capabilities to face single and multiple MANPAD threats fired in short-range scenarios from various environments (urban sites, landscape...). In this paper, a practical example of a DIRCM system under study at SAGEM DEFENSE & SECURITY company is presented. The self-protection solution includes built-in and automatic locking-on, tracking, identification and laser jamming capabilities, including defeat assessment. Target Designations are provided by a Missile Warning System. Multiple Target scenarios have been considered to design the system architecture. The article deals with current and future threats (IR seekers of different generations...), scenarios and platforms for system definition. Plus, it stresses on self-protection solutions based on laser jamming capability. Different strategies including target identification, multi band laser, active imagery are described. The self-protection system under study at SAGEM DEFENSE & SECURITY company is also a part of this chapter. Eventually, results of self-protection scenarios are provided for different MANPAD scenarios. Data have been obtained from a simulation software. The results highlight how the system reacts to incoming IR-guided missiles in short time scenarios.

Controller–Pilot Data Link Communication Security

PubMed Central

Polishchuk, Tatiana; Wernberg, Max

2018-01-01

The increased utilization of the new types of cockpit communications, including controller–pilot data link communications (CPDLC), puts the airplane at higher risk of hacking or interference than ever before. We review the technological characteristics and properties of the CPDLC and construct the corresponding threat model. Based on the limitations imposed by the system parameters, we propose several solutions for the improved security of the data messaging communication used in air traffic management (ATM). We discuss the applicability of elliptical curve cryptography (ECC), protected aircraft communications addressing and reporting systems (PACARs) and the Host Identity Protocol (HIP) as possible countermeasures to the identified security threats. In addition, we consider identity-defined networking (IDN) as an example of a genuine security solution which implies global changes in the whole air traffic communication system. PMID:29783791

Controller⁻Pilot Data Link Communication Security.

PubMed

Gurtov, Andrei; Polishchuk, Tatiana; Wernberg, Max

2018-05-20

The increased utilization of the new types of cockpit communications, including controller⁻pilot data link communications (CPDLC), puts the airplane at higher risk of hacking or interference than ever before. We review the technological characteristics and properties of the CPDLC and construct the corresponding threat model. Based on the limitations imposed by the system parameters, we propose several solutions for the improved security of the data messaging communication used in air traffic management (ATM). We discuss the applicability of elliptical curve cryptography (ECC), protected aircraft communications addressing and reporting systems (PACARs) and the Host Identity Protocol (HIP) as possible countermeasures to the identified security threats. In addition, we consider identity-defined networking (IDN) as an example of a genuine security solution which implies global changes in the whole air traffic communication system.

The impact of joint responses of devices in an airport security system.

PubMed

Nie, Xiaofeng; Batta, Rajan; Drury, Colin G; Lin, Li

2009-02-01

In this article, we consider a model for an airport security system in which the declaration of a threat is based on the joint responses of inspection devices. This is in contrast to the typical system in which each check station independently declares a passenger as having a threat or not having a threat. In our framework the declaration of threat/no-threat is based upon the passenger scores at the check stations he/she goes through. To do this we use concepts from classification theory in the field of multivariate statistics analysis and focus on the main objective of minimizing the expected cost of misclassification. The corresponding correct classification and misclassification probabilities can be obtained by using a simulation-based method. After computing the overall false alarm and false clear probabilities, we compare our joint response system with two other independently operated systems. A model that groups passengers in a manner that minimizes the false alarm probability while maintaining the false clear probability within specifications set by a security authority is considered. We also analyze the staffing needs at each check station for such an inspection scheme. An illustrative example is provided along with sensitivity analysis on key model parameters. A discussion is provided on some implementation issues, on the various assumptions made in the analysis, and on potential drawbacks of the approach.

Chile Informed Question Paper - Military

DTIC Science & Technology

2003-01-01

superior military strength and regional economic integration. Internally, Chile also faces little threat; however, militants from the Mapuche ...considered a significant threat.11 The most significant internal security concern is the ongoing campaign by Mapuche indigenous community militants to

Strategy to Enhance International Supply Chain Security

DTIC Science & Technology

2007-07-01

airports as part of the effort to secure air passenger travel . The security assessment crew traveling by air, land or sea cannot be considered only a... travel security issue. The assessment of a container ship’s crew or of a driver moving a truck into the secure area of a port are also supply chain...threats through its traveler screening and worker credentialing programs. The strategy to secure the supply chain reflects the larger security

Reliability of Current U.S. Modeling of Atmospheric Plumes Questioned

NASA Astrophysics Data System (ADS)

Showstack, Randy

The deficiencies of atmospheric modeling used to determine the dispersion of chemical, radiological, or biological plumes came under fire during a 2 June hearing in the U.S. House of Representative. Several members of Congress said at that time that current modeling efforts provide inadequate information to assess plumes that could result from a terrorist incident, warfare, or some other cause. Part of the hearing, held by the House Subcommittee on National Security, Emerging Threats, and International Relations, focused on two reports released just that day: one by the U.S. National Academy of Sciences (NAS), and the other by the U.S. General Accounting Office (GAO).

Solutions Network Formulation Report. The Potential Contribution of the Ocean Surface Topography Mission to the General NOAA Oil Monitoring Environment

NASA Technical Reports Server (NTRS)

Hilbert, Kent; Anderson, Daniel; Lewis, David

2007-01-01

Data collected by the OSTM could be used to provide a solution for the GNOME DST. GNOME, developed by NOAA?s Office of Response and Restoration Hazardous Materials Response Division, geospatially models oil spill trajectories using wind, current, river flow, and tidal data. Data collected by the OSTM would supply information about ocean currents and wind speeds. This Candidate Solution is in alignment with the Coastal Management, Water Management, Disaster Management, Public Health, Ecological Forecasting, and Homeland Security National Applications and will benefit society by improving the capabilities of emergency responders who evaluate an oil spill?s probable threat.

Global agenda, local health: including concepts of health security in preparedness programs at the jurisdictional level.

PubMed

Eby, Chas

2014-01-01

The Global Health Security Agenda's objectives contain components that could help health departments address emerging public health challenges that threaten the population. As part of the agenda, partner countries with advanced public health systems will support the development of infrastructure in stakeholder health departments. To facilitate this process and augment local programs, state and local health departments may want to include concepts of health security in their public health preparedness offices in order to simultaneously build capacity. Health security programs developed by public health departments should complete projects that are closely aligned with the objectives outlined in the global agenda and that facilitate the completion of current preparedness grant requirements. This article identifies objectives and proposes tactical local projects that run parallel to the 9 primary objectives of the Global Health Security Agenda. Executing concurrent projects at the international and local levels in preparedness offices will accelerate the completion of these objectives and help prevent disease epidemics, detect health threats, and respond to public health emergencies. Additionally, future funding tied or related to health security may become more accessible to state and local health departments that have achieved these objectives.

Hazard-Specific Vulnerability Mapping for Water Security in a Shale Gas Context

NASA Astrophysics Data System (ADS)

Allen, D. M.; Holding, S.; McKoen, Z.

2015-12-01

Northeast British Columbia (NEBC) is estimated to hold large reserves of unconventional natural gas and has experienced rapid growth in shale gas development activities over recent decades. Shale gas development has the potential to impact the quality and quantity of surface and ground water. Robust policies and sound water management are required to protect water security in relation to the water-energy nexus surrounding shale gas development. In this study, hazard-specific vulnerability mapping was conducted across NEBC to identify areas most vulnerable to water quality and quantity deterioration due to shale gas development. Vulnerability represents the combination of a specific hazard threat and the susceptibility of the water system to that threat. Hazard threats (i.e. potential contamination sources and water abstraction) were mapped spatially across the region. The shallow aquifer susceptibility to contamination was characterised using the DRASTIC aquifer vulnerability approach, while the aquifer susceptibility to abstraction was mapped according to aquifer productivity. Surface water susceptibility to contamination was characterised on a watershed basis to describe the propensity for overland flow (i.e. contaminant transport), while watershed discharge estimates were used to assess surface water susceptibility to water abstractions. The spatial distribution of hazard threats and susceptibility were combined to form hazard-specific vulnerability maps for groundwater quality, groundwater quantity, surface water quality and surface water quantity. The vulnerability maps identify priority areas for further research, monitoring and policy development. Priority areas regarding water quality occur where hazard threat (contamination potential) coincide with high aquifer susceptibility or high overland flow potential. Priority areas regarding water quantity occur where demand is estimated to represent a significant proportion of estimated supply. The identification of priority areas allows for characterization of the vulnerability of water security in the region. This vulnerability mapping approach, using the hazard threat and susceptibility indicators, can be applied to other shale gas areas to assess vulnerability to shale gas activities and support water security.

Combining Trust and Behavioral Analysis to Detect Security Threats in Open Environments

DTIC Science & Technology

2010-11-01

behavioral feature values. This would provide a baseline notional object trust and is formally defined as follows: TO(1)[0, 1] = ∑ 0,n:νbt wtP (S) (8...TO(2)[0, 1] = ∑ wtP (S) · identity(O,P ) (9) 28- 12 RTO-MP-IST-091 Combining Trust and Behavioral Analysis to Detect Security Threats in Open...respectively. The wtP weight function determines the significance of a particular behavioral feature in the final trust calculation. Note that the weight

The North African Franchise: AQIM’s Threat to U.S. Security. Strategic Insights, Volume 8, Issue 5

DTIC Science & Technology

2009-12-01

The North African Franchise : AQIM’s Threat to U.S. Security Strategic Insights, Volume VIII, Issue 5 (December 2009) By Captain Russell J. Isaacs...the U.S. Government. Abstract Al Qaeda of the Islamic Maghreb (AQIM) is a growing and evolving North African franchise of Al Qaeda. While the group...in towns east of Algiers. Although this attack officially marked the emergence of Al Qaeda of the Islamic Maghreb (AQIM), a North African franchise

78 FR 42101 - Boston Area Maritime Security Advisory Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-15

...: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and... years of experience related to maritime or port security operations. AMSC Membership The Boston AMSC has... security industries. In support of the USCG policy on gender and ethnic nondiscrimination, we encourage...

77 FR 39249 - Boston Area Maritime Security Advisory Committee; Vacancies

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-02

...: Identifying critical port infrastructure and operations; Identifying risks (threats, vulnerabilities, and... years of experience related to maritime or port security operations. AMSC Membership The Boston AMSC has... security industries. In support of the USCG policy on gender and ethnic diversity, we encourage qualified...

78 FR 27276 - Privacy Act; System of Records: Security Records, State-36

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-09

... records maintained in State-36, Security Records, capture data related to incidents and threats affecting..., or witnesses associated with investigations into possible unlawful activity conducted by the Bureau... Security; individuals subject to investigations conducted on behalf of other Federal agencies; and...

43 CFR 2.51 - Assuring integrity of records.

Code of Federal Regulations, 2011 CFR

2011-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.51 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.51 - Assuring integrity of records.

Code of Federal Regulations, 2012 CFR

2012-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.226 - Assuring integrity of records.

Code of Federal Regulations, 2014 CFR

2014-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

43 CFR 2.226 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-10-01

... on those recommended in the National Bureau of Standard's booklet “Computer Security Guidelines for..., technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in...

Self-Reliability and Motivation in a Nuclear Security Culture Enhancement Program

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crawford, Cary E.; de Boer, Gloria; De Castro, Kara

2010-10-01

The threat of nuclear terrorism has become a global concern. Many countries continue to make efforts to strengthen nuclear security by enhancing systems of nuclear material protection, control, and accounting (MPC&A). Though MPC&A systems can significantly upgrade nuclear security, they do not eliminate the “human factor.” Gen. Eugene Habiger, a former “Assistant Secretary for Safeguards and Security” at the U.S. Department of Energy’s (DOE) nuclear-weapons complex and a former commander of U.S. strategic nuclear forces, has observed that “good security is 20% equipment and 80% people.”1 Although eliminating the “human factor” is not possible, accounting for and mitigating the riskmore » of the insider threat is an essential element in establishing an effective nuclear security culture. This paper will consider the organizational role in mitigating the risk associated with the malicious insider through monitoring and enhancing human reliability and motivation as well as enhancing the nuclear security culture.« less

An assessment of the cyber security legislation and its impact on the United States electrical sector

NASA Astrophysics Data System (ADS)

Born, Joshua

The purpose of this research was to examine the cyber-security posture for the United States' electrical grid, which comprises a major component of critical infrastructure for the country. The United States electrical sector is so vast, that the Department of Homeland Security (DHS) estimates, it contains more than 6,413 power plants (this includes 3,273 traditional electric utilities and 1,738 nonutility power producers) with approximately 1,075 gigawatts of energy produced on a daily basis. A targeted cyber-security attack against the electric grid would likely have catastrophic results and could even serve as a precursor to a physical attack against the United States. A recent report by the consulting firm Black and Veatch found that one of the top five greatest concerns for United States electric utilities is the risk that cybersecurity poses to their industry and yet, only one-third state they are currently prepared to meet the increasingly likely threat. The report goes on to state, "only 32% of electric utilities surveyed had integrated security systems with the proper segmentation, monitoring and redundancies needed for cyber threat protection. Another 48 % said they did not" Recent estimates indicate that a large-scale cyber-attack against this sector could cost the United States economy as much as a trillion dollars within a weeks' time. Legislative efforts in the past have primarily been focused on creating mandates that encourage public and private partnership, which have been not been adopted as quickly as desired. With 85 % of all electric utilities being privately owned, it is key that the public and private sector partner in order to mitigate risks and respond as a cohesive unit in the event of a major attack. Keywords: Cybersecurity, Professor Riddell, cyber security, energy, intelligence, outlook, electrical, compliance, legislation, partnerships, critical infrastructure.

How do you select the right security features for your company's products

NASA Astrophysics Data System (ADS)

Pickett, Gordon E.

1998-04-01

If your company manufacturers, supplies, or distributes products of almost any type, style, shape, or for any usage, they may become the objective of fraudulent activities from one or more sources. Therefore, someone at your company should be concerned about how these activities may affect the company's future. This paper/presentation will provide information about where these 'threats' may come from, what products have been compromised in the past, and what steps might be taken to deter these threats. During product security conferences, conversations, and other sources of information, you'll hear about many different types of security features that can be incorporated into monetary and identification documents, packaging, labeling, and other products/systems to help protect against counterfeiting, unauthorized tampering, or to identify 'genuine' products. Many of these features have been around for some time (which means that they may have lost at least some of their effectiveness) while others, or improved versions of some of the more mature features, have been or are being developed. This area is a 'moving target' and re-examination of the threats and counterthreats needs to be an ongoing activity. The 'value' and the capabilities of these features can sometimes be overstated, i.e. that a feature/system can solve all of the security-related problems that you may (or may not) have with your products. A couple of things to always keep in mind is that no feature(s) is universally effective and none of the features, or even combinations of features, is totally 'tamperproof' or counterfeitproof, irrespective of what may be said or claimed. So how do you go about determining if you have a product security problem and what, if any, security features might be used to reduce the threat(s) to your products? This paper will attempt to provide information to help you separate the 'wheat from the chaff' in these considerations. Specifically, information to be discussed in this paper will attempt to assist you and your associates define (1) what products are or may be under threat and how many different ways the product(s) might be compromised, (2) who might attempt to compromise your company's product(s), (3) what product security features may be effective in deterring the perceived threats, (4) how many deterrent features are needed, and should the features be overt, covert, or a combination of the two, (5) how will the candidate features hold up in the 'usage' environment, and (6) who will 'validate' the features and what skill levels, or auxiliary equipment, will be needed? Obviously, the cost effectiveness for adding possible security features to the product(s) needs to be considered, but more than just the cost of the feature, or the value of the product, needs to be factored into these considerations. For example, the effect of any compromise on the company's reputation and legal liabilities. This paper obviously can not provide all of the 'answers' but will attempt to provide you with 'food for thought.'

Security for Multimedia Space Data Distribution over the Internet

NASA Technical Reports Server (NTRS)

Stone, Thom; Picinich, Lou; Givens, John J. (Technical Monitor)

1995-01-01

Distribution of interactive multimedia to remote investigators will be required for high quality science on the International Space Station (ISS). The Internet with the World Wide Web (WWW) and the JAVA environment are a good match for distribution of data, video and voice to remote science centers. Utilizing the "open" Internet in a secure manner is the major hurdle in making use of this cost effective, off-the-shelf, universal resource. This paper examines the major security threats to an Internet distribution system for payload data and the mitigation of these threats. A proposed security environment for the Space Station Biological Research Facility (SSBRP) is presented with a short description of the tools that have been implemented or planned. Formulating and implementing a security policy, firewalls, host hardware and software security are also discussed in this paper. Security is a vast topic and this paper can only give an overview of important issues. This paper postulates that a structured approach is required and stresses that security must be built into a network from the start. Ignoring security issues or putting them off until late in the development cycle can be disastrous.

49 CFR 1542.307 - Incident management.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 49 Transportation 9 2013-10-01 2013-10-01 false Incident management. 1542.307 Section 1542.307 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION... Incident management. (a) Each airport operator must establish procedures to evaluate bomb threats, threats...

49 CFR 1542.307 - Incident management.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 49 Transportation 9 2012-10-01 2012-10-01 false Incident management. 1542.307 Section 1542.307 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION... Incident management. (a) Each airport operator must establish procedures to evaluate bomb threats, threats...

49 CFR 1542.307 - Incident management.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 49 Transportation 9 2014-10-01 2014-10-01 false Incident management. 1542.307 Section 1542.307 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION... Incident management. (a) Each airport operator must establish procedures to evaluate bomb threats, threats...

49 CFR 1542.307 - Incident management.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 49 Transportation 9 2011-10-01 2011-10-01 false Incident management. 1542.307 Section 1542.307 Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION... Incident management. (a) Each airport operator must establish procedures to evaluate bomb threats, threats...

76 FR 12745 - Privacy Act of 1974; Department of Homeland Security Office of Operations Coordination and...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-08

... Center Tracker Log is the underlying cumulative repository of responses to all-threats and all-hazards... cumulative repository of all NOC responses to threats, incidents, significant activities and Requests for...

After globalization future security in a technology rich world

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gilmartin, T J

Over the course of the year 2000, five one-day workshops were conducted by the Center for Global Security Research at the Lawrence Livermore National Laboratory on threats that might come against the US and its allies in the 2015 to 2020 timeframe due to the global availability of advanced technology. These workshops focused on threats that are enabled by nuclear, missile, and space technology; military technology; information technology; bio technology; and geo systems technology. In December, an Integration Workshop and Senior Review before national leaders and experts were held. The participants and reviewers were invited from the DOE National Laboratories,more » the DOD Services, OSD, DTRA, and DARPA, the DOS, NASA, Congressional technical staff, the intelligence community, universities and university study centers, think tanks, consultants on national security issues, and private industry. For each workshop the process of analysis involved identification and prioritization of the participants' perceived most severe threat scenarios (worst nightmares), discussion of the technologies which enabled those threats, and ranking of the technologies' threat potentials. We were not concerned in this exercise with defining responses, although our assessment of each threat's severity included consideration of the ease or difficulty with which it might be countered. At the concluding Integration Workshop and Senior Panel Review, we brought the various workshops' participants together, added senior participant/reviewers with broad experience and responsibility, and discussed the workshop findings to determine what is most certain, and uncertain, and what might be needed to resolve our uncertainties. This document reports the consensus and important variations of both the reviewers and the participants. In all, 45 threats over a wide range of lethality and probability of occurrence were identified. Over 60 enabling technologies were also discussed. These are each described in greater detail in the following pages, after overarching considerations are discussed. Here we present the major conclusions of this project, which each include consideration of several threats and their enabling technologies.« less

From Presidential Protection to Campus Security: A Brief History of Threat Assessment in North American Schools and Colleges

ERIC Educational Resources Information Center

Randazzo, Marisa R.; Cameron, J. Kevin

2012-01-01

This article provides a brief history of the development of behavioral threat assessment within colleges and universities in the United States and Canada, from the original Secret Service model used to evaluate threats against the U.S. president, to its adaptations for workplace settings and United States and Canadian secondary schools, to its…

Security and Vulnerability Assessment of Social Media Sites: An Exploratory Study

ERIC Educational Resources Information Center

Zhao, Jensen; Zhao, Sherry Y.

2015-01-01

While the growing popularity of social media has brought many benefits to society, it has also resulted in privacy and security threats. The authors assessed the security and vulnerability of 50 social media sites. The findings indicate that most sites (a) posted privacy and security policies but only a minority stated clearly their execution of…

Information Technology Security Professionals' Knowledge and Use Intention Based on UTAUT Model

ERIC Educational Resources Information Center

Kassa, Woldeloul

2016-01-01

Information technology (IT) security threats and vulnerabilities have become a major concern for organizations in the United States. However, there has been little research on assessing the effect of IT security professionals' knowledge on the use of IT security controls. This study examined the unified theory of acceptance and use of technology…

49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

Code of Federal Regulations, 2012 CFR

2012-10-01

... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2012-10-01 2012-10-01 false Access to cargo and cargo screening: Security...

49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

Code of Federal Regulations, 2014 CFR

2014-10-01

... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2014-10-01 2014-10-01 false Access to cargo and cargo screening: Security...

49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

Code of Federal Regulations, 2013 CFR

2013-10-01

... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2013-10-01 2013-10-01 false Access to cargo and cargo screening: Security...

49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

Code of Federal Regulations, 2011 CFR

2011-10-01

... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2011-10-01 2011-10-01 false Access to cargo and cargo screening: Security...

Strategy to Enhance International Supply Chain Security

DTIC Science & Technology

2007-07-01

as part of the effort to secure air passenger travel . The security assessment crew traveling by air, land or sea cannot be considered only a travel ...threats through its traveler screening and worker credentialing programs. The strategy to secure the supply chain reflects the larger security strategy of...living or traveling abroad. • Assisting U.S. businesses in the international marketplace. • Coordinating and providing support for international

Integrating public health and medical intelligence gathering into homeland security fusion centres.

PubMed

Lenart, Brienne; Albanese, Joseph; Halstead, William; Schlegelmilch, Jeffrey; Paturas, James

Homeland security fusion centres serve to gather, analyse and share threat-related information among all levels of governments and law enforcement agencies. In order to function effectively, fusion centres must employ people with the necessary competencies to understand the nature of the threat facing a community, discriminate between important information and irrelevant or merely interesting facts and apply domain knowledge to interpret the results to obviate or reduce the existing danger. Public health and medical sector personnel routinely gather, analyse and relay health-related inform-ation, including health security risks, associated with the detection of suspicious biological or chemical agents within a community to law enforcement agencies. This paper provides a rationale for the integration of public health and medical personnel in fusion centres and describes their role in assisting law enforcement agencies, public health organisations and the medical sector to respond to natural or intentional threats against local communities, states or the nation as a whole.

Infectious diseases of animals and plants: an interdisciplinary approach.

PubMed

Wilkinson, Katy; Grant, Wyn P; Green, Laura E; Hunter, Stephen; Jeger, Michael J; Lowe, Philip; Medley, Graham F; Mills, Peter; Phillipson, Jeremy; Poppy, Guy M; Waage, Jeff

2011-07-12

Animal and plant diseases pose a serious and continuing threat to food security, food safety, national economies, biodiversity and the rural environment. New challenges, including climate change, regulatory developments, changes in the geographical concentration and size of livestock holdings, and increasing trade make this an appropriate time to assess the state of knowledge about the impact that diseases have and the ways in which they are managed and controlled. In this paper, the case is explored for an interdisciplinary approach to studying the management of infectious animal and plant diseases. Reframing the key issues through incorporating both social and natural science research can provide a holistic understanding of disease and increase the policy relevance and impact of research. Finally, in setting out the papers in this Theme Issue, a picture of current and future animal and plant disease threats is presented.

Standoff passive video imaging at 350 GHz with 251 superconducting detectors

NASA Astrophysics Data System (ADS)

Becker, Daniel; Gentry, Cale; Smirnov, Ilya; Ade, Peter; Beall, James; Cho, Hsiao-Mei; Dicker, Simon; Duncan, William; Halpern, Mark; Hilton, Gene; Irwin, Kent; Li, Dale; Paulter, Nicholas; Reintsema, Carl; Schwall, Robert; Tucker, Carole

2014-06-01

Millimeter wavelength radiation holds promise for detection of security threats at a distance, including suicide bomb belts and maritime threats in poor weather. The high sensitivity of superconducting Transition Edge Sensor (TES) detectors makes them ideal for passive imaging of thermal signals at these wavelengths. We have built a 350 GHz video-rate imaging system using a large-format array of feedhorn-coupled TES bolometers. The system operates at a standoff distance of 16m to 28m with a spatial resolution of 1:4 cm (at 17m). It currently contains one 251-detector subarray, and will be expanded to contain four subarrays for a total of 1004 detectors. The system has been used to take video images which reveal the presence of weapons concealed beneath a shirt in an indoor setting. We present a summary of this work.

Performance Assessment Method for a Forged Fingerprint Detection Algorithm

NASA Astrophysics Data System (ADS)

Shin, Yong Nyuo; Jun, In-Kyung; Kim, Hyun; Shin, Woochang

The threat of invasion of privacy and of the illegal appropriation of information both increase with the expansion of the biometrics service environment to open systems. However, while certificates or smart cards can easily be cancelled and reissued if found to be missing, there is no way to recover the unique biometric information of an individual following a security breach. With the recognition that this threat factor may disrupt the large-scale civil service operations approaching implementation, such as electronic ID cards and e-Government systems, many agencies and vendors around the world continue to develop forged fingerprint detection technology, but no objective performance assessment method has, to date, been reported. Therefore, in this paper, we propose a methodology designed to evaluate the objective performance of the forged fingerprint detection technology that is currently attracting a great deal of attention.

Under Secretary of Defense for Policy > OUSDP Offices > ASD for Homeland

Science.gov Websites

Defense Global Security > Defense Critical Infrastructure Program > Roles Skip to main for Asian and Pacific Security Affairs ASD for Homeland Defense Global Security DASD Defense -Intensity Conflict Counternarcotics and Global Threats Stability and Humanitarian Affairs Special Operations

49 CFR 1580.203 - Reporting significant security concerns.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 49 Transportation 9 2010-10-01 2010-10-01 false Reporting significant security concerns. 1580.203... concerns. (a) Applicability. This section applies to: (1) Each passenger railroad carrier, including each... potential threats and significant security concerns to DHS by telephoning the Freedom Center at 1-866-615...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2011 CFR

2011-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2013 CFR

2013-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2010 CFR

2010-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2014 CFR

2014-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2012 CFR

2012-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which...

25 CFR 43.22 - Assuring integrity of records.

Code of Federal Regulations, 2014 CFR

2014-04-01

..., “Computer Security Guidelines for Implementing the Privacy Act of 1974” (May 30, 1975), and any supplements... with appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2012 CFR

2012-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

15 CFR 30.5 - Electronic Export Information filing application and certification processes and standards.

Code of Federal Regulations, 2013 CFR

2013-01-01

... Census Bureau's Foreign Trade Division Computer Security Officer and refrain from using AESDirect until... Bureau's Foreign Trade Division Computer Security Officer that the company's computer systems accessing... threat to national security interests such that its participation in postdeparture filing should be...

Cooperative global security programs modeling & simulation.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Briand, Daniel

2010-05-01

The national laboratories global security programs implement sustainable technical solutions for cooperative nonproliferation, arms control, and physical security systems worldwide. To help in the development and execution of these programs, a wide range of analytical tools are used to model, for example, synthetic tactical environments for assessing infrastructure protection initiatives and tactics, systematic approaches for prioritizing nuclear and biological threat reduction opportunities worldwide, and nuclear fuel cycle enrichment and spent fuel management for nuclear power countries. This presentation will describe how these models are used in analyses to support the Obama Administration's agenda and bilateral/multinational treaties, and ultimately, to reducemore » weapons of mass destruction and terrorism threats through international technical cooperation.« less

Establishing public health security in a postwar Iraq: constitutional obstacles and lessons for other federalizing states.

PubMed

Wilson, Kumanan; Fidler, David P; McDougall, Christopher W; Lazar, Harvey

2009-06-01

The public health consequences of the conflict in Iraq will likely continue after the violence has subsided. Reestablishing public health security will require large investments in infrastructure and the creation of effective systems of governance. On the question of governance, the allocation of powers in the new constitution of Iraq is critical. Given the ease with which public health threats cross borders, the constitution needs to grant to the federal government the legal authority to manage such threats and simultaneously meet international requirements. Unfortunately, the draft constitution does not accomplish this objective. If politically possible, the constitution should be amended to provide the federal government with this authority. If not possible, the Iraqi federal government would have two options. It could attempt to use alternative constitutional powers, such as national security powers. This option would be contentious and the results uncertain. Alternatively, the federal government could attempt to establish collaborative relationships with regional governments. Residual sectarian tensions create potential problems for this option, however. Reflecting on the Iraqi situation, we conclude that other federalizing countries emerging from conflict should ensure that their constitutions provide the federal government with the necessary authority to manage threats to public health security effectively.

Using Swarming Agents for Scalable Security in Large Network Environments

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crouse, Michael; White, Jacob L.; Fulp, Errin W.

2011-09-23

The difficulty of securing computer infrastructures increases as they grow in size and complexity. Network-based security solutions such as IDS and firewalls cannot scale because of exponentially increasing computational costs inherent in detecting the rapidly growing number of threat signatures. Hostbased solutions like virus scanners and IDS suffer similar issues, and these are compounded when enterprises try to monitor these in a centralized manner. Swarm-based autonomous agent systems like digital ants and artificial immune systems can provide a scalable security solution for large network environments. The digital ants approach offers a biologically inspired design where each ant in the virtualmore » colony can detect atoms of evidence that may help identify a possible threat. By assembling the atomic evidences from different ant types the colony may detect the threat. This decentralized approach can require, on average, fewer computational resources than traditional centralized solutions; however there are limits to its scalability. This paper describes how dividing a large infrastructure into smaller managed enclaves allows the digital ant framework to effectively operate in larger environments. Experimental results will show that using smaller enclaves allows for more consistent distribution of agents and results in faster response times.« less

Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

NASA Technical Reports Server (NTRS)

Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

2015-01-01

NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

United States Air Force Security Forces in an Era of Terrorist Threats

DTIC Science & Technology

1999-06-01

their primary duties. The third alternative is to eliminate the Palace Tenure deployments of security personnel and replace them with dedicated units...The Phoenix Raven program, the 820th Security Forces Group, and Palace Tenure commitments. The specified mission varies by organization, but the...820th Security Forces Group. January 1999, slide 4. 166 Statement of LT. Col. Larry A. Buckingham , 820th Security Forces Group Commander, “820th Security

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's abilitymore » to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.« less

Method for Determining the Sensitivity of a Physical Security System.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Speed, Ann; Gauthier, John H.; Hoffman, Matthew John

Modern systems, such as physical security systems, are often designed to involve complex interactions of technological and human elements. Evaluation of the performance of these systems often overlooks the human element. A method is proposed here to expand the concept of sensitivity—as denoted by d’—from signal detection theory (Green & Swets 1966; Macmillan & Creelman 2005), which came out of the field of psychophysics, to cover not only human threat detection but also other human functions plus the performance of technical systems in a physical security system, thereby including humans in the overall evaluation of system performance. New in thismore » method is the idea that probabilities of hits (accurate identification of threats) and false alarms (saying “threat” when there is not one), which are used to calculate d’ of the system, can be applied to technologies and, furthermore, to different functions in the system beyond simple yes-no threat detection. At the most succinct level, the method returns a single number that represents the effectiveness of a physical security system; specifically, the balance between the handling of actual threats and the distraction of false alarms. The method can be automated, and the constituent parts revealed, such that given an interaction graph that indicates the functional associations of system elements and the individual probabilities of hits and false alarms for those elements, it will return the d’ of the entire system as well as d’ values for individual parts. The method can also return a measure of the response bias* of the system. One finding of this work is that the d’ for a physical security system can be relatively poor in spite of having excellent d’s for each of its individual functional elements.« less

Securing Real-Time Sessions in an IMS-Based Architecture

NASA Astrophysics Data System (ADS)

Cennamo, Paolo; Fresa, Antonio; Longo, Maurizio; Postiglione, Fabio; Robustelli, Anton Luca; Toro, Francesco

The emerging all-IP mobile network infrastructures based on 3rd Generation IP Multimedia Subsystem philosophy are characterised by radio access technology independence and ubiquitous connectivity for mobile users. Currently, great focus is being devoted to security issues since most of the security threats presently affecting the public Internet domain, and the upcoming ones as well, are going to be suffered by mobile users in the years to come. While a great deal of research activity, together with standardisation efforts and experimentations, is carried out on mechanisms for signalling protection, very few integrated frameworks for real-time multimedia data protection have been proposed in a context of IP Multimedia Subsystem, and even fewer experimental results based on testbeds are available. In this paper, after a general overview of the security issues arising in an advanced IP Multimedia Subsystem scenario, a comprehensive infrastructure for real-time multimedia data protection, based on the adoption of the Secure Real-Time Protocol, is proposed; then, the development of a testbed incorporating such functionalities, including mechanisms for key management and cryptographic context transfer, and allowing the setup of Secure Real-Time Protocol sessions is presented; finally, experimental results are provided together with quantitative assessments and comparisons of system performances for audio sessions with and without the adoption of the Secure Real-Time Protocol framework.

78 FR 28237 - President's National Security Telecommunications Advisory Committee

Federal Register 2010, 2011, 2012, 2013, 2014

2013-05-14

... publication, this NSTAC meeting must occur. The national security threat that Distributed Denial of Service... streamed via webcast at http://www.whitehouse.gov/live . For information on facilities or services for...

On a simulation study of cyber attacks on vehicle-to-infrastructure communication (V2I) in Intelligent Transportation System (ITS)

NASA Astrophysics Data System (ADS)

Ekedebe, Nnanna; Yu, Wei; Song, Houbing; Lu, Chao

2015-05-01

An intelligent transportation system (ITS) is one typical cyber-physical system (CPS) that aims to provide efficient, effective, reliable, and safe driving experiences with minimal congestion and effective traffic flow management. In order to achieve these goals, various ITS technologies need to work synergistically. Nonetheless, ITS's reliance on wireless connectivity makes it vulnerable to cyber threats. Thus, it is critical to understand the impact of cyber threats on ITS. In this paper, using real-world transportation dataset, we evaluated the consequences of cyber threats - attacks against service availability by jamming the communication channel of ITS. In this way, we can have a better understanding of the importance of ensuring adequate security respecting safety and life-critical ITS applications before full and expensive real-world deployments. Our experimental data shows that cyber threats against service availability could adversely affect traffic efficiency and safety performances evidenced by exacerbated travel time, fuel consumed, and other evaluated performance metrics as the communication network is compromised. Finally, we discuss a framework to make ITS secure and more resilient against cyber threats.

Taking Steps to Protect Against the Insider Threat

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pope, Noah Gale; Williams, Martha; Lewis, Joel

2015-10-16

Research reactors are required (in accordance with the Safeguards Agreement between the State and the IAEA) to maintain a system of nuclear material accounting and control for reporting quantities of nuclear material received, shipped, and held on inventory. Enhancements to the existing accounting and control system can be made at little additional cost to the facility, and these enhancements can make nuclear material accounting and control useful for nuclear security. In particular, nuclear material accounting and control measures can be useful in protecting against an insider who is intent on unauthorized removal or misuse of nuclear material or misuse ofmore » equipment. An enhanced nuclear material accounting and control system that responds to nuclear security is described in NSS-25G, Use of Nuclear Material Accounting and Control for Nuclear Security Purposes at Facilities, which is scheduled for distribution by the IAEA Department of Nuclear Security later this year. Accounting and control measures that respond to the insider threat are also described in NSS-33, Establishing a System for Control of Nuclear Material for Nuclear Security Purposes at a Facility During Storage, Use and Movement, and in NSS-41, Preventive and Protective Measures against Insider Threats (originally issued as NSS-08), which are available in draft form. This paper describes enhancements to existing material control and accounting systems that are specific to research reactors, and shows how they are important to nuclear security and protecting against an insider.« less

Final Technical Report. Project Boeing SGS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bell, Thomas E.

Boeing and its partner, PJM Interconnection, teamed to bring advanced “defense-grade” technologies for cyber security to the US regional power grid through demonstration in PJM’s energy management environment. Under this cooperative project with the Department of Energy, Boeing and PJM have developed and demonstrated a host of technologies specifically tailored to the needs of PJM and the electric sector as a whole. The team has demonstrated to the energy industry a combination of processes, techniques and technologies that have been successfully implemented in the commercial, defense, and intelligence communities to identify, mitigate and continuously monitor the cyber security of criticalmore » systems. Guided by the results of a Cyber Security Risk-Based Assessment completed in Phase I, the Boeing-PJM team has completed multiple iterations through the Phase II Development and Phase III Deployment phases. Multiple cyber security solutions have been completed across a variety of controls including: Application Security, Enhanced Malware Detection, Security Incident and Event Management (SIEM) Optimization, Continuous Vulnerability Monitoring, SCADA Monitoring/Intrusion Detection, Operational Resiliency, Cyber Range simulations and hands on cyber security personnel training. All of the developed and demonstrated solutions are suitable for replication across the electric sector and/or the energy sector as a whole. Benefits identified include; Improved malware and intrusion detection capability on critical SCADA networks including behavioral-based alerts resulting in improved zero-day threat protection; Improved Security Incident and Event Management system resulting in better threat visibility, thus increasing the likelihood of detecting a serious event; Improved malware detection and zero-day threat response capability; Improved ability to systematically evaluate and secure in house and vendor sourced software applications; Improved ability to continuously monitor and maintain secure configuration of network devices resulting in reduced vulnerabilities for potential exploitation; Improved overall cyber security situational awareness through the integration of multiple discrete security technologies into a single cyber security reporting console; Improved ability to maintain the resiliency of critical systems in the face of a targeted cyber attack of other significant event; Improved ability to model complex networks for penetration testing and advanced training of cyber security personnel« less

6 CFR 7.23 - Emergency release of classified information.

Code of Federal Regulations, 2011 CFR

2011-01-01

....23 Section 7.23 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY CLASSIFIED...) The Secretary of Homeland Security has delegated to certain DHS employees the authority to disclose... emergency situations when there is an imminent threat to life or in defense of the homeland. (b) In...

An Information Security Control Assessment Methodology for Organizations

ERIC Educational Resources Information Center

Otero, Angel R.

2014-01-01

In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

Here Today, Here Tomorrow: The Imperative of Collections Security.

ERIC Educational Resources Information Center

Billington, James H.

1996-01-01

The Librarian of Congress addresses the increasing security threats to the collection at the Library of Congress that caused him to close library stacks, increase police patrol, install surveillance cameras and alarm systems, create material inventories, and limit patron privileges. Many of the security functions are being assessed and monitored…

New Technology's Surprising Security Threats. Building Digital Libraries

ERIC Educational Resources Information Center

Huwe, Terence

2005-01-01

In recent years, security issues have increasingly come to dominate the technological development process--although still in a more reactive than proactive mode. It now seems more important than ever to monitor security trends and policy developments, especially if technology is regarded as a potential community builder. This article suggests…

Redefining National Security. Worldwatch Paper 14.

ERIC Educational Resources Information Center

Brown, Lester R.

This paper, an adaption from the author's forthcoming book "The Twenty-Ninth Day: Accomodating Human Needs and Numbers to the Earth's Resources," deals with non-military threats to national security. Since World War II the concept of national security has acquired an overwhelmingly military character. The policy of continual preparedness has led…

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2012 CFR

2012-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2011 CFR

2011-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2010 CFR

2010-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

36 CFR 1202.30 - How does NARA safeguard its systems of records?

Code of Federal Regulations, 2014 CFR

2014-07-01

... records are protected in accordance with the Computer Security Act, OMB Circular A-11 requiring privacy... appropriate administrative, technical, and physical safeguards are established to ensure the security and confidentiality of records. In order to protect against any threats or hazards to their security or loss of...

Small threat and contraband detection with TNA-based systems.

PubMed

Shaw, T J; Brown, D; D'Arcy, J; Liu, F; Shea, P; Sivakumar, M; Gozani, T

2005-01-01

The detection of small threats, such as explosives, drugs, and chemical weapons, concealed or encased in surrounding material, is a major concern in areas from security checkpoints to UneXploded Ordnance (UXO) clearance. Techniques such as X-ray and trace detection are often ineffectual in these applications. Thermal neutron analysis (TNA) provides an effective method for detecting concealed threats. This paper shows the effectiveness of Ancore's SPEDS, based on TNA, in detecting concealed liquid threats and differentiating live from inert mortar shells.

THE BIOTERRORISM THREAT: TECHNOLOGICAL AND POLITICAL CONSIDERATIONS

DOE Office of Scientific and Technical Information (OSTI.GOV)

J. F. PILAT

2000-03-01

Bioterrorism--along with biowarfare, from which it may not always be distinguishable in practice--will be a feature of the strategic landscape in the 21st century and is high on the US national security agenda. Bioterrorism poses a potential threat to the US population, agriculture, interests, friends and allies, and military forces (asymmetric threats). Yet these possibilities have not been widely pursued or realized by terrorists. The perceived threat is far worse than anything experienced to date, and is largely technologically driven.

Semiannual Report to Congress on the Effectiveness of the Civil Aviation Security Program

DTIC Science & Technology

1988-11-01

secure Zround environment and for providing local law enforcement support for airline and airport security measures. Finally, the passengers, the...operating environment for these air carriers. Airport security programs are designed to meet the threat to the specific airport. Of the 402 airports...assistance during this project. Responding to urgent requests from the Government of Liberia for onsite training of its airport security forces, FAA

A Framework for Policies and Practices to Improve Test Security Programs: Prevention, Detection, Investigation, and Resolution (PDIR)

ERIC Educational Resources Information Center

Ferrara, Steve

2017-01-01

Test security is not an end in itself; it is important because we want to be able to make valid interpretations from test scores. In this article, I propose a framework for comprehensive test security systems: prevention, detection, investigation, and resolution. The article discusses threats to test security, roles and responsibilities, rigorous…

Resilient and Robust High Performance Computing Platforms for Scientific Computing Integrity

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jin, Yier

As technology advances, computer systems are subject to increasingly sophisticated cyber-attacks that compromise both their security and integrity. High performance computing platforms used in commercial and scientific applications involving sensitive, or even classified data, are frequently targeted by powerful adversaries. This situation is made worse by a lack of fundamental security solutions that both perform efficiently and are effective at preventing threats. Current security solutions fail to address the threat landscape and ensure the integrity of sensitive data. As challenges rise, both private and public sectors will require robust technologies to protect its computing infrastructure. The research outcomes from thismore » project try to address all these challenges. For example, we present LAZARUS, a novel technique to harden kernel Address Space Layout Randomization (KASLR) against paging-based side-channel attacks. In particular, our scheme allows for fine-grained protection of the virtual memory mappings that implement the randomization. We demonstrate the effectiveness of our approach by hardening a recent Linux kernel with LAZARUS, mitigating all of the previously presented side-channel attacks on KASLR. Our extensive evaluation shows that LAZARUS incurs only 0.943% overhead for standard benchmarks, and is therefore highly practical. We also introduced HA2lloc, a hardware-assisted allocator that is capable of leveraging an extended memory management unit to detect memory errors in the heap. We also perform testing using HA2lloc in a simulation environment and find that the approach is capable of preventing common memory vulnerabilities.« less

Overcoming the challenges of secure mobile applications for network-centric, data-sensitive applications

NASA Astrophysics Data System (ADS)

Farroha, Bassam; Farroha, Deborah

2012-05-01

Gaining the competitive advantage in today's aggressive environment requires our corporate leaders and Warfighters alike to be armed with up-to-date knowledge related to friendly and opposing forces. This knowledge has to be delivered in real-time between the core enterprise and tactical/mobile units at the edge. The type and sensitivity of data delivered will vary depending on users, threat level and current rules of dissemination. This paper will describe the mobile security management that basis access rights on positive identification of user, authenticating the user and the edge device. Next, Access Management is granted on a fine grain basis where each data element is tagged with meta-data that is crypto-bound to the data itself to ensure authenticity of contents and observance of data sensitivity.

Coincident polio and Ebola crises expose similar fault lines in the current global health regime.

PubMed

Calain, Philippe; Abu Sa'Da, Caroline

2015-01-01

In 2014, the World Health Organization (WHO) declared two "public health emergencies of international concern", in response to the worldwide polio situation and the Ebola epidemic in West Africa respectively. Both emergencies can be seen as testing moments, challenging the current model of epidemic governance, where two worldviews co-exist: global health security and humanitarian biomedicine. The resurgence of polio and the spread of Ebola in 2014 have not only exposed the weaknesses of national health systems, but also the shortcomings of the current global health regime in dealing with transnational epidemic threats. These shortcomings are of three sorts. Firstly, the global health regime is fragmented and dominated by the domestic security priorities of industrialised nations. Secondly, the WHO has been constrained by constitutional country allegiances, crippling reforms and the limited impact of the (2005) International Health Regulations (IHR) framework. Thirdly, the securitization of infectious diseases and the militarization of humanitarian aid undermine the establishment of credible public health surveillance networks and the capacity to control epidemic threats. The securitization of communicable diseases has so far led foreign aid policies to sideline health systems. It has also been the source of ongoing misperceptions over the aims of global health initiatives. With its strict allegiance to Member States, the WHO mandate is problematic, particularly when it comes to controlling epidemic diseases. In this context, humanitarian medical organizations are expected to palliate the absence of public health services in the most destitute areas, particularly in conflict zones. The militarization of humanitarian aid itself threatens this fragile and imperfect equilibrium. None of the reforms announced by the WHO in the wake of the 68(th) World Health Assembly address these fundamental issues.

Exploring Operational Safeguards, Safety, and Security by Design to Address Real Time Threats in Nuclear Facilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schanfein, Mark J.; Mladineo, Stephen V.

2015-07-07

Over the last few years, significant attention has been paid to both encourage application and provide domestic and international guidance for designing in safeguards and security in new facilities.1,2,3 However, once a facility is operational, safeguards, security, and safety often operate as separate entities that support facility operations. This separation is potentially a serious weakness should insider or outsider threats become a reality.Situations may arise where safeguards detects a possible loss of material in a facility. Will they notify security so they can, for example, check perimeter doors for tampering? Not doing so might give the advantage to an insidermore » who has already, or is about to, move nuclear material outside the facility building. If outsiders break into a facility, the availability of any information to coordinate the facility’s response through segregated alarm stations or a failure to include all available radiation sensors, such as safety’s criticality monitors can give the advantage to the adversary who might know to disable camera systems, but would most likely be unaware of other highly relevant sensors in a nuclear facility.This paper will briefly explore operational safeguards, safety, and security by design (3S) at a high level for domestic and State facilities, identify possible weaknesses, and propose future administrative and technical methods, to strengthen the facility system’s response to threats.« less

Medical systems and malware.

PubMed

Kusche, Kristopher P

2004-01-01

No longer just an information technology issue, network security requires a multifaceted, multidisciplinary approach to ensuring critical equipment functionality, data security, and patient safety. This article provides insight into the threat of malware and ways to deal with it.

Proliferation: Threat and Response

DTIC Science & Technology

1997-11-01

primary agent, the Defense Technology capabilities also contribute to ongoing efforts to Security Administration ( DTSA ). These efforts are focus and...Special Weapons Agency Organization DTSA Defense Technology Security BW Biological Weapons Administration BWC Biological and Toxin Weapons EPCI Enhanced

32 CFR 2001.40 - General.

Code of Federal Regulations, 2011 CFR

2011-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2014 CFR

2014-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2010 CFR

2010-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2013 CFR

2013-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

32 CFR 2001.40 - General.

Code of Federal Regulations, 2012 CFR

2012-07-01

... crucial nature of the information; analysis of known and anticipated threats; vulnerability; and... Defense Other Regulations Relating to National Defense INFORMATION SECURITY OVERSIGHT OFFICE, NATIONAL ARCHIVES AND RECORDS ADMINISTRATION CLASSIFIED NATIONAL SECURITY INFORMATION Safeguarding § 2001.40 General...

Vulnerability mitigation : technology assessment and deployment

DOT National Transportation Integrated Search

2003-01-01

Because of the new terrorist threats since the September 11, 2001 attacks, rapid development, prototyping, and deployment of systems has been necessary. A well integrated physical security system that combines state of the art security and informatio...

Cyberspace security system

DOEpatents

Abercrombie, Robert K; Sheldon, Frederick T; Ferragut, Erik M

2014-06-24

A system evaluates reliability, performance and/or safety by automatically assessing the targeted system's requirements. A cost metric quantifies the impact of failures as a function of failure cost per unit of time. The metrics or measurements may render real-time (or near real-time) outcomes by initiating active response against one or more high ranked threats. The system may support or may be executed in many domains including physical domains, cyber security domains, cyber-physical domains, infrastructure domains, etc. or any other domains that are subject to a threat or a loss.

Honey bee pathology: current threats to honey bees and beekeeping.

PubMed

Genersch, Elke

2010-06-01

Managed honey bees are the most important commercial pollinators of those crops which depend on animal pollination for reproduction and which account for 35% of the global food production. Hence, they are vital for an economic, sustainable agriculture and for food security. In addition, honey bees also pollinate a variety of wild flowers and, therefore, contribute to the biodiversity of many ecosystems. Honey and other hive products are, at least economically and ecologically rather, by-products of beekeeping. Due to this outstanding role of honey bees, severe and inexplicable honey bee colony losses, which have been reported recently to be steadily increasing, have attracted much attention and stimulated many research activities. Although the phenomenon "decline of honey bees" is far from being finally solved, consensus exists that pests and pathogens are the single most important cause of otherwise inexplicable colony losses. This review will focus on selected bee pathogens and parasites which have been demonstrated to be involved in colony losses in different regions of the world and which, therefore, are considered current threats to honey bees and beekeeping.

A cognitive and economic decision theory for examining cyber defense strategies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bier, Asmeret Brooke

Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participantsmore » interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.« less

Medical countermeasures for unwanted CBRN exposures: part II radiological and nuclear threats with review of recent countermeasure patents

PubMed Central

Singh, Vijay K.; Romaine, Patricia L.P.; Newman, Victoria L.; Seed, Thomas M.

2016-01-01

ABSTRACT Introduction: The global threat of a chemical, biological, radiological, or nuclear (CBRN) disaster is an important priority for all government agencies involved in domestic security and public health preparedness. Radiological/nuclear (RN) attacks or accidents have become a larger focus of the United States Food and Drug administration (US FDA) over time because of their increased likeliness. Clinical signs and symptoms of a developing acute radiation syndrome (ARS) are grouped into three sub-syndromes named for the dominant organ system affected, namely the hematopoietic (H-ARS), gastrointestinal (GI-ARS), and neurovascular systems. The availability of safe and effective countermeasures against radiological/nuclear threats currently represents a significant unmet medical need. Areas covered: This article reviews the development of RN threat medical countermeasures and highlights those specific countermeasures that have been recently patented and approved following the FDA Animal Rule. Patents for such agents from 2015 have been presented. Expert opinion: Two granulocyte colony-stimulating factor (G-CSF)-based radiation countermeasures (Neupogen® (Amgen, Thousand Oaks, CA) and Neulasta® (Amgen, Thousand Oaks, CA)) have recently been approved by the FDA for treatment of H-ARS and both these agents are radiomitigators, used after radiation exposure. To date, there are no FDA-approved radioprotectors for ARS. PMID:27610458

Proximity under Threat: The Role of Physical Distance in Intergroup Relations

PubMed Central

Wohl, Michael J. A.; Van Bavel, Jay J.

2016-01-01

Throughout human history, social groups have invested immense amounts of wealth and time to keep threatening out-groups at a distance. In the current research, we explored the relationship between intergroup threat, physical distance, and discrimination. Specifically, we examined how intergroup threat alters estimates of physical distance to out-groups and how physical proximity affects intergroup relations. Previous research has found that people judge threatening out-groups as physically close. In Studies 1 and 2, we examined ways to attenuate this bias. In Study 1 a secure (vs. permeable) US-Mexico border reduced the estimated proximity to Mexico City among Americans who felt threatened by Mexican immigration. In Study 2, intergroup apologies reduced estimates of physical proximity to a threatening cross-town rival university, but only among participants with cross-group friendships. In Study 3, New York Yankees fans who received an experimental induction of physical proximity to a threatening out-group (Boston Red Sox) had a stronger relationship between their collective identification with the New York Yankees and support for discriminatory policies toward members of the out-group (Red Sox fans) as well as how far they chose to sit from out-group members (Red Sox fans). Together, these studies suggest that intergroup threat alters judgment of physical properties, which has important implications for intergroup relations. PMID:27467267

Mitigating amphibian chytridiomycoses in nature.

PubMed

Garner, Trenton W J; Schmidt, Benedikt R; Martel, An; Pasmans, Frank; Muths, Erin; Cunningham, Andrew A; Weldon, Che; Fisher, Matthew C; Bosch, Jaime

2016-12-05

Amphibians across the planet face the threat of population decline and extirpation caused by the disease chytridiomycosis. Despite consensus that the fungal pathogens responsible for the disease are conservation issues, strategies to mitigate their impacts in the natural world are, at best, nascent. Reducing risk associated with the movement of amphibians, non-amphibian vectors and other sources of infection remains the first line of defence and a primary objective when mitigating the threat of disease in wildlife. Amphibian-associated chytridiomycete fungi and chytridiomycosis are already widespread, though, and we therefore focus on discussing options for mitigating the threats once disease emergence has occurred in wild amphibian populations. All strategies have shortcomings that need to be overcome before implementation, including stronger efforts towards understanding and addressing ethical and legal considerations. Even if these issues can be dealt with, all currently available approaches, or those under discussion, are unlikely to yield the desired conservation outcome of disease mitigation. The decision process for establishing mitigation strategies requires integrated thinking that assesses disease mitigation options critically and embeds them within more comprehensive strategies for the conservation of amphibian populations, communities and ecosystems.This article is part of the themed issue 'Tackling emerging fungal threats to animal health, food security and ecosystem resilience'. © 2016 The Author(s).

Mitigating amphibian chytridiomycoses in nature

PubMed Central

Martel, An; Pasmans, Frank; Muths, Erin; Cunningham, Andrew A.; Weldon, Che; Bosch, Jaime

2016-01-01

Amphibians across the planet face the threat of population decline and extirpation caused by the disease chytridiomycosis. Despite consensus that the fungal pathogens responsible for the disease are conservation issues, strategies to mitigate their impacts in the natural world are, at best, nascent. Reducing risk associated with the movement of amphibians, non-amphibian vectors and other sources of infection remains the first line of defence and a primary objective when mitigating the threat of disease in wildlife. Amphibian-associated chytridiomycete fungi and chytridiomycosis are already widespread, though, and we therefore focus on discussing options for mitigating the threats once disease emergence has occurred in wild amphibian populations. All strategies have shortcomings that need to be overcome before implementation, including stronger efforts towards understanding and addressing ethical and legal considerations. Even if these issues can be dealt with, all currently available approaches, or those under discussion, are unlikely to yield the desired conservation outcome of disease mitigation. The decision process for establishing mitigation strategies requires integrated thinking that assesses disease mitigation options critically and embeds them within more comprehensive strategies for the conservation of amphibian populations, communities and ecosystems. This article is part of the themed issue ‘Tackling emerging fungal threats to animal health, food security and ecosystem resilience’. PMID:28080996

An Assessment of Coherence Between Early Warning and Response Systems and Serious Cross-Border Health Threats in the European Union and Turkey

PubMed Central

Elif Ekmekci, Perihan

2017-01-01

Disease outbreaks have attracted the attention of the public health community to early warning and response systems (EWRS) for communicable diseases and other cross-border threats to health. The European Union (EU) and the World Health Organization (WHO) have published regulations in this area. Decision 1082/2013/EU brought a new approach the management of public health threats in EU member states. Decision 1082/2013/EU brought several innovations, which included establishing a Health Security Committee; preparedness and response planning; joint procurement of medical countermeasures; ad hoc monitoring for biological, chemical, and environmental threats; EWRS; and recognition of an emergency situation and interoperability between various sectors. Turkey, as an acceding country to the EU and a member of the WHO, has been improving its national public health system to meet EU legislations and WHO standards. This article first explains EWRS as defined in Decision 1082/2013/EU and Turkey’s obligations to align its public health laws to the EU acquis. EWRS in Turkey are addressed, particularly their coherence with EU policies regarding preparedness and response, alert notification, and interoperability between health and other sectors. Finally, the challenges and limitations of the current Turkish system are discussed and further improvements are suggested. PMID:27511433

Activity Learning as a Foundation for Security Monitoring in Smart Homes.

PubMed

Dahmen, Jessamyn; Thomas, Brian L; Cook, Diane J; Wang, Xiaobo

2017-03-31

Smart environment technology has matured to the point where it is regularly used in everyday homes as well as research labs. With this maturation of the technology, we can consider using smart homes as a practical mechanism for improving home security. In this paper, we introduce an activity-aware approach to security monitoring and threat detection in smart homes. We describe our approach using the CASAS smart home framework and activity learning algorithms. By monitoring for activity-based anomalies we can detect possible threats and take appropriate action. We evaluate our proposed method using data collected in CASAS smart homes and demonstrate the partnership between activity-aware smart homes and biometric devices in the context of the CASAS on-campus smart apartment testbed.

Attacks on Bluetooth Security Architecture and Its Countermeasures

NASA Astrophysics Data System (ADS)

Iqbal, Mian Muhammad Waseem; Kausar, Firdous; Wahla, Muhammad Arif

WPANs compliment the traditional IEEE 802.11 wireless networks by facilitating the clients with flexibility in network topologies, higher mobility and relaxed configuration/hardware requirements. Bluetooth, a WPAN technology, is an open standard for short-range radio frequency (RF) communication. However, it is also susceptible to typical security threats found in wireless LANs. This paper discuses some of the attack scenarios against the bluetooth network such as hostile intrusion, active Man-in-the-Middle (MITM) attack using unit key and various forms of denial of service (DoS) attacks. These threats and attacks compromise the confidentiality and availability of bluetooth data and services. This paper proposes an improved security architecture for bluetooth device which provides protection against the above mentioned attacks.

Is livestock production prepared for an electrically paralysed world?

PubMed

Lassen, Brian

2013-01-15

Politics, insolvency, increased technological complexity and solar flares are factors that currently present uncomfortably real threats to our increasing dependency on electricity. In some scenarios, there may be no warning before electronic and mechanical help will cease to function. Industrial food production appears to be particularly vulnerable. Making preparations for an electrically paralysed period may not only be prudent, and a matter of national security, but might also push scientific efforts in agricultural production past energy reduction and towards more resilient and sustainable options. Copyright © 2012 Society of Chemical Industry.