Using agility to combat cyber attacks.

PubMed

Anderson, Kerry

2017-06-01

Some incident response practitioners feel that they have been locked in a battle with cyber criminals since the popular adoption of the internet. Initially, organisations made great inroads in preventing and containing cyber attacks. In the last few years, however, cyber criminals have become adept at eluding defence security technologies and rapidly modifying their exploit strategies for financial or political gains. Similar to changes in military combat tactics, cyber criminals utilise distributed attack cells, real-time communications, and rapidly mutating exploits to minimise the potential for detection. Cyber criminals have changed their attack paradigm. This paper describes a new incident response paradigm aimed at combating the new model of cyber attacks with an emphasis on agility to increase the organisation's ability to respond rapidly to these new challenges.

Medical Differential Diagnosis (MDD) as the Architectural Framework for a Knowledge Model: A Vulnerability Detection and Threat Identification Methodology for Cyber-Crime and Cyber-Terrorism

ERIC Educational Resources Information Center

Conley-Ware, Lakita D.

2010-01-01

This research addresses a real world cyberspace problem, where currently no cross industry standard methodology exists. The goal is to develop a model for identification and detection of vulnerabilities and threats of cyber-crime or cyber-terrorism where cyber-technology is the vehicle to commit the criminal or terrorist act (CVCT). This goal was…

Travels With Lynn: September 2010

Science.gov Websites

Cyber Security At the Security Defense Allaince Top Story Lynn Details New U.S. Strategy On New Warfare Landstuhl Regional Medical Center Lynn Continues NATO Meetings in Belgium Lynn Attends Cyber Presentation Against ISIL Terrorists Operation Atlantic Resolve Sexual Assault Prevention Asia-Pacific Rebalance Cyber

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2014 CFR

2014-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2013 CFR

2013-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

39 CFR 501.11 - Reporting Postage Evidencing System security weaknesses.

Code of Federal Regulations, 2012 CFR

2012-07-01

... any repeatable deviation from normal Postage Evidencing System performance. (3) Cyber attacks that... misappropriating assets or sensitive information, corrupting data, or causing operational disruption. Cyber attacks... causing denial-of-service attacks on Web sites. Cyber attacks may be carried out by third parties or...

Human Capital Development - Resilient Cyber Physical Systems

DTIC Science & Technology

2017-09-29

Human Capital Development – Resilient Cyber Physical Systems Technical Report SERC-2017-TR-113 September 29, 2017 Principal Investigator...4.2.2 Cyber Attack Taxonomy for Cyber Physical Systems .............................................................................. 43 4.2.3...Cyber- physical System Attack Taxonomy ................................................................................................ 44 4.2.4

3 CFR - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Code of Federal Regulations, 2013 CFR

2013-01-01

... 3 The President 1 2013-01-01 2013-01-01 false Continuation of the National Emergency With Respect to Certain Terrorist Attacks Presidential Documents Other Presidential Documents Notice of September 11, 2012 Continuation of the National Emergency With Respect to Certain Terrorist Attacks Consistent...

3 CFR - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Code of Federal Regulations, 2012 CFR

2012-01-01

... 3 The President 1 2012-01-01 2012-01-01 false Continuation of the National Emergency With Respect to Certain Terrorist Attacks Presidential Documents Other Presidential Documents Notice of September 9, 2011 Continuation of the National Emergency With Respect to Certain Terrorist Attacks Consistent...

Israeli Adolescents' Coping Strategies in Relation to Terrorist Attacks

ERIC Educational Resources Information Center

Tatar, Moshe; Amram, Sima

2007-01-01

Exposure to terrorism seriously threatens the well-being of children and adolescents. Israeli citizens have witnessed massive ongoing terrorist attacks during the last few years. The present research, conducted among 330 Israeli adolescents, examined coping strategies in relation to terrorist attacks. We found that adolescents utilize more…

3 CFR - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Code of Federal Regulations, 2010 CFR

2010-01-01

... national emergency declared on September 14, 2001, in Proclamation 7463, with respect to the terrorist attacks of September 11, 2001, and the continuing and immediate threat of further attacks on the United States. Because the terrorist threat continues, the national emergency declared on September 14, 2001...

Cyber / Physical Security Vulnerability Assessment Integration

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Simpkins, Bret E.

Abstract Both physical protection and cyber security domains offer solutions for the discovery of vulnerabilities through the use of various assessment processes and software tools. Each vulnerability assessment (VA) methodology provides the ability to identify and categorize vulnerabilities, and quantifies the risks within their own areas of expertise. Neither approach fully represents the true potential security risk to a site and/or a facility, nor comprehensively assesses the overall security posture. The technical approach to solving this problem was to identify methodologies and processes that blend the physical and cyber security assessments, and develop tools to accurately quantify the unaccounted formore » risk. SMEs from both the physical and the cyber security domains developed the blending methodologies, and cross trained each other on the various aspects of the physical and cyber security assessment processes. A local critical infrastructure entity volunteered to host a proof of concept physical/cyber security assessment, and the lessons learned have been leveraged by this effort. The four potential modes of attack an adversary can use in approaching a target are; Physical Only Attack, Cyber Only Attack, Physical Enabled Cyber Attack, and the Cyber Enabled Physical Attack. The Physical Only and the Cyber Only pathway analysis are two of the most widely analyzed attack modes. The pathway from an off-site location to the desired target location is dissected to ensure adversarial activity can be detected and neutralized by the protection strategy, prior to completion of a predefined task. This methodology typically explores a one way attack from the public space (or common area) inward towards the target. The Physical Enabled Cyber Attack and the Cyber Enabled Physical Attack are much more intricate. Both scenarios involve beginning in one domain to affect change in the other, then backing outward to take advantage of the reduced system effectiveness, before penetrating further into the defenses. The proper identification and assessment of the overlapping areas (and interaction between these areas) in the VA process is necessary to accurately assess the true risk.« less

Taxonomies of Cyber Adversaries and Attacks: A Survey of Incidents and Approaches

DOE Office of Scientific and Technical Information (OSTI.GOV)

Meyers, C A; Powers, S S; Faissol, D M

In this paper we construct taxonomies of cyber adversaries and methods of attack, drawing from a survey of the literature in the area of cyber crime. We begin by addressing the scope of cyber crime, noting its prevalence and effects on the US economy. We then survey the literature on cyber adversaries, presenting a taxonomy of the different types of adversaries and their corresponding methods, motivations, maliciousness, and skill levels. Subsequently we survey the literature on cyber attacks, giving a taxonomy of the different classes of attacks, subtypes, and threat descriptions. The goal of this paper is to inform futuremore » studies of cyber security on the shape and characteristics of the risk space and its associated adversaries.« less

Major depressive disorder following terrorist attacks: A systematic review of prevalence, course and correlates

PubMed Central

2011-01-01

Background Terrorist attacks are traumatic events that may result in a wide range of psychological disorders for people exposed. This review aimed to systematically assess the current evidence on major depressive disorder (MDD) after terrorist attacks. Methods A systematic review was performed. Studies included assessed the impact of human-made, intentional, terrorist attacks in direct victims and/or persons in general population and evaluated MDD based on diagnostic criteria. Results A total of 567 reports were identified, 11 of which were eligible for this review: 6 carried out with direct victims, 4 with persons in general population, and 1 with victims and general population. The reviewed literature suggests that the risk of MDD ranges between 20 and 30% in direct victims and between 4 and 10% in the general population in the first few months after terrorist attacks. Characteristics that tend to increase risk of MDD after a terrorist attack are female gender, having experienced more stressful situations before or after the attack, peritraumatic reactions during the attack, loss of psychosocial resources, and low social support. The course of MDD after terrorist attacks is less clear due to the scarcity of longitudinal studies. Conclusions Methodological limitations in the literature of this field are considered and potentially important areas for future research such as the assessment of the course of MDD, the study of correlates of MDD or the comorbidity between MDD and other mental health problems are discussed. PMID:21627850

DETERMINING ELECTRONIC AND CYBER ATTACK RISK LEVEL FOR UNMANNED AIRCRAFT IN A CONTESTED ENVIRONMENT

DTIC Science & Technology

2016-08-01

AIR COMMAND AND STAFF COLLEGE AIR UNIVERSITY DETERMINING ELECTRONIC AND CYBER ATTACK RISK LEVEL FOR UNMANNED AIRCRAFT IN A CONTESTED ENVIRONMENT...iii ABSTRACT During operations in a contested air environment, adversary electronic warfare (EW) and cyber-attack capability will pose a high...10 Russian Federation Electronic Warfare Systems ...................................................12 Chinese Cyber Warfare Program

Cyber resilience: a review of critical national infrastructure and cyber security protection measures applied in the UK and USA.

PubMed

Harrop, Wayne; Matteson, Ashley

This paper presents cyber resilience as key strand of national security. It establishes the importance of critical national infrastructure protection and the growing vicarious nature of remote, well-planned, and well executed cyber attacks on critical infrastructures. Examples of well-known historical cyber attacks are presented, and the emergence of 'internet of things' as a cyber vulnerability issue yet to be tackled is explored. The paper identifies key steps being undertaken by those responsible for detecting, deterring, and disrupting cyber attacks on critical national infrastructure in the United Kingdom and the USA.

77 FR 61433 - Applications and Amendments to Facility Operating Licenses and Combined Licenses Involving...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-09

... attacks up to and including the design basis cyber attack threat, thereby achieving high assurance that... provide assurance that safety-related SSCs are protected from cyber attacks. Implementation of 10 CFR 73... of ``high assurance of adequate protection against cyber attacks.'' The proposed revision would not...

Department of Defense Information Network (DODIN): A Study of Current Cyber Threats and Best Practices for Network Security

DTIC Science & Technology

2016-06-10

DODIN) is being threatened by state actors, non-state actors, and continuous hacking and cyber-attacks. These threats against the network come in a...variety of forms; physical attacks from radio jamming, logical cyber threats from hacking , or a combination of both physical and logical attacks. Each...year the number of hacking attacks is increasing. Corporations like Symantec publish annual reports on cyber threats and provide tips for best

CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical Systems

DTIC Science & Technology

2018-04-19

AFRL-AFOSR-JP-TR-2018-0035 CORESAFE:A Formal Approach against Code Replacement Attacks on Cyber Physical Systems Sandeep Shukla INDIAN INSTITUTE OF...Formal Approach against Code Replacement Attacks on Cyber Physical Systems 5a.  CONTRACT NUMBER 5b.  GRANT NUMBER FA2386-16-1-4099 5c.  PROGRAM ELEMENT...Institute of Technology Kanpur India Final Report for AOARD Grant “CORESAFE: A Formal Approach against Code Replacement Attacks on Cyber Physical

Advanced Cyber Industrial Control System Tactics, Techniques, and Procedures (ACI TTP) for Department of Defense (DOD) Industrial Control Systems (ICS)

DTIC Science & Technology

2016-08-10

enable JCS managers to detect advanced cyber attacks, mitigate the effects of those attacks, and recover their networks following an attack. It also... managers of ICS networks to Detect, Mitigate, and Recover from nation-state-level cyber attacks (strategic, deliberate, well-trained, and funded...Successful Detection of cyber anomalies is best achieved when IT and ICS managers remain in close coordination. The Integrity Checks Table

Impact modeling and prediction of attacks on cyber targets

NASA Astrophysics Data System (ADS)

Khalili, Aram; Michalk, Brian; Alford, Lee; Henney, Chris; Gilbert, Logan

2010-04-01

In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

DOE Office of Scientific and Technical Information (OSTI.GOV)

MacDonald, Douglas G.; Clements, Samuel L.; Patrick, Scott W.

Securing high value and critical assets is one of the biggest challenges facing this nation and others around the world. In modern integrated systems, there are four potential modes of attack available to an adversary: • physical only attack, • cyber only attack, • physical-enabled cyber attack, • cyber-enabled physical attack. Blended attacks involve an adversary working in one domain to reduce system effectiveness in another domain. This enables the attacker to penetrate further into the overall layered defenses. Existing vulnerability assessment (VA) processes and software tools which predict facility vulnerabilities typically evaluate the physical and cyber domains separately. Vulnerabilitiesmore » which result from the integration of cyber-physical control systems are not well characterized and are often overlooked by existing assessment approaches. In this paper, we modified modification of the timely detection methodology, used for decades in physical security VAs, to include cyber components. The Physical and Cyber Risk Analysis Tool (PACRAT) prototype illustrates an integrated vulnerability assessment that includes cyber-physical interdependencies. Information about facility layout, network topology, and emplaced safeguards is used to evaluate how well suited a facility is to detect, delay, and respond to attacks, to identify the pathways most vulnerable to attack, and to evaluate how often safeguards are compromised for a given threat or adversary type. We have tested the PACRAT prototype on critical infrastructure facilities and the results are promising. Future work includes extending the model to prescribe the recommended security improvements via an automated cost-benefit analysis.« less

Development of JSDF Cyber Warfare Defense Critical Capability

DTIC Science & Technology

2010-03-01

attack identification capability is essential for a nation to defend her vital infrastructures against offensive cyber warfare . Although the necessity of...cyber-attack identification capability is quite clear, the Japans preparation against cyber warfare is quite limited.

Interval forecasting of cyber-attacks on industrial control systems

NASA Astrophysics Data System (ADS)

Ivanyo, Y. M.; Krakovsky, Y. M.; Luzgin, A. N.

2018-03-01

At present, cyber-security issues of industrial control systems occupy one of the key niches in a state system of planning and management Functional disruption of these systems via cyber-attacks may lead to emergencies related to loss of life, environmental disasters, major financial and economic damage, or disrupted activities of cities and settlements. There is then an urgent need to develop protection methods against cyber-attacks. This paper studied the results of cyber-attack interval forecasting with a pre-set intensity level of cyber-attacks. Interval forecasting is the forecasting of one interval from two predetermined ones in which a future value of the indicator will be obtained. For this, probability estimates of these events were used. For interval forecasting, a probabilistic neural network with a dynamic updating value of the smoothing parameter was used. A dividing bound of these intervals was determined by a calculation method based on statistical characteristics of the indicator. The number of cyber-attacks per hour that were received through a honeypot from March to September 2013 for the group ‘zeppo-norcal’ was selected as the indicator.

Modeling Cyber Conflicts Using an Extended Petri Net Formalism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Zakrzewska, Anita N; Ferragut, Erik M

2011-01-01

When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real- time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions. Furthermore, we address this need by extending the Petri net formalism to allow real-time cyber conflicts to be modeled in a way thatmore » is expressive and concise. This formalism includes transitions controlled by players as well as firing rates attached to transitions. This allows us to model both player actions and factors that are beyond the control of players in real-time. We show that our formalism is able to represent situational aware- ness, concurrent actions, incomplete information and objective functions. These factors make it well-suited to modeling cyber conflicts in a way that allows for useful analysis. MITRE has compiled the Common Attack Pattern Enumera- tion and Classification (CAPEC), an extensive list of cyber attacks at various levels of abstraction. CAPEC includes factors such as attack prerequisites, possible countermeasures, and attack goals. These elements are vital to understanding cyber attacks and to generating the corresponding real-time responses. We demonstrate that the formalism can be used to extract precise models of cyber attacks from CAPEC. Several case studies show that our Petri net formalism is more expressive than other models, such as attack graphs, for modeling cyber conflicts and that it is amenable to exploring cyber strategies.« less

3 CFR - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Code of Federal Regulations, 2014 CFR

2014-01-01

... 3 The President 1 2014-01-01 2014-01-01 false Continuation of the National Emergency With Respect to Certain Terrorist Attacks Presidential Documents Other Presidential Documents Notice of September 10, 2013 Continuation of the National Emergency With Respect to Certain Terrorist Attacks Consistent with section 202(d) of the National Emergencies...

Help-Seeking Behaviours of Adolescents in Relation to Terrorist Attacks: The Perceptions of Israeli Parents

ERIC Educational Resources Information Center

Tatar, Moshe; Amram, Sima; Kelman, Talia

2011-01-01

Exposure to terrorism poses a challenge for children and adolescents as well as parents. For many years, Israeli citizens have been exposed to ongoing terrorist attacks. The present article is aimed at revealing the reactions of Israeli parents when facing terrorist attacks and their perceptions regarding the help-seeking behaviours of their…

3 CFR - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Code of Federal Regulations, 2011 CFR

2011-01-01

... 3 The President 1 2011-01-01 2011-01-01 false Continuation of the National Emergency With Respect to Certain Terrorist Attacks Presidential Documents Other Presidential Documents Notice of September 10, 2010 Continuation of the National Emergency With Respect to Certain TerroristAttacks Consistent with section 202(d) of the National Emergencies...

DoD CIO Annual Information Assurance Report

DTIC Science & Technology

2000-04-01

cyber - warfare group, or a cyber-terrorist driven by ideology, religion, or money. The new warfighter is the cyber-warrior with technical and non-traditional skills. Complicating this new dimension is the need for the Department of Defense (DoD) to change its defensive strategy, because of cost and complexity issues, from the risk-avoidance approach to the risk management

Simulating cyber warfare and cyber defenses: information value considerations

NASA Astrophysics Data System (ADS)

Stytz, Martin R.; Banks, Sheila B.

2011-06-01

Simulating cyber warfare is critical to the preparation of decision-makers for the challenges posed by cyber attacks. Simulation is the only means we have to prepare decision-makers for the inevitable cyber attacks upon the information they will need for decision-making and to develop cyber warfare strategies and tactics. Currently, there is no theory regarding the strategies that should be used to achieve objectives in offensive or defensive cyber warfare, and cyber warfare occurs too rarely to use real-world experience to develop effective strategies. To simulate cyber warfare by affecting the information used for decision-making, we modify the information content of the rings that are compromised during in a decision-making context. The number of rings affected and value of the information that is altered (i.e., the closeness of the ring to the center) is determined by the expertise of the decision-maker and the learning outcome(s) for the simulation exercise. We determine which information rings are compromised using the probability that the simulated cyber defenses that protect each ring can be compromised. These probabilities are based upon prior cyber attack activity in the simulation exercise as well as similar real-world cyber attacks. To determine which information in a compromised "ring" to alter, the simulation environment maintains a record of the cyber attacks that have succeeded in the simulation environment as well as the decision-making context. These two pieces of information are used to compute an estimate of the likelihood that the cyber attack can alter, destroy, or falsify each piece of information in a compromised ring. The unpredictability of information alteration in our approach adds greater realism to the cyber event. This paper suggests a new technique that can be used for cyber warfare simulation, the ring approach for modeling context-dependent information value, and our means for considering information value when assigning cyber resources to information protection tasks. The first section of the paper introduces the cyber warfare simulation challenge and the reasons for its importance. The second section contains background information related to our research. The third section contains a discussion of the information ring technique and its use for simulating cyber attacks. The fourth section contains a summary and suggestions for research.

76 FR 56631 - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-13

... declared on September 14, 2001, in Proclamation 7463, with respect to the terrorist attacks of September 11... terrorist threat continues, the national emergency declared on September 14, 2001, and the powers and... September 14, 2001, with respect to the terrorist threat. This notice shall be published in the Federal...

Sharing the Cyber Journey

DTIC Science & Technology

2012-01-01

destroy information; disrupt networks or communications; or deny service. In military terms, cyberspace is a contested environment. Hactivists, cyber ... criminals , terrorists, and adversarial nations are active in cyberspace networks across the globe; our military networks are no excep­ tion. DoD

New Tools for Cyber Terrorism

DTIC Science & Technology

2010-12-01

pharmaceutical formulas, and like data can reap huge profits for criminals” 8 . If cyber criminals are capable of these crimes imagine if Bin Laden could hire...and develops a framework to work with civilian agencies to combat cyber criminals and terrorists. The CNCI comprises of education, defensive...trillion dollars worth of intellectual property to data theft. It is quite obvious that if we don’t get a handle on cyber criminals it’s only a

Cybersecurity Dynamics

DTIC Science & Technology

2014-08-20

of Cybersecurity Dynamics emerged. Intuitively, Cybersecurity Dynamics describes the evolution of cybersecurity state as caused by cyber attack...Dynamics emerged. Intuitively, Cybersecurity Dynamics describes the evolution of cybersecurity state as caused by cyber attack-defense interactions...evolution of cyberse- curity state as caused by cyber attack-defense interactions. By studying Cybersecurity Dynamics, we can characterize the

Method and apparatus for detecting cyber attacks on an alternating current power grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

McEachern, Alexander; Hofmann, Ronald

A method and apparatus for detecting cyber attacks on remotely-operable elements of an alternating current distribution grid. Two state estimates of the distribution grid are prepared, one of which uses micro-synchrophasors. A difference between the two state estimates indicates a possible cyber attack.

Moving Target Techniques: Cyber Resilience throught Randomization, Diversity, and Dynamism

DTIC Science & Technology

2017-03-03

Moving Target Techniques: Cyber Resilience through Randomization, Diversity, and Dynamism Hamed Okhravi and Howard Shrobe Overview: The static...nature of computer systems makes them vulnerable to cyber attacks. Consider a situation where an attacker wants to compromise a remote system running... cyber resilience that attempts to rebalance the cyber landscape is known as cyber moving target (MT) (or just moving target) techniques. Moving target

Game Theory and Uncertainty Quantification for Cyber Defense Applications

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Halappanavar, Mahantesh; Tipireddy, Ramakrishna

Cyber-system defenders face the challenging task of protecting critical assets and information continually against multiple types of malicious attackers. Defenders typically operate within resource constraints while attackers operate at relatively low costs. As a result, design and development of resilient cyber-systems that can support mission goals under attack while accounting for the dynamics between attackers and defenders is an important research problem.

The Spatial and Temporal Patterns of Insurgent Attacks

DTIC Science & Technology

2014-06-13

INTRODUCTION We must not rely on changing the hearts and minds of terrorists. The motivation for terrorism results from long-term social, cultural and...psychological pressures, which are difficult to alter. But motivation is only part of the formula for terrorism. The other is opportunity for attack that...terrorists; motivation and opportunity reduction brings more immediate protection. In any case, easy opportunities encourage terrorists to attack

75 FR 76041 - Notice; Applications and Amendments to Facility Operating Licenses Involving Proposed No...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-07

... 73.54 are implemented in order to identify, evaluate, and mitigate cyber attacks up to and including... communications systems and networks are protected from cyber attacks. The proposed change requiring the... 10 CFR 73.54 Rule are protected from cyber attacks and has no impact on the probability or...

Vulnerability analysis and critical areas identification of the power systems under terrorist attacks

NASA Astrophysics Data System (ADS)

Wang, Shuliang; Zhang, Jianhua; Zhao, Mingwei; Min, Xu

2017-05-01

This paper takes central China power grid (CCPG) as an example, and analyzes the vulnerability of the power systems under terrorist attacks. To simulate the intelligence of terrorist attacks, a method of critical attack area identification according to community structures is introduced. Meanwhile, three types of vulnerability models and the corresponding vulnerability metrics are given for comparative analysis. On this basis, influence of terrorist attacks on different critical areas is studied. Identifying the vulnerability of different critical areas will be conducted. At the same time, vulnerabilities of critical areas under different tolerance parameters and different vulnerability models are acquired and compared. Results show that only a few number of vertex disruptions may cause some critical areas collapse completely, they can generate great performance losses the whole systems. Further more, the variation of vulnerability values under different scenarios is very large. Critical areas which can cause greater damage under terrorist attacks should be given priority of protection to reduce vulnerability. The proposed method can be applied to analyze the vulnerability of other infrastructure systems, they can help decision makers search mitigation action and optimum protection strategy.

Securing Cyberspace: Approaches to Developing an Effective Cyber-Security Strategy

DTIC Science & Technology

2011-05-15

attackers, cyber - criminals or even teenage hackers. Protecting cyberspace is a national security priority. President Obama’s National Security...prefers to engage international law enforcement to investigate and catch cyber criminals .40 International cooperation could resolve jurisdictional...sheltered them. Similarly, a state that fails to prosecute cyber - criminals , or who gives safe haven to individuals or groups that conduct cyber-attacks

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE PAGES

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.; ...

2015-04-06

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models.

PubMed

Rao, Nageswara S V; Poole, Stephen W; Ma, Chris Y T; He, Fei; Zhuang, Jun; Yau, David K Y

2016-04-01

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures. © 2015 Society for Risk Analysis.

Emerging Roles of Combat Communication Squadrons in Cyber Warfare as Related to Computer Network Attack, Defense and Exploitation

DTIC Science & Technology

2011-06-01

EMERGING ROLES OF COMBAT COMMUNICATION SQUADRONS IN CYBER WARFARE AS RELATED TO COMPUTER NETWORK ATTACK, DEFENSE AND EXPLOITATION GRADUATE RESEARCH...Communication Squadrons in Cyber Warfare as Related to Computer Network Attack, Defense and Exploitation GRADUATE RESEARCH PROJECT Presented to the Faculty...Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Master of Cyber Warfare Michael J. Myers Major, USAF June 2011

A Probabilistic Framework for Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.

Quantification and propagation of uncertainties in cyber attacker payoffs is a key aspect within multiplayer, stochastic security games. These payoffs may represent penalties or rewards associated with player actions and are subject to various sources of uncertainty, including: (1) cyber-system state, (2) attacker type, (3) choice of player actions, and (4) cyber-system state transitions over time. Past research has primarily focused on representing defender beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and mathematical intervals. For cyber-systems, probability distributions may helpmore » address statistical (aleatory) uncertainties where the defender may assume inherent variability or randomness in the factors contributing to the attacker payoffs. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information about the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as generalizations of probability boxes. This paper explores the mathematical treatment of such mixed payoff uncertainties. A conditional probabilistic reasoning approach is adopted to organize the dependencies between a cyber-system’s state, attacker type, player actions, and state transitions. This also enables the application of probabilistic theories to propagate various uncertainties in the attacker payoffs. An example implementation of this probabilistic framework and resulting attacker payoff distributions are discussed. A goal of this paper is also to highlight this uncertainty quantification problem space to the cyber security research community and encourage further advancements in this area.« less

Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glantz, Clifford S.; Landine, Guy P.; Craig, Philip A.

Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided cyber security technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience the PNNL team has gathered has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the needmore » to: integrate an array of defenisve strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train phycial security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs.« less

Towards a Cyber Defense Framework for SCADA Systems Based on Power Consumption Monitoring

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Chen, Qian; Nichols, Jeff A.

Supervisory control and data acquisition (SCADA) is an industrial automation system that remotely monitor, and control critical infrastructures. SCADA systems are major targets for espionage and sabotage attackers. According to the 2015 Dell security annual threat report, the number of cyber-attacks against SCADA systems has doubled in the past year. Cyber-attacks (i.e., buffer overflow, rootkits and code injection) could cause serious financial losses and physical infrastructure damages. Moreover, some specific cyber-attacks against SCADA systems could become a threat to human life. Current commercial off-the-shelf security solutions are insufficient in protecting SCADA systems against sophisticated cyber-attacks. In 2014 a report bymore » Mandiant stated that only 69% of organizations learned about their breaches from third entities, meaning that these companies lack of their own detection system. Furthermore, these breaches are not detected in real-time or fast enough to prevent further damages. The average time between compromise and detection (for those intrusions that were detected) was 205 days. To address this challenge, we propose an Intrusion Detection System (IDS) that detects SCADA-specific cyber-attacks by analyzing the power consumption of a SCADA device. Specifically, to validate the proposed approach, we chose to monitor in real-time the power usage of a a Programmable Logic Controller (PLC). To this end, we configured the hardware of the tetsbed by installing the required sensors to monitor and collect its power consumption. After that two SCADA-specific cyber-attacks were simulated and TracerDAQ Pro was used to collect the power consumption of the PLC under normal and anomalous scenarios. Results showed that is possible to distinguish between the regular power usage of the PLC and when the PLC was under specific cyber-attacks.« less

Rhode Island School Terrorist Attack Preparedness

ERIC Educational Resources Information Center

Dube, Michael W. M.

2012-01-01

This study examined the state of safety and terrorist attack preparedness in Rhode Island Schools as determined by Rhode Island school leader perceptions. The study is descriptive in nature as it gathers data to describe a particular event or situation. Using a researcher generated survey based on terrorist preparedness guidelines and suggestions…

Protecting water and wastewater infrastructure from cyber attacks

NASA Astrophysics Data System (ADS)

Panguluri, Srinivas; Phillips, William; Cusimano, John

2011-12-01

Multiple organizations over the years have collected and analyzed data on cyber attacks and they all agree on one conclusion: cyber attacks are real and can cause significant damages. This paper presents some recent statistics on cyber attacks and resulting damages. Water and wastewater utilities must adopt countermeasures to prevent or minimize the damage in case of such attacks. Many unique challenges are faced by the water and wastewater industry while selecting and implementing security countermeasures; the key challenges are: 1) the increasing interconnection of their business and control system networks, 2) large variation of proprietary industrial control equipment utilized, 3) multitude of cross-sector cyber-security standards, and 4) the differences in the equipment vendor's approaches to meet these security standards. The utilities can meet these challenges by voluntarily selecting and adopting security standards, conducting a gap analysis, performing vulnerability/risk analysis, and undertaking countermeasures that best meets their security and organizational requirements. Utilities should optimally utilize their limited resources to prepare and implement necessary programs that are designed to increase cyber-security over the years. Implementing cyber security does not necessarily have to be expensive, substantial improvements can be accomplished through policy, procedure, training and awareness. Utilities can also get creative and allocate more funding through annual budgets and reduce dependence upon capital improvement programs to achieve improvements in cyber-security.

Adaptive optimisation-offline cyber attack on remote state estimator

NASA Astrophysics Data System (ADS)

Huang, Xin; Dong, Jiuxiang

2017-10-01

Security issues of cyber-physical systems have received increasing attentions in recent years. In this paper, deception attacks on the remote state estimator equipped with the chi-squared failure detector are considered, and it is assumed that the attacker can monitor and modify all the sensor data. A novel adaptive optimisation-offline cyber attack strategy is proposed, where using the current and previous sensor data, the attack can yield the largest estimation error covariance while ensuring to be undetected by the chi-squared monitor. From the attacker's perspective, the attack is better than the existing linear deception attacks to degrade the system performance. Finally, some numerical examples are provided to demonstrate theoretical results.

Building a New Command in Cyberspace

DTIC Science & Technology

2011-01-01

actor with a lap- top and a motive, we are chiefly focused on terrorists and well-organized cyber criminals . The former continue to grow more...so. Cyber criminals are more interested in the theft and exploitation of sensitive data that can bring them a profit, either directly through fraud

Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Govindarasu, Manimaran; Wang, Jianhui

Cyber security and resiliency of Wide-Area Monitoring, Protection and Control (WAMPAC) applications is critically important to ensure secure, reliable, and economic operation of the bulk power system. WAMPAC relies heavily on the security of measurements and control commands transmitted over wide-area communication networks for real-time operational, protection, and control functions. Also, the current “N-1 security criteria” for grid operation is inadequate to address malicious cyber events and therefore it is important to fundamentally redesign WAMPAC and to enhance Energy Management System (EMS) applications to make them attack-resilient. In this paper, we propose an end-to-end defense-in-depth architecture for attack-resilient WAMPAC thatmore » addresses resilience at both the infrastructure layer and the application layers. Also, we propose an attack-resilient cyber-physical security framework that encompasses the entire security life cycle including risk assessment, attack prevention, attack detection, attack mitigation, and attack resilience. The overarching objective of this paper is to provide a broad scope that comprehensively describes most of the major research issues and potential solutions in the context of cyber-physical security of WAMPAC for the power grid.« less

Situational awareness of a coordinated cyber attack

NASA Astrophysics Data System (ADS)

Sudit, Moises; Stotz, Adam; Holender, Michael

2005-03-01

As technology continues to advance, services and capabilities become computerized, and an ever increasing amount of business is conducted electronically the threat of cyber attacks gets compounded by the complexity of such attacks and the criticality of the information which must be secured. A new age of virtual warfare has dawned in which seconds can differentiate between the protection of vital information and/or services and a malicious attacker attaining their goal. In this paper we present a novel approach in the real-time detection of multistage coordinated cyber attacks and the promising initial testing results we have obtained. We introduce INFERD (INformation Fusion Engine for Real-time Decision-making), an adaptable information fusion engine which performs fusion at levels zero, one, and two to provide real-time situational assessment and its application to the cyber domain in the ECCARS (Event Correlation for Cyber Attack Recognition System) system. The advantages to our approach are fourfold: (1) The complexity of the attacks which we consider, (2) the level of abstraction in which the analyst interacts with the attack scenarios, (3) the speed at which the information fusion is presented and performed, and (4) our disregard for ad-hoc rules or a priori parameters.

Radiological threat assessment and the Federal Response Plan--a gap analysis.

PubMed

Conklin, W Craig; Liotta, Philip L

2005-11-01

The ability of the federal government to effectively and efficiently respond to nuclear or radiological terrorist attacks has been the subject of intense discussion and analysis for many years. Because of recent terrorist activities and intelligence information, there is strong sentiment that it is not a question of if, but when, a radiological or nuclear terrorist attack will occur. As a result, there is considerable concern that the federal government may not be adequately prepared to respond to an attack involving a radiological dispersal device or improvised nuclear device. In response to these concerns, federal departments and agencies have initiated actions to develop a better understanding of the magnitude of the radiological/nuclear terrorist threat, assess the ability of the federal government to support state and local responses to such attacks, and improve the Nation's ability to prepare for, respond to, and recover from these types of attacks. In an era of limited fiscal growth and competing priorities, the federal government will have to enhance its collaboration with state and local governments, the private sector, and academia to ensure that the Nation is capable of responding to a terrorist attack involving radioactive or nuclear material.

Novel mechanism of network protection against the new generation of cyber attacks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit

2012-06-01

A new intelligent mechanism is presented to protect networks against the new generation of cyber attacks. This mechanism integrates TCP/UDP/IP protocol stack protection and attacker/intruder deception to eliminate existing TCP/UDP/IP protocol stack vulnerabilities. It allows to detect currently undetectable, highly distributed, low-frequency attacks such as distributed denial-of-service (DDoS) attacks, coordinated attacks, botnet, and stealth network reconnaissance. The mechanism also allows insulating attacker/intruder from the network and redirecting the attack to a simulated network acting as a decoy. As a result, network security personnel gain sufficient time to defend the network and collect the attack information. The presented approach can be incorporated into wireless or wired networks that require protection against known and the new generation of cyber attacks.

Maritime Security: Potential Terrorist Attacks and Protection Priorities

DTIC Science & Technology

2007-01-09

Liquefied Natural Gas: Siting and Safety .” Feb. 15, 2005. 108 U.S. Coast Guard. U.S. Coast Guard Captain of the Port Long Island Sound Waterways...Order Code RL33787 Maritime Security: Potential Terrorist Attacks and Protection Priorities January 9, 2007 Paul W. Parfomak and John Frittelli...Terrorist Attacks and Protection Priorities 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK

Do terrorist attacks affect ethnic discrimination in the labour market? Evidence from two randomized field experiments.

PubMed

Birkelund, Gunn Elisabeth; Chan, Tak Wing; Ugreninov, Elisabeth; Midtbøen, Arnfinn H; Rogstad, Jon

2018-01-24

Terrorist attacks are known to influence public opinion. But do they also change behaviour? We address this question by comparing the results of two identical randomized field experiments on ethnic discrimination in hiring that we conducted in Oslo. The first experiment was conducted before the 2011 terrorist attacks in Norway; the second experiment was conducted after the attacks. In both experiments, applicants with a typical Pakistani name were significantly less likely to get a job interview compared to those with a typical Norwegian name. But the ethnic gap in call-back rates were very similar in the two experiments. Thus, Pakistanis in Norway still experienced the same level of discrimination, despite claims that Norwegians have become more positive about migrants after the far-right, anti-migrant terrorist attacks of 2011. © London School of Economics and Political Science 2018.

The ins and outs of terrorist bus explosions: injury profiles of on-board explosions versus explosions occurring adjacent to a bus.

PubMed

Golan, Ron; Soffer, Dror; Givon, Adi; Peleg, Kobi

2014-01-01

Terrorist explosions occurring in varying settings have been shown to lead to significantly different injury patterns among the victims, with more severe injuries generally arising in confined space attacks. Increasing numbers of terrorist attacks have been targeted at civilian buses, yet most studies focus on events in which the bomb was detonated within the bus. This study focuses on the injury patterns and hospital utilisation among casualties from explosive terrorist bus attacks with the bomb detonated either within a bus or adjacent to a bus. All patients hospitalised at six level I trauma centres and four large regional trauma centres following terrorist explosions that occurred in and adjacent to buses in Israel between November 2000 and August 2004 were reviewed. Injury severity scores (ISS) were used to assess severity. Hospital utilisation data included length of hospital stay, surgical procedures performed, and intensive care unit (ICU) admission. The study included 262 victims of 22 terrorist attacks targeted at civilian bus passengers and drivers; 171 victims were injured by an explosion within a bus (IB), and 91 were injured by an explosion adjacent to a bus (AB). Significant differences were noted between the groups, with the IB population having higher ISS scores, more primary blast injury, more urgent surgical procedures performed, and greater ICU utilisation. Both groups had percentages of nearly 20% for burn injury, had high percentages of injuries to the head/neck, and high percentages of surgical wound and burn care. Explosive terrorist attacks detonated within a bus generate more severe injuries among the casualties and require more urgent surgical and intensive level care than attacks occurring adjacent to a bus. The comparison and description of the outcomes to these terrorist attacks should aid in the preparation and response to such devastating events. Copyright © 2013 Elsevier Ltd. All rights reserved.

RISK DISCLOSURE AGAINST ATTACK ON CRITICAL INFRASTRUCTURES

NASA Astrophysics Data System (ADS)

Yoshida, Mamoru; Kobayashi, Kiyoshi

This paper analyzes the government's defensive and disclosure strategies to reduce the damage caused by terrorists that attack critical infrastructures using subjective game theory. The government recognizes a terrorist as a hidden opponent and the government's decision making about the policies against terror attacks depends on the belief about the existence of terrorist. In addition, it is not necessarily true that the government and the terrorist play the common game and make their decisions. Considering these points, the paper formulates the model in which the government and the terrorist formulate the subjective games respectively, and they induce the strategies using the equilibriums of their subjective games. The paper concluded that the government's disclosure about the implementation of the countermeasure, rather than the disclosure of warning level related with the belief about the existence of terrorist, brings about the higher increment of the subjective payoffs of the government.

Cyber War: The Next Frontier for NATO

DTIC Science & Technology

2015-03-01

cyber-attacks as a way to advance their agenda. Common examples of cyber- attacks include computer viruses, worms , malware, and distributed denial of...take advantage of security holes and cause damage to computer systems, steal financial data, or acquire sensitive secrets. As technology becomes

Susceptibility of SCADA systems and the energy sector

NASA Astrophysics Data System (ADS)

Goike, Lindsay

The research in this paper focused on analyzing SCADA systems in the energy sector for susceptibility to cyber attacks, in furtherance of providing suggestions to mitigate current and future cyber attacks. The research will be addressing the questions: how are SCADA systems susceptible to cyber attacks, and what are the suggested ways to mitigate both current and future cyber attacks. The five main categories of security vulnerabilities facing current SCADA systems were found to be: connectivity to the Internet, failure to plan, interdependency of sectors, numerous different types of threats, and outdated software. Some of the recommendations mentioned to mitigate current and future risks were: virtual private networks, risk assessments, increased physical security, updating of software, and firewalls.

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

PubMed

Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

Cyber situational awareness and differential hardening

NASA Astrophysics Data System (ADS)

Dwivedi, Anurag; Tebben, Dan

2012-06-01

The advent of cyber threats has created a need for a new network planning, design, architecture, operations, control, situational awareness, management, and maintenance paradigms. Primary considerations include the ability to assess cyber attack resiliency of the network, and rapidly detect, isolate, and operate during deliberate simultaneous attacks against the network nodes and links. Legacy network planning relied on automatic protection of a network in the event of a single fault or a very few simultaneous faults in mesh networks, but in the future it must be augmented to include improved network resiliency and vulnerability awareness to cyber attacks. Ability to design a resilient network requires the development of methods to define, and quantify the network resiliency to attacks, and to be able to develop new optimization strategies for maintaining operations in the midst of these newly emerging cyber threats. Ways to quantify resiliency, and its use in visualizing cyber vulnerability awareness and in identifying node or link criticality, are presented in the current work, as well as a methodology of differential network hardening based on the criticality profile of cyber network components.

Vulnerability of water supply systems to cyber-physical attacks

NASA Astrophysics Data System (ADS)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

Cyber Vulnerabilities Within Critical Infrastructure: The Flaws of Industrial Control Systems in the Oil and Gas Industry

NASA Astrophysics Data System (ADS)

Alpi, Danielle Marie

The 16 sectors of critical infrastructure in the US are susceptible to cyber-attacks. Potential attacks come from internal and external threats. These attacks target the industrial control systems (ICS) of companies within critical infrastructure. Weakness in the energy sector's ICS, specifically the oil and gas industry, can result in economic and ecological disaster. The purpose of this study was to establish means for oil companies to identify and stop cyber-attacks specifically APT threats. This research reviewed current cyber vulnerabilities and ways in which a cyber-attack may be deterred. This research found that there are insecure devices within ICS that are not regularly updated. Therefore, security issues have amassed. Safety procedures and training thereof are often neglected. Jurisdiction is unclear in regard to critical infrastructure. The recommendations this research offers are further examination of information sharing methods, development of analytic platforms, and better methods for the implementation of defense-in-depth security measures.

Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment

PubMed Central

Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

2013-01-01

Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation’s electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments. PMID:25685516

Cyber-physical security of Wide-Area Monitoring, Protection and Control in a smart grid environment.

PubMed

Ashok, Aditya; Hahn, Adam; Govindarasu, Manimaran

2014-07-01

Smart grid initiatives will produce a grid that is increasingly dependent on its cyber infrastructure in order to support the numerous power applications necessary to provide improved grid monitoring and control capabilities. However, recent findings documented in government reports and other literature, indicate the growing threat of cyber-based attacks in numbers and sophistication targeting the nation's electric grid and other critical infrastructures. Specifically, this paper discusses cyber-physical security of Wide-Area Monitoring, Protection and Control (WAMPAC) from a coordinated cyber attack perspective and introduces a game-theoretic approach to address the issue. Finally, the paper briefly describes how cyber-physical testbeds can be used to evaluate the security research and perform realistic attack-defense studies for smart grid type environments.

Pre-Attack Symptomatology and Temperament as Predictors of Children's Responses to the September 11 Terrorist Attacks

ERIC Educational Resources Information Center

Lengua, Liliana J.; Long, Anna C.; Smith, Kimberlee I.; Meltzoff, Andrew N.

2005-01-01

Background: The aims of this study were to assess the psychological response of children following the September 11, 2001 terrorist attacks in New York and Washington, DC and to examine prospective predictors of children's post-attack responses. Method: Children's responses were assessed in a community sample of children in Seattle, Washington,…

Asymmetric threat data mining and knowledge discovery

NASA Astrophysics Data System (ADS)

Gilmore, John F.; Pagels, Michael A.; Palk, Justin

2001-03-01

Asymmetric threats differ from the conventional force-on- force military encounters that the Defense Department has historically been trained to engage. Terrorism by its nature is now an operational activity that is neither easily detected or countered as its very existence depends on small covert attacks exploiting the element of surprise. But terrorism does have defined forms, motivations, tactics and organizational structure. Exploiting a terrorism taxonomy provides the opportunity to discover and assess knowledge of terrorist operations. This paper describes the Asymmetric Threat Terrorist Assessment, Countering, and Knowledge (ATTACK) system. ATTACK has been developed to (a) data mine open source intelligence (OSINT) information from web-based newspaper sources, video news web casts, and actual terrorist web sites, (b) evaluate this information against a terrorism taxonomy, (c) exploit country/region specific social, economic, political, and religious knowledge, and (d) discover and predict potential terrorist activities and association links. Details of the asymmetric threat structure and the ATTACK system architecture are presented with results of an actual terrorist data mining and knowledge discovery test case shown.

Investigating the Aftermath of Terror: Fundamental Outcomes, Methodological Choices, and Future Directions.

PubMed

Gradus, Jaimie L; Marx, Brian P; Sloan, Denise M

2016-06-01

Acts of terrorism are becoming increasingly common throughout the world. These events represent a significant public health concern given the associated health consequences. Although it is clear that terrorist attacks have mental and physical health sequelae, the exact nature and prevalence of these consequences are unclear. Epidemiological research can play an important role in better understanding the mental and physical impact of terrorist attacks. In this editorial, we highlight recent epidemiological research on these terrorism-related health outcomes. We also provide suggestions for how future studies can build on the existing literature and describe ways in which epidemiological methods can be harnessed to extend the current literature. Lastly, we offer recommendations on how to best prepare communities for the aftermath of terrorist attacks, highlighting secondary intervention and prevention strategies. Overall, multilevel strategies are needed to adequately cope with the growing rise of terrorist acts, and these strategies will have to be reassessed as the nature of terrorist attacks changes.

Cyber Security Audit and Attack Detection Toolkit

DOE Office of Scientific and Technical Information (OSTI.GOV)

Peterson, Dale

2012-05-31

This goal of this project was to develop cyber security audit and attack detection tools for industrial control systems (ICS). Digital Bond developed and released a tool named Bandolier that audits ICS components commonly used in the energy sector against an optimal security configuration. The Portaledge Project developed a capability for the PI Historian, the most widely used Historian in the energy sector, to aggregate security events and detect cyber attacks.

The system of technical diagnostics of the industrial safety information network

NASA Astrophysics Data System (ADS)

Repp, P. V.

2017-01-01

This research is devoted to problems of safety of the industrial information network. Basic sub-networks, ensuring reliable operation of the elements of the industrial Automatic Process Control System, were identified. The core tasks of technical diagnostics of industrial information safety were presented. The structure of the technical diagnostics system of the information safety was proposed. It includes two parts: a generator of cyber-attacks and the virtual model of the enterprise information network. The virtual model was obtained by scanning a real enterprise network. A new classification of cyber-attacks was proposed. This classification enables one to design an efficient generator of cyber-attacks sets for testing the virtual modes of the industrial information network. The numerical method of the Monte Carlo (with LPτ - sequences of Sobol), and Markov chain was considered as the design method for the cyber-attacks generation algorithm. The proposed system also includes a diagnostic analyzer, performing expert functions. As an integrative quantitative indicator of the network reliability the stability factor (Kstab) was selected. This factor is determined by the weight of sets of cyber-attacks, identifying the vulnerability of the network. The weight depends on the frequency and complexity of cyber-attacks, the degree of damage, complexity of remediation. The proposed Kstab is an effective integral quantitative measure of the information network reliability.

Using a Prediction Model to Manage Cyber Security Threats.

PubMed

Jaganathan, Venkatesh; Cherurveettil, Priyesh; Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

Using a Prediction Model to Manage Cyber Security Threats

PubMed Central

Muthu Sivashanmugam, Premapriya

2015-01-01

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization. PMID:26065024

CPAD: Cyber-Physical Attack Detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ferragut, Erik M; Laska, Jason A

The CPAD technology relates to anomaly detection and more specifically to cyber physical attack detection. It infers underlying physical relationships between components by analyzing the sensor measurements of a system. It then uses these measurements to detect signs of a non-physically realizable state, which is indicative of an integrity attack on the system. CPAD can be used on any highly-instrumented cyber-physical system to detect integrity attacks and identify the component or components compromised. It has applications to power transmission and distribution, nuclear and industrial plants, and complex vehicles.

Previous exposure to the World Trade Center terrorist attack and posttraumatic symptoms among older adults following Hurricane Sandy.

PubMed

Shrira, Amit; Palgi, Yuval; Hamama-Raz, Yaira; Goodwin, Robin; Ben-Ezra, Menachem

2014-01-01

The present study tested the maturation and inoculation hypotheses by examining whether age and previous exposure to the September 11, 2001, World Trade Center (WTC) terrorist attack moderated the relationship between degree of exposure to Hurricane Sandy and related posttraumatic stress disorder (PTSD) symptoms. An online sample of 1,000 participants from affected states completed self-report questionnaires one month after Hurricane Sandy hit the East Coast. Participants reported their degree of exposure to the WTC terrorist attack and to Hurricane Sandy, and their posttraumatic stress disorder (PTSD) symptoms following Hurricane Sandy. The positive relationship between degree of exposure to Hurricane Sandy and level of PTSD symptoms was weaker among older adults. An additional significant three-way interaction suggested that both age and previous exposure to the WTC terrorist attack moderated the relationship between degree of exposure to Hurricane Sandy and level of PTSD symptoms. Previous high degree of exposure to the WTC terrorist attack was related to a weaker effect of current exposure to Hurricane Sandy on PTSD symptoms among older adults. However, among younger adults, previous high degree of exposure to the WTC terrorist attack was related to a stronger effect of current exposure on PTSD symptoms. When confronted by a natural disaster, American older adults are generally resilient. Supporting the inoculation hypothesis, resilience of older adults may be partly related to the strength successfully extracted from previous exposure to adverse events.

Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

DOE Office of Scientific and Technical Information (OSTI.GOV)

Glenn, Colleen; Sterbentz, Dane; Wright, Aaron

With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. The potential for malicious actors to access and adversely affect physical electricity assets of U.S. electricity generation, transmission, or distribution systems via cyber means is a primary concern for utilities contributing to the bulk electric system. This paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks,more » the likelihood of cyber attacks, and the impacts cyber events and threat actors can achieve on the power grid. In addition, this paper highlights utility perspectives, perceived challenges, and requests for assistance in addressing cyber threats to the electric sector. There have been no reported targeted cyber attacks carried out against utilities in the U.S. that have resulted in permanent or long term damage to power system operations thus far, yet electric utilities throughout the U.S. have seen a steady rise in cyber and physical security related events that continue to raise concern. Asset owners and operators understand that the effects of a coordinated cyber and physical attack on a utility’s operations would threaten electric system reliability–and potentially result in large scale power outages. Utilities are routinely faced with new challenges for dealing with these cyber threats to the grid and consequently maintain a set of best practices to keep systems secure and up to date. Among the greatest challenges is a lack of knowledge or strategy to mitigate new risks that emerge as a result of an exponential rise in complexity of modern control systems. This paper compiles an open-source analysis of cyber threats and risks to the electric grid, utility best practices for prevention and response to cyber threats, and utility suggestions about how the federal government can aid utilities in combating and mitigating risks.« less

Mass casualty response in the 2008 Mumbai terrorist attacks.

PubMed

Roy, Nobhojit; Kapil, Vikas; Subbarao, Italo; Ashkenazi, Isaac

2011-12-01

The November 26-29, 2008, terrorist attacks on Mumbai were unique in its international media attention, multiple strategies of attack, and the disproportionate national fear they triggered. Everyone was a target: random members of the general population, iconic targets, and foreigners alike were under attack by the terrorists. A retrospective, descriptive study of the distribution of terror victims to various city hospitals, critical radius, surge capacity, and the nature of specialized medical interventions was gathered through police, legal reports, and interviews with key informants. Among the 172 killed and 304 injured people, about four-fifths were men (average age, 33 years) and 12% were foreign nationals. The case-fatality ratio for this event was 2.75:1, and the mortality rate among those who were critically injured was 12%. A total of 38.5% of patients arriving at the hospitals required major surgical intervention. Emergency surgical operations were mainly orthopedic (external fixation for compound fractures) and general surgical interventions (abdominal explorations for penetrating bullet/shrapnel injuries). The use of heavy-duty automatic weapons, explosives, hostages, and arson in these terrorist attacks alerts us to new challenges to medical counterterrorism response. The need for building central medical control for a coordinated response and for strengthening public hospital capacity are lessons learned for future attacks. These particular terrorist attacks had global consequences, in terms of increased security checks and alerts for and fears of further similar "Mumbai-style" attacks. The resilience of the citizens of Mumbai is a critical measure of the long-term effects of terror attacks.

Reasoning about Emotional Contents Following Shocking Terrorist Attacks: A Tale of Three Cities

ERIC Educational Resources Information Center

Blanchette, Isabelle; Richards, Anne; Melnyk, Laura; Lavda, Anastasia

2007-01-01

The authors examined reasoning following the terrorist attacks carried out in London in July 2005. They tested participants in London (United Kingdom), Manchester (United Kingdom), and London (Canada) within 1 week of the attacks and again 6 months later. Participants reasoned about syllogisms of 3 types: neutral, generally emotional, and…

American hospitals react to terrorist attacks with determination.

PubMed

Rees, T

2001-01-01

In this timely special section, editor Tom Rees recounts some of the swift, supportive actions health care providers took in response to the Sept. 11 terrorist attacks on the World Trade Center and the Pentagon.

How Terrorism Affects Attitudes toward Democracy: Tunisia in 2015.

PubMed

Andersen, Robert; Brym, Robert

2017-11-01

Tunisia is the only country that emerged from the Arab Spring as a democracy. However, Tunisian democracy is threatened by political divisions, economic problems, and the threat of terrorist attacks. We shed light on Tunisia's democratic prospects by examining (1) the degree to which major terrorist attacks in 2015 influenced Tunisian public opinion on democracy and (2) the extent to which preference for a democratic system affected opinions on the prospects for democracy in Tunisia. We use data from three waves of a nationwide survey conducted just before and just after Tunisia's first major terrorist attack, and just after the country's second major terrorist attack. We demonstrate that after the attacks the Tunisian public became less favourable toward democracy and less optimistic that Tunisia would soon be ready for it. Such scepticism was widespread, affecting people who preferred democracy as much as those who did not. We conclude that the prospects for Tunisian democracy are more precarious than is sometimes assumed. © 2017 Canadian Sociological Association/La Société canadienne de sociologie.

Brief psychotic disorder in a middle aged Nigerian following the terrorist attacks in America-case report.

PubMed

Omigbodun, O O; Okunade, T A

2002-01-01

This case report illustrates the sudden onset, brief course and remission of a psychotic illness in a middle-aged Nigerian starting soon after she heard about the terrorist attacks in America. Vulnerability factors including personality traits and other concurrent life events were identified in the patients. Common mental disorder associated with terrorist attacks, disasters and armed robbery, and the need for health workers to be sensitised to these disorders are discussed in light of the ongoing violence in parts of Nigeria.

Information System Incidents: The Development of a Damage Assessment Model

DTIC Science & Technology

1999-12-01

Cyber criminals use creativity, knowledge, software, and hardware to attack and infiltrate information systems (IS) in order to copy, delete, or...the Internet led to an increase in cyber criminals and a variety or cyber crimes such as attacks, intrusions, introduction of viruses, and data theft...organizations on information systems is contributing to the increased number of cyber criminals . Additionally, the growing sophistication and availability of

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

PubMed Central

Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

Does topological information matter for power grid vulnerability?

PubMed

Ouyang, Min; Yang, Kun

2014-12-01

Power grids, which are playing an important role in supporting the economy of a region as well as the life of its citizens, could be attacked by terrorists or enemies to damage the region. Depending on different levels of power grid information collected by the terrorists, their attack strategies might be different. This paper groups power grid information into four levels: no information, purely topological information (PTI), topological information with generator and load nodes (GLNI), and full information (including component physical properties and flow parameters information), and then identifies possible attack strategies for each information level. Analyzing and comparing power grid vulnerability under these attack strategies from both terrorists' and utility companies' point of view give rise to an approach to quantify the relative values of these three types of information, including PTI, GLNI, and component parameter information (CPI). This approach can provide information regarding the extent to which topological information matters for power system vulnerability decisions. Taking several test systems as examples, results show that for small attacks with p ≤ 0.1, CPI matters the most; when taking attack cost into consideration and assuming that the terrorists take the optimum cost-efficient attack intensity, then CPI has the largest cost-based information value.

Does topological information matter for power grid vulnerability?

NASA Astrophysics Data System (ADS)

Ouyang, Min; Yang, Kun

2014-12-01

Power grids, which are playing an important role in supporting the economy of a region as well as the life of its citizens, could be attacked by terrorists or enemies to damage the region. Depending on different levels of power grid information collected by the terrorists, their attack strategies might be different. This paper groups power grid information into four levels: no information, purely topological information (PTI), topological information with generator and load nodes (GLNI), and full information (including component physical properties and flow parameters information), and then identifies possible attack strategies for each information level. Analyzing and comparing power grid vulnerability under these attack strategies from both terrorists' and utility companies' point of view give rise to an approach to quantify the relative values of these three types of information, including PTI, GLNI, and component parameter information (CPI). This approach can provide information regarding the extent to which topological information matters for power system vulnerability decisions. Taking several test systems as examples, results show that for small attacks with p ≤ 0.1, CPI matters the most; when taking attack cost into consideration and assuming that the terrorists take the optimum cost-efficient attack intensity, then CPI has the largest cost-based information value.

Combating Paramilitary Terrorism on the Homefront: An Examination of Capabilities and Limitations of U.S. Response Forces

DTIC Science & Technology

2015-12-01

paramilitary methods with devastating results. This thesis examines the paramilitary terrorist attacks that occurred in Beslan in 2004 and in Mumbai in...paramilitary attack to be established. 14. SUBJECT TERMS paramilitary terrorism, North Hollywood shootout, Mumbai attack, Beslan school attack, posse...paramilitary terrorist attacks that occurred in Beslan in 2004 and in Mumbai in 2008 in an attempt to understand the threat and to establish the criteria for

Cyber Signal/Noise Characteristics and Sensor Models for Early Cyber Indications and Warning

DTIC Science & Technology

2005-09-01

investigating and simulating attack scenarios. The sensors are, in effect , mathematical functions. These functions range from simple functions of...172 8.1.2 Examine each attack scenario or case to derive the cause- effect network for the attack scenario...threat profiles............................ 174 8.1.4 Develop attack profiles by enlarging the cause- effect network of each attack scenario with

A macro-economic framework for evaluation of cyber security risks related to protection of intellectual property.

PubMed

Andrijcic, Eva; Horowitz, Barry

2006-08-01

The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented.

3 CFR 8427 - Proclamation 8427 of October 1, 2009. National Cybersecurity Awareness Month, 2009

Code of Federal Regulations, 2010 CFR

2010-01-01

... solutions at work and at home. Our Nation’s growing dependence on cyber and information-related technologies, coupled with an increasing threat of malicious cyber attacks and loss of privacy, has given rise to the... digital infrastructures. Cyber attacks and their viral ability to infect networks, devices, and software...

Function and activity classification in network traffic data: existing methods, their weaknesses, and a path forward

NASA Astrophysics Data System (ADS)

Levchuk, Georgiy

2016-05-01

The cyber spaces are increasingly becoming the battlefields between friendly and adversary forces, with normal users caught in the middle. Accordingly, planners of enterprise defensive policies and offensive cyber missions alike have an essential goal to minimize the impact of their own actions and adversaries' attacks on normal operations of the commercial and government networks. To do this, the cyber analysis need accurate "cyber battle maps", where the functions, roles, and activities of individual and groups of devices and users are accurately identified. Most of the research in cyber exploitation has focused on the identification of attacks, attackers, and their devices. Many tools exist for device profiling, malware identification, user attribution, and attack analysis. However, most of the tools are intrusive, sensitive to data obfuscation, or provide anomaly flagging and not able to correctly classify the semantics and causes of network activities. In this paper, we review existing solutions that can identify functional and social roles of entities in cyberspace, discuss their weaknesses, and propose an approach for developing functional and social layers of cyber battle maps.

A Cyber-Attack Detection Model Based on Multivariate Analyses

NASA Astrophysics Data System (ADS)

Sakai, Yuto; Rinsaka, Koichiro; Dohi, Tadashi

In the present paper, we propose a novel cyber-attack detection model based on two multivariate-analysis methods to the audit data observed on a host machine. The statistical techniques used here are the well-known Hayashi's quantification method IV and cluster analysis method. We quantify the observed qualitative audit event sequence via the quantification method IV, and collect similar audit event sequence in the same groups based on the cluster analysis. It is shown in simulation experiments that our model can improve the cyber-attack detection accuracy in some realistic cases where both normal and attack activities are intermingled.

Identification of Successive ``Unobservable'' Cyber Data Attacks in Power Systems Through Matrix Decomposition

NASA Astrophysics Data System (ADS)

Gao, Pengzhi; Wang, Meng; Chow, Joe H.; Ghiocel, Scott G.; Fardanesh, Bruce; Stefopoulos, George; Razanousky, Michael P.

2016-11-01

This paper presents a new framework of identifying a series of cyber data attacks on power system synchrophasor measurements. We focus on detecting "unobservable" cyber data attacks that cannot be detected by any existing method that purely relies on measurements received at one time instant. Leveraging the approximate low-rank property of phasor measurement unit (PMU) data, we formulate the identification problem of successive unobservable cyber attacks as a matrix decomposition problem of a low-rank matrix plus a transformed column-sparse matrix. We propose a convex-optimization-based method and provide its theoretical guarantee in the data identification. Numerical experiments on actual PMU data from the Central New York power system and synthetic data are conducted to verify the effectiveness of the proposed method.

What good cyber resilience looks like.

PubMed

Hult, Fredrik; Sivanesan, Giri

In January 2012, the World Economic Forum made cyber attacks its fourth top global risk. In the 2013 risk report, cyber attacks were noted to be an even higher risk in absolute terms. The reliance of critical infrastructure on cyber working has never been higher; the frequency, intensity, impact and sophistication of attacks is growing. This trend looks likely to continue. It can be argued that it is no longer a question whether an organisation will be successfully hacked, but how long it will take to detect. In the ever-changing cyber environment, traditional protection techniques and reliance on preventive controls are not enough. A more agile approach is required to give assurance of a sufficiently secure digital society. Are we faced with a paradigm shift or a storm in a digital teacup? This paper offers an introduction to why cyber is important, a wider taxonomy on the topic and some historical context on how the discipline of cyber security has evolved, and an interpretation on what this means in the new normal of today.

Introducing cyber.

PubMed

Hult, Fredrik; Sivanesan, Giri

In January 2012, the World Economic Forum made cyber attacks its fourth top global risk. In the 2013 risk report, cyber attacks were noted to be an even higher risk in absolute terms. The reliance of critical infrastructure on cyber working has never been higher; the frequency, intensity, impact and sophistication of attacks is growing. This trend looks likely to continue. It can be argued that it is no longer a question whether an organisation will be successfully hacked, but how long it will take to detect. In the ever-changing cyber environment, traditional protection techniques and reliance on preventive controls are not enough. A more agile approach is required to give assurance of a sufficiently secure digital society. Are we faced with a paradigm shift or a storm in a digital teacup? This paper offers an introduction to why cyber is important, a wider taxonomy on the topic and some historical context on how the discipline of cyber security has evolved, and an interpretation on what this means in the new normal of today.

Protecting drinking water utilities from cyberthreats

DOE PAGES

Clark, Robert M.; Panguluri, Srinivas; Nelson, Trent D.; ...

2017-02-01

Cyber-security challenges have the potential for becoming one of the defining issues of our time. Cyber-attacks have become an ever-increasing threat and the United States (US) Federal Bureau of Investigation (FBI) now ranks cyber-crime as one of its most important law enforcement activities. In addition to the general problems associated with cyber-crime, critical infrastructure (CI) related to energy production, manufacturing, water supply and other systems have come under attack. For example, drinking water utilities are increasingly incorporating computer technology into their routine operations and are therefore increasingly vulnerable to cyber- threats. Systems control and data acquisition (SCADA) systems used tomore » manage automated physical processes essential to water treatment and distribution systems have become standard in medium to large drinking water utilities and in many small water systems. However, even with the application of standard information technology cybersecurity best practices these types of systems have proven to be vulnerable to cyber-attacks. In 2015, the US Department of Homeland Security (DHS) responded to 25 cybersecurity incidents in the Water Sector and to 46 incidents in the Energy Sector. Comparatively, between 2014 and 2015, the reported number of Water Sector incidents actually increased by 78.6% (from 14 to 25). The DHS is in a collaborative partnership with the US Environmental Protection Agency to ensure cybersecurity in the Water Sector. As a result of this partnership a number of guidance documents and techniques have been developed to counter cyber-attacks and minimize cyber vulnerability. These approaches are documented along with a summary of common vulnerabilities. However, a new approach which has great promise in protecting drinking water systems against hacking and cyber-attacks, based on the concept of unidirectional gateways, is presented and discussed.« less

Protecting drinking water utilities from cyberthreats

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clark, Robert M.; Panguluri, Srinivas; Nelson, Trent D.

Cyber-security challenges have the potential for becoming one of the defining issues of our time. Cyber-attacks have become an ever-increasing threat and the United States (US) Federal Bureau of Investigation (FBI) now ranks cyber-crime as one of its most important law enforcement activities. In addition to the general problems associated with cyber-crime, critical infrastructure (CI) related to energy production, manufacturing, water supply and other systems have come under attack. For example, drinking water utilities are increasingly incorporating computer technology into their routine operations and are therefore increasingly vulnerable to cyber- threats. Systems control and data acquisition (SCADA) systems used tomore » manage automated physical processes essential to water treatment and distribution systems have become standard in medium to large drinking water utilities and in many small water systems. However, even with the application of standard information technology cybersecurity best practices these types of systems have proven to be vulnerable to cyber-attacks. In 2015, the US Department of Homeland Security (DHS) responded to 25 cybersecurity incidents in the Water Sector and to 46 incidents in the Energy Sector. Comparatively, between 2014 and 2015, the reported number of Water Sector incidents actually increased by 78.6% (from 14 to 25). The DHS is in a collaborative partnership with the US Environmental Protection Agency to ensure cybersecurity in the Water Sector. As a result of this partnership a number of guidance documents and techniques have been developed to counter cyber-attacks and minimize cyber vulnerability. These approaches are documented along with a summary of common vulnerabilities. However, a new approach which has great promise in protecting drinking water systems against hacking and cyber-attacks, based on the concept of unidirectional gateways, is presented and discussed.« less

Stuxnet, Schmitt Analysis, and the Cyber Use-of-Force Debate

DTIC Science & Technology

2012-01-01

demonstration during exercise Bold Alligator 2012 U . S . N av y (J os hu a J. W ah l) 46 JFQ / issue 67, 4 th quarter 2012 ndupress .ndu.edu...language; and Article 51’ s “armed attack ” threshold for self-defense actions. 18 Schmitt, “Computer Network Attack and the Use of Force,” 920. 19...sponsored cyber coercion. More importantly, the prospect of cyber attacks causing physical damage was largely theoretical.4 Beginning Stuxnet, Schmitt

First-Strike Advantage: The United States’ Counter to China’s Preemptive Integrated Network Electronic Warfare Strategy

DTIC Science & Technology

2013-06-01

Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage,” 9. 57 Lolita C. Baldor, “Chinese Cyber Attacks On U.S. Continue...the Secretary of Defense, 2009. Baldor, Lolita C. “Chinese Cyber Attacks on U.S. Continue Totally Unabated, Leon Panetta.” Huffington Post (2012

Advanced traveler information system capabilities : human factors research needs : summary report

DOT National Transportation Integrated Search

2003-09-01

The number and intensity of domestic and international terrorist events, along with the September 11, 2001, attacks, change the way Americans think and live. Terrorists attack targets where human casualties and economic consequences are likely to be ...

International Cyber Incident Repository System: Information Sharing on a Global Scale

DOE Office of Scientific and Technical Information (OSTI.GOV)

Joyce, Amanda L.; Evans, PhD, Nathaniel; Tanzman, Edward A.

According to the 2016 Internet Security Threat Report, the largest number of cyber attacks were recorded last year (2015), reaching a total of 430 million incidents throughout the world. As the number of cyber incidents increases, the need for information and intelligence sharing increases, as well. This fairly large increase in cyber incidents is driving the need for an international cyber incident data reporting system. The goal of the cyber incident reporting system is to make available shared and collected information about cyber events among participating international parties. In its 2014 report, Insurance Industry Working Session Readout Report-Insurance for CyberRelatedmore » Critical Infrastructure Loss: Key Issues, on the outcomes of a working session on cyber insurance, the U.S. Department of Homeland Security observed that “many participants cited the need for a secure method through which organizations could pool and share cyber incident information” and noted that one underwriter emphasized the importance of internationally harmonized data taxonomies. This cyber incident data reporting system could benefit all nations that take part in reporting incidents to provide a more common operating picture. In addition, this reporting system could allow for trending and anticipated attacks and could potentially benefit participating members by enabling them to get in front of potential attacks. The purpose of this paper is to identify options for consideration for such a system in fostering cooperative cyber defense.« less

An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chu, Tsong L.

The Stuxnet attack at the Natanz facility is an example of a targeted and successful cyber attack on a nuclear facility. Snowden's release of National Security Agency documents demonstrated the consequences of the insider threat. More recently, the United States tried to attack North Korea but failed, South Korea was attempting to attack North Korea, and both applied Stuxnet-like approaches. These sophisticated targeted attacks differ from web-site hacking events that are reported almost daily in the news mainly because targeted attacks require detailed design and operation information of the systems attacked and/or are often carried out by insiders. For instance,more » in order to minimize disruption of facilities around the world, Stuxnet remained idle until it recognized the specific configuration of the Natanz facility, demonstrating that the attackers possessed extremely detailed information about the facility. Such targeted cyber attacks could become a national-level military weapon and be used in coercion of hostile countries.« less

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2014 CFR

2014-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2012 CFR

2012-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2013 CFR

2013-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

10 CFR 73.1 - Purpose and scope.

Code of Federal Regulations, 2011 CFR

2011-01-01

... waterborne vehicle bomb assault, which may be coordinated with an external assault; and (v) A cyber attack... with an external assault; and (v) A cyber attack. (b) Scope. (1) This part prescribes requirements for...

Lone Actor Terrorist Attack Planning and Preparation: A Data-Driven Analysis.

PubMed

Schuurman, Bart; Bakker, Edwin; Gill, Paul; Bouhana, Noémie

2017-10-23

This article provides an in-depth assessment of lone actor terrorists' attack planning and preparation. A codebook of 198 variables related to different aspects of pre-attack behavior is applied to a sample of 55 lone actor terrorists. Data were drawn from open-source materials and complemented where possible with primary sources. Most lone actors are not highly lethal or surreptitious attackers. They are generally poor at maintaining operational security, leak their motivations and capabilities in numerous ways, and generally do so months and even years before an attack. Moreover, the "loneness" thought to define this type of terrorism is generally absent; most lone actors uphold social ties that are crucial to their adoption and maintenance of the motivation and capability to commit terrorist violence. The results offer concrete input for those working to detect and prevent this form of terrorism and argue for a re-evaluation of the "lone actor" concept. © 2017 The Authors. Journal of Forensic Sciences published by Wiley Periodicals, Inc. on behalf of American Academy of Forensic Sciences.

Towards A Taxonomy Of Attacks Against Energy Control Systems

NASA Astrophysics Data System (ADS)

Fleury, Terry; Khurana, Himanshu; Welch, Von

Control systems in the energy sector (e.g., supervisory control and data acquisition (SCADA) systems) involve a hierarchy of sensing, monitoring and control devices connected to centralized control stations or centers. The incorporation of commercial off-the-shelf technologies in energy control systems makes them vulnerable to cyber attacks. A taxonomy of cyber attacks against control systems can assist the energy sector in managing the cyber threat. This paper takes the first step towards a taxonomy by presenting a comprehensive model of attacks, vulnerabilities and damage related to control systems. The model is populated based on a survey of the technical literature from industry, academia and national laboratories.

Towards an integrated defense system for cyber security situation awareness experiment

NASA Astrophysics Data System (ADS)

Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

2015-05-01

In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

Design of Cyber Attack Precursor Symptom Detection Algorithm through System Base Behavior Analysis and Memory Monitoring

NASA Astrophysics Data System (ADS)

Jung, Sungmo; Kim, Jong Hyun; Cagalaban, Giovanni; Lim, Ji-Hoon; Kim, Seoksoo

More recently, botnet-based cyber attacks, including a spam mail or a DDos attack, have sharply increased, which poses a fatal threat to Internet services. At present, antivirus businesses make it top priority to detect malicious code in the shortest time possible (Lv.2), based on the graph showing a relation between spread of malicious code and time, which allows them to detect after malicious code occurs. Despite early detection, however, it is not possible to prevent malicious code from occurring. Thus, we have developed an algorithm that can detect precursor symptoms at Lv.1 to prevent a cyber attack using an evasion method of 'an executing environment aware attack' by analyzing system behaviors and monitoring memory.

Behavioral Modeling of Adversaries with Multiple Objectives in Counterterrorism.

PubMed

Mazicioglu, Dogucan; Merrick, Jason R W

2018-05-01

Attacker/defender models have primarily assumed that each decisionmaker optimizes the cost of the damage inflicted and its economic repercussions from their own perspective. Two streams of recent research have sought to extend such models. One stream suggests that it is more realistic to consider attackers with multiple objectives, but this research has not included the adaption of the terrorist with multiple objectives to defender actions. The other stream builds off experimental studies that show that decisionmakers deviate from optimal rational behavior. In this article, we extend attacker/defender models to incorporate multiple objectives that a terrorist might consider in planning an attack. This includes the tradeoffs that a terrorist might consider and their adaption to defender actions. However, we must also consider experimental evidence of deviations from the rationality assumed in the commonly used expected utility model in determining such adaption. Thus, we model the attacker's behavior using multiattribute prospect theory to account for the attacker's multiple objectives and deviations from rationality. We evaluate our approach by considering an attacker with multiple objectives who wishes to smuggle radioactive material into the United States and a defender who has the option to implement a screening process to hinder the attacker. We discuss the problems with implementing such an approach, but argue that research in this area must continue to avoid misrepresenting terrorist behavior in determining optimal defensive actions. © 2017 Society for Risk Analysis.

Fraud in Academic Publishing: Researchers Under Cyber-Attacks.

PubMed

Dadkhah, Mehdi; Borchardt, Glenn; Maliszewski, Tomasz

2017-01-01

Day by day, researchers receive new suspicious e-mails in their inboxes. Many of them do not have sufficient information about these types of e-mails, and may become victims of cyber-attacks. In this short communication, we review current cyber threats in academic publishing and try to present general guidelines for authors. Copyright © 2016 Elsevier Inc. All rights reserved.

Impact of Protection Motivation Theory and General Deterrence Theory on the Behavioral Intention to Implement and Misuse Active Cyber Defense

ERIC Educational Resources Information Center

White, Jautau Kelton

2017-01-01

Current cybersecurity measures have become a major concern for commercial organizations in the United States. As the cyber-attack landscape expands and the skills and knowledge of the cyber-attacker become broader, the current measures that are taken and the laws structured around them are making it increasingly difficult for commercial…

Cybersecurity for distributed energy resources and smart inverters

DOE PAGES

Qi, Junjian; Hahn, Adam; Lu, Xiaonan; ...

2016-12-01

The increased penetration of distributed energy resources (DER) will significantly increase the number of devices that are owned and controlled by consumers and third parties. These devices have a significant dependency on digital communication and control, which presents a growing risk from cyber attacks. This paper proposes a holistic attack-resilient framework to protect the the integrated DER and the critical power grid infrastructure from malicious cyber attacks, helping ensure the secure integration of DER without harming the grid reliability and stability. Specifically, we discuss the architecture of the cyber-physical power system with a high penetration of DER and analyze themore » unique cybersecurity challenges introduced by DER integration. Next, we summarize important attack scenarios against DER, propose a systematic DER resilience analysis methodology, and develop effective and quantifiable resilience metrics and design principles. Lastly, we introduce attack prevention, detection, and response measures specifically designed for DER integration across cyber, physical device, and utility layers of the future smart grid.« less

Cybersecurity for distributed energy resources and smart inverters

DOE Office of Scientific and Technical Information (OSTI.GOV)

Qi, Junjian; Hahn, Adam; Lu, Xiaonan

The increased penetration of distributed energy resources (DER) will significantly increase the number of devices that are owned and controlled by consumers and third parties. These devices have a significant dependency on digital communication and control, which presents a growing risk from cyber attacks. This paper proposes a holistic attack-resilient framework to protect the the integrated DER and the critical power grid infrastructure from malicious cyber attacks, helping ensure the secure integration of DER without harming the grid reliability and stability. Specifically, we discuss the architecture of the cyber-physical power system with a high penetration of DER and analyze themore » unique cybersecurity challenges introduced by DER integration. Next, we summarize important attack scenarios against DER, propose a systematic DER resilience analysis methodology, and develop effective and quantifiable resilience metrics and design principles. Lastly, we introduce attack prevention, detection, and response measures specifically designed for DER integration across cyber, physical device, and utility layers of the future smart grid.« less

[Treatment strategies for mass casualty incidents and terrorist attacks in trauma and vascular surgery : Presentation of a treatment concept].

PubMed

Friemert, B; Franke, A; Bieler, D; Achatz, A; Hinck, D; Engelhardt, M

2017-10-01

The treatment of patients in the context of mass casualty incidents (MCI) represents a great challenge for the participating rescue workers and clinics. Due to the increase in terrorist activities it is necessary to become familiar with this new kind of threat to civilization with respect to the medical treatment of victims of terrorist attacks. There are substantial differences between a "normal" MCI and a terrorist MCI with respect to injury patterns (blunt trauma vs. penetrating/perforating trauma), the type and form of the incident (MCI=static situation vs. terrorist attack MCI= dynamic situation) and the different security positions (rescue services vs. police services). This article is concerned with question of which changes in the surgical treatment of patients are made necessary by these new challenges. In this case it is necessary that physicians are familiar with the different injury patterns, whereby priority must be given to gunshot and explosion (blast) injuries. Furthermore, altered strategic and tactical approaches (damage control surgery vs. tactical abbreviated surgical care) are necessary to ensure survival for as many victims of terrorist attacks as possible and also to achieve the best possible functional results. It is only possible to successfully counter these new challenges by changing the mindset in the treatment of terrorist MCI compared to MCI incidents. An essential component of this mindset is the acquisition of a maximum of flexibility. This article would like to make a contribution to this problem.

Assessing Terrorist Motivations for Attacking Critical Infrastructure

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ackerman, G; Abhayaratne, P; Bale, J

Certain types of infrastructure--critical infrastructure (CI)--play vital roles in underpinning our economy, security and way of life. These complex and often interconnected systems have become so ubiquitous and essential to day-to-day life that they are easily taken for granted. Often it is only when the important services provided by such infrastructure are interrupted--when we lose easy access to electricity, health care, telecommunications, transportation or water, for example--that we are conscious of our great dependence on these networks and of the vulnerabilities that stem from such dependence. Unfortunately, it must be assumed that many terrorists are all too aware that CImore » facilities pose high-value targets that, if successfully attacked, have the potential to dramatically disrupt the normal rhythm of society, cause public fear and intimidation, and generate significant publicity. Indeed, revelations emerging at the time of this writing about Al Qaida's efforts to prepare for possible attacks on major financial facilities in New York, New Jersey, and the District of Columbia remind us just how real and immediate such threats to CI may be. Simply being aware that our nation's critical infrastructure presents terrorists with a plethora of targets, however, does little to mitigate the dangers of CI attacks. In order to prevent and preempt such terrorist acts, better understanding of the threats and vulnerabilities relating to critical infrastructure is required. The Center for Nonproliferation Studies (CNS) presents this document as both a contribution to the understanding of such threats and an initial effort at ''operationalizing'' its findings for use by analysts who work on issues of critical infrastructure protection. Specifically, this study focuses on a subsidiary aspect of CI threat assessment that has thus far remained largely unaddressed by contemporary terrorism research: the motivations and related factors that determine whether a terrorist organization will attack critical infrastructure. In other words, this research investigates: (1) why terrorists choose to attack critical infrastructure rather than other targets; (2) how groups make such decisions; (3) what, if any, types of groups are most inclined to attack critical infrastructure targets; and (4) which types of critical infrastructure terrorists prefer to attack and why. In an effort to address the above questions as comprehensively as possible, the project team employed four discrete investigative approaches in its research design. These include: (1) a review of existing terrorism and threat assessment literature to glean expert consensus regarding terrorist target selection, as well as to identify theoretical approaches that might be valuable to analysts and decision-makers who are seeking to understand such terrorist group decision-making processes; (2) the preparation of several concise case studies to help identify internal group factors and contextual influences that have played significant roles in leading some terrorist groups to attack critical infrastructure; (3) the creation of a new database--the Critical Infrastructure Terrorist Incident Catalog (CrITC)--to capture a large sample of empirical CI attack data that might be used to illuminate the nature of such attacks to date; and (4) the development of a new analytical framework--the Determinants Effecting Critical Infrastructure Decisions (DECIDe) Framework--designed to make the factors and dynamics identified by the study more ''usable'' in any future efforts to assess terrorist intentions to target critical infrastructure. Although each is addressed separately in the following chapters, none of the four aspects of this study were developed in isolation. Rather, all the constituent elements of the project informed--and were informed by--the others. For example, the review of the available literature on terrorist target selection made possible the identification of several target selection factors that were both important in the development of the analytical framework and subsequently validated by the case studies. Similarly, statistical analysis of the CrITIC data yielded measurable evidence that supported hypotheses derived from the framework, the case studies, and the writings of various experts. Besides providing an important mechanism of self-reinforcement and validation, the project's multifaceted nature made it possible to discern aspects of CI attack motivations that would likely have been missed if any single approach had been adopted.« less

Americans Respond Politically to 9/11: Understanding the Impact of the Terrorist Attacks and Their Aftermath

ERIC Educational Resources Information Center

Huddy, Leonie; Feldman, Stanley

2011-01-01

The 9/11 terrorist attacks have had profound effect on U.S. domestic and foreign security policy, leading to several expensive wars and the erosion of civil liberties (under the USA PATRIOT Act). We review evidence on political reactions to the 9/11 attacks and conclude that subjective reactions to terrorism played an important role in shaping…

Posttraumatic Stress Disorder Following the September 11, 2001, Terrorist Attacks: A Review of the Literature among Highly Exposed Populations

ERIC Educational Resources Information Center

Neria, Yuval; Digrande, Laura; Adams, Ben G.

2011-01-01

The September 11, 2001 (9/11), terrorist attacks were unprecedented in their magnitude and aftermath. In the wake of the attacks, researchers reported a wide range of mental and physical health outcomes, with posttraumatic stress disorder (PTSD) the one most commonly studied. In this review, we aim to assess the evidence about PTSD among highly…

The Effect of the September 11 Terrorist Attacks on Suicide and Deliberate Self-Harm: A Time Trend Study

ERIC Educational Resources Information Center

Lange, Aart W.; Neeleman, Jan

2004-01-01

Suicide rates may be affected by world news. Our objective was to investigate the possible impact of the terrorist attacks of September 11, 2001, on suicidal behavior in the Netherlands. There was evidence of an increase in rates of suicide and deliberate self-harm in the weeks immediately following the attacks. These findings contrast with…

A Geographic Information Science (GISc) Approach to Characterizing Spatiotemporal Patterns of Terrorist Incidents in Iraq, 2004-2009

DOE Office of Scientific and Technical Information (OSTI.GOV)

Medina, Richard M; Siebeneck, Laura K.; Hepner, George F.

2011-01-01

As terrorism on all scales continues, it is necessary to improve understanding of terrorist and insurgent activities. This article takes a Geographic Information Systems (GIS) approach to advance the understanding of spatial, social, political, and cultural triggers that influence terrorism incidents. Spatial, temporal, and spatiotemporal patterns of terrorist attacks are examined to improve knowledge about terrorist systems of training, planning, and actions. The results of this study aim to provide a foundation for understanding attack patterns and tactics in emerging havens as well as inform the creation and implementation of various counterterrorism measures.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ackerman, G; Bale, J; Moran, K

Certain types of infrastructure--critical infrastructure (CI)--play vital roles in underpinning our economy, security, and way of life. One particular type of CI--that relating to chemicals--constitutes both an important element of our nation's infrastructure and a particularly attractive set of potential targets. This is primarily because of the large quantities of toxic industrial chemicals (TICs) it employs in various operations and because of the essential economic functions it serves. This study attempts to minimize some of the ambiguities that presently impede chemical infrastructure threat assessments by providing new insight into the key motivational factors that affect terrorist organizations propensity to attackmore » chemical facilities. Prepared as a companion piece to the Center for Nonproliferation Studies August 2004 study--''Assessing Terrorist Motivations for Attacking Critical Infrastructure''--it investigates three overarching research questions: (1) why do terrorists choose to attack chemical-related infrastructure over other targets; (2) what specific factors influence their target selection decisions concerning chemical facilities; and (3) which, if any, types of groups are most inclined to attack chemical infrastructure targets? The study involved a multi-pronged research design, which made use of four discrete investigative techniques to answer the above questions as comprehensively as possible. These include: (1) a review of terrorism and threat assessment literature to glean expert consensus regarding terrorist interest in targeting chemical facilities; (2) the preparation of case studies to help identify internal group factors and contextual influences that have played a significant role in leading some terrorist groups to attack chemical facilities; (3) an examination of data from the Critical Infrastructure Terrorist Incident Catalog (CrITIC) to further illuminate the nature of terrorist attacks against chemical facilities to date; and (4) the refinement of the DECIDe--the Determinants Effecting Critical Infrastructure Decisions--analytical framework to make the factors and dynamics identified by the study more ''usable'' in future efforts to assess terrorist intentions to target chemical-related infrastructure.« less

Cyber Friendly Fire: Research Challenges for Security Informatics

DOE Office of Scientific and Technical Information (OSTI.GOV)

Greitzer, Frank L.; Carroll, Thomas E.; Roberts, Adam D.

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly fire (FF). We define cyber FF as intentional offensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintention-ally harms the mission effectiveness of friendly or neutral forces. Just as with combat friendly fire, maintaining situation awareness (SA) is paramount to avoiding cyber FF incidents. Cyber SA concerns knowledge of a system’s topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components thatmore » comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and offensive countermeasures that may be applied to thwart network attacks. Mitigation strategies to combat cyber FF— including both training concepts and suggestions for decision aids and visualization approaches—are discussed.« less

Deaths in World Trade Center terrorist attacks--New York City, 2001.

PubMed

2002-09-11

On September 11, 2001, terrorists flew two hijacked airplanes into the World Trade Center (WTC) in lower Manhattan in New York City (NYC), destroying both towers of the WTC. This report presents preliminary vital statistics on the deaths caused by the terrorist attacks and describes the procedures developed by the New York City Department of Health and Mental Hygiene (NYCDOHMH) to issue death certificates in response to the attacks. These data underscore the need for legal mechanisms to expedite the issuance of death certificates in the absence of human remains and the need for vital registration systems that can be relocated in case of emergency.

Suggestions for Adults: Talking and Thinking with Children about the Terrorist Attacks.

ERIC Educational Resources Information Center

Communication Disorders Quarterly, 2002

2002-01-01

Fifteen suggestions for adults talking with children about the terrorist attacks include taking the time to listen, separating fact from fiction, stressing the senselessness of violence, recognizing the impact of their own reactions on children, and addressing religious and moral concerns. (DB)

Memories of the terrorist attacks of September 11, 2001: a study of the consistency and phenomenal characteristics of flashbulb memories.

PubMed

Ferré Romeu, Pilar

2006-05-01

In this study, I investigated students' memories of the terrorist attacks of September 11, 2001, carried out by Al Qaeda terrorists against the World Trade Center in New York and the Pentagon in Washington. Participants completed on two occasions (2 weeks and 8 months after the events took place) a memory questionnaire that included an assessment of the phenomenal richness of their memories. The results showed that the participants remembered very well the circumstances in which they first heard about the terrorist attacks, that they were very confident about this information, and that these memories were characterized by a high phenomenal richness. Over time, there was a decrease in all of these variables, but people's ratings of phenomenology and confidence were still very high.

Cyber-Physical Attacks With Control Objectives

DOE PAGES

Chen, Yuan; Kar, Soummya; Moura, Jose M. F.

2017-08-18

This study studies attackers with control objectives against cyber-physical systems (CPSs). The goal of the attacker is to counteract the CPS's controller and move the system to a target state while evading detection. We formulate a cost function that reflects the attacker's goals, and, using dynamic programming, we show that the optimal attack strategy reduces to a linear feedback of the attacker's state estimate. By changing the parameters of the cost function, we show how an attacker can design optimal attacks to balance the control objective and the detection avoidance objective. In conclusion, we provide a numerical illustration based onmore » a remotely controlled helicopter under attack.« less

Cyber-Physical Attacks With Control Objectives

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, Yuan; Kar, Soummya; Moura, Jose M. F.

This study studies attackers with control objectives against cyber-physical systems (CPSs). The goal of the attacker is to counteract the CPS's controller and move the system to a target state while evading detection. We formulate a cost function that reflects the attacker's goals, and, using dynamic programming, we show that the optimal attack strategy reduces to a linear feedback of the attacker's state estimate. By changing the parameters of the cost function, we show how an attacker can design optimal attacks to balance the control objective and the detection avoidance objective. In conclusion, we provide a numerical illustration based onmore » a remotely controlled helicopter under attack.« less

Waging and Fighting e Jihad

DTIC Science & Technology

2012-12-01

across the internet, and terrorists have evolved to become more adept at covert communication. Web chat through on multiplayer online video games ...Tom Wells. “TERRORISTS are using online war games like Call of Duty to plot attacks, The Sun can reveal.” http://www.thesun.co.uk/sol/homepage/news...4205896/Terrorists-play- online - games -like-Call-of- Duty-to-plan-attacks.html#ixzz2E2lOCwjd 10 Daily News and Analysis. “Headley used ’electronic dead

The Developmental Dynamics of Terrorist Organizations

PubMed Central

Clauset, Aaron; Gleditsch, Kristian Skrede

2012-01-01

We identify robust statistical patterns in the frequency and severity of violent attacks by terrorist organizations as they grow and age. Using group-level static and dynamic analyses of terrorist events worldwide from 1968–2008 and a simulation model of organizational dynamics, we show that the production of violent events tends to accelerate with increasing size and experience. This coupling of frequency, experience and size arises from a fundamental positive feedback loop in which attacks lead to growth which leads to increased production of new attacks. In contrast, event severity is independent of both size and experience. Thus larger, more experienced organizations are more deadly because they attack more frequently, not because their attacks are more deadly, and large events are equally likely to come from large and small organizations. These results hold across political ideologies and time, suggesting that the frequency and severity of terrorism may be constrained by fundamental processes. PMID:23185267

Is television traumatic? Dreams, stress, and media exposure in the aftermath of September 11, 2001.

PubMed

Propper, Ruth E; Stickgold, Robert; Keeley, Raeann; Christman, Stephen D

2007-04-01

The terrorist attacks of September 11, 2001, were traumatic for people living throughout the United States. It has been suggested that people living far from the attacks experienced increased stress because of their exposure to the terrorist events via the media, particularly via television. Following a traumatic or stressful event, individuals may have dreams that reflect that experience. As part of a course on dreaming, individuals recorded their dreams both prior to and following the terrorist attacks of September 11, 2001. On September 12, these same individuals reported their activities and media exposure the previous day. Results revealed (a) changes in dream features following the attacks and (b) a strong relation between exposure to the events on television and changes in dream features after the attacks. Because of the study's within-subjects design, the results provide evidence for a direct association between television viewing and subsequent increases in stress and trauma.

On effectiveness of network sensor-based defense framework

NASA Astrophysics Data System (ADS)

Zhang, Difan; Zhang, Hanlin; Ge, Linqiang; Yu, Wei; Lu, Chao; Chen, Genshe; Pham, Khanh

2012-06-01

Cyber attacks are increasing in frequency, impact, and complexity, which demonstrate extensive network vulnerabilities with the potential for serious damage. Defending against cyber attacks calls for the distributed collaborative monitoring, detection, and mitigation. To this end, we develop a network sensor-based defense framework, with the aim of handling network security awareness, mitigation, and prediction. We implement the prototypical system and show its effectiveness on detecting known attacks, such as port-scanning and distributed denial-of-service (DDoS). Based on this framework, we also implement the statistical-based detection and sequential testing-based detection techniques and compare their respective detection performance. The future implementation of defensive algorithms can be provisioned in our proposed framework for combating cyber attacks.

A Probabilistic Risk Mitigation Model for Cyber-Attacks to PMU Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mousavian, Seyedamirabbas; Valenzuela, Jorge; Wang, Jianhui

The power grid is becoming more dependent on information and communication technologies. Complex networks of advanced sensors such as phasor measurement units (PMUs) are used to collect real time data to improve the observability of the power system. Recent studies have shown that the power grid has significant cyber vulnerabilities which could increase when PMUs are used extensively. Therefore, recognizing and responding to vulnerabilities are critical to the security of the power grid. This paper proposes a risk mitigation model for optimal response to cyber-attacks to PMU networks. We model the optimal response action as a mixed integer linear programmingmore » (MILP) problem to prevent propagation of the cyber-attacks and maintain the observability of the power system.« less

Propagating Mixed Uncertainties in Cyber Attacker Payoffs: Exploration of Two-Phase Monte Carlo Sampling and Probability Bounds Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Tipireddy, Ramakrishna; Oster, Matthew R.

Securing cyber-systems on a continual basis against a multitude of adverse events is a challenging undertaking. Game-theoretic approaches, that model actions of strategic decision-makers, are increasingly being applied to address cybersecurity resource allocation challenges. Such game-based models account for multiple player actions and represent cyber attacker payoffs mostly as point utility estimates. Since a cyber-attacker’s payoff generation mechanism is largely unknown, appropriate representation and propagation of uncertainty is a critical task. In this paper we expand on prior work and focus on operationalizing the probabilistic uncertainty quantification framework, for a notional cyber system, through: 1) representation of uncertain attacker andmore » system-related modeling variables as probability distributions and mathematical intervals, and 2) exploration of uncertainty propagation techniques including two-phase Monte Carlo sampling and probability bounds analysis.« less

Uganda: Current Conditions and the Crisis in North Uganda

DTIC Science & Technology

2010-10-06

African Union , and the United States condemned the terrorist attacks. More than 20 suspects are currently in prison. Uganda: Current Conditions...The United Nations, the African Union , and the United States condemned the terrorist attacks. More than 20 suspects are currently in prison. The...attacks took place at a rugby club and Ethiopian restaurant while people were watching the final match of the World Cup. The following day, an Al

Uganda: Current Conditions and the Crisis in North Uganda

DTIC Science & Technology

2011-04-29

United Nations, the African Union , and the United States condemned the terrorist attacks. More than 20 suspects are currently in prison. Uganda: Current...concerns. The African Union stated that the elections were peaceful and transparent, but called for a Review of the Electoral Law. Opposition groups...Nations, the African Union , and the United States condemned the terrorist attacks. More than 20 suspects are currently in prison. The attacks took place

Uganda: Current Conditions and the Crisis in North Uganda

DTIC Science & Technology

2010-12-09

Nations, the African Union , and the United States condemned the terrorist attacks. More than 20 suspects are currently in prison. Uganda: Current...An estimated 76 people, including one American, were killed and more than 80 injured. The United Nations, the African Union , and the United States...condemned the terrorist attacks. More than 20 suspects are currently in prison. The attacks took place at a rugby club and Ethiopian restaurant while

78 FR 56579 - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-12

...--Continuation of the National Emergency With Respect to Certain Terrorist Attacks #0; #0; #0; Presidential Documents #0; #0; #0;#0;Federal Register / Vol. 78 , No. 177 / Thursday, September 12, 2013 / Presidential Documents#0;#0; #0; #0;Title 3-- #0;The President [[Page 56581

Impact of Alleged Russian Cyber Attacks

DTIC Science & Technology

2009-05-01

security. 15. SUBJECT TERMS Cyber Security, Cyber Warfare , Estonia, Georgia, Russian Federation Cyber Strategy, Convention on Cybercrime, NATO Center...Federation ......................................................................................... 33  X.  The Future of Russian Cyber Warfare ................................................................... 39...Issue 15.09); Binoy Kampmark, Cyber Warfare Between Estonia And Russia, (Contemporary Review: Autumn, 2003), p 288-293; Jaak Aaviksoo, Address by the

Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signalsmore » are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.« less

Nuclear terrorism - Threat or not?

NASA Astrophysics Data System (ADS)

Pomper, Miles A.; Tarini, Gabrielle

2017-11-01

A terrorist attack using nuclear or radiological materials is a low-probability event, but if executed, would lead to unprecedented socio-economic, material, and psychological disruption and damage. This chapter seeks to provide a sound assessment of the scope and nature of the threat by examining the different types of nuclear terrorism, each of which poses different risks, involves different barriers to success, and requires different terrorist capabilities. In addition, the chapter aims to provide an overview of the sources and nature of terrorists' motivations to employ a nuclear attack.

Computer Network Attack: An Operational Tool?

DTIC Science & Technology

2003-01-17

Spectrum of Conflict, Cyber Warfare , Preemptive Strike, Effects Based Targeting. 15. Abstract: Computer Network Attack (CNA) is defined as...great deal of attention as the world’s capabilities in cyber - warfare grow. 11 Although addressing the wide ranging legal aspects of CNA is beyond the...the notion of cyber - warfare has not yet developed to the point that international norms have been established.15 These norms will be developed in

Cyber Attacks, Attribution, and Deterrence: Three Case Studies

DTIC Science & Technology

2015-05-23

threat informs his decision about the appropriate deterrent counter-threats. There tend to be three camps in general: Minimalists , Moderates, and...Alarmists. Minimalists do not require much explanation because they are the authors who believe that cyber does not pose any significant threat...Armageddon.”32 Amongst the minimalists are Lawrence Freedman and Thomas Rid. Freedman grants discussion of cyber attacks a scant two pages in his seven

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE PAGES

Perkins, Casey; Muller, George

2015-10-08

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Perkins, Casey; Muller, George

The number of connections between physical and cyber security systems is rapidly increasing due to centralized control from automated and remotely connected means. As the number of interfaces between systems continues to grow, the interactions and interdependencies between them cannot be ignored. Historically, physical and cyber vulnerability assessments have been performed independently. This independent evaluation omits important aspects of the integrated system, where the impacts resulting from malicious or opportunistic attacks are not easily known or understood. Here, we describe a discrete event simulation model that uses information about integrated physical and cyber security systems, attacker characteristics and simple responsemore » rules to identify key safeguards that limit an attacker's likelihood of success. Key features of the proposed model include comprehensive data generation to support a variety of sophisticated analyses, and full parameterization of safeguard performance characteristics and attacker behaviours to evaluate a range of scenarios. Lastly, we also describe the core data requirements and the network of networks that serves as the underlying simulation structure.« less

DOE Office of Scientific and Technical Information (OSTI.GOV)

Klise, Katherine A.; Hart, David; Moriarty, Dylan Michael

Drinking water systems face multiple challenges, including aging infrastructure, water quality concerns, uncertainty in supply and demand, natural disasters, environmental emergencies, and cyber and terrorist attacks. All of these have the potential to disrupt a large portion of a water system causing damage to infrastructure and outages to customers. Increasing resilience to these types of hazards is essential to improving water security. As one of the United States (US) sixteen critical infrastructure sectors, drinking water is a national priority. The National Infrastructure Advisory Council defined infrastructure resilience as “the ability to reduce the magnitude and/or duration of disruptive events. Themore » effectiveness of a resilient infrastructure or enterprise depends upon its ability to anticipate, absorb, adapt to, and/or rapidly recover from a potentially disruptive event”. Being able to predict how drinking water systems will perform during disruptive incidents and understanding how to best absorb, recover from, and more successfully adapt to such incidents can help enhance resilience.« less

Improving Resource Allocation Decisions to Reduce the Risk of Terrorist Attacks on Passenger Rail Systems

DTIC Science & Technology

2016-12-01

theory, passenger rail bombing , attacker-defender methodology 15. NUMBER OF PAGES 103 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT...bombers carried out a successful coordinated attack against the London mass transit system in July 2005. Three suicide bombings occurred on trains and...iron rods to make shrapnel. The precise timing indicates the terrorists themselves detonated their own devices. In March 2016, a suicide bomb

Long-Term Memory for the Terrorist Attack of September 11: Flashbulb Memories, Event Memories, and the Factors that Influence Their Retention

ERIC Educational Resources Information Center

Hirst, William; Phelps, Elizabeth A.; Buckner, Randy L.; Budson, Andrew E.; Cuc, Alexandru; Gabrieli, John D. E.; Johnson, Marcia K.; Lustig, Cindy; Lyle, Keith B.; Mather, Mara; Meksin, Robert; Mitchell, Karen J.; Ochsner, Kevin N.; Schacter, Daniel L.; Simons, Jon S.; Vaidya, Chandan J.

2009-01-01

More than 3,000 individuals from 7 U.S. cities reported on their memories of learning of the terrorist attacks of September 11, as well as details about the attack, 1 week, 11 months, and/or 35 months after the assault. Some studies of flashbulb memories examining long-term retention show slowing in the rate of forgetting after a year, whereas…

Uganda: Current Conditions and the Crisis in North Uganda

DTIC Science & Technology

2010-07-30

Union , and the United States condemned the terrorist attacks. More than 20 suspects are currently in prison. Uganda: Current Conditions and the...than 80 injured. The United Nations, the African Union , and the United States condemned the terrorist attacks. More than 20 suspects are currently in...prison. The attacks took place at a rugby club and Ethiopian restaurant while people were watching the final match of the World Cup. The following

DOE Office of Scientific and Technical Information (OSTI.GOV)

Onyeji, Ijeoma; Bazilian, Morgan; Bronk, Chris

Both the number and security implications of sophisticated cyber attacks on companies providing critical energy infrastructures are increasing. As power networks and, to a certain extent, oil and gas infrastructure both upstream and downstream, are becoming increasingly integrated with information communication technology systems, they are growing more susceptible to cyber attacks.

Identification and Ranking of Critical Assets within an Electrical Grid under Threat of Cyber Attack

NASA Astrophysics Data System (ADS)

Boyer, Blake R.

This paper examines the ranking of critical assets within an electrical grid under threat of cyber attack.1 Critical to this analysis is the assumption of zero hour exploits namely, the threat of an immediate attack as soon as a vulnerability is discovered. Modeling shows that over time load fluctuations as well as other system variations will change the importance of each asset in the delivery of bulk power. As opposed to classic stability studies where risk can be shown to be greatest during high load periods, the zero hour exploit-cyber-risk assumes that vulnerabilities will be attacked as soon as they are discovered. The probability of attacks is made uniform over time to include any and all possible attacks. Examining the impact of an attack and how the grid reacts immediately following an attack will identify and determine the criticality of each asset. This work endeavors to fulfill the NERC Critical Infrastructure Protection Requirements CIP-001-1 through CIP-009-2, cyber security requirements for the reliable supply of bulk power to customers throughout North America. 1Critical assets will here refer to facilities, systems, and equipment, which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the Bulk Electric System, NERC Glossary of Terms Used in Reliability Standards, 2009

INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert S. Anderson; Mark Schanfein; Trond Bjornard

2011-07-01

Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's abilitymore » to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.« less

75 FR 55659 - Continuation of the National Emergency With Respect to Certain Terrorist Attacks

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-13

...), I am continuing for 1 year the national emergency previously declared on September 14, 2001, in Proclamation 7463, with respect to the terrorist attacks of September 11, 2001, and the continuing and... national emergency declared on September 14, 2001, and the powers and authorities adopted to deal with that...

The Threat Among Us: Insiders Intensify Aviation Terrorism

DOE Office of Scientific and Technical Information (OSTI.GOV)

Krull, Katie E.

Aviation terrorism is powerful and symbolic, and will likely remain a staple target for terrorists aiming to inflict chaos and cause mass casualties similar to the 9/11 attacks on the U.S. The majority of international and domestic aviation terrorist attacks involves outsiders, or people who do not have direct access to or affiliation with a target through employment. However, several significant attacks and plots against the industry involved malicious employees motivated by suicide or devotion to a terrorist organization. Malicious insiders’ access and knowledge of aviation security, systems, networks, and infrastructure is valuable to terrorists, providing a different pathway formore » attacking the industry through the insider threat. Indicators and warnings of insider threats in these cases exist, providing insight into how security agencies, such as the Transportation Security Administration, can better predict and identify insider involvement. Understanding previous aviation insider threat events will likely aid in stimulating proactive security measures, rather than reactive responses. However, similar to traditional airport security measures, there are social, political, and economic challenges in protecting against the insider threat, including privacy concerns and cost-benefit analysis.« less

A decision framework for managing risk to airports from terrorist attack.

PubMed

Shafieezadeh, Abdollah; Cha, Eun J; Ellingwood, Bruce R

2015-02-01

This article presents an asset-level security risk management framework to assist stakeholders of critical assets with allocating limited budgets for enhancing their safety and security against terrorist attack. The proposed framework models the security system of an asset, considers various threat scenarios, and models the sequential decision framework of attackers during the attack. Its novel contributions are the introduction of the notion of partial neutralization of attackers by defenders, estimation of total loss from successful, partially successful, and unsuccessful actions of attackers at various stages of an attack, and inclusion of the effects of these losses on the choices made by terrorists at various stages of the attack. The application of the proposed method is demonstrated in an example dealing with security risk management of a U.S. commercial airport, in which a set of plausible threat scenarios and risk mitigation options are considered. It is found that a combination of providing blast-resistant cargo containers and a video surveillance system on the airport perimeter fence is the best option based on minimum expected life-cycle cost considering a 10-year service period. © 2014 Society for Risk Analysis.

A reference model for model-based design of critical infrastructure protection systems

NASA Astrophysics Data System (ADS)

Shin, Young Don; Park, Cheol Young; Lee, Jae-Chon

2015-05-01

Today's war field environment is getting versatile as the activities of unconventional wars such as terrorist attacks and cyber-attacks have noticeably increased lately. The damage caused by such unconventional wars has also turned out to be serious particularly if targets are critical infrastructures that are constructed in support of banking and finance, transportation, power, information and communication, government, and so on. The critical infrastructures are usually interconnected to each other and thus are very vulnerable to attack. As such, to ensure the security of critical infrastructures is very important and thus the concept of critical infrastructure protection (CIP) has come. The program to realize the CIP at national level becomes the form of statute in each country. On the other hand, it is also needed to protect each individual critical infrastructure. The objective of this paper is to study on an effort to do so, which can be called the CIP system (CIPS). There could be a variety of ways to design CIPS's. Instead of considering the design of each individual CIPS, a reference model-based approach is taken in this paper. The reference model represents the design of all the CIPS's that have many design elements in common. In addition, the development of the reference model is also carried out using a variety of model diagrams. The modeling language used therein is the systems modeling language (SysML), which was developed and is managed by Object Management Group (OMG) and a de facto standard. Using SysML, the structure and operational concept of the reference model are designed to fulfil the goal of CIPS's, resulting in the block definition and activity diagrams. As a case study, the operational scenario of the nuclear power plant while being attacked by terrorists is studied using the reference model. The effectiveness of the results is also analyzed using multiple analysis models. It is thus expected that the approach taken here has some merits over the traditional design methodology of repeating requirements analysis and system design.

Engaging the Nation’s Critical Infrastructure Sector to Deter Cyber Threats

DTIC Science & Technology

2013-03-01

is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries... economy .16 DDOS attacks are based on multiple, malware infected personal computers, organized into networks called botnets, and are directed by...not condemn the actions of those involved. Of the two attacks on Estonia and Georgia, it was Estonia that had the greatest damage to its economy

Cyber Incidents Involving Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Robert J. Turk

2005-10-01

The Analysis Function of the US-CERT Control Systems Security Center (CSSC) at the Idaho National Laboratory (INL) has prepared this report to document cyber security incidents for use by the CSSC. The description and analysis of incidents reported herein support three CSSC tasks: establishing a business case; increasing security awareness and private and corporate participation related to enhanced cyber security of control systems; and providing informational material to support model development and prioritize activities for CSSC. The stated mission of CSSC is to reduce vulnerability of critical infrastructure to cyber attack on control systems. As stated in the Incident Managementmore » Tool Requirements (August 2005) ''Vulnerability reduction is promoted by risk analysis that tracks actual risk, emphasizes high risk, determines risk reduction as a function of countermeasures, tracks increase of risk due to external influence, and measures success of the vulnerability reduction program''. Process control and Supervisory Control and Data Acquisition (SCADA) systems, with their reliance on proprietary networks and hardware, have long been considered immune to the network attacks that have wreaked so much havoc on corporate information systems. New research indicates this confidence is misplaced--the move to open standards such as Ethernet, Transmission Control Protocol/Internet Protocol, and Web technologies is allowing hackers to take advantage of the control industry's unawareness. Much of the available information about cyber incidents represents a characterization as opposed to an analysis of events. The lack of good analyses reflects an overall weakness in reporting requirements as well as the fact that to date there have been very few serious cyber attacks on control systems. Most companies prefer not to share cyber attack incident data because of potential financial repercussions. Uniform reporting requirements will do much to make this information available to Department of Homeland Security (DHS) and others who require it. This report summarizes the rise in frequency of cyber attacks, describes the perpetrators, and identifies the means of attack. This type of analysis, when used in conjunction with vulnerability analyses, can be used to support a proactive approach to prevent cyber attacks. CSSC will use this document to evolve a standardized approach to incident reporting and analysis. This document will be updated as needed to record additional event analyses and insights regarding incident reporting. This report represents 120 cyber security incidents documented in a number of sources, including: the British Columbia Institute of Technology (BCIT) Industrial Security Incident Database, the 2003 CSI/FBI Computer Crime and Security Survey, the KEMA, Inc., Database, Lawrence Livermore National Laboratory, the Energy Incident Database, the INL Cyber Incident Database, and other open-source data. The National Memorial Institute for the Prevention of Terrorism (MIPT) database was also interrogated but, interestingly, failed to yield any cyber attack incidents. The results of this evaluation indicate that historical evidence provides insight into control system related incidents or failures; however, that the limited available information provides little support to future risk estimates. The documented case history shows that activity has increased significantly since 1988. The majority of incidents come from the Internet by way of opportunistic viruses, Trojans, and worms, but a surprisingly large number are directed acts of sabotage. A substantial number of confirmed, unconfirmed, and potential events that directly or potentially impact control systems worldwide are also identified. Twelve selected cyber incidents are presented at the end of this report as examples of the documented case studies (see Appendix B).« less

Real Time Big Data Analytics for Predicting Terrorist Incidents

ERIC Educational Resources Information Center

Toure, Ibrahim

2017-01-01

Terrorism is a complex and evolving phenomenon. In the past few decades, we have witnessed an increase in the number of terrorist incidents in the world. The security and stability of many countries is threatened by terrorist groups. Perpetrators now use sophisticated weapons and the attacks are more and more lethal. Currently, terrorist incidents…

Information security : is your information safe?

DOT National Transportation Integrated Search

1999-01-01

This article characterizes the problem of cyber-terrorism, outlines the Federal government's response to several security-related concerns, and describes the Volpe Center's critical support to this response. The possibility of catastrophic terrorist ...

A national survey of stress reactions after the September 11, 2001, terrorist attacks.

PubMed

Schuster, M A; Stein, B D; Jaycox, L; Collins, R L; Marshall, G N; Elliott, M N; Zhou, A J; Kanouse, D E; Morrison, J L; Berry, S H

2001-11-15

People who are not present at a traumatic event may also experience stress reactions. We assessed the immediate mental health effects of the terrorist attacks on September 11, 2001. Using random-digit dialing three to five days after September 11, we interviewed a nationally representative sample of 569 U.S. adults about their reactions to the terrorist attacks and their perceptions of their children's reactions. Forty-four percent of the adults reported one or more substantial stress symptoms; 91 percent had one or more symptoms to at least some degree. Respondents throughout the country reported stress syndromes. They coped by talking with others (98 percent), turning to religion (90 percent), participating in group activities (60 percent), and making donations (36 percent). Eighty-five percent of parents reported that they or other adults in the household had talked to their children about the attacks for an hour or more; 34 percent restricted their children's television viewing. Thirty-five percent of children had one or more stress symptoms, and 47 percent were worried about their own safety or the safety of loved ones. After the September 11 terrorist attacks, Americans across the country, including children, had substantial symptoms of stress. Even clinicians who practice in regions that are far from the recent attacks should be prepared to assist people with trauma-related symptoms of stress.

A lifespan perspective on terrorism: age differences in trajectories of response to 9/11.

PubMed

Scott, Stacey B; Poulin, Michael J; Silver, Roxane Cohen

2013-05-01

A terrorist attack is an adverse event characterized by both an event-specific stressor and concern about future threats. Little is known about age differences in responses to terrorism. This longitudinal study examined generalized distress, posttraumatic stress responses, and fear of future attacks following the September 11, 2001 (9/11) terrorist attacks among a large U.S. national sample of adults (N = 2,240) aged 18-101 years. Individuals completed Web-based surveys up to 6 times over 3 years post 9/11. Multilevel models revealed different age-related patterns for distress, posttraumatic stress, and ongoing fear of future attacks. Specifically, older age was associated with lower overall levels of general distress, a steeper decline in posttraumatic stress over time, and less change in fear of future terrorist attacks over the 3 years. Understanding age differences in response to the stress of terrorism adds to the growing body of work on age differences in reactions to adversity.

Social Sentiment Sensor in Twitter for Predicting Cyber-Attacks Using ℓ1 Regularization

PubMed Central

Sanchez-Perez, Gabriel; Toscano-Medina, Karina; Martinez-Hernandez, Victor; Olivares-Mercado, Jesus; Sanchez, Victor

2018-01-01

In recent years, online social media information has been the subject of study in several data science fields due to its impact on users as a communication and expression channel. Data gathered from online platforms such as Twitter has the potential to facilitate research over social phenomena based on sentiment analysis, which usually employs Natural Language Processing and Machine Learning techniques to interpret sentimental tendencies related to users’ opinions and make predictions about real events. Cyber-attacks are not isolated from opinion subjectivity on online social networks. Various security attacks are performed by hacker activists motivated by reactions from polemic social events. In this paper, a methodology for tracking social data that can trigger cyber-attacks is developed. Our main contribution lies in the monthly prediction of tweets with content related to security attacks and the incidents detected based on ℓ1 regularization. PMID:29710833

VTAC: virtual terrain assisted impact assessment for cyber attacks

NASA Astrophysics Data System (ADS)

Argauer, Brian J.; Yang, Shanchieh J.

2008-03-01

Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their 'impact' to services and users of the network. A network is modeled as 'virtual terrain' where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC).

Social Sentiment Sensor in Twitter for Predicting Cyber-Attacks Using ℓ₁ Regularization.

PubMed

Hernandez-Suarez, Aldo; Sanchez-Perez, Gabriel; Toscano-Medina, Karina; Martinez-Hernandez, Victor; Perez-Meana, Hector; Olivares-Mercado, Jesus; Sanchez, Victor

2018-04-29

In recent years, online social media information has been the subject of study in several data science fields due to its impact on users as a communication and expression channel. Data gathered from online platforms such as Twitter has the potential to facilitate research over social phenomena based on sentiment analysis, which usually employs Natural Language Processing and Machine Learning techniques to interpret sentimental tendencies related to users’ opinions and make predictions about real events. Cyber-attacks are not isolated from opinion subjectivity on online social networks. Various security attacks are performed by hacker activists motivated by reactions from polemic social events. In this paper, a methodology for tracking social data that can trigger cyber-attacks is developed. Our main contribution lies in the monthly prediction of tweets with content related to security attacks and the incidents detected based on ℓ 1 regularization.

Cyber War Game in Temporal Networks

DTIC Science & Technology

2016-02-09

Boston, Massachusetts 02115, United States of America * jianxi.gao@gmail.com Abstract In a cyber war game where a network is fully distributed and... game with minimum effort. Given the system goal states of attackers and defenders, we study what strategies attackers or defenders can take to reach

High Assurance Control of Cyber-Physical Systems with Application to Unmanned Aircraft Systems

NASA Astrophysics Data System (ADS)

Kwon, Cheolhyeon

With recent progress in the networked embedded control technology, cyber attacks have become one of the major threats to Cyber-Physical Systems (CPSs) due to their close integration of physical processes, computational resources, and communication capabilities. While CPSs have various applications in both military and civilian uses, their on-board automation and communication afford significant advantages over a system without such abilities, but these benefits come at the cost of possible vulnerability to cyber attacks. Traditionally, most cyber security studies in CPSs are mainly based on the computer security perspective, focusing on issues such as the trustworthiness of data flow, without rigorously considering the system's physical processes such as real-time dynamic behaviors. While computer security components are key elements in the hardware/software layer, these methods alone are not sufficient for diagnosing the healthiness of the CPSs' physical behavior. In seeking to address this problem, this research work proposes a control theoretic perspective approach which can accurately represent the interactions between the physical behavior and the logical behavior (computing resources) of the CPS. Then a controls domain aspect is explored extending beyond just the logical process of the CPS to include the underlying physical behavior. This approach will allow the CPS whose physical operations are robust/resilient to the damage caused by cyber attacks, successfully complementing the existing CPS security architecture. It is important to note that traditional fault-tolerant/robust control methods could not be directly applicable to achieve resiliency against malicious cyber attacks which can be designed sophisticatedly to spoof the security/safety monitoring system (note this is different from common faults). Thus, security issues at this layer require different risk management to detect cyber attacks and mitigate their impact within the context of a unified physical and logical process model of the CPS. Specifically, three main tasks are discussed in this presentation: (i) we first investigate diverse granularity of the interactions inside the CPS and propose feasible cyber attack models to characterize the compromised behavior of the CPS with various measures, from its severity to detectability; (ii) based on this risk information, our approach to securing the CPS addresses both monitoring of and high assurance control design against cyber attacks by developing on-line safety assessment and mitigation algorithms; and (iii) by extending the developed theories and methods from a single CPS to multiple CPSs, we examine the security and safety of multi-CPS network that are strongly dependent on the network topology, cooperation protocols between individual CPSs, etc. The effectiveness of the analytical findings is demonstrated and validated with illustrative examples, especially unmanned aircraft system (UAS) applications.

Attention and Memory in School-Age Children Surviving the Terrorist Attack in Beslan, Russia

ERIC Educational Resources Information Center

Scrimin, Sara; Moscardino, Ughetta; Capello, Fabia; Axia, Giovanna

2009-01-01

Little is known about the impact of terrorism on children's cognitive functioning and school learning. The primary purpose of this study was to report on cognitive functioning among school-age children 20 months after a terrorist attack against their school. Participants included 203 directly and indirectly exposed children from Beslan and 100…

The effects of terrorism on teens' perceptions of dying: the new world is riskier than ever.

PubMed

Halpern-Felsher, Bonnie L; Millstein, Susan G

2002-05-01

Adolescents assessed after the September 11, 2001 terrorist attacks perceived the risk of dying from general causes, a tornado, and an earthquake as dramatically higher than did adolescents assessed years before the attacks. Adolescents' heightened perceptions of vulnerability to death extended beyond the terrorist acts, and generalized to unrelated risks.

Parents' Emotion-Related Beliefs and Behaviours in Relation to Children's Coping with the 11 September 2001 Terrorist Attacks

ERIC Educational Resources Information Center

Halberstadt, Amy G.; Thompson, Julie A.; Parker, Alison E.; Dunsmore, Julie C.

2008-01-01

To assess relationships between parental socialization of emotion and children's coping following an intensely emotional event, parents' beliefs and behaviours regarding emotion and children's coping strategies were investigated after a set of terrorist attacks. Parents (n = 51) filled out the Parents' Beliefs about Negative Emotions questionnaire…

Delimiting Democratic Debate: The Fordham Institute's Attack on Democratic Values

ERIC Educational Resources Information Center

Leahey, Christopher R.

2005-01-01

Reflecting on the current debate on how to teach about the terrorist attacks of September 11, 2001, and the subsequent U.S. invasions of Afghanistan and Iraq, this article examines Thomas B. Fordham Institute's Terrorists, Despots, and Democracy: What Our Children Need to Know, one of the several publications produced by the Fordham Institute that…

Cyber for the Middleweight Fighter: Recommendations for Cyberspace Capabilities for the United States Marine Corps

DTIC Science & Technology

2013-02-14

L acts to “provided resources for national and joint kinetic attack requirements.”24 Additionally, the Marine Corps Force Structure Review Group...for unusual system activity and searching for signs of known malware, unlike what is depicted in movies such as Hackers, where opposing cyber...never admitted involvement but the attacks originated in Russia. The FBI code name for the inquiry was Moonlight Maze. 29. Jeffrey Carr, Inside Cyber

The Challenges of Defense Support of Civil Authorities and Homeland Defense in the Cyber Domain

DTIC Science & Technology

2013-05-20

Information Grid ( GIG ) against a cyber attack has taken the forefront in national level discussions. The U.S. homeland’s assumed sanctuary against...other U.S. government agencies and key operators within the private sector to detect, deter, prevent, and thwart exploitation of CIKR and the GIG ...CIKR) and the Global Information Grid ( GIG ) against a cyber attack has taken the forefront in national level discussions. The U.S. homeland’s

Command and Control, Cyber, Communications, Intelligence, Surveillance and Reconnaissance (CRISR) and Cyber Tactical Measures

DTIC Science & Technology

2016-09-01

between U.S. bases and the theater of operations. • Cyber Attack capabilities designed to disrupt U.S. command and control systems and critical...operational area. Key area-denial capabilities include: • Air forces and air defense systems, both fixed and mobile, designed to deny local U.S. air...Precision-guided rockets, artillery, missiles, and mortars (G-RAMM) designed to attack surface targets, including landing forces, with much greater accuracy

Characterization of attacks on public telephone networks

NASA Astrophysics Data System (ADS)

Lorenz, Gary V.; Manes, Gavin W.; Hale, John C.; Marks, Donald; Davis, Kenneth; Shenoi, Sujeet

2001-02-01

The U.S. Public Telephone Network (PTN) is a massively connected distributed information systems, much like the Internet. PTN signaling, transmission and operations functions must be protected from physical and cyber attacks to ensure the reliable delivery of telecommunications services. The increasing convergence of PTNs with wireless communications systems, computer networks and the Internet itself poses serious threats to our nation's telecommunications infrastructure. Legacy technologies and advanced services encumber well-known and as of yet undiscovered vulnerabilities that render them susceptible to cyber attacks. This paper presents a taxonomy of cyber attacks on PTNs in converged environments that synthesizes exploits in computer and communications network domains. The taxonomy provides an opportunity for the systematic exploration of mitigative and preventive strategies, as well as for the identification and classification of emerging threats.

Cyber-Terrorism and Cyber-Crime: There Is a Difference

DTIC Science & Technology

The terms cyber -terrorism and cyber -crime have many varying definitions depending on who is defining them. For example, individuals with expertise in...considerations and, when investigating a cyber -attack, procedural considerations. By examining the strengths and weaknesses of several definitions offered by...national security, law enforcement, industry, law, and scholars, this research constructs a list of parameters to consider when formulating definitions for cyber -terrorism and cyber -crime.

Cyber Power: Attack and Defense Lessons from Land, Sea, and Air Power

DTIC Science & Technology

2011-06-01

over defense for a long time to come. The logical conclusion is that effective electronic and cyber defense are impossible. However, in...air attack with sufficient accuracy and warning time to mount an effective defense. 3 The 1...considering the suddenness of the attack, it is unlikely that the enemy would have time enough to parry the blow effectively either in the air or from the

Establishing a Cyber Warrior Force

DTIC Science & Technology

2004-09-01

Cyber Warfare is widely touted to be the next generation of warfare. As America’s reliance on automated systems and information technology increases...so too does the potential vulnerability to cyber attack. Nation and non-nation states are developing the capability to wage cyber warfare . Historically

Cyber Operations and Cyber Terrorism, Handbook Number 1.02

DTIC Science & Technology

2005-08-15

Quinn, “Teen Hackers Plead Guilty to Stunning Pentagon Attacks,” Reuters, 31 July 1998, 1; available from http://www.geocities.com/ Area51 ...Hackers Plead Guilty to Stunning Pentagon Attacks.” Reuters, 31 July 1998, 1. Available from http://www.geocities.com/ Area51 /Shadowlands/6583

Department of Defense Information Enterprise: Strategic Plan 2010-2012

DTIC Science & Technology

2010-04-01

migrate from circuit-based technology to a converged (voice, video , and data) IP network and UC services environment. Ensure the optimal...Kevin Coleman, “Cyber Attacks on Supply Chain Systems,” Defense Tech, April 15, 2009 8 Lolita C. Baldor, “Federal Web Sites Knocked Out by Cyber Attack

Cyber Attacks and the Legal Justification for an Armed Response

DTIC Science & Technology

2017-05-25

conflict between military forces of any origin.ൟ The definition above applies only to Title 18, Chapter 113B “ Terrorism ,” and is not applicable...beyond the context of terrorism . Applying this definition to cyber attacks outside the context of terrorism will not provide legal justification for

Quantifying Improbability: An Analysis of the Lloyd’s of London Business Blackout Cyber Attack Scenario

DTIC Science & Technology

Scenarios that describe cyber attacks on the electric grid consistently predict significant disruptions to the economy and citizens quality of life...phenomena that deserve further investigation, such as the importance of some individual power plants in influencing the adversarys probability of

How is cyber threat evolving and what do organisations need to consider?

PubMed

Borrett, Martin; Carter, Roger; Wespi, Andreas

Organisations and members of the public are becoming accustomed to the increasing velocity, frequency and variety of cyber-attacks that they have been facing over the last few years. In response to this challenge, it is important to explore what can be done to offer commercial and private users a reliable and functioning environment. This paper discusses how cyber threats might evolve in the future and seeks to explore these threats more fully. Attention is paid to the changing nature of cyber-attackers and their motivations and what this means for organisations. Finally, useful and actionable steps are provided, which practitioners can use to understand how they can start to address the future challenges of cyber security.

Department of Homeland Security

MedlinePlus

... Release Joint Technical Alerts on Malicious North Korean Cyber Activity Today, DHS and FBI released a pair ... María Provide Feedback to DHS Protect Myself from Cyber Attacks Report Cyber Incidents Prepare My Family for ...

Risk assessment for physical and cyber attacks on critical infrastructures.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Smith, Bryan J.; Sholander, Peter E.; Phelan, James M.

2005-08-01

Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements (e.g., hackers turning off alarm systems prior to forced entry). This paper presents a risk assessment methodology that accounts for both physical and cyber security. It also preserves the traditional security paradigm of detect, delay and respond, while accounting for the possibility that a facility may be able to recover from or mitigate the results ofmore » a successful attack before serious consequences occur. The methodology provides a means for ranking those assets most at risk from malevolent attacks. Because the methodology is automated the analyst can also play 'what if with mitigation measures to gain a better understanding of how to best expend resources towards securing the facilities. It is simple enough to be applied to large infrastructure facilities without developing highly complicated models. Finally, it is applicable to facilities with extensive security as well as those that are less well-protected.« less

Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies.

PubMed

Paté-Cornell, M-Elisabeth; Kuypers, Marshall; Smith, Matthew; Keller, Philip

2018-02-01

Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system-based for high-consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward-looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high-consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. © 2017 Society for Risk Analysis.

Cyber situation awareness: modeling detection of cyber attacks with instance-based learning theory.

PubMed

Dutt, Varun; Ahn, Young-Suk; Gonzalez, Cleotilde

2013-06-01

To determine the effects of an adversary's behavior on the defender's accurate and timely detection of network threats. Cyber attacks cause major work disruption. It is important to understand how a defender's behavior (experience and tolerance to threats), as well as adversarial behavior (attack strategy), might impact the detection of threats. In this article, we use cognitive modeling to make predictions regarding these factors. Different model types representing a defender, based on Instance-Based Learning Theory (IBLT), faced different adversarial behaviors. A defender's model was defined by experience of threats: threat-prone (90% threats and 10% nonthreats) and nonthreat-prone (10% threats and 90% nonthreats); and different tolerance levels to threats: risk-averse (model declares a cyber attack after perceiving one threat out of eight total) and risk-seeking (model declares a cyber attack after perceiving seven threats out of eight total). Adversarial behavior is simulated by considering different attack strategies: patient (threats occur late) and impatient (threats occur early). For an impatient strategy, risk-averse models with threat-prone experiences show improved detection compared with risk-seeking models with nonthreat-prone experiences; however, the same is not true for a patient strategy. Based upon model predictions, a defender's prior threat experiences and his or her tolerance to threats are likely to predict detection accuracy; but considering the nature of adversarial behavior is also important. Decision-support tools that consider the role of a defender's experience and tolerance to threats along with the nature of adversarial behavior are likely to improve a defender's overall threat detection.

A cyber-event correlation framework and metrics

NASA Astrophysics Data System (ADS)

Kang, Myong H.; Mayfield, Terry

2003-08-01

In this paper, we propose a cyber-event fusion, correlation, and situation assessment framework that, when instantiated, will allow cyber defenders to better understand the local, regional, and global cyber-situation. This framework, with associated metrics, can be used to guide assessment of our existing cyber-defense capabilities, and to help evaluate the state of cyber-event correlation research and where we must focus our future cyber-event correlation research. The framework, based on the cyber-event gathering activities and analysis functions, consists of five operational steps, each of which provides a richer set of contextual information to support greater situational understanding. The first three steps are categorically depicted as increasingly richer and broader-scoped contexts achieved through correlation activity, while in the final two steps, these richer contexts are achieved through analytical activities (situation assessment, and threat analysis & prediction). Category 1 Correlation focuses on the detection of suspicious activities and the correlation of events from a single cyber-event source. Category 2 Correlation clusters the same or similar events from multiple detectors that are located at close proximity and prioritizes them. Finally, the events from different time periods and event sources at different location/regions are correlated at Category 3 to recognize the relationship among different events. This is the category that focuses on the detection of large-scale and coordinated attacks. The situation assessment step (Category 4) focuses on the assessment of cyber asset damage and the analysis of the impact on missions. The threat analysis and prediction step (Category 5) analyzes attacks based on attack traces and predicts the next steps. Metrics that can distinguish correlation and cyber-situation assessment tools for each category are also proposed.

Psychometrical Assessment and Item Analysis of the General Health Questionnaire in Victims of Terrorism

ERIC Educational Resources Information Center

Delgado-Gomez, David; Lopez-Castroman, Jorge; de Leon-Martinez, Victoria; Baca-Garcia, Enrique; Cabanas-Arrate, Maria Luisa; Sanchez-Gonzalez, Antonio; Aguado, David

2013-01-01

There is a need to assess the psychiatric morbidity that appears as a consequence of terrorist attacks. The General Health Questionnaire (GHQ) has been used to this end, but its psychometric properties have never been evaluated in a population affected by terrorism. A sample of 891 participants included 162 direct victims of terrorist attacks and…

No Evidence of Suicide Increase Following Terrorist Attacks in the United States: An Interrupted Time-Series Analysis of September 11 and Oklahoma City

ERIC Educational Resources Information Center

Pridemore, William Alex; Trahan, Adam; Chamlin, Mitchell B.

2009-01-01

There is substantial evidence of detrimental psychological sequelae following disasters, including terrorist attacks. The effect of these events on extreme responses such as suicide, however, is unclear. We tested competing hypotheses about such effects by employing autoregressive integrated moving average techniques to model the impact of…

U.S. Overseas Military Presence: What Are the Strategic Choices?

DTIC Science & Technology

2012-01-01

influence in key regions • dissuade military competition and arms races • protect Americans from terrorist attacks • restrict the flow of illegal trade ...1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no...Terrorist Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Restrict Flow of Illegal Trade and Ensure Flow of Commerce

Using Reputation Based Trust to Overcome Malfunctions and Malicious Failures in Electric Power Protection Systems

DTIC Science & Technology

2011-09-01

concert with a physical attack. Additionally, the importance of preventive measures implemented by a social human network to counteract a cyber attack...integrity of the data stored on specific computers. This coordinated cyber attack would have been successful if not for the trusted social network...established by Mr. Hillar Aarelaid, head of the Estonian computer 6 emergency response team (CERT). This social network consisted of Mr. Hillar Aarelaid

Assessing the Risk of Catastrophic Cyber Attack: Lessons from the Electromagnetic Pulse Commission

DTIC Science & Technology

2015-04-15

need to address whether it would do so? Fourth, the question of consequences must include not only the direct effects of any attack but also potential...inform cyber consequence assessments. Sixth, EMP effects are difficult to characterize but ultimately are knowable at the device level. The effects ...that the approach the EMP Commission used to assess the likelihood and consequences of EMP attacks could provide useful lessons for analysts grappling

Chemical terrorism for the intensivist.

PubMed

Chalela, Julio A; Burnett, Thomas

2012-05-01

The use of chemical agents for terrorist attacks or military warfare is a major concern at the present time. Chemical agents can cause significant morbidity, are relatively inexpensive, and are easy to store and use. Weaponization of chemical agents is only limited by the physicochemical properties of some agents. Recent incidents involving toxic industrial chemicals and chemical terrorist attacks indicate that critical care services are frequently utilized. For obvious reasons, the critical care literature on chemical terrorism is scarce. This article reviews the clinical aspects of diagnosing and treating victims of chemical terrorism while emphasizing the critical care management. The intensivist needs to be familiar with the chemical agents that could be used in a terrorist attack. The military classification divides agents into lung agents, blood agents, vesicants, and nerve agents. Supportive critical care is the cornerstone of treatment for most casualties, and dramatic recovery can occur in many cases. Specific antidotes are available for some agents, but even without the antidote, aggressive intensive care support can lead to favorable outcome in many cases. Critical care and emergency services can be overwhelmed by a terrorist attack as many exposed but not ill will seek care.

Terrorism in Canada.

PubMed

Kollek, Daniel

2003-01-01

This paper reviews terrorism in Canada, assessing the incidence and nature of terrorist activity, the potential targets of terrorist attacks, risk factors to Canadian nationals and institutions, and the responses of the Canadian government in dealing with the threat and the effectiveness of those responses. Despite the fact that there have been no recent high-profile terrorist events in Canada, this country has a serious terrorism problem, the key manifestation of which is the multitude of terrorist organizations that have designated Canada as a base of operations. In addition, Canadians have been attacked overseas and Canadian organizations, both local and abroad, are potential targets of terrorist activity. Canadian attempts to deal with terrorism through foreign and domestic policy have been ineffective, primarily because the policies have been poorly enforced. Until recently, terrorist organizations legally could raise funds in Canada, in direct contravention of international treaties signed by Canada. It is possible that the ineffectiveness in enforcing the anti-terrorism legislation stems from hope that placating terrorist organizations, and the countries that support them, will prevent Canada from becoming a target. Unfortunately evidence from other countries has shown this strategy to be ineffective.

An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chu, Tsong-Lun; Varuttamaseni, Athi; Baek, Joo-Seok

This paper provides an approach for developing potential attacks on I and C systems of NPPs and assessing their consequences. An important concept is that the NPPs were not designed to cope with Stuxnet-type of attacks (and any other cyber attacks). That is, the plants were only designed for design basis accidents. The safety margins and redundancies built in the design are all based on design basis accidents. They may be helpful in mitigating cyberattacks, but may not be adequate.

Quantifying Mixed Uncertainties in Cyber Attacker Payoffs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chatterjee, Samrat; Halappanavar, Mahantesh; Tipireddy, Ramakrishna

Representation and propagation of uncertainty in cyber attacker payoffs is a key aspect of security games. Past research has primarily focused on representing the defender’s beliefs about attacker payoffs as point utility estimates. More recently, within the physical security domain, attacker payoff uncertainties have been represented as Uniform and Gaussian probability distributions, and intervals. Within cyber-settings, continuous probability distributions may still be appropriate for addressing statistical (aleatory) uncertainties where the defender may assume that the attacker’s payoffs differ over time. However, systematic (epistemic) uncertainties may exist, where the defender may not have sufficient knowledge or there is insufficient information aboutmore » the attacker’s payoff generation mechanism. Such epistemic uncertainties are more suitably represented as probability boxes with intervals. In this study, we explore the mathematical treatment of such mixed payoff uncertainties.« less

Protecting against cyber threats in networked information systems

NASA Astrophysics Data System (ADS)

Ertoz, Levent; Lazarevic, Aleksandar; Eilertson, Eric; Tan, Pang-Ning; Dokas, Paul; Kumar, Vipin; Srivastava, Jaideep

2003-07-01

This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT.

Psychopathological consequences after a terrorist attack: an epidemiological study among victims, the general population, and police officers.

PubMed

Gabriel, Rafael; Ferrando, Laura; Cortón, Enrique Sainz; Mingote, Carlos; García-Camba, Eduardo; Liria, Alberto Fernández; Galea, Sandro

2007-09-01

To assess the prevalence and correlates of post-traumatic stress disorder (PTSD), major depression and anxiety disorders other than PTSD, among three samples with different level of exposure to the March 11, 2004 terrorist attacks in Madrid. We sampled three groups of persons-those injured in the attacks, the residents of Alcala de Henares, and police officers involved with the rescue effort-with different exposure to the March 11, 2004 terrorist attacks, using random sampling from comprehensive censuses of all three groups. In person interviews were conducted with all three groups between 5 and 12 weeks after March 11, 2004. Questionnaire included assessment of socio-demographic characteristics, of PTSD using the Davidson trauma scale, and of a range of psychiatric illnesses using the mini international neuropsychiatric interview (MINI). The overall sample included 127 persons injured in the attack, 485 residents of Alcalá de Henares, and 153 policemen involved in rescue. Of all three groups 57.5%, 25.9% and 3.9% of persons, respectively, reported symptoms consistent with any assessed psychiatric disorder. The use of psychoactive medication before March 11, 2004 was consistently the main predictor of PTSD and major depression among those injured and of major depression and anxiety disorders others than PTSD among residents of Alcala. There was a substantial burden of psychological consequences of the March 11, 2004 terrorist attacks two months after the event. Persons with prior mental illness are at higher risk of post-event psychopathology, across groups of exposure.

Mitigating Higher Ed Cyber Attacks

ERIC Educational Resources Information Center

Rogers, Gary; Ashford, Tina

2015-01-01

In this presentation we will discuss the many and varied cyber attacks that have recently occurred in the higher ed community. We will discuss the perpetrators, the victims, the impact and how these institutions have evolved to meet this threat. Mitigation techniques and defense strategies will be covered as will a discussion of effective security…

Nodes and Codes: The Reality of Cyber Warfare

DTIC Science & Technology

2012-05-17

Nodes and Codes explores the reality of cyber warfare through the story of Stuxnet, a string of weaponized code that reached through a domain...nodes. Stuxnet served as a proof-of-concept for cyber weapons and provided a comparative laboratory to study the reality of cyber warfare from the...military powers most often associated with advanced, offensive cyber attack capabilities. The reality of cyber warfare holds significant operational

Toward a theoretical framework for trustworthy cyber sensing

NASA Astrophysics Data System (ADS)

Xu, Shouhuai

2010-04-01

Cyberspace is an indispensable part of the economy and society, but has been "polluted" with many compromised computers that can be abused to launch further attacks against the others. Since it is likely that there always are compromised computers, it is important to be aware of the (dynamic) cyber security-related situation, which is however challenging because cyberspace is an extremely large-scale complex system. Our project aims to investigate a theoretical framework for trustworthy cyber sensing. With the perspective of treating cyberspace as a large-scale complex system, the core question we aim to address is: What would be a competent theoretical (mathematical and algorithmic) framework for designing, analyzing, deploying, managing, and adapting cyber sensor systems so as to provide trustworthy information or input to the higher layer of cyber situation-awareness management, even in the presence of sophisticated malicious attacks against the cyber sensor systems?

Temporal Cyber Attack Detection.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ingram, Joey Burton; Draelos, Timothy J.; Galiardi, Meghan

Rigorous characterization of the performance and generalization ability of cyber defense systems is extremely difficult, making it hard to gauge uncertainty, and thus, confidence. This difficulty largely stems from a lack of labeled attack data that fully explores the potential adversarial space. Currently, performance of cyber defense systems is typically evaluated in a qualitative manner by manually inspecting the results of the system on live data and adjusting as needed. Additionally, machine learning has shown promise in deriving models that automatically learn indicators of compromise that are more robust than analyst-derived detectors. However, to generate these models, most algorithms requiremore » large amounts of labeled data (i.e., examples of attacks). Algorithms that do not require annotated data to derive models are similarly at a disadvantage, because labeled data is still necessary when evaluating performance. In this work, we explore the use of temporal generative models to learn cyber attack graph representations and automatically generate data for experimentation and evaluation. Training and evaluating cyber systems and machine learning models requires significant, annotated data, which is typically collected and labeled by hand for one-off experiments. Automatically generating such data helps derive/evaluate detection models and ensures reproducibility of results. Experimentally, we demonstrate the efficacy of generative sequence analysis techniques on learning the structure of attack graphs, based on a realistic example. These derived models can then be used to generate more data. Additionally, we provide a roadmap for future research efforts in this area.« less

Security Informatics Research Challenges for Mitigating Cyber Friendly Fire

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carroll, Thomas E.; Greitzer, Frank L.; Roberts, Adam D.

This paper addresses cognitive implications and research needs surrounding the problem of cyber friendly re (FF). We dene cyber FF as intentional o*ensive or defensive cyber/electronic actions intended to protect cyber systems against enemy forces or to attack enemy cyber systems, which unintentionally harms the mission e*ectiveness of friendly or neutral forces. We describe examples of cyber FF and discuss how it ts within a general conceptual framework for cyber security failures. Because it involves human failure, cyber FF may be considered to belong to a sub-class of cyber security failures characterized as unintentional insider threats. Cyber FF is closelymore » related to combat friendly re in that maintaining situation awareness (SA) is paramount to avoiding unintended consequences. Cyber SA concerns knowledge of a system's topology (connectedness and relationships of the nodes in a system), and critical knowledge elements such as the characteristics and vulnerabilities of the components that comprise the system and its nodes, the nature of the activities or work performed, and the available defensive and o*ensive countermeasures that may be applied to thwart network attacks. We describe a test bed designed to support empirical research on factors a*ecting cyber FF. Finally, we discuss mitigation strategies to combat cyber FF, including both training concepts and suggestions for decision aids and visualization approaches.« less

Family Therapy of Terroristic Trauma: Psychological Syndromes and Treatment Strategies.

ERIC Educational Resources Information Center

Miller, Laurence

2003-01-01

Reviews pertinent literature on terroristic trauma and combines this information with the author's experience in treating adults, children, and family victims and survivors of recent terrorist attacks. Describes the psychological syndromes resulting from terrorism and discusses the relevant individual and family therapy modalities for treating…

Cyber secure systems approach for NPP digital control systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCreary, T. J.; Hsu, A.

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant andmore » distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

Tokyo terror and chemical arms control

DOE Office of Scientific and Technical Information (OSTI.GOV)

Keeny, S.M. Jr.

The nerve gas attack in the Tokyo subway underscores the extreme vulnerability of urban society to terrorist attacks. The best defense is improved intelligence of potential terrorists and domestic laws permitting pre-emptive action when there is probable cause. If the 1993 Chemical Weapons Convention (CWC) were in force, all 159 signatories would be required to have such laws. The author examies the threat and provides some political insights.

Exposure to 911 among Youth and Their Mothers in New York City: Enduring Associations with Mental Health and Sociopolitical Attitudes

ERIC Educational Resources Information Center

Gershoff, Elizabeth T.; Aber, J. Lawrence; Ware, Angelica; Kotler, Jennifer A.

2010-01-01

The enduring impact of exposure to the 911 terrorist attacks on mental health and sociopolitical attitudes was examined in a sample of 427 adolescents (M = 16.20 years) and their mothers residing in New York City. Direct exposure to the terrorist attack was associated with youth depression symptoms and with mothers' posttraumatic stress disorder…

Analysis of Protection Measures for Naval Vessels Berthed at Harbor Against Terrorist Attacks

DTIC Science & Technology

2016-06-01

NAVAL POSTGRADUATE SCHOOL MONTEREY, CALIFORNIA THESIS Approved for public release; distribution is unlimited ANALYSIS OF...2016 3. REPORT TYPE AND DATES COVERED Master’s thesis 4. TITLE AND SUBTITLE ANALYSIS OF PROTECTION MEASURES FOR NAVAL VESSELS BERTHED AT HARBOR... ANALYSIS OF PROTECTION MEASURES FOR NAVAL VESSELS BERTHED AT HARBOR AGAINST TERRORIST ATTACKS Raja I. Sikandar Lieutenant Commander, Pakistan Navy

The Reporting of the September 11th Terrorist Attacks in American Social Studies Textbooks: A Muslim Perspective

ERIC Educational Resources Information Center

Saleem, Mohammed M.; Thomas, Michael K.

2011-01-01

This study analyzes the reporting of the September 11th terrorist attacks in social studies textbooks from a Muslim perspective and reports on findings from a study of the responses of American Muslim children to the treatment of the events of September 11th in social studies textbooks. Constructivist grounded theory was used to centralize the…

Classroom Communication and National Crises: Student Information Needs in the Aftermath of the 2001 Terrorist Attacks on the United States

ERIC Educational Resources Information Center

Ulmer, Robert R.; Hemphill, Michael R.

2007-01-01

Little is known about students' reactions to their university's attempt to manage their informational and emotional needs during a time of national crisis. A survey of students immediately following the 2001 terrorist attacks on the United States found that students wanted the university to stay open and function as a place for sense making…

Cyber attacks against state estimation in power systems: Vulnerability analysis and protection strategies

NASA Astrophysics Data System (ADS)

Liu, Xuan

Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to separate the power grid into several subnetworks, then distributed protection strategy is applied to each subnetwork.

Homeland Security and the Private Sector : a CBO Paper

DTIC Science & Technology

2004-12-01

private sector and the nation as a whole that would underlie the expected costs of terrorist attacks and, hence, the broader benefits of security. This paper focuses on those industries for which the expected human and economic losses from a terrorist attack would be highest -- the country’s critical infrastructure. The analysis more narrowly focuses on those industries that reside largely in the private sector and for which an attack could lead to a direct loss of life. The paper also reviews the incentives for private actions to limit

Command and Control of the Department of Defense in Cyberspace

DTIC Science & Technology

2011-03-24

superiority are also unclassified and constantly probed by intruders and cyber criminals .5 To secure and defend our nation from cyber attacks and conduct...USCYBERCOM to use both offensive and defensive cyber weapons and the tools necessary to hunt down cyber criminals based on rule of law and the legal

The Cyber Defense Review. Volume 1, Number 1, Spring 2016

DTIC Science & Technology

2016-04-20

in the Land and Cyber Domains Lieutenant General Edward C. Cardon The U.S. Navy’s Evolving Cyber/ Cybersecurity Story Rear Admiral Nancy Norton...Olav Lysne Cyber Situational Awareness Maj. Gen. Earl D. Matthews, USAF, Ret Dr. Harold J. Arata III Mr. Brian L. Hale Is There a Cybersecurity ...Kallberg The Decision to Attack: Military and Intelligence Cyber Decision-Making by Dr. Aaron F. Brantly The Cyber Defense Review

On Cyber Warfare Command and Control Systems

DTIC Science & Technology

2004-06-01

longer adequate to rely solely on the now traditional defense-in-depth strategy. We must recognize that we are engaged in a form of warfare, cyber warfare , and... warfare . This causes security devices to be used ineffectively and responses to be untimely. Cyber warfare then becomes a one-sided battle where the... cyber warfare strategy and tactics requires a cyber warfare command and control system. Responses to cyber attacks do not require offensive measures

Proximal detection of energetic materials on fabrics by UV-Raman spectroscopy

NASA Astrophysics Data System (ADS)

Chirico, R.; Almaviva, S.; Colao, F.; Fiorani, L.; Nuvoli, M.; Schweikert, W.; Schnürer, F.; Cassioli, L.; Grossi, S.; Mariani, L.; Angelini, F.; Menicucci, I.; Palucci, A.

2014-05-01

In the last decades there have been several terroristic attacks with improvised explosive devices (IED) that have raised the need for new instrumentation, for homeland security applications, to obtain a reliable and effective fight against terrorism. Public transportation has been around for about 150 years, but terroristic attacks against buses, trains, subways, etc., is a relatively recent phenomenon [1]. Since 1970, transportation has been an increasingly attractive target for terrorists. Most of the attacks to transport infrastructures take place in countries where public transportation is the primary way to move. Terrorists prefer to execute a smaller-scale attack with certainty of success rather than a complex and demanding operation to cause massive death and destruction. [1]. Many commonly available materials, such as fertilizer, gunpowder, and hydrogen peroxide, can be used as explosives and other materials, such as nails, glass, or metal fragments, can be used to increase the amount of shrapnel propelled by the explosion. The majority of substances that are classified as chemical explosives generally contain oxygen, nitrogen and oxidable elements such as carbon and hydrogen [2]. The most common functional group in military explosives is NO2. That functionality can be attached to oxygen (ONO2) in the nitrate esters (PETN), to carbon (C-NO2) in the nitroarenes (TNT) and nitroalkanes (Nitromethane), and to nitrogen (N-NO2) as in the nitramines (RDX). Some organic peroxides, such as TATP and HMTD, are popular amongst terrorists because they are powerful initiators that can be easily prepared from easily available ingredients. Azides are also powerful primary explosives commonly used as initiators (commercial detonators) in civilian and military operations, therefore they could be potentially used by terrorists as initiators for IEDs.

Cyberspace Superiority: Dominating the Digital Frontier

DTIC Science & Technology

2014-01-01

2009/07/137_48261.html. 9 Lolita Baldor, “White House among targets of cyber attack: Other targets included NSA, Homeland Security and State...attackers appeared not to get the results for 10 Lolita Baldor, "White House among targets of cyber...Communications Commission (KCC) order service providers to deny access to 30,000 13 Lolita Baldor, "US

Resilient control of cyber-physical systems against intelligent attacker: a hierarchal stackelberg game approach

NASA Astrophysics Data System (ADS)

Yuan, Yuan; Sun, Fuchun; Liu, Huaping

2016-07-01

This paper is concerned with the resilient control under denial-of-service attack launched by the intelligent attacker. The resilient control system is modelled as a multi-stage hierarchical game with a corresponding hierarchy of decisions made at cyber and physical layer, respectively. Specifically, the interaction in the cyber layer between different security agents is modelled as a static infinite Stackelberg game, while in the underlying physical layer the full-information H∞ minimax control with package drops is modelled as a different Stackelberg game. Both games are solved sequentially, which is consistent with the actual situations. Finally, the proposed method is applied to the load frequency control of the power system, which demonstrates its effectiveness.

Fear of Terrorism in New York After the September 11 Terrorist Attacks: Implications for Emergency Mental Health and Preparedness

PubMed Central

Boscarino, Joseph A.; Figley, Charles R.; Adams, Richard E.

2009-01-01

To examine the public’s response to future terrorist attacks, we surveyed 1,001 New Yorkers in the community one year after the September 11 attacks. Overall, New Yorkers were very concerned about future terrorist attacks and also concerned about attacks involving biological or nuclear weapons. In addition, while most New Yorkers reported that if a biological or nuclear attack occurred they would evaluate available information before evacuating, a significant number reported they would immediately evacuate, regardless of police or public health communications to the contrary. The level of public concern was significantly higher on all measures among New York City and Long Island residents (downstate) compared to the rest of the state. A model predicting higher fear of terrorism indicated that downstate residents, women, those 45 to 64 years old, African Americans and Hispanics, those with less education/income, and those more likely to flee, were more fearful of future attacks. In addition, making disaster preparations and carefully evaluating emergency information also predicted a higher level of fear as well. A second model predicting who would flee suggested that those more likely to evaluate available information were less likely to immediately evacuate, while those with a higher fear of future attacks were more likely to flee the area. Given these findings and the possibility of future attacks, mental health professionals need to be more involved in preparedness efforts, especially related to the psychological impact of attacks involving weapons of mass destruction. PMID:14730761

Fear of terrorism in New York after the September 11 terrorist attacks: implications for emergency mental health and preparedness.

PubMed

Boscarino, Joseph A; Figley, Charles R; Adams, Richard E

2003-01-01

To examine the public's response to future terrorist attacks, we surveyed 1,001 New Yorkers in the community one year after the September 11 attacks. Overall, New Yorkers were very concerned about future terrorist attacks and also concerned about attacks involving biological or nuclear weapons. In addition, while most New Yorkers reported that if a biological or nuclear attack occurred they would evaluate available information before evacuating, a significant number reported they would immediately evacuate, regardless of police or public health communications to the contrary. The level of public concern was significantly higher on all measures among New York City and Long Island residents (downstate) compared to the rest of the state. A model predicting higher fear of terrorism indicated that downstate residents, women, those 45 to 64 years old, African Americans and Hispanics, those with less education/income, and those more likely to flee, were more fearful of future attacks. In addition, making disaster preparations and carefully evaluating emergency information also predicted a higher level of fear as well. A second model predicting who would flee suggested that those more likely to evaluate available information were less likely to immediately evacuate, while those with a higher fear of future attacks were more likely to flee the area. Given these findings and the possibility of future attacks, mental health professionals need to be more involved in preparedness efforts, especially related to the psychological impact of attacks involving weapons of mass destruction.

[Civilian massacre in Banija: Kraljevcani and Pecki, 14-16 March 1991].

PubMed

Kovacević, S; Judas, M; Marusić, A

1991-01-01

On 14 and 16 August 1991, Serbian terrorists attacked two villages near Petrinja in the Banija region. The village of Kraljevcani was attacked on 14 August, when the terrorists killed five older villagers, 3 women and 2 men who stayed in the village to watch the livestock and the houses. The women were killed by automatic rifle fire and grenades, and the bodies of the two men were blown up by a hand rocket-launcher projectiles. On 16 August 1991, Serbian terrorists captured four villagers from Pecki, who came to the deserted village to feed the livestock left after the inhabitants fled from the terrorists. The forensic medical expertise revealed that they were first wounded by rifle fire, then tortured and finally executed by hand axes and bayonets.

Mediating the social and psychological impacts of terrorist attacks: the role of risk perception and risk communication.

PubMed

Rogers, M Brooke; Amlôt, Richard; Rubin, G James; Wessely, Simon; Krieger, Kristian

2007-06-01

The public's understanding of chemical, biological, radiological and nuclear (CBRN) related issues and their likely actions following a CBRN incident is an issue of great concern, as public psychological and behavioural responses will help determine subsequent morbidity and mortality rates. This paper explores the role of effective government communication with the public and its role in mediating the social and psychological impact of terrorist attacks. We examine the importance of effective communication in reducing morbidity and mortality in the event of a terrorist attack and explore the impact of risk perceptions in determining the success or failure of risk communication strategies. This includes the examination of the role of fear as a health risk, and the identification of factors relevant to public trust in risk communication. Finally, an investigation of the type of information desired by members of the public leads the authors to make risk communication recommendations targeted at the promotion of more adaptive behaviours in response to CBRN attacks.

Cyber Warfare: Protecting Military Systems

DTIC Science & Technology

2000-01-01

Software is a key component in nearly every critical system used by the Department of Defense. Attacking the software in a system- cyber warfare - is a...revolutionary method of pursuing war. This article describes various cyber warfare approaches and suggests methods to counter them.

Understanding the dynamics of terrorism events with multiple-discipline datasets and machine learning approach

PubMed Central

Ding, Fangyu; Ge, Quansheng; Fu, Jingying; Hao, Mengmeng

2017-01-01

Terror events can cause profound consequences for the whole society. Finding out the regularity of terrorist attacks has important meaning for the global counter-terrorism strategy. In the present study, we demonstrate a novel method using relatively popular and robust machine learning methods to simulate the risk of terrorist attacks at a global scale based on multiple resources, long time series and globally distributed datasets. Historical data from 1970 to 2015 was adopted to train and evaluate machine learning models. The model performed fairly well in predicting the places where terror events might occur in 2015, with a success rate of 96.6%. Moreover, it is noteworthy that the model with optimized tuning parameter values successfully predicted 2,037 terrorism event locations where a terrorist attack had never happened before. PMID:28591138

Understanding the dynamics of terrorism events with multiple-discipline datasets and machine learning approach.

PubMed

Ding, Fangyu; Ge, Quansheng; Jiang, Dong; Fu, Jingying; Hao, Mengmeng

2017-01-01

Terror events can cause profound consequences for the whole society. Finding out the regularity of terrorist attacks has important meaning for the global counter-terrorism strategy. In the present study, we demonstrate a novel method using relatively popular and robust machine learning methods to simulate the risk of terrorist attacks at a global scale based on multiple resources, long time series and globally distributed datasets. Historical data from 1970 to 2015 was adopted to train and evaluate machine learning models. The model performed fairly well in predicting the places where terror events might occur in 2015, with a success rate of 96.6%. Moreover, it is noteworthy that the model with optimized tuning parameter values successfully predicted 2,037 terrorism event locations where a terrorist attack had never happened before.

No evidence of suicide increase following terrorist attacks in the United States: an interrupted time-series analysis of September 11 and Oklahoma City.

PubMed

Pridemore, William Alex; Trahan, Adam; Chamlin, Mitchell B

2009-12-01

There is substantial evidence of detrimental psychological sequelae following disasters, including terrorist attacks. The effect of these events on extreme responses such as suicide, however, is unclear. We tested competing hypotheses about such effects by employing autoregressive integrated moving average techniques to model the impact of September 11 and the Oklahoma City bombing on monthly suicide counts at the local, state, and national level. Unlike prior studies that provided conflicting evidence, rigorous time series techniques revealed no support for an increase or decrease in suicides following these events. We conclude that while terrorist attacks produce subsequent psychological morbidity and may affect self and collective efficacy well beyond their immediate impact, these effects are not strong enough to influence levels of suicide mortality.

Developing the Cyber Victimization Experiences and Cyberbullying Behaviors Scales.

PubMed

Betts, Lucy R; Spenser, Karin A

2017-01-01

The reported prevalence rates of cyber victimization experiences and cyberbullying behaviors vary. Part of this variation is likely due to the diverse definitions and operationalizations of the constructs adopted in previous research and the lack of psychometrically robust measures. Through 2 studies, the authors developed (Study 1) and evaluated (Study 2) the cyber victimization experiences and cyberbullying behaviors scales. Participants in Study 1 were 393 (122 boys, 171 girls) and in Study 2 were 345 (153 boys, 192 girls) 11-15-year-olds who completed measures of cyber victimization experiences, cyberbullying behaviors, face-to-face victimization experiences, face-to-face bullying behaviors, and social desirability. The 3-factor cyber victimization experiences scale comprised threat, shared images, and personal attack. The 3-factor cyberbullying behaviors scale comprised sharing images, gossip, and personal attack. Both scales demonstrated acceptable internal consistency and convergent validity.

Reactions of Oklahoma City bombing survivors to media coverage of the September 11, 2001, attacks.

PubMed

Pfefferbaum, Betty; Nitiéma, Pascal; Pfefferbaum, Rose L; Houston, J Brian; Tucker, Phebe; Jeon-Slaughter, Haekyung; North, Carol S

2016-02-01

This study explored the effects of media coverage of a terrorist incident in individuals remote from the location of a major attack who had directly experienced a prior terrorist incident. Directly-exposed survivors of the 1995 Oklahoma City bombing, initially studied six months after the incident, and indirectly-affected Oklahoma City community residents were assessed two to seven months after the September 11, 2001, attacks. Survivors were assessed for a diagnosis of bombing-related posttraumatic stress disorder (PTSD) at index and follow up, and emotional reactions and September 11 media behavior were assessed in all participants. Among the three investigated forms of media (television, radio, and newspaper), only television viewing was associated with 9/11-related posttraumatic stress reactions. Exposure to the Oklahoma City bombing was associated with greater arousal in relation to the September 11 attacks, and among survivors, having developed bombing-related PTSD was associated with higher scores on all three September 11 posttraumatic stress response clusters (intrusion, avoidance, and arousal). Although time spent watching television coverage of the September 11 attacks and fear-related discontinuation of media contact were not associated with Oklahoma City bombing exposure, discontinuing September 11 media contact due to fear was associated with avoidance/numbing in the full sample and in the analysis restricted to the bombing survivors. Surviving a prior terrorist incident and developing PTSD in relation to that incident may predispose individuals to adverse reactions to media coverage of a future terrorist attack. Copyright © 2015 Elsevier Inc. All rights reserved.

Strengthening Hospital Surge Capacity in the Event of Explosive or Chemical Terrorist Attacks

DTIC Science & Technology

2009-03-01

the hospital and have 202 S . Einav, Z. Feigenberg, C. Weissman, D. Zolchik, G. Caspi, D. Kotler... S . Fertel, B. Lackey, M. Marr, and B. P. Dreyer. “Overcoming Legal Obstacles involving the Voluntary Care of Children Who are Separated from their... HOSPITAL SURGE CAPACITY IN THE EVENT OF EXPLOSIVE OR CHEMICAL TERRORIST ATTACKS by Joan McInerney March 2009 Thesis Advisor: Anke Richter

[Stories and drawings by children after the 2015 terrorist attacks in Paris].

PubMed

Poget, Marc; Bouaziz, Nora; Apter, Gisèle

2016-01-01

Through the stories and drawings of children in a medical-psychological centre, it is possible to explore their psychological representations of the terrorist attacks which took place in Paris in January 2015. This work highlights the need to rethink the methods of care provided to these children in order to adapt them to their specific needs. Copyright © 2016 Elsevier Masson SAS. All rights reserved.

Final LDRD Report: Using Linkography of Cyber Attack Patterns to Inform Honeytoken Placement.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mitchell, Robert; Jarocki, John Charles; Fisher, Andrew N

The war to establish cyber supremacy continues, and the literature is crowded with strictly technical cyber security measures. We present the results of a three year LDRD project using Linkography, a methodology new to the field of cyber security, we establish the foundation neces- sary to track and profile the microbehavior of humans attacking cyber systems. We also propose ways to leverage this understanding to influence and deceive these attackers. We studied the sci- ence of linkography, applied it to the cyber security domain, implemented a software package to manage linkographs, generated the preprocessing blocks necessary to ingest raw data,more » produced machine learning models, created ontology refinement algorithms and prototyped a web applica- tion for researchers and practitioners to apply linkography. Machine learning produced some of our key results: We trained and validated multinomial classifiers with a real world data set and predicted the attacker's next category of action with 86 to 98% accuracy; dimension reduction techniques indicated that the linkography-based features were among the most powerful. We also discovered ontology refinement algorithms that advanced the state of the art in linkography in general and cyber security in particular. We conclude that linkography is a viable tool for cyber security; we look forward to expanding our work to other data sources and using our prediction results to enable adversary deception techniques. Acknowledgements Thanks to Phil Bennett, Michael Bernard, Jeffrey Bigg, Marshall Daniels, Tyler Dean, David Dug- gan, Carson Kent, Josh Maine, Marci McBride, Nick Peterson, Katie Rodhouse, Asael Sorenson, Roger Suppona, Scott Watson and David Zage. We acknowledge support for this work by the LDRD Program at Sandia National Laboratories. Sandia National Laboratories is a multi-mission laboratory operated by Sandia Corporation for the United States Department of Energy's National Nuclear Security Administration under Contract DE-AC04-94AL85000. This page intentionally left blank.« less

Construction of a Cyber Attack Model for Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert

The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missedmore » if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.« less

75 FR 35508 - Draft Regulatory Guide: Issuance, Availability

Federal Register 2010, 2011, 2012, 2013, 2014

2010-06-22

... Systems and Networks,'' requires licensees to develop cyber-security plans and programs to protect critical digital assets, including digital safety systems, from malicious cyber attacks. Regulatory Guide 5.71, ``Cyber Security Programs for Nuclear Facilities,'' provides guidance to meet the requirements of...

Mental health service use among American Red Cross disaster workers responding to the September 11, 2001 U.S. terrorist attacks.

PubMed

Elhai, Jon D; Jacobs, Gerard A; Kashdan, Todd B; DeJong, Gary L; Meyer, David L; Frueh, B Christopher

2006-06-30

In this article, we explored 1) the extent of mental health (MH) service use by American Red Cross disaster relief workers, both before (lifetime) and 1 year after the September 11, 2001 terrorist attacks, and 2) demographic, disaster and MH variables predicting (1-year) post-September 11 MH service use in this population. A sample of 3015 Red Cross disaster workers was surveyed 1 year after the attacks, regarding demographic characteristics, MH service use before and since the attacks, and posttraumatic stress disorder (PTSD) symptoms. Findings revealed that while 13.5% used MH services before the attacks, 10.7% used services after. Variables increasing the likelihood of MH service use after the attacks included the following: no previous MH treatment, younger age, being divorced/widowed, and higher PTSD intrusion or hyperarousal symptoms. Findings support other recent research on MH service use after the September 11 attacks.

The Meaning of Collective Terrorist Threat: Understanding the Subjective Causes of Terrorism Reduces Its Negative Psychological Impact

ERIC Educational Resources Information Center

Fischer, Peter; Postmes, Tom; Koeppl, Julia; Conway, Lianne; Fredriksson, Tom

2011-01-01

This article hypothesized that the possibility to construct intellectual meaning of a terrorist attack (i.e., whether participants can cognitively understand why the perpetrators did their crime) reduces the negative psychological consequences typically associated with increased terrorist threat. Concretely, the authors investigated the effect of…

Content modification attacks on consensus seeking multi-agent system with double-integrator dynamics.

PubMed

Dong, Yimeng; Gupta, Nirupam; Chopra, Nikhil

2016-11-01

In this paper, vulnerability of a distributed consensus seeking multi-agent system (MAS) with double-integrator dynamics against edge-bound content modification cyber attacks is studied. In particular, we define a specific edge-bound content modification cyber attack called malignant content modification attack (MCoMA), which results in unbounded growth of an appropriately defined group disagreement vector. Properties of MCoMA are utilized to design detection and mitigation algorithms so as to impart resilience in the considered MAS against MCoMA. Additionally, the proposed detection mechanism is extended to detect the general edge-bound content modification attacks (not just MCoMA). Finally, the efficacies of the proposed results are illustrated through numerical simulations.

Content modification attacks on consensus seeking multi-agent system with double-integrator dynamics

NASA Astrophysics Data System (ADS)

Dong, Yimeng; Gupta, Nirupam; Chopra, Nikhil

2016-11-01

In this paper, vulnerability of a distributed consensus seeking multi-agent system (MAS) with double-integrator dynamics against edge-bound content modification cyber attacks is studied. In particular, we define a specific edge-bound content modification cyber attack called malignant content modification attack (MCoMA), which results in unbounded growth of an appropriately defined group disagreement vector. Properties of MCoMA are utilized to design detection and mitigation algorithms so as to impart resilience in the considered MAS against MCoMA. Additionally, the proposed detection mechanism is extended to detect the general edge-bound content modification attacks (not just MCoMA). Finally, the efficacies of the proposed results are illustrated through numerical simulations.

Collaborative Defense of Transmission and Distribution Protection and Control Devices Against Cyber Attacks (CODEF) DE-OE0000674. ABB Inc. Final Scientific/Technical Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nuqui, Reynaldo

This report summarizes the activities conducted under the DOE-OE funded project DEOE0000674, where ABB Inc. (ABB), in collaboration with University of Illinois at Urbana-Champaign (UIUC), Bonneville Power Administration (BPA), and Ameren-Illinois (Ameren-IL) pursued the development of a system of collaborative defense of electrical substation’s intelligent electronic devices against cyber-attacks (CODEF). An electrical substation with CODEF features will be more capable of mitigating cyber-attacks especially those that seek to control switching devices. It leverages the security extensions of IEC 61850 to empower existing devices to collaborate in identifying and blocking malicious intents to trip circuit breakers, mis-coordinate devices settings, even thoughmore » the commands and the measurements comply with correct syntax. The CODEF functions utilize the physics of electromagnetic systems, electric power engineering principles, and computer science to bring more in depth cyber defense closer to the protected substation devices.« less

Testbed-based Performance Evaluation of Attack Resilient Control for AGC

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ashok, Aditya; Sridhar, Siddharth; McKinnon, Archibald D.

The modern electric power grid is a complex cyber-physical system whose reliable operation is enabled by a wide-area monitoring and control infrastructure. This infrastructure, supported by an extensive communication backbone, enables several control applications functioning at multiple time scales to ensure the grid is maintained within stable operating limits. Recent events have shown that vulnerabilities in this infrastructure may be exploited to manipulate the data being exchanged. Such a scenario could cause the associated control application to mis-operate, potentially causing system-wide instabilities. There is a growing emphasis on looking beyond traditional cybersecurity solutions to mitigate such threats. In this papermore » we perform a testbed-based validation of one such solution - Attack Resilient Control (ARC) - on Iowa State University's \\textit{PowerCyber} testbed. ARC is a cyber-physical security solution that combines domain-specific anomaly detection and model-based mitigation to detect stealthy attacks on Automatic Generation Control (AGC). In this paper, we first describe the implementation architecture of the experiment on the testbed. Next, we demonstrate the capability of stealthy attack templates to cause forced under-frequency load shedding in a 3-area test system. We then validate the performance of ARC by measuring its ability to detect and mitigate these attacks. Our results reveal that ARC is efficient in detecting stealthy attacks and enables AGC to maintain system operating frequency close to its nominal value during an attack. Our studies also highlight the importance of testbed-based experimentation for evaluating the performance of cyber-physical security and control applications.« less

Protecting ICS Systems Within the Energy Sector from Cyber Attacks

NASA Astrophysics Data System (ADS)

Barnes, Shaquille

Advance persistent threat (APT) groups are continuing to attack the energy sector through cyberspace, which poses a risk to our society, national security, and economy. Industrial control systems (ICSs) are not designed to handle cyber-attacks, which is why asset owners need to implement the correct proactive and reactive measures to mitigate the risk to their ICS environments. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 290 incidents for fiscal year 2016, where 59 of those incidents came from the Energy Sector. APT groups know how vulnerable energy sector ICS systems are and the destruction they can cause when they go offline such as loss of production, loss of life, and economic impact. Defending against APT groups requires more than just passive controls such as firewalls and antivirus solutions. Asset owners should implement a combination of best practices and active defense in their environment to defend against APT groups. Cyber-attacks against critical infrastructure will become more complex and harder to detect and respond to with traditional security controls. The purpose of this paper was to provide asset owners with the correct security controls and methodologies to help defend against APT groups.

Towards A Theory of Autonomous Reconstitution of Compromised Cyber-Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ramuhalli, Pradeep; Halappanavar, Mahantesh; Coble, Jamie B.

The ability to maintain mission-critical operations in cyber-systems in the face of disruptions is critical. Faults in cyber systems can come from accidental sources (e.g., natural failure of a component) or deliberate sources (e.g., an intelligent adversary). Natural and intentional manipulation of data, computing, or coordination are the most impactful ways that an attacker can prevent an infrastructure from realizing its mission goals. Under these conditions, the ability to reconstitute critical infrastructure becomes important. Specifically, the question is: Given an intelligent adversary, how can cyber systems respond to keep critical infrastructure operational? In cyber systems, the distributed nature of themore » system poses serious difficulties in maintaining operations, in part due to the fact that a centralized command and control apparatus is unlikely to provide a robust framework for resilience. Resilience in cyber-systems, in general, has several components, and requires the ability to anticipate and withstand attacks or faults, as well as recover from faults and evolve the system to improve future resilience. The recovery effort (and any subsequent evolution) may require significant reconfiguration of the system (at all levels – hardware, software, services, permissions, etc.) if the system is to be made resilient to further attack or faults. This is especially important in the case of ongoing attacks, where reconfiguration decisions must be taken with care to avoid further compromising the system while maintaining continuity of operations. Collectively, we will label this recovery and evolution process as “reconstitution”. Currently, reconstitution is performed manually, generally after-the-fact, and usually consists of either standing up redundant systems, check-points (rolling back the configuration to a “clean” state), or re-creating the system using “gold-standard” copies. For enterprise systems, such reconstitution may be performed either directly on hardware, or using virtual machines. A significant challenge within this context is the ability to verify that the reconstitution is performed in a manner that renders the cyber-system resilient to ongoing and future attacks or faults. Fundamentally, the need is to determine optimal configuration of the cyber system when a fault is determined to be present. While existing theories for fault tolerance (for example, Byzantine fault tolerance) can guarantee resilience under certain conditions, in practice, these theories can break down in the face of an intelligent adversary. Further, it is difficult, in a dynamically evolving environment, to determine whether the necessary conditions for resilience have been met, resulting in difficulties in achieving resilient operation. In addition, existing theories do not sufficiently take into account the cost for attack and defense (the adversary is generally assumed to have infinite resources and time), hierarchy of importance (all network resources are assumed to be equally important), and the dynamic nature of some attacks (i.e., as the attack evolves, can resilience be maintained?). Alternative approaches to resilience based on a centralized command and control structure suffer from a single-point-failure. This paper presents preliminary research towards concepts for effective autonomous reconstitution of compromised cyber systems. We describe a mathematical framework as a first step towards a theoretical basis for autonomous reconstitution in dynamic cyber-system environments. We then propose formulating autonomous reconstitution as an optimization problem and describe some of the challenges associated with this formulation. This is followed by a brief discussion on potential solutions to these challenges.« less

Long-term posttraumatic stress symptoms among 3,271 civilian survivors of the September 11, 2001, terrorist attacks on the World Trade Center.

PubMed

DiGrande, Laura; Neria, Yuval; Brackbill, Robert M; Pulliam, Paul; Galea, Sandro

2011-02-01

Although the September 11, 2001, terrorist attacks were the largest human-made disaster in US history, there is little extant research documenting the attacks' consequences among those most directly affected, that is, persons who were in the World Trade Center towers. Data from a cross-sectional survey conducted 2-3 years after the attacks ascertained the prevalence of long-term, disaster-related posttraumatic stress symptoms and probable posttraumatic stress disorder (PTSD) in 3,271 civilians who evacuated World Trade Center towers 1 and 2. Overall, 95.6% of survivors reported at least 1 current posttraumatic stress symptom. The authors estimated the probable rate of PTSD at 15.0% by using the PTSD Checklist. Women and minorities were at an increased risk of PTSD. A strong inverse relation with annual income was observed. Five characteristics of direct exposure to the terrorist attacks independently predicted PTSD: being on a high floor in the towers, initiating evacuation late, being caught in the dust cloud that resulted from the tower collapses, personally witnessing horror, and sustaining an injury. Working for an employer that sustained fatalities also increased risk. Each addition of an experience of direct exposure resulted in a 2-fold increase in the risk of PTSD (odds ratio = 2.09, 95% confidence interval: 1.84, 2.36). Identification of these risk factors may be useful when screening survivors of large-scale terrorist events for long-term psychological sequelae.

An analytic approach to cyber adversarial dynamics

NASA Astrophysics Data System (ADS)

Sweeney, Patrick; Cybenko, George

2012-06-01

To date, cyber security investment by both the government and commercial sectors has been largely driven by the myopic best response of players to the actions of their adversaries and their perception of the adversarial environment. However, current work in applying traditional game theory to cyber operations typically assumes that games exist with prescribed moves, strategies, and payos. This paper presents an analytic approach to characterizing the more realistic cyber adversarial metagame that we believe is being played. Examples show that understanding the dynamic metagame provides opportunities to exploit an adversary's anticipated attack strategy. A dynamic version of a graph-based attack-defend game is introduced, and a simulation shows how an optimal strategy can be selected for success in the dynamic environment.

Uncertainty and Risk Management in Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Li, Jason; Ou, Xinming; Rajagopalan, Raj

Handling cyber threats unavoidably needs to deal with both uncertain and imprecise information. What we can observe as potential malicious activities can seldom give us 100% confidence on important questions we care about, e.g. what machines are compromised and what damage has been incurred. In security planning, we need information on how likely a vulnerability can lead to a successful compromise to better balance security and functionality, performance, and ease of use. These information are at best qualitative and are often vague and imprecise. In cyber situational awareness, we have to rely on such imperfect information to detect real attacks and to prevent an attack from happening through appropriate risk management. This chapter surveys existing technologies in handling uncertainty and risk management in cyber situational awareness.

Developing information-space Confidence Building Measures (CBMs) between India and Pakistan

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yamin, Tughral

The Internet has changed the world in ways hitherto unknown. The international financial system, air, land and maritime transport systems are all digitally linked. Similarly most militaries are fully or partially networked. This has not only sped up the decision making processes at all levels, it has also rendered these systems vulnerable to cyber-attacks. Cyber-warfare is now recognized as the most potent form of non-kinetic war fighting. In order to prevent large scale network-attacks, cyber-powers are simultaneously spending a lot of time, money and effort to erect redundant cyber-defenses and enhancing their offensive cyber capabilities. Difficulties in creating a stablemore » environment in information-space stem from differing national perceptions regarding the freedom of the Internet, application of international law and problems associated with attribution. This paper discusses a range of Confidence Building Measures that can be created between India and Pakistan in information-space to control malicious cyber behavior and avert an inadvertent war.« less

A performance study of unmanned aerial vehicle-based sensor networks under cyber attack

NASA Astrophysics Data System (ADS)

Puchaty, Ethan M.

In UAV-based sensor networks, an emerging area of interest is the performance of these networks under cyber attack. This study seeks to evaluate the performance trade-offs from a System-of-Systems (SoS) perspective between various UAV communications architecture options in the context two missions: tracking ballistic missiles and tracking insurgents. An agent-based discrete event simulation is used to model a sensor communication network consisting of UAVs, military communications satellites, ground relay stations, and a mission control center. Network susceptibility to cyber attack is modeled with probabilistic failures and induced data variability, with performance metrics focusing on information availability, latency, and trustworthiness. Results demonstrated that using UAVs as routers increased network availability with a minimal latency penalty and communications satellite networks were best for long distance operations. Redundancy in the number of links between communication nodes helped mitigate cyber-caused link failures and add robustness in cases of induced data variability by an adversary. However, when failures were not independent, redundancy and UAV routing were detrimental in some cases to network performance. Sensitivity studies indicated that long cyber-caused downtimes and increasing failure dependencies resulted in build-ups of failures and caused significant degradations in network performance.

National Institute of Justice (NIJ): technology challenges

NASA Astrophysics Data System (ADS)

Morgan, John S.

2004-09-01

Law enforcement agencies play a key role in protecting the nation from and responding to terrorist attacks. The National Institute of Justice (NIJ) is the focal point for the research, development, test and evaluation of technology for law enforcement. NIJ and the Department of Homeland Security's Directorate of Science & Technology (DHS S&T) have related missions to support research and technology development for public safety. DHS S&T provides law enforcement agencies technology to respond to terrorist threats involving weapons of mass destruction, while NIJ focuses on technologies applicable across the spectrum of law enforcement needs. Investment in C3I technology offers perhaps the greatest potential benefit with respect to improving the ability to law enforcement agencies to respond to all types of crime including terrorist acts. Providing effective communications and information systems remains a key technology challenge, as does providing law enforcement responders accurate information that they can act on. Sensors and surveillance systems can play a key role in identifying terrorists and preventing or effectively responding to a terrorist attack.

On a simulation study of cyber attacks on vehicle-to-infrastructure communication (V2I) in Intelligent Transportation System (ITS)

NASA Astrophysics Data System (ADS)

Ekedebe, Nnanna; Yu, Wei; Song, Houbing; Lu, Chao

2015-05-01

An intelligent transportation system (ITS) is one typical cyber-physical system (CPS) that aims to provide efficient, effective, reliable, and safe driving experiences with minimal congestion and effective traffic flow management. In order to achieve these goals, various ITS technologies need to work synergistically. Nonetheless, ITS's reliance on wireless connectivity makes it vulnerable to cyber threats. Thus, it is critical to understand the impact of cyber threats on ITS. In this paper, using real-world transportation dataset, we evaluated the consequences of cyber threats - attacks against service availability by jamming the communication channel of ITS. In this way, we can have a better understanding of the importance of ensuring adequate security respecting safety and life-critical ITS applications before full and expensive real-world deployments. Our experimental data shows that cyber threats against service availability could adversely affect traffic efficiency and safety performances evidenced by exacerbated travel time, fuel consumed, and other evaluated performance metrics as the communication network is compromised. Finally, we discuss a framework to make ITS secure and more resilient against cyber threats.

Immigrant Integration: A Missing Component of Homeland Security Strategy and Policy

DTIC Science & Technology

2010-03-01

Kobach, 2007). JFK airport in New York (Kobach, 2007) The four JFK terrorists include two nationals of Guyana, one of Trinidad, and one former...words of the terrorist themselves. In one conversation taped by the FBI, Defreitas (the lead plotter of the thwarted attack at JFK airport in...another recorded conversation with his conspirators in May 2007, Defreitas compared the plot to attack JFK airport with the September 11, 2001

Understanding Millennials to Improve Recruiting Efficiency

DTIC Science & Technology

2011-03-24

terrorist attack on the U.S., school shootings , and an economic crisis. Their world has always been globally connected and open 24/7. Digital technology...and 2003, has been influenced by numerous events in their developmental years such as the 9/11 terrorist attack on the U.S., school shootings , and...Afghanistan as well as through school shootings . Digital technology is a fact of life enabling them to think and process information fundamentally different

The Changing Nonlinear Relationship between Income and Terrorism

PubMed Central

Enders, Walter; Hoover, Gary A.

2014-01-01

This article reinvestigates the relationship between real per capita gross domestic product (GDP) and terrorism. We devise a terrorism Lorenz curve to show that domestic and transnational terrorist attacks are each more concentrated in middle-income countries, thereby suggesting a nonlinear income–terrorism relationship. Moreover, this point of concentration shifted to lower income countries after the rising influence of the religious fundamentalist and nationalist/separatist terrorists in the early 1990s. For transnational terrorist attacks, this shift characterized not only the attack venue but also the perpetrators’ nationality. The article then uses nonlinear smooth transition regressions to establish the relationship between real per capita GDP and terrorism for eight alternative terrorism samples, accounting for venue, perpetrators’ nationality, terrorism type, and the period. Our nonlinear estimates are shown to be favored over estimates using linear or quadratic income determinants of terrorism. These nonlinear estimates are robust to additional controls. PMID:28579636

Experiences from coordinating research after the 2011 terrorist attacks in Norway

PubMed Central

Refsdal, Nils O.

2014-01-01

This brief report presents some of the lessons learned from coordinating research in which people directly affected by terrorist attacks in Norway in 2011 are taking part. After the terrorist attacks, it was decided to establish a national coordinating function in order to protect those who were affected when they participate in research. By gathering key stakeholders, it is possible to avoid duplication of research through practical measures such as information sharing, facilitating cooperation, and working toward sharing of data. In addition, a coordinating function provides a platform for working to increase the impact of the research among practitioners and policy makers, and inform the general public. The conclusions are that coordination should be interdisciplinary, that it is important to plan for the sharing and reuse of data, and that both the research community and the research infrastructure should take steps to improve preparedness when disaster inevitably strikes again. PMID:25018857

Subjective effect of September 11, 2001 among pregnant women: is cumulative history of interpersonal violence important?

PubMed

Lewis, Marilyn W; Cavanagh, Paul K; Ahn, Grace; Yoshioka, Marianne R

2008-06-01

Prior history of trauma may sensitize individuals to subsequent trauma, including terrorist attacks. Using a convenience sample of secondary, cross-sectional data, pregnant women were grouped based on lifetime interpersonal violence history. Cumulative risk theory was used to evaluate the association of lifetime interpersonal violence history and subjective impact of the September 11, 2001 (9/11) terrorists attacks. Using hierarchical linear regression, cumulative risk theory was partially supported. Women with a history of only one type of interpfersonal violence reported greater effect of 9/11 than did women without a history, but women with both types of violence did not report a greater effect of 9/11 compared to women endorsing history of one type. These data corroborate the literature in that level of exposure to terrorist-related trauma predicts subjective reaction to the attacks. Future research with a larger sample and standardized instruments is warranted.

Bioterrorism for the respiratory physician.

PubMed

Waterer, Grant W; Robertson, Hannah

2009-01-01

Terrorist attacks by definition are designed to cause fear and panic. There is no question that a terrorist attack using biological agents would present a grave threat to stability of the society in which they were released. Early recognition of such a bioterrorist attack is crucial to containing the damage they could cause. As many of the most likely bioterrorism agents present with pulmonary disease, respiratory physicians may be crucial in the initial recognition and diagnosis phase, and certainly would be drawn into treatment of affected individuals. This review focuses on the biological agents thought most likely to be used by terrorists that have predominantly respiratory presentations. The primary focus of this review is on anthrax, plague, tularaemia, ricin, and Staphylococcal enterotoxin B. The pathogenesis, clinical manifestations and treatment of these agents will be discussed as well as historical examples of their use. Other potential bioterrorism agents with respiratory manifestations will also be discussed briefly.

Active Shooters: Is Law Enforcement Ready for a Mumbai Style Attack?

DTIC Science & Technology

2013-09-01

wolves and small terrorist cells ” represented the nation’s biggest terrorist threat because their low profile made it difficult to intervene or...and small terrorist cells ” represent the nation’s biggest terrorist threat because their low profile making it difficult to intervene before they act...conversation on his cell phone, “…Everything is being 38 recorded by the media. Inflict the maximum damage. Keepfighting. Don’t be taken alive

Co-Simulation Platform For Characterizing Cyber Attacks in Cyber Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sadi, Mohammad A. H.; Ali, Mohammad Hassan; Dasgupta, Dipankar

Smart grid is a complex cyber physical system containing a numerous and variety of sources, devices, controllers and loads. Communication/Information infrastructure is the backbone of the smart grid system where different grid components are connected with each other through this structure. Therefore, the drawbacks of the information technology related issues are also becoming a part of the smart grid. Further, smart grid is also vulnerable to the grid related disturbances. For such a dynamic system, disturbance and intrusion detection is a paramount issue. This paper presents a Simulink and OPNET based co-simulated test bed to carry out a cyber-intrusion inmore » a cyber-network for modern power systems and smart grid. The effect of the cyber intrusion on the physical power system is also presented. The IEEE 30 bus power system model is used to demonstrate the effectiveness of the simulated testbed. The experiments were performed by disturbing the circuit breakers reclosing time through a cyber-attack in the cyber network. Different disturbance situations in the proposed test system are considered and the results indicate the effectiveness of the proposed co-simulated scheme.« less

Timing of cyber conflict.

PubMed

Axelrod, Robert; Iliev, Rumen

2014-01-28

Nations are accumulating cyber resources in the form of stockpiles of zero-day exploits as well as other novel methods of engaging in future cyber conflict against selected targets. This paper analyzes the optimal timing for the use of such cyber resources. A simple mathematical model is offered to clarify how the timing of such a choice can depend on the stakes involved in the present situation, as well as the characteristics of the resource for exploitation. The model deals with the question of when the resource should be used given that its use today may well prevent it from being available for use later. The analysis provides concepts, theory, applications, and distinctions to promote the understanding strategy aspects of cyber conflict. Case studies include the Stuxnet attack on Iran's nuclear program, the Iranian cyber attack on the energy firm Saudi Aramco, the persistent cyber espionage carried out by the Chinese military, and an analogous case of economic coercion by China in a dispute with Japan. The effects of the rapidly expanding market for zero-day exploits are also analyzed. The goal of the paper is to promote the understanding of this domain of cyber conflict to mitigate the harm it can do, and harness the capabilities it can provide.

Towards the cyber security paradigm of ehealth: Resilience and design aspects

NASA Astrophysics Data System (ADS)

Rajamäki, Jyri; Pirinen, Rauno

2017-06-01

Digital technologies have significantly changed the role of healthcare clients in seeking and receiving medical help, as well as brought up more cooperative policy issues in healthcare cross-border services. Citizens continue to take a more co-creative role in decisions about their own healthcare, and new technologies can enable and facilitate this emergent trend. In this study, healthcare services have been intended as a critical societal sector and therefore healthcare systems are focused on as critical infrastructures that ought to be protected from all types of fears, including cyber security threats and attacks. Despite continual progress in the systemic risk management of cyber domain, it is clear that anticipation and prevention of all possible types of attack and malfunction are not achievable for current or future cyber infrastructures. This study focuses on the investigation of a cyber security paradigm, adaptive systems and sense of resilience in a healthcare critical information infrastructure.

Recommendations for Model Driven Paradigms for Integrated Approaches to Cyber Defense

DTIC Science & Technology

2017-03-06

analogy (e.g., Susceptible, Infected, Recovered [SIR]) • Abstract wargaming: game -theoretic model of cyber conflict without modeling the underlying...malware. 3.7 Abstract Wargaming Here, a game -theoretic process is modeled with moves and effects inspired by cyber conflict but without modeling the...underlying processes of cyber attack and defense. Examples in literature include the following: • Cho J-H, Gao J. Cyber war game in temporal networks

Structural Causes and Cyber Effects: A Response to Our Critics

DTIC Science & Technology

2015-01-01

the incident, saying “North Korea’s attack on [Sony] reaf- firms that cyber threats pose one of the gravest national security dangers to the United...around the world to strengthen cyber - security , promote norms of acceptable state behavior, uphold freedom of expression, and ensure that the Internet... cyber working group that made progress toward “interna- tional cyberspace rules, and measures to boost dialogue and cooperation on cyber security .”15

A data fusion approach to indications and warnings of terrorist attacks

NASA Astrophysics Data System (ADS)

McDaniel, David; Schaefer, Gregory

2014-05-01

Indications and Warning (I&W) of terrorist attacks, particularly IED attacks, require detection of networks of agents and patterns of behavior. Social Network Analysis tries to detect a network; activity analysis tries to detect anomalous activities. This work builds on both to detect elements of an activity model of terrorist attack activity - the agents, resources, networks, and behaviors. The activity model is expressed as RDF triples statements where the tuple positions are elements or subsets of a formal ontology for activity models. The advantage of a model is that elements are interdependent and evidence for or against one will influence others so that there is a multiplier effect. The advantage of the formality is that detection could occur hierarchically, that is, at different levels of abstraction. The model matching is expressed as a likelihood ratio between input text and the model triples. The likelihood ratio is designed to be analogous to track correlation likelihood ratios common in JDL fusion level 1. This required development of a semantic distance metric for positive and null hypotheses as well as for complex objects. The metric uses the Web 1Terabype database of one to five gram frequencies for priors. This size requires the use of big data technologies so a Hadoop cluster is used in conjunction with OpenNLP natural language and Mahout clustering software. Distributed data fusion Map Reduce jobs distribute parts of the data fusion problem to the Hadoop nodes. For the purposes of this initial testing, open source models and text inputs of similar complexity to terrorist events were used as surrogates for the intended counter-terrorist application.

Three tenets for secure cyber-physical system design and assessment

NASA Astrophysics Data System (ADS)

Hughes, Jeff; Cybenko, George

2014-06-01

This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

USCYBERCOM: Right Solution, Wrong C2 Structure

DTIC Science & Technology

2012-05-04

March 26, 2012. 9 and literally, shutting the nation down and taking it off the global information grid ( GIG ). The would-be cyber terrorists...effective execution of approved OPLANs; effectiveness and economy of operation; and prevention or elimination of unnecessary duplication of facilities and

Aviation security : terrorist acts illustrate severe weaknesses in aviation security

DOT National Transportation Integrated Search

2001-09-20

This is the statement of Gerald L. Dillingham, Director, Physical Infrastructure Issues before the Subcommittee on Transportation, Senate and House Committees on Appropriations regarding vulnerabilities to terrorist attacks of the nation's aviation s...

Catastrophizing, rumination, and reappraisal prospectively predict adolescent PTSD symptom onset following a terrorist attack

PubMed Central

Jenness, Jessica L.; Jager-Hyman, Shari; Heleniak, Charlotte; Beck, Aaron T.; Sheridan, Margaret A.; McLaughlin, Katie A.

2016-01-01

Background Disruptions in emotion regulation are a transdiagnostic risk factor for psychopathology. However, scant research has examined whether emotion regulation strategies are related to the onset of posttraumatic stress disorder (PTSD) symptoms among youths exposed to trauma. We investigated whether pretrauma emotion regulation strategies prospectively predicted PTSD symptom onset after the 2013 Boston Marathon terrorist attack among adolescents and whether these associations were moderated by the degree of exposure to media coverage of the attack. Methods A sample of 78 Boston-area adolescents (mean age =16.72 years, 65% female) who previously participated in studies assessing emotion regulation and psychopathology were recruited following the terrorist attack. Within 4 weeks of the attack, we assessed self-reported PTSD symptoms and attack-related media exposure via an online survey. We examined the association of pretrauma emotion regulation strategies with PTSD symptom onset after adjustment for pretrauma internalizing symptoms and violence exposure. Results Greater pretrauma engagement in rumination predicted onset of PTSD symptoms following the attack. Adolescents who engaged in catastrophizing also had greater PTSD symptoms postattack, but only when exposed to high levels of media coverage of the attacks; the same pattern was observed for adolescents who engaged in low levels of cognitive reappraisal. Conclusions Engagement in specific emotion regulation strategies prior to a traumatic event predicts the onset of PTSD symptoms among youths exposed to trauma, extending transdiagnostic models of emotion regulation to encompass trauma-related psychopathology in children and adolescents. PMID:27557454

Nuclear Power Plant Cyber Security Discrete Dynamic Event Tree Analysis (LDRD 17-0958) FY17 Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wheeler, Timothy A.; Denman, Matthew R.; Williams, R. A.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities.more » iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.« less

Cyber-Attack Methods, Why They Work on Us, and What to Do

NASA Technical Reports Server (NTRS)

Byrne, DJ

2015-01-01

Basic cyber-attack methods are well documented, and even automated with user-friendly GUIs (Graphical User Interfaces). Entire suites of attack tools are legal, conveniently packaged, and freely downloadable to anyone; more polished versions are sold with vendor support. Our team ran some of these against a selected set of projects within our organization to understand what the attacks do so that we can design and validate defenses against them. Some existing defenses were effective against the attacks, some less so. On average, every machine had twelve easily identifiable vulnerabilities, two of them "critical". Roughly 5% of passwords in use were easily crack-able. We identified a clear set of recommendations for each project, and some common patterns that emerged among them all.

The impact of terrorism on children and adolescents: terror in the skies, terror on television.

PubMed

Fremont, Wanda P; Pataki, Caroly; Beresin, Eugene V

2005-07-01

Terrorist attacks and their aftermath have had a powerful impact on children and their families. Media and television exposure of terrorist events throughout the world has increased during the past few years. There is increasing concern about the effects of this exposure on children who witness these violent images. To develop a proactive and strategic response to reactions of fear, clinicians, educators, and policy makers must understand the psychologic effects of media coverage of terrorism on children. Previous research has focused on media coverage of criminal violence and war. Recent studies have examined the effect of remote exposure of terrorist attacks and have shown a significant clinical impact on children and families.

Applying the Scientific Method of Cybersecurity Research

DOE Office of Scientific and Technical Information (OSTI.GOV)

Tardiff, Mark F.; Bonheyo, George T.; Cort, Katherine A.

The cyber environment has rapidly evolved from a curiosity to an essential component of the contemporary world. As the cyber environment has expanded and become more complex, so have the nature of adversaries and styles of attacks. Today, cyber incidents are an expected part of life. As a result, cybersecurity research emerged to address adversarial attacks interfering with or preventing normal cyber activities. Historical response to cybersecurity attacks is heavily skewed to tactical responses with an emphasis on rapid recovery. While threat mitigation is important and can be time critical, a knowledge gap exists with respect to developing the sciencemore » of cybersecurity. Such a science will enable the development and testing of theories that lead to understanding the broad sweep of cyber threats and the ability to assess trade-offs in sustaining network missions while mitigating attacks. The Asymmetric Resilient Cybersecurity Initiative at Pacific Northwest National Laboratory is a multi-year, multi-million dollar investment to develop approaches for shifting the advantage to the defender and sustaining the operability of systems under attack. The initiative established a Science Council to focus attention on the research process for cybersecurity. The Council shares science practices, critiques research plans, and aids in documenting and reporting reproducible research results. The Council members represent ecology, economics, statistics, physics, computational chemistry, microbiology and genetics, and geochemistry. This paper reports the initial work of the Science Council to implement the scientific method in cybersecurity research. The second section describes the scientific method. The third section in this paper discusses scientific practices for cybersecurity research. Section four describes initial impacts of applying the science practices to cybersecurity research.« less

Leaks in the National Information Infrastructure Dam: Who Should Protect It?

DTIC Science & Technology

2004-04-01

have paid off cyber criminals who threatened to attack their computer systems and destroy their data unless a ‘ransom’ was paid. These cyber...sharing information with law enforcement and appropriate industry groups will we be able to identify and prosecute cyber criminals , identify new

Cyberspace: Time to Reassess, Reorganize, and Resource for Evolving Threats

DTIC Science & Technology

2012-03-15

reflecting on what types of cyber activities have the potential to change the strategic landscape. Arguably an attack by cyber criminals on the...their ability to hire or develop hacker talent.18 Nation states can use cyber criminals as a proxy to commit crimes against other nations in an

Business continuity strategies for cyber defence: battling time and information overload.

PubMed

Streufert, John

2010-11-01

Can the same numbers and letters which are the life blood of modern business and government computer systems be harnessed to protect computers from attack against known information security risks? For the past seven years, Foreign Service officers and technicians of the US Government have sought to maintain diplomatic operations in the face of rising cyber attacks and test the hypothesis that an ounce of prevention is worth a pound of cure. As eight out of ten attacks leverage known computer security vulnerabilities or configuration setting weaknesses, a pound of cure would seem to be easy to come by. Yet modern security tools present an unusually consequential threat to business continuity - too much rather than too little information on cyber problems is presented, harking back to a phenomenon cited by social scientists in the 1960s called 'information overload'. Experience indicates that the longer the most serious cyber problems go untreated, the wider the attack surface adversaries can find. One technique used at the Department of State, called 'risk scoring', resulted in an 89 per cent overall reduction in measured risk over 12 months for the Department of State's servers and personal computers. Later refinements of risk scoring enabled technicians to correct unique security threats with unprecedented speed. This paper explores how the use of metrics, special care in presenting information to technicians and executives alike, as well as tactical use of organisational incentives can result in stronger cyber defences protecting modern organisations.

Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision-Theoretic Approach.

PubMed

He, Meilin; Devine, Laura; Zhuang, Jun

2018-02-01

The government, private sectors, and others users of the Internet are increasingly faced with the risk of cyber incidents. Damage to computer systems and theft of sensitive data caused by cyber attacks have the potential to result in lasting harm to entities under attack, or to society as a whole. The effects of cyber attacks are not always obvious, and detecting them is not a simple proposition. As the U.S. federal government believes that information sharing on cybersecurity issues among organizations is essential to safety, security, and resilience, the importance of trusted information exchange has been emphasized to support public and private decision making by encouraging the creation of the Information Sharing and Analysis Center (ISAC). Through a decision-theoretic approach, this article provides new perspectives on ISAC, and the advent of the new Information Sharing and Analysis Organizations (ISAOs), which are intended to provide similar benefits to organizations that cannot fit easily into the ISAC structure. To help understand the processes of information sharing against cyber threats, this article illustrates 15 representative information sharing structures between ISAC, government, and other participating entities, and provide discussions on the strategic interactions between different stakeholders. This article also identifies the costs of information sharing and information security borne by different parties in this public-private partnership both before and after cyber attacks, as well as the two main benefits. This article provides perspectives on the mechanism of information sharing and some detailed cost-benefit analysis. © 2017 Society for Risk Analysis.

Adaptive cyber-attack modeling system

NASA Astrophysics Data System (ADS)

Gonsalves, Paul G.; Dougherty, Edward T.

2006-05-01

The pervasiveness of software and networked information systems is evident across a broad spectrum of business and government sectors. Such reliance provides an ample opportunity not only for the nefarious exploits of lone wolf computer hackers, but for more systematic software attacks from organized entities. Much effort and focus has been placed on preventing and ameliorating network and OS attacks, a concomitant emphasis is required to address protection of mission critical software. Typical software protection technique and methodology evaluation and verification and validation (V&V) involves the use of a team of subject matter experts (SMEs) to mimic potential attackers or hackers. This manpower intensive, time-consuming, and potentially cost-prohibitive approach is not amenable to performing the necessary multiple non-subjective analyses required to support quantifying software protection levels. To facilitate the evaluation and V&V of software protection solutions, we have designed and developed a prototype adaptive cyber attack modeling system. Our approach integrates an off-line mechanism for rapid construction of Bayesian belief network (BN) attack models with an on-line model instantiation, adaptation and knowledge acquisition scheme. Off-line model construction is supported via a knowledge elicitation approach for identifying key domain requirements and a process for translating these requirements into a library of BN-based cyber-attack models. On-line attack modeling and knowledge acquisition is supported via BN evidence propagation and model parameter learning.

The Defense Civilian Intelligence Personnel System: An Independent Assessment of Design, Implementation, and Impact

DTIC Science & Technology

2010-06-01

terrorist attacks: …[T]he necessity of defense against a terrorist attack is urgent… I am a real radical on personnel systems…[ Y ]ou need to have...recruiting among the “ millennial ” generation of workers who are more accustomed to instant feedback and recognition and would not be content with a...political affiliation, race, color, religion , national origin, sex, marital status, age, or handicap condition, and with proper regard for their

Medical preparation for terrorism in Australia. Is luck running out for "the lucky country?

PubMed

Caldicott, David G E; Edwards, Nicholas A

2003-01-01

Recent world events have forced Australia to re-examine its role on the world stage and its susceptibility to terrorist attacks. The authors examine the brief historical exposure of Australia to the phenomenon of terrorism, and review the geopolitical climate and features that may render it more susceptible to attack in the future. Australia's emergency management structure is outlined, and its current state of medical preparedness for a terrorist incident is critically reviewed.

Children's Mental Health in the Context of Terrorist Attacks, Ongoing Threats, and Possibilities of Future Terrorism.

PubMed

Comer, Jonathan S; Bry, Laura J; Poznanski, Bridget; Golik, Alejandra M

2016-09-01

Over the past two decades, the field has witnessed tremendous advances in our understanding of terrorism and its impacts on affected youth. It is now well established that a significant proportion of exposed youth show elevated PTSD symptoms in the months following a terrorist attack. In more recent years, research has expanded beyond confirming our understanding of the association between direct terrorism exposure and child PTSD symptoms by elucidating (a) links between terrorism exposure and non-PTSD clinical outcomes (e.g., externalizing problems, substance use), (b) individual differences associated with divergent patterns of risk and resilience, (c) the clinical correlates of media-based contact with terrorism, (d) clinical outcomes associated with exposure to recurrent terrorist attacks, and (e) exposure to extended contexts of uncertainty and the possibilities of future terrorism. Researchers studying the effects of terrorism and political violence on youth have increasingly examined a much broader range of regions in the world, affording needed opportunities to consider the generalizability of prior findings to youth living in different political contexts, in less developed regions of the world, and/or in regions with different rates of recurrent terrorism. In order to understand and, in turn, best meet the clinical needs of the majority of terrorism-affected youth across the globe, more targeted research on exposed youth is needed in developing regions of the world and regions enduring more recurrent terrorist attacks.

Cyber-Informed Engineering: The Need for a New Risk Informed and Design Methodology

DOE Office of Scientific and Technical Information (OSTI.GOV)

Price, Joseph Daniel; Anderson, Robert Stephen

Current engineering and risk management methodologies do not contain the foundational assumptions required to address the intelligent adversary’s capabilities in malevolent cyber attacks. Current methodologies focus on equipment failures or human error as initiating events for a hazard, while cyber attacks use the functionality of a trusted system to perform operations outside of the intended design and without the operator’s knowledge. These threats can by-pass or manipulate traditionally engineered safety barriers and present false information, invalidating the fundamental basis of a safety analysis. Cyber threats must be fundamentally analyzed from a completely new perspective where neither equipment nor human operationmore » can be fully trusted. A new risk analysis and design methodology needs to be developed to address this rapidly evolving threatscape.« less

On a simulation study for reliable and secured smart grid communications

NASA Astrophysics Data System (ADS)

Mallapuram, Sriharsha; Moulema, Paul; Yu, Wei

2015-05-01

Demand response is one of key smart grid applications that aims to reduce power generation at peak hours and maintain a balance between supply and demand. With the support of communication networks, energy consumers can become active actors in the energy management process by adjusting or rescheduling their electricity usage during peak hours based on utilities pricing incentives. Nonetheless, the integration of communication networks expose the smart grid to cyber-attacks. In this paper, we developed a smart grid simulation test-bed and designed evaluation scenarios. By leveraging the capabilities of Matlab and ns-3 simulation tools, we conducted a simulation study to evaluate the impact of cyber-attacks on demand response application. Our data shows that cyber-attacks could seriously disrupt smart grid operations, thus confirming the need of secure and resilient communication networks for supporting smart grid operations.

Elementary school children's responses 3 months after the September 11 terrorist attacks: a study in Washington, DC.

PubMed

Phillips, Deborah; Prince, Shantay; Schiebelhut, Laura

2004-10-01

This study examined the responses of elementary school children in Washington, DC, to the September 11 terrorist attacks. Parents (primarily mothers) of children in kindergarten through Grade 6 and children in Grades 4 to 6, including 47 matched parent-child pairs, completed questionnaires regarding exposure, stress reactions, and constructive actions taken 3 months after the attacks. Parent reports and, to an even greater extent, children's self-reports revealed high levels of negative reactions to the attacks on behalf of the children. These reactions were best understood in the context of their exposure to the attacks, primarily through television news, and the reactions of and coping assistance provided by their parents. Implications for school personnel, health care professionals, and intervention efforts are discussed. ((c) 2004 APA, all rights reserved).

2008 Defense Industrial Base Critical Infrastructure Protection Conference (DIB-CBIP)

DTIC Science & Technology

2008-04-09

a cloak -and- dagger thing. It’s about computer architecture and the soundness of electronic systems." Joel Brenner, ODNI Counterintelligence Office...to support advanced network exploitation and launch attacks on the informational and physical elements of our cyber infrastructure. In order to...entities and is vulnerable to attacks and manipulation. Operations in the cyber domain have the ability to impact operations in other war-fighting

Cyber threat impact assessment and analysis for space vehicle architectures

NASA Astrophysics Data System (ADS)

McGraw, Robert M.; Fowler, Mark J.; Umphress, David; MacDonald, Richard A.

2014-06-01

This paper covers research into an assessment of potential impacts and techniques to detect and mitigate cyber attacks that affect the networks and control systems of space vehicles. Such systems, if subverted by malicious insiders, external hackers and/or supply chain threats, can be controlled in a manner to cause physical damage to the space platforms. Similar attacks on Earth-borne cyber physical systems include the Shamoon, Duqu, Flame and Stuxnet exploits. These have been used to bring down foreign power generation and refining systems. This paper discusses the potential impacts of similar cyber attacks on space-based platforms through the use of simulation models, including custom models developed in Python using SimPy and commercial SATCOM analysis tools, as an example STK/SOLIS. The paper discusses the architecture and fidelity of the simulation model that has been developed for performing the impact assessment. The paper walks through the application of an attack vector at the subsystem level and how it affects the control and orientation of the space vehicle. SimPy is used to model and extract raw impact data at the bus level, while STK/SOLIS is used to extract raw impact data at the subsystem level and to visually display the effect on the physical plant of the space vehicle.

Anti-social networking: crowdsourcing and the cyber defence of national critical infrastructures.

PubMed

Johnson, Chris W

2014-01-01

We identify four roles that social networking plays in the 'attribution problem', which obscures whether or not cyber-attacks were state-sponsored. First, social networks motivate individuals to participate in Distributed Denial of Service attacks by providing malware and identifying potential targets. Second, attackers use an individual's social network to focus attacks, through spear phishing. Recipients are more likely to open infected attachments when they come from a trusted source. Third, social networking infrastructures create disposable architectures to coordinate attacks through command and control servers. The ubiquitous nature of these architectures makes it difficult to determine who owns and operates the servers. Finally, governments recruit anti-social criminal networks to launch attacks on third-party infrastructures using botnets. The closing sections identify a roadmap to increase resilience against the 'dark side' of social networking.

A Method of Synchrophasor Technology for Detecting and Analyzing Cyber-Attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCann, Roy; Al-Sarray, Muthanna

Studying cybersecurity events and analyzing their impacts encourage planners and operators to develop innovative approaches for preventing attacks in order to avoid outages and other disruptions. This work considers two parts in security studies; detecting an integrity attack and examining its effects on power system generators. The detection was conducted through employing synchrophasor technology to provide authentication of ACG commands based on observed system operating characteristics. The examination of an attack is completed via a detailed simulation of a modified IEEE 68-bus benchmark model to show the associated power system dynamic response. The results of the simulation are discussed formore » assessing the impacts of cyber threats.« less

Phase-Space Detection of Cyber Events

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Ferber, Aaron E; Prowell, Stacy J

Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The datamore » analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.« less

Integrated situational awareness for cyber attack detection, analysis, and mitigation

NASA Astrophysics Data System (ADS)

Cheng, Yi; Sagduyu, Yalin; Deng, Julia; Li, Jason; Liu, Peng

2012-06-01

Real-time cyberspace situational awareness is critical for securing and protecting today's enterprise networks from various cyber threats. When a security incident occurs, network administrators and security analysts need to know what exactly has happened in the network, why it happened, and what actions or countermeasures should be taken to quickly mitigate the potential impacts. In this paper, we propose an integrated cyberspace situational awareness system for efficient cyber attack detection, analysis and mitigation in large-scale enterprise networks. Essentially, a cyberspace common operational picture will be developed, which is a multi-layer graphical model and can efficiently capture and represent the statuses, relationships, and interdependencies of various entities and elements within and among different levels of a network. Once shared among authorized users, this cyberspace common operational picture can provide an integrated view of the logical, physical, and cyber domains, and a unique visualization of disparate data sets to support decision makers. In addition, advanced analyses, such as Bayesian Network analysis, will be explored to address the information uncertainty, dynamic and complex cyber attack detection, and optimal impact mitigation issues. All the developed technologies will be further integrated into an automatic software toolkit to achieve near real-time cyberspace situational awareness and impact mitigation in large-scale computer networks.

Effect of 7 July 2005 terrorist attacks in London on suicide in England and Wales.

PubMed

Salib, Emad; Cortina-Borja, Mario

2009-01-01

A reduction in suicide in England and Wales has been reported after the attacks of 11 September 2001 in the USA. It may be plausible therefore to expect a much greater impact on suicide in the UK in response to the events of 7 July 2005, caused by the first suicide terrorist attack by Islamic extremists on British soil. To examine the effect of the 7 July 2005 terrorist attacks in London on suicide rates in England and Wales. Analysis of number of suicide (ICD-10 codes X60-X84) and undetermined injury deaths (ICD-10 codes Y10-Y34) reported in England and Wales in the 12 weeks before and after 7 July 2005. We used Shewhart Control Charts based on Poisson rates to explore adjusted daily and weekly suicide rates and rate differences with respect to 7 July 2005. A brief but significant reduction in daily suicide rate was observed a few days after the terrorist attack in London on 7 July 2005. Further reduction was also observed on the 21 July 2005, coinciding with the second wave of attacks. No similar reduction in suicide was seen during the same period in the previous 4 years. Poisson regression models with indicator variables for each day in July 2005 revealed a reduction of 40% of the expected daily rate for these 2 days only. We found no evidence of any longer-term effect on suicide. The study findings are contrary to our expectation and only weakly support Durkheim's theory that periods of national threat lower the suicide rate through the impact on social cohesion. It is possible that previous experience of IRA terrorism in the UK may have limited the effect of the 7 July 2005 attacks on suicide in England and Wales. The shock value of suicide terrorism and its psychological potency appear to diminish over time as the tactic becomes overused.

Public health consequences of terrorism on maternal-child health in New York City and Madrid.

PubMed

Sherrieb, Kathleen; Norris, Fran H

2013-06-01

Past research provides evidence for trajectories of health and wellness among individuals following disasters that follow specific pathways of resilience, resistance, recovery, or continued dysfunction. These individual responses are influenced by event type and pre-event capacities. This study was designed to utilize the trajectories of health model to determine if it translates to population health. We identified terrorist attacks that could potentially impact population health rather than only selected individuals within the areas of the attacks. We chose to examine a time series of population birth outcomes before and after the terrorist events of the New York City (NYC) World Trade Center (WTC) attacks of 2001 and the Madrid, Spain train bombings of 2004 to determine if the events affected maternal-child health of those cities and, if so, for how long. For percentages of low birth weight (LBW) and preterm births, we found no significant effects from the WTC attacks in NYC and transient but significant effects on rates of LBW and preterm births following the bombings in Madrid. We did find a significant positive and sustained effect on infant mortality rate in NYC following the WTC attacks but no similar effect in Madrid. There were no effects on any of the indicator variables in the comparison regions of New York state and the remainder of Spain. Thus, population maternal-health in New York and Madrid showed unique adverse effects after the terrorist attacks in those cities. Short-term effects on LBW and preterm birth rates in Madrid and long-term effects on infant mortality rates in NYC were found when quarterly data were analyzed from 1990 through 2008/2009. These findings raise questions about chronic changes in the population's quality of life following catastrophic terrorist attacks. Public health should be monitored and interventions designed to address chronic stress, environmental, and socioeconomic threats beyond the acute aftermath of events.

Formulating a strategy for securing high-speed rail in the United States.

DOT National Transportation Integrated Search

2013-03-01

This report presents an analysis of information relating to attacks, attempted attacks, and plots against high-speed rail (HSR) : systems. It draws upon empirical data from MTIs Database of Terrorist and Serious Criminal Attacks Against Public Sur...

Defending the New Domain: Cyberspace

DTIC Science & Technology

2011-03-21

and time consuming, the FBI has proven technology, techniques, and procedures to hunt down and capture cyber criminals , despite the anonymity of the...help stop cyber crime and make it harder for cyber criminals to commit crime on the internet. MILITARY The U.S. military relies on DoD...one country and attacking another. Cyber criminals are using servers and proxies in one country to execute their criminal activities in another

75 FR 65618 - Commission Information Collection Activities (FERC-725B); Comment Request; Extension

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-26

... requirements to safeguard critical cyber assets.\\4\\ These standards help protect the nation's Bulk-Power System against potential disruptions from cyber attacks.\\5\\ \\3\\ CIP-002-1, CIP-003-1, CIP-004-1, CIP-005-1, CIP... Cyber Asset Identification. Security Management Controls. Personnel and Training. Electronic Security...

Constructing a Cyber Preparedness Framework (CPF): The Lockheed Martin Case Study

ERIC Educational Resources Information Center

Beyer, Dawn M.

2014-01-01

The protection of sensitive data and technologies is critical in preserving United States (U.S.) national security and minimizing economic losses. However, during a cyber attack, the operational capability to constrain the exfiltrations of sensitive data and technologies may not be available. A cyber preparedness methodology (CPM) can improve…

Timing of cyber conflict

PubMed Central

Axelrod, Robert; Iliev, Rumen

2014-01-01

Nations are accumulating cyber resources in the form of stockpiles of zero-day exploits as well as other novel methods of engaging in future cyber conflict against selected targets. This paper analyzes the optimal timing for the use of such cyber resources. A simple mathematical model is offered to clarify how the timing of such a choice can depend on the stakes involved in the present situation, as well as the characteristics of the resource for exploitation. The model deals with the question of when the resource should be used given that its use today may well prevent it from being available for use later. The analysis provides concepts, theory, applications, and distinctions to promote the understanding strategy aspects of cyber conflict. Case studies include the Stuxnet attack on Iran’s nuclear program, the Iranian cyber attack on the energy firm Saudi Aramco, the persistent cyber espionage carried out by the Chinese military, and an analogous case of economic coercion by China in a dispute with Japan. The effects of the rapidly expanding market for zero-day exploits are also analyzed. The goal of the paper is to promote the understanding of this domain of cyber conflict to mitigate the harm it can do, and harness the capabilities it can provide. PMID:24474752

A Markov game theoretic data fusion approach for cyber situational awareness

NASA Astrophysics Data System (ADS)

Shen, Dan; Chen, Genshe; Cruz, Jose B., Jr.; Haynes, Leonard; Kruger, Martin; Blasch, Erik

2007-04-01

This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level situation/threat assessment (L2/L3) data fusion based on Markov game model and Hierarchical Entity Aggregation (HEA) are proposed to refine the primitive prediction generated by adaptive feature/pattern recognition and capture new unknown features. A Markov (Stochastic) game method is used to estimate the belief of each possible cyber attack pattern. Game theory captures the nature of cyber conflicts: determination of the attacking-force strategies is tightly coupled to determination of the defense-force strategies and vice versa. Also, Markov game theory deals with uncertainty and incompleteness of available information. A software tool is developed to demonstrate the performance of the high level information fusion for cyber network defense situation and a simulation example shows the enhanced understating of cyber-network defense.

Review of Studies of the Economic Impact of the September 11, 2001, Terrorist Attacks on the World Trade Center

DTIC Science & Technology

2002-05-29

of the Budget, • New York City Partnership and Chamber of Commerce , Washington, DC 20548 Report Documentation Page Report Date 29MAY2002 Report Type...700R Impact of Terrorist Attacks on the World Trade Center 10 Eight Studies (cont’d) ! New York City Partnership and Chamber of Commerce , Economic...Center 29 Observations Observations The New York City Partnership and Chamber of Commerce study generated the most comprehensive estimates—direct and

Introducing the Future Now: Using Memetics and Popular Culture to Identify the Post-9/11 Homeland Security Zeitgeist

DTIC Science & Technology

2008-03-01

the case within NCIS. Law and Order: Criminal Intent Episode 30 February 27, 2007 A reporter is poisoned with Polonium - 210 and the FBI joins the... effect did the terrorist attacks on September 11, 2001 have on American culture? One outcome was the emergence of “homeland security” as a new...ABSTRACT What effect did the terrorist attacks on September 11, 2001, have on American culture? One outcome was the emergence of “homeland security” as

The Nation That Cried Lone Wolf: A Data-Driven Analysis of Individual Terrorists in the United States Since 9/11

DTIC Science & Technology

2012-03-01

the “ Underwear Bomber.” He is not classified as a lone-wolf terrorist, although he did operationalize his attack as a lone individual. Abdulmutallab...commencing the attacks. 4. July 2002—Hesham Mohamed Hadayet Hesham Mohamed Hadayet opened fire in Los Angeles International Airport on July 4, 2002...killed Hadayet at the scene. 76 5. October 2002—Steve Kim Postal worker Steve Kim fired seven shots at the United Nations to physically protest

The 2015 and 2016 terrorist attacks in France: was there a short-term impact on hospitalizations for cardiovascular disease?

PubMed

Chatignoux, Edouard; Gabet, Amélie; Moutengou, Elodie; Pirard, Philippe; Motreff, Yvon; Bonaldi, Christophe; Olié, Valérie

2018-01-01

The terrorist attacks in Paris and Nice in 2015 and 2016 generated widespread emotional stress in France. Given that acute emotional stress is a well-known trigger for cardiovascular disease, we investigated whether these attacks had any short-term impact on hospitalizations for acute cardiovascular disease in France. Annual hospital discharge data from 2009 to 2016 were extracted from the French Hospital Discharge Database. All hospitalizations with a primary diagnosis of acute coronary syndrome, heart failure, or stroke were selected. Generalized additive Poisson models were used to differentiate "unusual" variations in daily hospitalization numbers in the 15 days following the attacks from the expected background hospitalization rate. The average daily number of hospitalizations was 396.4 for acute coronary syndrome, 598.6 for heart failure, and 334.6 for stroke. The daily mean number of hospitalizations for heart failure and stroke was higher in the 15 days following each attack compared with the reference periods. However, multivariate analysis showed no significant variation in the risk of hospitalization in the days following the attacks. Watching events unfold on television, no matter how dramatic, was not a sufficiently potent trigger for cardiovascular disease, although it may have led to an increase in hospitalizations for stress or anxiety. The 2015 and 2016 terrorist attacks do not seem to have had any measurable short-term impact on hospitalizations for cardiovascular disease either in the Paris and Nice regions or in the rest of France.

Hybrid Intrusion Forecasting Framework for Early Warning System

NASA Astrophysics Data System (ADS)

Kim, Sehun; Shin, Seong-Jun; Kim, Hyunwoo; Kwon, Ki Hoon; Han, Younggoo

Recently, cyber attacks have become a serious hindrance to the stability of Internet. These attacks exploit interconnectivity of networks, propagate in an instant, and have become more sophisticated and evolutionary. Traditional Internet security systems such as firewalls, IDS and IPS are limited in terms of detecting recent cyber attacks in advance as these systems respond to Internet attacks only after the attacks inflict serious damage. In this paper, we propose a hybrid intrusion forecasting system framework for an early warning system. The proposed system utilizes three types of forecasting methods: time-series analysis, probabilistic modeling, and data mining method. By combining these methods, it is possible to take advantage of the forecasting technique of each while overcoming their drawbacks. Experimental results show that the hybrid intrusion forecasting method outperforms each of three forecasting methods.

[Terrorist attack trauma - an individual entity of polytrauma : A 10-year update].

PubMed

Güsgen, C; Franke, A; Hentsch, S; Kollig, E; Schwab, R

2017-10-01

The incidence of terrorist attacks is increasing worldwide, and they have also become a permanent threat in European cities. Due to its complexity, terrorist attack trauma places high demands on the strategy of surgical treatment. The combination of various mechanisms, explosions and gunshot injuries, with the characteristic pressure (blast) damage and a high proportion of penetrating trauma with simultaneous burns are characteristic features. Unlike in military conflicts, injuries to people of all ages and without ballistic body protection (body armor) are to be expected. The mechanism of the attack and its local conditions are of relevance for the assessment of the situation and the expected injury patterns. Thus, suicide attacks result in several times higher numbers of fatalities and casualties. Explosions on free ground lead to different types of injury than those in closed or semi-enclosed spaces. The treatment principles of the Advanced Trauma Life Support (ATLS®) are based on the intrahospital care of casualties as well as damage control strategies with trigger factors. In order to prepare and educate clinics and surgeons in Germany for such scenarios, various course formats of the professional societies, the German Society for General and Visceral Surgery (DGAV) and the German Society for Trauma Surgery (DGU) have now been established.

Tracking and Analyzing Individual Distress Following Terrorist Attacks Using Social Media Streams.

PubMed

Lin, Yu-Ru; Margolin, Drew; Wen, Xidao

2017-08-01

Risk research has theorized a number of mechanisms that might trigger, prolong, or potentially alleviate individuals' distress following terrorist attacks. These mechanisms are difficult to examine in a single study, however, because the social conditions of terrorist attacks are difficult to simulate in laboratory experiments and appropriate preattack baselines are difficult to establish with surveys. To address this challenge, we propose the use of computational focus groups and a novel analysis framework to analyze a social media stream that archives user history and location. The approach uses time-stamped behavior to quantify an individual's preattack behavior after an attack has occurred, enabling the assessment of time-specific changes in the intensity and duration of an individual's distress, as well as the assessment of individual and social-level covariates. To exemplify the methodology, we collected over 18 million tweets from 15,509 users located in Paris on November 13, 2015, and measured the degree to which they expressed anxiety, anger, and sadness after the attacks. The analysis resulted in findings that would be difficult to observe through other methods, such as that news media exposure had competing, time-dependent effects on anxiety, and that gender dynamics are complicated by baseline behavior. Opportunities for integrating computational focus group analysis with traditional methods are discussed. © 2017 Society for Risk Analysis.

Smart Grid Integrity Attacks: Characterizations and Countermeasures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Annarita Giani; Eilyan Bitar; Miles McQueen

2011-10-01

Real power injections at loads and generators, and real power flows on selected lines in a transmission network are monitored, transmitted over a SCADA network to the system operator, and used in state estimation algorithms to make dispatch, re-balance and other energy management system [EMS] decisions. Coordinated cyber attacks of power meter readings can be arranged to be undetectable by any bad data detection algorithm. These unobservable attacks present a serious threat to grid operations. Of particular interest are sparse attacks that involve the compromise of a modest number of meter readings. An efficient algorithm to find all unobservable attacksmore » [under standard DC load flow approximations] involving the compromise of exactly two power injection meters and an arbitrary number of power meters on lines is presented. This requires O(n2m) flops for a power system with n buses and m line meters. If all lines are metered, there exist canonical forms that characterize all 3, 4, and 5-sparse unobservable attacks. These can be quickly detected in power systems using standard graph algorithms. Known secure phase measurement units [PMUs] can be used as countermeasures against an arbitrary collection of cyber attacks. Finding the minimum number of necessary PMUs is NP-hard. It is shown that p + 1 PMUs at carefully chosen buses are sufficient to neutralize a collection of p cyber attacks.« less

INL@Work Cyber Security

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chaffin, May

May Chaffin is one of many Idaho National Laboratory researchers who are helping secure the nation's critical infrastructure from cyber attacks.Lots more content like this is available at INL's facebook page http://www.facebook.com/idahonationallaboratory.

76 FR 76021 - Critical Infrastructure Protection Month, 2011

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-06

..., we must also address the growing threat cyber attacks present to our transportation networks... action against cyber threats. To ensure the safety of our most vital operations, we are working to give...

Hypergame theory applied to cyber attack and defense

NASA Astrophysics Data System (ADS)

House, James Thomas; Cybenko, George

2010-04-01

This work concerns cyber attack and defense in the context of game theory--specifically hypergame theory. Hypergame theory extends classical game theory with the ability to deal with differences in players' expertise, differences in their understanding of game rules, misperceptions, and so forth. Each of these different sub-scenarios, or subgames, is associated with a probability--representing the likelihood that the given subgame is truly "in play" at a given moment. In order to form an optimal attack or defense policy, these probabilities must be learned if they're not known a-priori. We present hidden Markov model and maximum entropy approaches for accurately learning these probabilities through multiple iterations of both normal and modified game play. We also give a widely-applicable approach for the analysis of cases where an opponent is aware that he is being studied, and intentionally plays to spoil the process of learning and thereby obfuscate his attributes. These are considered in the context of a generic, abstract cyber attack example. We demonstrate that machine learning efficacy can be heavily dependent on the goals and styles of participant behavior. To this end detailed simulation results under various combinations of attacker and defender behaviors are presented and analyzed.

Preparing Schools for Terrorist Attacks.

ERIC Educational Resources Information Center

School Safety, 1991

1991-01-01

Outlines 21 actions, both immediate and over the long term, that administrators can take to protect students and schools from terrorist activities. Includes establishing a chain of command, a command post, a crisis response team, a communications staff, and inservice training. (four references) (MLF)

Challenges in the Protection of US Critical Infrastructure in the Cyber Realm

DTIC Science & Technology

2014-05-22

their nature and motivation and the need to differentiate attacks in case of individual attributions ( criminal , espionage, and hacktivist attack vs ...also difficult to distinguish between acts of war and criminal acts. For example, it is natural for the military to be ambiguous as to whether an...must be addressed. The resultant cyber security issues challenge everyone. This prompts the question, what is the nature of the US military

Effect of 11 September 2001 terrorist attacks in the USA on suicide in areas surrounding the crash sites.

PubMed

Claassen, Cynthia A; Carmody, Thomas; Stewart, Sunita M; Bossarte, Robert M; Larkin, Gregory L; Woodward, Wayne A; Trivedi, Madhukar H

2010-05-01

The terrorist attacks in the USA on 11 September 2001 affected suicide rates in two European countries, whereas overall US rates remained stable. The effect on attack site rates, however, has not been studied. To examine post-attack suicide rates in areas surrounding the three airline crash sites. Daily mortality rates were modelled using time series techniques. Where rate change was significant, both duration and geographic scope were analysed. Around the World Trade Center, post-attack 180-day rates dropped significantly (t = 2.4, P = 0.0046), whereas comparison condition rates remained stable. No change was observed for Pentagon or Flight 93 crash sites. The differential effect by site suggests that proximity may be less important that other event characteristics. Both temporal and geographic aspects of rate fluctuation after sentinel events appear measurable and further analyses may contribute valuable knowledge about how sociological forces affect these rates.

Cyber Warfare as a Form of Conflict: Evaluation of Models of Cyber Conflict as a Prototype to Conceptual Analysis

ERIC Educational Resources Information Center

Liles, Samuel P.

2012-01-01

In April 2007, what has been incorrectly called the first cyber war and since then referred more correctly as a cyber riot, an attack on the domain name systems and the various servers of Estonia occurred. It was perpetrated by ethnic Russians living in Estonia who were incensed by the movement of a bronze war memorial for Russian soldiers to a…

Human Subject Research Protocol: Computer-Aided Human Centric Cyber Situation Awareness: Understanding Cognitive Processes of Cyber Analysts

DTIC Science & Technology

2013-11-01

by existing cyber-attack detection tools far exceeds the analysts’ cognitive capabilities. Grounded in perceptual and cognitive theory , many visual...Processes Inspired by the sense-making theory discussed earlier, we model the analytical reasoning process of cyber analysts using three key...analyst are called “working hypotheses”); each hypothesis could trigger further actions to confirm or disconfirm it. New actions will lead to new

Defense.gov Special Report: Travels With Battaglia - May 2015

Science.gov Websites

hosted a town hall meeting here yesterday. Story More Stories Operation Shower Champions Military Air Station Jacksonville Related Links Biography of Sgt. Maj. Bryan B. Battaglia Operation Shower Terrorists Operation Atlantic Resolve Sexual Assault Prevention Asia-Pacific Rebalance Cyber Strategy News

Moving Secure Software Assurance into Higher Education: A Roadmap for Change

DTIC Science & Technology

2011-06-02

Summarized: The Issue: 6/2/20118 Software defects are currently a fact of life Software defects are avenues of security vulnerabilities that cyber ... criminals , terrorists, or hostile nations can exploit. We (THE ENTIRE INDUSTY) need to change the way we build systems Decrease the number of defects

A framework for linking cybersecurity metrics to the modeling of macroeconomic interdependencies.

PubMed

Santos, Joost R; Haimes, Yacov Y; Lian, Chenyang

2007-10-01

Hierarchical decision making is a multidimensional process involving management of multiple objectives (with associated metrics and tradeoffs in terms of costs, benefits, and risks), which span various levels of a large-scale system. The nation is a hierarchical system as it consists multiple classes of decisionmakers and stakeholders ranging from national policymakers to operators of specific critical infrastructure subsystems. Critical infrastructures (e.g., transportation, telecommunications, power, banking, etc.) are highly complex and interconnected. These interconnections take the form of flows of information, shared security, and physical flows of commodities, among others. In recent years, economic and infrastructure sectors have become increasingly dependent on networked information systems for efficient operations and timely delivery of products and services. In order to ensure the stability, sustainability, and operability of our critical economic and infrastructure sectors, it is imperative to understand their inherent physical and economic linkages, in addition to their cyber interdependencies. An interdependency model based on a transformation of the Leontief input-output (I-O) model can be used for modeling: (1) the steady-state economic effects triggered by a consumption shift in a given sector (or set of sectors); and (2) the resulting ripple effects to other sectors. The inoperability metric is calculated for each sector; this is achieved by converting the economic impact (typically in monetary units) into a percentage value relative to the size of the sector. Disruptive events such as terrorist attacks, natural disasters, and large-scale accidents have historically shown cascading effects on both consumption and production. Hence, a dynamic model extension is necessary to demonstrate the interplay between combined demand and supply effects. The result is a foundational framework for modeling cybersecurity scenarios for the oil and gas sector. A hypothetical case study examines a cyber attack that causes a 5-week shortfall in the crude oil supply in the Gulf Coast area.

Metrics for Assessment of Smart Grid Data Integrity Attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Annarita Giani; Miles McQueen; Russell Bent

2012-07-01

There is an emerging consensus that the nation’s electricity grid is vulnerable to cyber attacks. This vulnerability arises from the increasing reliance on using remote measurements, transmitting them over legacy data networks to system operators who make critical decisions based on available data. Data integrity attacks are a class of cyber attacks that involve a compromise of information that is processed by the grid operator. This information can include meter readings of injected power at remote generators, power flows on transmission lines, and relay states. These data integrity attacks have consequences only when the system operator responds to compromised datamore » by redispatching generation under normal or contingency protocols. These consequences include (a) financial losses from sub-optimal economic dispatch to service loads, (b) robustness/resiliency losses from placing the grid at operating points that are at greater risk from contingencies, and (c) systemic losses resulting from cascading failures induced by poor operational choices. This paper is focused on understanding the connections between grid operational procedures and cyber attacks. We first offer two examples to illustrate how data integrity attacks can cause economic and physical damage by misleading operators into taking inappropriate decisions. We then focus on unobservable data integrity attacks involving power meter data. These are coordinated attacks where the compromised data are consistent with the physics of power flow, and are therefore passed by any bad data detection algorithm. We develop metrics to assess the economic impact of these attacks under re-dispatch decisions using optimal power flow methods. These metrics can be use to prioritize the adoption of appropriate countermeasures including PMU placement, encryption, hardware upgrades, and advance attack detection algorithms.« less

Interdependent Risk and Cyber Security: An Analysis of Security Investment and Cyber Insurance

ERIC Educational Resources Information Center

Shim, Woohyun

2010-01-01

An increasing number of firms rely on highly interconnected information networks. In such environments, defense against cyber attacks is complicated by residual risks caused by the interdependence of information security decisions of firms. IT security is affected not only by a firm's own management strategies but also by those of others. This…

Google and the "Twisted Cyber Spy" Affair: US-Chinese Communication in an Age of Globalization

ERIC Educational Resources Information Center

Hartnett, Stephen John

2011-01-01

The "twisted cyber spy" affair began in 2010, when Google was attacked by Chinese cyber-warriors charged with stealing Google's intellectual property, planting viruses in its computers, and hacking the accounts of Chinese human rights activists. In the ensuing international embroglio, the US mainstream press, corporate leaders, and White…

78 FR 66603 - Critical Infrastructure Security and Resilience Month, 2013

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-05

... shore up our defenses against physical and cyber incidents. In tandem with my Executive Order on... hazards including terrorism and natural disasters, as well as cyber attacks. We must ensure that the...

Posttraumatic stress disorder, alcohol use, and perceived safety after the terrorist attack on the pentagon.

PubMed

Grieger, Thomas A; Fullerton, Carol S; Ursano, Robert J

2003-10-01

The authors examined posttraumatic stress disorder (PTSD), alcohol use, and perceptions of safety in a sample of survivors of the September 11, 2001, terrorist attack on the Pentagon. Analyses were conducted to examine the effect of past traumatic experience, trauma exposure, initial emotional response, and peritraumatic dissociation on probable PTSD, substance use, and perceived safety among 77 survivors seven months after the attack. Eleven respondents (14 percent) had PTSD. Those with PTSD reported higher levels of initial emotional response and peritraumatic dissociation. Ten respondents (13 percent) reported increased use of alcohol. Women were more than five times as likely as men to have PTSD and almost seven times as likely to report increased use of alcohol. Persons with higher peritraumatic dissociation were more likely to develop PTSD and report increased alcohol use. Those with lower perceived safety at seven months had higher initial emotional response and greater peritraumatic dissociation and were more likely to have PTSD, to have increased alcohol use, and to be female. The association of perceived safety with gender, the presence of PTSD, and increased alcohol use among survivors of the terrorist attack on the Pentagon warrants further study.

Cyber Security Threats to Safety-Critical, Space-Based Infrastructures

NASA Astrophysics Data System (ADS)

Johnson, C. W.; Atencia Yepez, A.

2012-01-01

Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infrastructures are vulnerable to a wide range of security threats. The following pages focus on concerns associated with potential cyber-attacks. These are important because future attacks may invalidate many of the safety assumptions that support the provision of critical space-based services. These safety assumptions are based on standard forms of hazard analysis that ignore cyber-security considerations This is a significant limitation when, for instance, security attacks can simultaneously exploit multiple vulnerabilities in a manner that would never occur without a deliberate enemy seeking to damage space based systems and ground infrastructures. We address this concern through the development of a combined safety and security risk assessment methodology. The aim is to identify attack scenarios that justify the allocation of additional design resources so that safety barriers can be strengthened to increase our resilience against security threats.

Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection

NASA Astrophysics Data System (ADS)

Levchuk, Georgiy; Colonna-Romano, John; Eslami, Mohammed

2017-05-01

The United States increasingly relies on cyber-physical systems to conduct military and commercial operations. Attacks on these systems have increased dramatically around the globe. The attackers constantly change their methods, making state-of-the-art commercial and military intrusion detection systems ineffective. In this paper, we present a model to identify functional behavior of network devices from netflow traces. Our model includes two innovations. First, we define novel features for a host IP using detection of application graph patterns in IP's host graph constructed from 5-min aggregated packet flows. Second, we present the first application, to the best of our knowledge, of Graph Semi-Supervised Learning (GSSL) to the space of IP behavior classification. Using a cyber-attack dataset collected from NetFlow packet traces, we show that GSSL trained with only 20% of the data achieves higher attack detection rates than Support Vector Machines (SVM) and Naïve Bayes (NB) classifiers trained with 80% of data points. We also show how to improve detection quality by filtering out web browsing data, and conclude with discussion of future research directions.

Executive Summary

DOE Office of Scientific and Technical Information (OSTI.GOV)

Thomas, James J.; Cook, Kristin A.

2005-05-09

Motivation Our country faces profound challenges that must be addressed in order to ensure our continued freedom and security. As the September 11, 2001, attacks on the Pentagon and World Trade Center illustrate, threats to the United States are present within our borders. On that day, after at least 20 months of planning and preparation, nineteen terrorists hijacked four airliners at three different airports in a coordinated attack. The hijackers crashed two planes into the World Trade Center’s twin towers and one plane into the Pentagon. The fourth plane, intended to attack another U.S. landmark, crashed in a field inmore » Pennsylvania. 2973 people lost their lives as a result of this attack. As the attack unfolded, government agencies and emergency response personnel had to respond in real time to situations for which policies and procedures did not exist. They were forced to assess situations and make decisions under extreme pressure, often without having critical information that would help them save additional lives. [National Commission on Terrorist Attacks, 2004]« less

Surgical management of penetrating thoracic injuries during the Paris attacks on 13 November 2015.

PubMed

Boddaert, Guillaume; Mordant, Pierre; Le Pimpec-Barthes, Françoise; Martinod, Emmanuel; Aguir, Sonia; Leprince, Pascal; Raux, Mathieu; Couëtil, Jean-Paul; Fiore, Antonio; Lescot, Thomas; Malgras, Brice; Pons, François; Castier, Yves

2017-06-01

The Paris terrorist attacks on 13 November 2015 caused 482 casualties, including 130 deaths and 352 wounded. Facing these multisite terrorist attacks, Parisian public and military hospitals simultaneously managed numerous patients with penetrating thoracic injuries. The aim of this study was to analyse this cohort, the injury patterns, and assess the results of this mobilization. The clinical records of all patients admitted to Parisian public and military hospitals with a penetrating thoracic injury related to the Paris 13 November terrorist attacks were reviewed. The study group included 25 patients (7% of the casualties) with a mean age of 34 ± 8 years and a majority of gunshot wounds ( n =  20, 80%). Most patients presented with severe thoracic injury (Abbreviated Injury Score Thorax 3.3 ± 1.2), and also associated non-thoracic injuries in 21 cases (84%). The mean Injury Severity Score was 26.8 ± 9.4. Eight patients (32%) were managed with chest tube insertion and 17 (68%) required thoracic surgery. Lung resection, diaphragmatic repair, and lung suture were performed in 6 (36%), 6 (35%), and 5 cases (29%), respectively. Extra-thoracic surgical procedures were performed in 16 patients, mostly for injuries to the extremities. Postoperative mortality was 12% ( n =  3) and postoperative morbidity was 60% ( n =  15). The coordination of Parisian military and civilian hospitals allowed the surgical management of 25 patients. The mortality is high but consistent with what has been reported in previous series. The current times expose us to the threat of new terrorist attacks and require that the medical community be prepared. © The Author 2017. Published by Oxford University Press on behalf of the European Association for Cardio-Thoracic Surgery. All rights reserved.

Analytical technique to address terrorist threats by chemical weapons of mass destruction

NASA Astrophysics Data System (ADS)

Dempsey, Patrick M.

1997-01-01

Terrorism is no longer an issue without effect on the American mind. We now live with the same concerns and fears that have been commonplace in other developed and third world countries for a long time. Citizens of other countries have long lived with the specter of terrorism and now the U.S. needs to be concerned and prepared for terrorist activities.T he terrorist has the ability to cause great destructive effects by focusing their effort on unaware and unprepared civilian populations. Attacks can range from simple explosives to sophisticated nuclear, chemical and biological weapons. Intentional chemical releases of hazardous chemicals or chemical warfare agents pose a great threat because of their ready availability and/or ease of production, and their ability to cause widespread damage. As this battlefront changes from defined conflicts and enemies to unnamed terrorists, we must implement the proper analytical tools to provide a fast and efficient response. Each chemical uses in a terrorists weapon leaves behind a chemical signature that can be used to identify the materials involved and possibly lead investigators to the source and to those responsible. New tools to provide fast and accurate detection for battlefield chemical and biological agent attack are emerging. Gas chromatography/mass spectrometry (GC/MS) is one of these tools that has found increasing use by the military to respond to chemical agent attacks. As the technology becomes smaller and more portable, it can be used by law enforcement personnel to identify suspected terrorist releases and to help prepare the response; define contaminated areas for evacuation and safety concerns, identify the proper treatment of exposed or affected civilians, and suggest decontamination and cleanup procedures.

Cyber-Informed Engineering

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anderson, Robert S.; Benjamin, Jacob; Wright, Virginia L.

A continuing challenge for engineers who utilize digital systems is to understand the impact of cyber-attacks across the entire product and program lifecycle. This is a challenge due to the evolving nature of cyber threats that may impact the design, development, deployment, and operational phases of all systems. Cyber Informed Engineering is the process by which engineers are made aware of both how to use their engineering knowledge to positively impact the cyber security in the processes by which they architect and design components and the services and security of the components themselves.

No-hardware-signature cybersecurity-crypto-module: a resilient cyber defense agent

NASA Astrophysics Data System (ADS)

Zaghloul, A. R. M.; Zaghloul, Y. A.

2014-06-01

We present an optical cybersecurity-crypto-module as a resilient cyber defense agent. It has no hardware signature since it is bitstream reconfigurable, where single hardware architecture functions as any selected device of all possible ones of the same number of inputs. For a two-input digital device, a 4-digit bitstream of 0s and 1s determines which device, of a total of 16 devices, the hardware performs as. Accordingly, the hardware itself is not physically reconfigured, but its performance is. Such a defense agent allows the attack to take place, rendering it harmless. On the other hand, if the system is already infected with malware sending out information, the defense agent allows the information to go out, rendering it meaningless. The hardware architecture is immune to side attacks since such an attack would reveal information on the attack itself and not on the hardware. This cyber defense agent can be used to secure a point-to-point, point-to-multipoint, a whole network, and/or a single entity in the cyberspace. Therefore, ensuring trust between cyber resources. It can provide secure communication in an insecure network. We provide the hardware design and explain how it works. Scalability of the design is briefly discussed. (Protected by United States Patents No.: US 8,004,734; US 8,325,404; and other National Patents worldwide.)

A European Solution to Islamic Extremism in Western Europe

DTIC Science & Technology

2006-04-14

Physically destroying terrorist organizations (“direct action”) is an effective tool. Where freedom of action and freedom of movement exist, there... effectiveness and sometimes duplicate effort. This paper will explain the growing Islamic extremist threat in Western Europe and present a case for why that...native-born youth franchise al-Qa’ida and execute a terrorist attack that effects a change in government. Terrorists executed a planned and deliberate

Hedging against terrorism: Are US businesses prepared?

PubMed

Kahan, Jerome H

2015-01-01

Private US companies face risks in connection with financial matters, but are not necessarily prepared to cope with risks that can seriously disrupt or even halt their operations, notably terrorist attacks and natural disasters. Enhancing the resilience of businesses when dealing with terrorism is especially challenging, as these groups or individuals can adapt tactics to exploit the vulnerabilities of companies they wish to target. Business managers need to formulate flexible preparedness plans that reduce risks from large-scale natural disasters as well as terrorist attacks. In doing so, they can take advantage of post-9/11 US government guidance for these endeavours as well as programmes that eliminate risks to private insurance entities so they can issue policies that cover terrorist strikes of high consequences. Just as business executives use hedging strategies in the world of finance, they also need operational hedging strategies as a means of exploiting as well as lowering the risks surrounding future uncertainties. Resources devoted to planning and hedging are investments that can increase the odds of businesses surviving and thriving, even if they experience high-impact terrorist attacks, threats or large-scale natural disasters, making suppliers, customers and stakeholders happy. The purpose of this paper is to give executives the incentive to take steps to do just that.

The challenge of protecting transit and passenger rail : understanding how security works against terrorism.

DOT National Transportation Integrated Search

2017-02-01

Terrorists see transit and passenger rail as an attractive target. Designed for public convenience, trains and stations offer terrorists easy access to crowds of people in confined environments where there are minimal security risks and attacks can c...

Carnage interrupted : an analysis of fifteen terrorist plots against public surface transportation.

DOT National Transportation Integrated Search

2012-04-01

This report examines 13 terrorist plots against public surface transportation that were uncovered and foiled by authorities between 1997 and 2010 and two failed attempts to carry out attacks. Certainly, this is not the total universe of foiled or fai...

Agent-Centric Approach for Cybersecurity Decision-Support with Partial Observability

DOE Office of Scientific and Technical Information (OSTI.GOV)

Tipireddy, Ramakrishna; Chatterjee, Samrat; Paulson, Patrick R.

Generating automated cyber resilience policies for real-world settings is a challenging research problem that must account for uncertainties in system state over time and dynamics between attackers and defenders. In addition to understanding attacker and defender motives and tools, and identifying “relevant” system and attack data, it is also critical to develop rigorous mathematical formulations representing the defender’s decision-support problem under uncertainty. Game-theoretic approaches involving cyber resource allocation optimization with Markov decision processes (MDP) have been previously proposed in the literature. Moreover, advancements in reinforcement learning approaches have motivated the development of partially observable stochastic games (POSGs) in various multi-agentmore » problem domains with partial information. Recent advances in cyber-system state space modeling have also generated interest in potential applicability of POSGs for cybersecurity. However, as is the case in strategic card games such as poker, research challenges using game-theoretic approaches for practical cyber defense applications include: 1) solving for equilibrium and designing efficient algorithms for large-scale, general problems; 2) establishing mathematical guarantees that equilibrium exists; 3) handling possible existence of multiple equilibria; and 4) exploitation of opponent weaknesses. Inspired by advances in solving strategic card games while acknowledging practical challenges associated with the use of game-theoretic approaches in cyber settings, this paper proposes an agent-centric approach for cybersecurity decision-support with partial system state observability.« less

Increased Incidence Rate of Trauma- and Stressor-Related Disorders in Denmark After the September 11, 2001, Terrorist Attacks in the United States.

PubMed

Hansen, Bertel T; Østergaard, Søren D; Sønderskov, Kim M; Dinesen, Peter T

2016-10-01

The terrorist attacks that occurred on September 11, 2001 (hereafter referred to as 9/11) in the United States had a profound impact on the physical and mental health of Americans, but the effects beyond the United States are largely unknown. To understand the wider aftermath, we examined the consequences of the 9/11 attacks on mental disorders in the Kingdom of Denmark. Utilizing population data from the Danish Psychiatric Central Research Register from 1995 to 2012, we used a time-series intervention approach to estimate the change in the incidence rate of mental disorders after the 9/11 attacks. Based on analyses of 1,448,250 contacts with psychiatric services, we found that the attacks were followed by an immediate 16% increase in the incidence rate of trauma- and stressor-related disorders. This surge dissipated approximately a year after 9/11. In contrast, no similar increases were found for other disorders. This is consistent with the prominent role of external stressors in the etiology of trauma- and stressor-related disorders. The results indicate that the effects of 9/11 on mental disorders extended across the Atlantic Ocean to Denmark. Thus, the impact of terrorist attacks on mental health is likely not limited to inhabitants of the country under attack; it also extends to people far away and without immediate relation to it. © The Author 2016. Published by Oxford University Press on behalf of the Johns Hopkins Bloomberg School of Public Health. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com.

14 CFR 330.1 - What is the purpose of this part?

Code of Federal Regulations, 2010 CFR

2010-01-01

... Transportation, and any subsequent orders, following the terrorist attacks of September 11, 2001, and incremental losses incurred from September 11 through December 31, 2001, as the result of those attacks. ...

Cyber-Physical Correlations for Infrastructure Resilience: A Game-Theoretic Approach

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S; He, Fei; Ma, Chris Y. T.

In several critical infrastructures, the cyber and physical parts are correlated so that disruptions to one affect the other and hence the whole system. These correlations may be exploited to strategically launch components attacks, and hence must be accounted for ensuring the infrastructure resilience, specified by its survival probability. We characterize the cyber-physical interactions at two levels: (i) the failure correlation function specifies the conditional survival probability of cyber sub-infrastructure given the physical sub-infrastructure as a function of their marginal probabilities, and (ii) the individual survival probabilities of both sub-infrastructures are characterized by first-order differential conditions. We formulate a resiliencemore » problem for infrastructures composed of discrete components as a game between the provider and attacker, wherein their utility functions consist of an infrastructure survival probability term and a cost term expressed in terms of the number of components attacked and reinforced. We derive Nash Equilibrium conditions and sensitivity functions that highlight the dependence of infrastructure resilience on the cost term, correlation function and sub-infrastructure survival probabilities. These results generalize earlier ones based on linear failure correlation functions and independent component failures. We apply the results to models of cloud computing infrastructures and energy grids.« less

An assessment of the cyber security legislation and its impact on the United States electrical sector

NASA Astrophysics Data System (ADS)

Born, Joshua

The purpose of this research was to examine the cyber-security posture for the United States' electrical grid, which comprises a major component of critical infrastructure for the country. The United States electrical sector is so vast, that the Department of Homeland Security (DHS) estimates, it contains more than 6,413 power plants (this includes 3,273 traditional electric utilities and 1,738 nonutility power producers) with approximately 1,075 gigawatts of energy produced on a daily basis. A targeted cyber-security attack against the electric grid would likely have catastrophic results and could even serve as a precursor to a physical attack against the United States. A recent report by the consulting firm Black and Veatch found that one of the top five greatest concerns for United States electric utilities is the risk that cybersecurity poses to their industry and yet, only one-third state they are currently prepared to meet the increasingly likely threat. The report goes on to state, "only 32% of electric utilities surveyed had integrated security systems with the proper segmentation, monitoring and redundancies needed for cyber threat protection. Another 48 % said they did not" Recent estimates indicate that a large-scale cyber-attack against this sector could cost the United States economy as much as a trillion dollars within a weeks' time. Legislative efforts in the past have primarily been focused on creating mandates that encourage public and private partnership, which have been not been adopted as quickly as desired. With 85 % of all electric utilities being privately owned, it is key that the public and private sector partner in order to mitigate risks and respond as a cohesive unit in the event of a major attack. Keywords: Cybersecurity, Professor Riddell, cyber security, energy, intelligence, outlook, electrical, compliance, legislation, partnerships, critical infrastructure.

Was there unmet mental health need after the September 11, 2001 terrorist attacks?

PubMed

Stuber, Jennifer; Galea, Sandro; Boscarino, Joseph A; Schlesinger, Mark

2006-03-01

This study examined the use of professionals for mental health problems among New York City residents who were directly affected by the September 11, 2001 terrorist attacks on the World Trade Center (WTC) or had a probable diagnosis of post-traumatic stress disorder (PTSD) or depression in its aftermath. Correlates of help seeking from professionals for mental health problems after the attacks and barriers to care were also assessed. Data were from a random digit dial telephone survey of 2,752 adults representative of the Greater New York Metropolitan area conducted 6 months after the September 11 terrorist attacks. Fifteen percent of those directly affected and 36% of those with probable PTSD or depression sought help from a professional for a mental health problem after the attacks. There was little new utilization of professionals for mental health problems after the attacks among persons who were not already receiving care prior to September 11. Barriers that prevented people from seeking help for mental health problems 6 months after the September 11 attacks included traditional barriers to care (e.g., cost) and barriers that are unique to the post-disaster context (e.g., the belief that others need the services more than oneself). This study suggests that there was potential unmet mental health need in New York City 6 months after the September 11 attacks on the WTC, but these findings should be tempered by research showing an apparent decrease in population-rates of PTSD. In the aftermath of a disaster, interventions should target persons with mental health needs who were not previously seeking help from a professional for a mental health problem.

SURVIVABILITY THROUGH OPTIMIZING RESILIENT MECHANISMS (STORM)

DTIC Science & Technology

2017-04-01

STATEMENT Approved for Public Release; Distribution Unlimited. PA# 88ABW-2017-0894 Date Cleared: 07 Mar 2017 13. SUPPLEMENTARY NOTES 14. ABSTRACT Game ...quantitatively about cyber-attacks. Game theory is the branch of applied mathematics that formalizes strategic interaction among intelligent rational agents...mechanism based on game theory. This work has applied game theory to numerous cyber security problems: cloud security, cyber threat information sharing

R&D100 Finalist: Neuromorphic Cyber Microscope

DOE Office of Scientific and Technical Information (OSTI.GOV)

Follett, David; Naegle, John; Suppona, Roger

The Neuromorphic Cyber Microscope provides security analysts with unprecedented visibility of their network, computer and storage assets. This processor is the world's first practical implementation of neuromorphic technology to a major computer science mission. Working with Lewis Rhodes Labs, engineers at Sandia National Laboratories have created a device that is orders of magnitude faster at analyzing data to identify cyber-attacks.

Resilience of Cyber Systems with Over- and Underregulation.

PubMed

Gisladottir, Viktoria; Ganin, Alexander A; Keisler, Jeffrey M; Kepner, Jeremy; Linkov, Igor

2017-09-01

Recent cyber attacks provide evidence of increased threats to our critical systems and infrastructure. A common reaction to a new threat is to harden the system by adding new rules and regulations. As federal and state governments request new procedures to follow, each of their organizations implements their own cyber defense strategies. This unintentionally increases time and effort that employees spend on training and policy implementation and decreases the time and latitude to perform critical job functions, thus raising overall levels of stress. People's performance under stress, coupled with an overabundance of information, results in even more vulnerabilities for adversaries to exploit. In this article, we embed a simple regulatory model that accounts for cybersecurity human factors and an organization's regulatory environment in a model of a corporate cyber network under attack. The resulting model demonstrates the effect of under- and overregulation on an organization's resilience with respect to insider threats. Currently, there is a tendency to use ad-hoc approaches to account for human factors rather than to incorporate them into cyber resilience modeling. It is clear that using a systematic approach utilizing behavioral science, which already exists in cyber resilience assessment, would provide a more holistic view for decisionmakers. © 2016 Society for Risk Analysis.

Communicating about the Risks of Terrorism (or Anything Else)

ERIC Educational Resources Information Center

Fischhoff, Baruch

2011-01-01

Communication is essential to preventing terrorists from achieving their objectives. Effective communication can reduce terrorists' chances of mounting successful operations, creating threats that disrupt everyday life, and undermining the legitimacy of the societies that they attack. Psychological research has essential roles to play in that…

Carnage interrupted : an analysis of fifteen terrorist plots against public surface transportation [research brief].

DOT National Transportation Integrated Search

2012-04-01

Since 1997, terrorists have focused much attention on public surface transportation as a target for attacks. Many of the plots have failed or been foiled, but those that have succeeded have resulted in large numbers of casualties and caused widesprea...

3 CFR 8760 - Proclamation 8760 of November 30, 2011. Critical Infrastructure Protection Month, 2011

Code of Federal Regulations, 2012 CFR

2012-01-01

..., we must also address the growing threat cyber attacks present to our transportation networks... action against cyber threats. To ensure the safety of our most vital operations, we are working to give...

Security awareness for public bus transportation : case studies of attacks against the Israeli public bus system [research brief].

DOT National Transportation Integrated Search

2012-03-01

Government regulators and transportation operators of public bus systems are concerned about terrorist attacks. Bus attacks in Israel between late September 2000 and the end of 2006, a period known as the Second Intifada, are particularly well known....

Cyber risk and privacy liability: a click in the right direction?

PubMed

McDonough, William J

2007-01-01

Cyber risk and privacy exposure exert an impact upon virtually every aspect of a healthcare organization (HCO)--assets, clinical operations, finances and reputation. Exposure is enterprise-wide and includes risk to both physical and non-physical assets in increasing degrees. The consequences of a cyber attack or privacy breach could be operationally and financially catastrophic, so an HCO's move toward an enterprise-wide approach at identifying and minimizing risk, cyber and privacy liability should be on the radar screen for risk managers and leadership.

Expanding the Department of Defense’s Role in Cyber Civil Support

DTIC Science & Technology

2011-06-17

vulnerability of this very crucial domain. They include the Y2K problem, the Estonia cyber-attacks in 2007, and the role of cyber in the Russian-Georgia...cyber security vulnerabilities associated with critical infrastructure. The Year 2000 Challenge The Year 2000 ( Y2K ) problem was the result of...and microprocessors failed to make the correct transition from 1999 to 2000.19 One of the most critical concerns with Y2K was the potential cascading

Reasoning about emotional contents following shocking terrorist attacks: a tale of three cities.

PubMed

Blanchette, Isabelle; Richards, Anne; Melnyk, Laura; Lavda, Anastasia

2007-03-01

The authors examined reasoning following the terrorist attacks carried out in London in July 2005. They tested participants in London (United Kingdom), Manchester (United Kingdom), and London (Canada) within 1 week of the attacks and again 6 months later. Participants reasoned about syllogisms of 3 types: neutral, generally emotional, and emotionally related to terrorism. Participants also provided self-reports of emotion and risk estimates. Participants generally reasoned more accurately on neutral problems, compared with generally emotional and terrorism-related problems. However, participants in London (United Kingdom) provided more logically valid answers when reasoning about problems related to terrorism and were less likely to answer on the basis of beliefs, despite reporting higher levels of emotions. ((c) 2007 APA, all rights reserved).

An evaluation of security measures implemented to address physical threats to water infrastructure in the state of Mississippi.

PubMed

Barrett, Jason R; French, P Edward

2013-01-01

The events of September 11, 2001, increased and intensified domestic preparedness efforts in the United States against terrorism and other threats. The heightened focus on protecting this nation's critical infrastructure included legislation requiring implementation of extensive new security measures to better defend water supply systems against physical, chemical/biological, and cyber attacks. In response, municipal officials have implemented numerous safeguards to reduce the vulnerability of these systems to purposeful intrusions including ongoing vulnerability assessments, extensive personnel training, and highly detailed emergency response and communication plans. This study evaluates fiscal year 2010 annual compliance assessments of public water systems with security measures that were implemented by Mississippi's Department of Health as a response to federal requirements to address these potential terrorist threats to water distribution systems. The results show that 20 percent of the water systems in this state had at least one security violation on their 2010 Capacity Development Assessment, and continued perseverance from local governments is needed to enhance the resiliency and robustness of these systems against physical threats.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hoffman, B.

This report examines recent trends and future prospects of terrorism in the United States and assesses their implications for the possibility of a terrorist group attempting an act of nuclear terrorism involving either the theft of a weapons system or strategic nuclear material or an attack on a weapons facility. An emerging trend of ideologically motivated terrorism by groups espousing white supremacist and anti-federalist beliefs or opposing specific issues such as abortion has largely supplanted the ethnic centered violence that dominated earlier domestic terrorist activity. The threat to U.S. nuclear weapons facilities from unknown terrorist groups in this country cannotmore » be considered high at this time. There is no evidence to suggest that any of the organizations reviewed in this study have seriously contemplated a nuclear-related act, nor is there any indication that any group is poised to undertake such an attack in the future. Nevertheless, trends in the terrorist activities of certain groups must be considered in the context of possible operations directed against nuclear weapons sites. Members of these groups are considerably more skilled with weapons than are other terrorist in this country, they possess large stockpiles of sophisticated weapons, they are well trained guerrilla warfare and survival techniques, and they possess an apocalyptic vision of the future-factors that make them the most likely domestic terrorists to attempt an act of nuclear terrorism. In sum, while the volume of annual terrorist incidents in the United States is relatively small, the emerging trends merit intensive and continuing attention.« less

Index of cyber integrity

NASA Astrophysics Data System (ADS)

Anderson, Gustave

2014-05-01

Unfortunately, there is no metric, nor set of metrics, that are both general enough to encompass all possible types of applications yet specific enough to capture the application and attack specific details. As a result we are left with ad-hoc methods for generating evaluations of the security of our systems. Current state of the art methods for evaluating the security of systems include penetration testing and cyber evaluation tests. For these evaluations, security professionals simulate an attack from malicious outsiders and malicious insiders. These evaluations are very productive and are able to discover potential vulnerabilities resulting from improper system configuration, hardware and software flaws, or operational weaknesses. We therefore propose the index of cyber integrity (ICI), which is modeled after the index of biological integrity (IBI) to provide a holistic measure of the health of a system under test in a cyber-environment. The ICI provides a broad base measure through a collection of application and system specific metrics. In this paper, following the example of the IBI, we demonstrate how a multi-metric index may be used as a holistic measure of the health of a system under test in a cyber-environment.

75 FR 65556 - Designation of Two Individuals Pursuant to Executive Order 13224

Federal Register 2010, 2011, 2012, 2013, 2014

2010-10-25

... Who Commit, Threaten To Commit, or Support Terrorism.'' DATES: The designation by the Director of OFAC... Order, the President declared a national emergency to address grave acts of terrorism and threats of terrorism committed by foreign terrorists, including the September 11, 2001, terrorist attacks in New York...

76 FR 37891 - Designation of Four Individuals Pursuant to Executive Order 13224

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-28

... Who Commit, Threaten To Commit, or Support Terrorism.'' DATES: The designations by the Director of... Order, the President declared a national emergency to address grave acts of terrorism and threats of terrorism committed by foreign terrorists, including the September 11, 2001 terrorist attacks in New York...

When Terrorists Strike: What School Counselors Can Do. ERIC Digest.

ERIC Educational Resources Information Center

Juhnke, Gerald A.

Terrorist attacks in New York City and Washington, DC, and the continued threats of terrorism have the potential to engender negative psychological effects upon school age children and their families. School counselors and mental health professionals working with children need to be knowledgeable regarding interventions which allow students to…

Terrorism and Schools. Fact Sheet

ERIC Educational Resources Information Center

Arkansas Safe Schools Initiative Division, 2003

2003-01-01

Since September 11, 2001, Americans have experienced a heightened sense of awareness and consciousness over the threat of terrorism against the United States. Terrorism experts agree that a terrorist attack on a school is a viable option for Al Qaeda and other terrorist organizations. In response to this threat, the National Association of School…

76 FR 59488 - Designation of Three Individuals Pursuant to Executive Order 13224

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-26

... Who Commit, Threaten To Commit, or Support Terrorism.'' DATES: The designations by the Director of... Order, the President declared a national emergency to address grave acts of terrorism and threats of terrorism committed by foreign terrorists, including the September 11, 2001 terrorist attacks in New York...

75 FR 44312 - Designation of Three Individuals Pursuant to Executive Order 13224

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-28

... Who Commit, Threaten To Commit, or Support Terrorism.'' DATES: The designation by the Director of OFAC..., the President declared a national emergency to address grave acts of terrorism and threats of terrorism committed by foreign terrorists, including the September 11, 2001, terrorist attacks in New York...

3 CFR 9047 - Proclamation 9047 of October 31, 2013. Critical Infrastructure Security and Resilience Month, 2013

Code of Federal Regulations, 2014 CFR

2014-01-01

... defenses against physical and cyber incidents. In tandem with my Executive Order on cybersecurity, this... natural disasters, as well as cyber attacks. We must ensure that the Federal Government works with all...

A comprehensive Network Security Risk Model for process control networks.

PubMed

Henry, Matthew H; Haimes, Yacov Y

2009-02-01

The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

Governance and Risk Management of Network and Information Security: The Role of Public Private Partnerships in Managing the Existing and Emerging Risks

NASA Astrophysics Data System (ADS)

Navare, Jyoti; Gemikonakli, Orhan

Globalisation and new technology has opened the gates to more security risks. As the strategic importance of communication networks and information increased, threats to the security and safety of communication infrastructures, as well as information stored in and/or transmitted increased significantly. The development of the self replicating programmes has become a nightmare for Internet users. Leading companies, strategic organisations were not immune to attacks; they were also "hacked" and overtaken by intruders. Incidents of recent years have also shown that national/regional crisis may also trigger cyber attacks at large scale. Experts forecast that cyber wars are likely to take the stage as tension mounts between developed societies. New risks such as cyber-attacks, network terrorism and disintegration of traditional infrastructures has somewhat blurred the boundaries of operation and control. This paper seeks to consider the risk management and governance and looking more specifically at implications for emerging economies.

Précis of the myth of martyrdom: what really drives suicide bombers, rampage shooters, and other self-destructive killers.

PubMed

Lankford, Adam

2014-08-01

For years, scholars have claimed that suicide terrorists are not suicidal, but rather psychologically normal individuals inspired to sacrifice their lives for an ideological cause, due to a range of social and situational factors. I agree that suicide terrorists are shaped by their contexts, as we all are. However, I argue that these scholars went too far. In The Myth of Martyrdom: What Really Drives Suicide Bombers, Rampage Shooters, and Other Self-Destructive Killers, I take the opposing view, based on my in-depth analyses of suicide attackers from Asia, Africa, Europe, the Middle East, and North America; attackers who were male, female, young, old, Islamic, and Christian; attackers who carried out the most deadly and the least deadly strikes. I present evidence that in terms of their behavior and psychology, suicide terrorists are much like others who commit conventional suicides, murder-suicides, or unconventional suicides where mental health problems, personal crises, coercion, fear of an approaching enemy, or hidden self-destructive urges play a major role. I also identify critical differences between suicide terrorists and those who have genuinely sacrificed their lives for a greater good. By better understanding suicide terrorists, experts in the behavioral and brain sciences may be able to pioneer exciting new breakthroughs in security countermeasures and suicide prevention. And even more ambitiously, by examining these profound extremes of the human condition, perhaps we can more accurately grasp the power of the human survival instinct among those who are actually psychologically healthy.

Finite Energy and Bounded Attacks on Control System Sensor Signals

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

Control system networks are increasingly being connected to enterprise level networks. These connections leave critical industrial controls systems vulnerable to cyber-attacks. Most of the effort in protecting these cyber-physical systems (CPS) has been in securing the networks using information security techniques and protection and reliability concerns at the control system level against random hardware and software failures. However, besides these failures the inability of information security techniques to protect against all intrusions means that the control system must be resilient to various signal attacks for which new analysis and detection methods need to be developed. In this paper, sensor signalmore » attacks are analyzed for observer-based controlled systems. The threat surface for sensor signal attacks is subdivided into denial of service, finite energy, and bounded attacks. In particular, the error signals between states of attack free systems and systems subject to these attacks are quantified. Optimal sensor and actuator signal attacks for the finite and infinite horizon linear quadratic (LQ) control in terms of maximizing the corresponding cost functions are computed. The closed-loop system under optimal signal attacks are provided. Illustrative numerical examples are provided together with an application to a power network with distributed LQ controllers.« less

Data to DecisionsTerminate, Tolerate, Transfer, or Treat

DTIC Science & Technology

2016-07-25

and patching, a risk-based cyber - security decision model that enables a pre- dictive capability to respond to impending cyber -attacks is needed...States. This sensitive data includes business proprietary information on key programs of record and infrastructure, including government documents at...leverage nationally. The Institute for Defense Analyses (IDA) assisted the DoD CIO in formalizing a proof of concept for cyber initiatives and

Operationalizing Army Cyber

DTIC Science & Technology

2013-03-01

killed just under 3,000 people and cost the U.S. economy somewhere between three and five trillion dollars. The Japanese attacked with a state... economy , and military readiness. The challenge is to design an Army Cyber force that can support the United States Cyber Command (USCYBERCOM) national...still keeps the intelligence and signal functions separate in most units today from battalion to echelon above Corps ( EAC ). There are many past reasons

A Physicist Looks at the Terrorist Threat

NASA Astrophysics Data System (ADS)

Muller, Richard

2009-05-01

Many people fear a terrorist nuclear device, smuggled into the United States, as the one weapon that could surpass the destruction and impact of 9-11. I'll review the design of nuclear weapons, with emphasis on the kinds that can be developed by rogue nations, terrorist groups, and high-school students. Saddam, prior to the first gulf war, was developing a uranium bomb, similar to the one that destroyed Hiroshima. His calutrons (named after my university) were destroyed by the United Nations. The North Korean nuclear weapon was, like the U.S. bomb used on Nagasaki, based on plutonium. Its test released the energy equivalent of about 400 tons of TNT. Although some people have speculated that they were attempting to build a small bomb, it is far more likely that this weapon was a fizzle, with less than 1 percent of the plutonium exploded. In contrast, the energy released from burning jet fuel at the 9-11 World Trade Center attack was the equivalent of 900 tons of TNT for each plane -- over twice that of the North Korean Nuke. The damage came from the fact that gasoline delivers 10 kilocalories per gram, about 15 times the energy of an equal weight of TNT. It is this huge energy per gram that also accounts for our addiction to gasoline; per gram, high performance lithium-ion computer batteries carry only 1 percent as much energy. A dirty bomb (radiological weapon) is also unattractive to terrorists because of the threhold effect: doses less than 100 rem produce no radiation illness and will leave no dead bodies at the scene. That may be why al Qaeda instructed Jose Padilla to abandon his plans for a dirty bomb attack in Chicago, and to try a fossil fuel attack (natural gas) instead. I will argue that the biggest terrorist threat is the conventional low-tech one, such as an airplane attack on a crowded stadium using the explosive fuel that they can legally buy at the corner station.

How Belfius Bank's response to the terrorist attacks in Brussels helped embed business continuity in the company culture.

PubMed

Jappens, Ludo

2017-01-01

Until 2015, major terrorist incidents in Belgium were considered a 'black swan'. However, the suicide attacks in Paris on 13th November, 2015 provided a wake-up call. Investigations revealed that the raid was prepared in Belgium by jihadists who grew up in Brussels and was coordinated by Belgian ISIS fighters in Syria. In an instant, it became clear that terror had been embedded in Belgian society and could erupt at any moment. At Belfius Bank Belgium, the subsequent months were a rollercoaster ride of terrorist-related events. Business activities were strongly affected, as the company's head office is located in the centre of Brussels. This paper focuses on the way Belfius responded to the events and how the lessons learned have helped to improve its business continuity and crisis management capability.

Long-term memory for the terrorist attack of September 11: Flashbulb memories, event memories, and the factors that influence their retention

PubMed Central

Hirst, William; Phelps, Elizabeth A.; Buckner, Randy L.; Budson, Andrew E.; Cuc, Alexandru; Gabrieli, John D. E.; Johnson, Marcia K.; Lyle, Keith B.; Lustig, Cindy; Mather, Mara; Meksin, Robert; Mitchell, Karen J.; Ochsner, Kevin N.; Schacter, Daniel L.; Simons, Jon S.; Vaidya, Chandan J.

2010-01-01

More than 3,000 individuals from seven US cities reported on their memories of learning of the terrorist attacks of September 11, as well as details about the attack, one week, 11 months, and/or 35 months after the assault. Some studies of flashbulb memories examining long-term retention show slowing in the rate of forgetting after a year, whereas others demonstrate accelerated forgetting. The present paper indicates that (1) the rate of forgetting for flashbulb memories and event memory (memory for details about the event itself) slows after a year, (2) the strong emotional reactions elicited by flashbulb events are remembered poorly, worse than non-emotional features such as where and from whom one learned of the attack, and (3) the content of flashbulb and event memories stabilizes after a year. The results are discussed in terms of community memory practices. PMID:19397377

DCT-based cyber defense techniques

NASA Astrophysics Data System (ADS)

Amsalem, Yaron; Puzanov, Anton; Bedinerman, Anton; Kutcher, Maxim; Hadar, Ofer

2015-09-01

With the increasing popularity of video streaming services and multimedia sharing via social networks, there is a need to protect the multimedia from malicious use. An attacker may use steganography and watermarking techniques to embed malicious content, in order to attack the end user. Most of the attack algorithms are robust to basic image processing techniques such as filtering, compression, noise addition, etc. Hence, in this article two novel, real-time, defense techniques are proposed: Smart threshold and anomaly correction. Both techniques operate at the DCT domain, and are applicable for JPEG images and H.264 I-Frames. The defense performance was evaluated against a highly robust attack, and the perceptual quality degradation was measured by the well-known PSNR and SSIM quality assessment metrics. A set of defense techniques is suggested for improving the defense efficiency. For the most aggressive attack configuration, the combination of all the defense techniques results in 80% protection against cyber-attacks with PSNR of 25.74 db.

Sensitive But Unclassified Information and Other Controls: Policy and Options for Scientific and Technical Information

DTIC Science & Technology

2006-12-29

access to scientific and technical information (S& T ) for legitimate uses while protecting it from potential terrorists poses difficult policy choices...September 11, 2001 terrorist attacks, controls increasingly have been placed on some unclassified research and S& T information, including that used to...identify SBU information, especially S& T information; how to keep it from terrorists, while allowing access for those who need to use it; and how to

Jemaah Islamiyah: Reevaluating the Most Dangerous Terrorist Threat in Southeast Asia

DTIC Science & Technology

2010-12-01

why some terrorist groups last longer than others, namely “ideological motivation , economic conditions, regime type, the size of groups, and/or the...States Air Force, RAND Corporation and Project Air Force (U.S.), The Dynamic Terrorist Threat: An Assessment of Group Motivations and Capabilities in a...in 2003 and 2004, then shifted tactics from car bombs to backpack bombs for their 2005 and 2009 attacks.58 Their operatives received safe haven and

SecureCPS: Defending a nanosatellite cyber-physical system

NASA Astrophysics Data System (ADS)

Forbes, Lance; Vu, Huy; Udrea, Bogdan; Hagar, Hamilton; Koutsoukos, Xenofon D.; Yampolskiy, Mark

2014-06-01

Recent inexpensive nanosatellite designs employ maneuvering thrusters, much as large satellites have done for decades. However, because a maneuvering nanosatellite can threaten HVAs on-­orbit, it must provide a level of security typically reserved for HVAs. Securing nanosatellites with maneuvering capability is challenging due to extreme cost, size, and power constraints. While still in the design process, our low-­cost SecureCPS architecture promises to dramatically improve security, to include preempting unknown binaries and detecting abnormal behavior. SecureCPS also applies to a broad class of cyber-­physical systems (CPS), such as aircraft, cars, and trains. This paper focuses on Embry-­Riddle's ARAPAIMA nanosatellite architecture, where we assume any off-­the-­shelf component could be compromised by a supply chain attack.1 Based on these assumptions, we have used Vanderbilt's Cyber Physical -­ Attack Description Language (CP-­ADL) to represent realistic attacks, analyze how these attacks propagate in the ARAPAIMA architecture, and how to defeat them using the combination of a low-­cost Root of Trust (RoT) Module, Global InfoTek's Advanced Malware Analysis System (GAMAS), and Anomaly Detection by Machine Learning (ADML).2 Our most recent efforts focus on refining and validating the design of SecureCPS.

Counterterrorism Tactics: A Model of Cell Dynamics

DTIC Science & Technology

2007-06-01

STUDIES...........................................................................................................5 A. MILLENNIAL BOMBING...conducts primary research into the following three thwarted terrorist attacks: 1) the Brooklyn Bridge attack by Iyman Faris, 2) the Millennial Bombings at...the end of this paper. A. MILLENNIAL BOMBING The attempted attack on the Los Angeles airport in 1999 was primarily carried out by Ahmad Ressam

Legality in Cyberspace: An Adversary View

DTIC Science & Technology

2014-03-01

Internet, one might assume that Russia would represent an implacably hostile environment for cyber criminals . Yet the Russian Federation has become one...figures. The reason, while unspoken, is largely understood. Russian cyber criminals are free . . . provided the tar- 19 get of [their] attacks are

Who can I trust? Extended fear during and after the Utøya terrorist attack.

PubMed

Filkuková, Petra; Hafstad, Gertrud Sofie; Jensen, Tine K

2016-07-01

The aim of the study was to investigate specific peritraumatic reactions among adolescent and young adult survivors of the 2011 terrorist attack on Utøya Island, Norway. The authors focused specifically on a phenomenon that has so far not been thoroughly investigated: fear of nondangerous stimuli ("extended fear") during and immediately after the traumatic event. In total, 325 survivors of the shooting on Utøya Island were interviewed 4-5 months after the attack and provided a free narrative of the event. Posttraumatic stress symptoms were assessed using the UCLA PTSD Reaction Index; depression and anxiety were assessed using HSCL-8. For the purpose of the current study, the authors chose participants who were under the age of 26 at the time of the terrorist attack (M = 18.4 years), which constituted the vast majority of the total sample (93%). The authors found that 54% of the sample felt threatened during and immediately after the attack, not only by the perpetrator himself, but by other people as well; in most cases by people who came to help them (medical personnel, policemen, volunteers). The participants who mentioned experiencing extended fear in their trauma narratives had significantly higher scores of posttraumatic stress symptoms, anxiety, and depression 5 months after the attack than participants who did not peritraumatically experience extended fear. Early detection of extended fear can help in identifying individuals who will later develop symptomatology. In addition, knowledge of the phenomenon could help policemen and medical personnel understand survivors' seemingly irrational reactions. (PsycINFO Database Record (c) 2016 APA, all rights reserved).

Current and Projected National Security Threats to the United States. Hearing before the Select Committee on Intelligence of the United States Senate, One Hundred Eleventh Congress, Second Session

DTIC Science & Technology

2010-02-02

attacks at Fort Hood and the Little Rock recruiting station to the failed attack on Christmas Day, we have seen an alarming number of terrorist threats...performances, so we must create new methods and tradecraft to recognize terror threats we haven’t seen before. Unfortunately, the process of intelligence...about al-Qa’ida itself, al-Qa’ida-associated groups and al-Qa’ida-inspired terrorists striking the United States. And we’ve seen the reality of all

The disaster was my fault!

PubMed

Robertson, Mary M; Cavanna, Andrea E

2007-10-01

We report the case of a child affected by Gilles de la Tourette syndrome and comorbid obsessive-compulsive disorder who claimed to have caused the September 11, 2001 terrorist attacks in the United States by failing to accomplish a stereotyped compulsive ritual. Special attention is paid to the relationship between the patient's neuropsychiatric symptoms and the belief that he personally had influenced the outcome of an internationally notorious disaster. Prognostic and treatment implications are also presented, along with a review of the literature on the clinical and psychosocial impact of terrorist attacks and natural disasters on children suffering from neuropsychiatric disorders.

Providing security assurance in line with national DBT assumptions

NASA Astrophysics Data System (ADS)

Bajramovic, Edita; Gupta, Deeksha

2017-01-01

As worldwide energy requirements are increasing simultaneously with climate change and energy security considerations, States are thinking about building nuclear power to fulfill their electricity requirements and decrease their dependence on carbon fuels. New nuclear power plants (NPPs) must have comprehensive cybersecurity measures integrated into their design, structure, and processes. In the absence of effective cybersecurity measures, the impact of nuclear security incidents can be severe. Some of the current nuclear facilities were not specifically designed and constructed to deal with the new threats, including targeted cyberattacks. Thus, newcomer countries must consider the Design Basis Threat (DBT) as one of the security fundamentals during design of physical and cyber protection systems of nuclear facilities. IAEA NSS 10 describes the DBT as "comprehensive description of the motivation, intentions and capabilities of potential adversaries against which protection systems are designed and evaluated". Nowadays, many threat actors, including hacktivists, insider threat, cyber criminals, state and non-state groups (terrorists) pose security risks to nuclear facilities. Threat assumptions are made on a national level. Consequently, threat assessment closely affects the design structures of nuclear facilities. Some of the recent security incidents e.g. Stuxnet worm (Advanced Persistent Threat) and theft of sensitive information in South Korea Nuclear Power Plant (Insider Threat) have shown that these attacks should be considered as the top threat to nuclear facilities. Therefore, the cybersecurity context is essential for secure and safe use of nuclear power. In addition, States should include multiple DBT scenarios in order to protect various target materials, types of facilities, and adversary objectives. Development of a comprehensive DBT is a precondition for the establishment and further improvement of domestic state nuclear-related regulations in the field of physical and cyber protection. These national regulations have to be met later on by I&C platform suppliers, electrical systems suppliers, system integrators and turn-key providers.

Relevance of terrorism for Italian students not directly exposed to it: The affective impact of the 2015 Paris and the 2016 Brussels attacks.

PubMed

Raccanello, Daniela; Burro, Roberto; Brondino, Margherita; Pasini, Margherita

2018-04-01

Notwithstanding the dramatically increasing frequency of acts of terrorism in Europe and the extent of their media coverage, there is lack of knowledge on people's affective reactions and associated emotion regulation strategies. We explored the affective impact on two cohorts of Italian students (n = 193) possibly exposed vicariously through the mass media to the 2015 Paris or the 2016 Brussels terrorist attacks, respectively. We accessed data from three online questionnaires: one on emotion regulation administered before each attack; one on daily affect administered just before and after each attack; and one on causes of weekly affect and life satisfaction administered at the end of the week in which each attack occurred. The attacks were perceived as relevant for influencing negative affect for 22% of the students. For them, suppression-less frequently used than reappraisal-was associated with an improvement of affect after each attack but negatively related to life satisfaction concerning the week in which the attacks occurred. Our data showed that the recent terrorist attacks occurring in Europe had an affective impact on people at some distance who were vicariously exposed and point to the protective role of emotion regulation as a key resource for individuals' well-being. Copyright © 2017 John Wiley & Sons, Ltd.

Warfighting in Cyberspace

DTIC Science & Technology

2007-01-01

warfare ). Although the defensive elements of IO and cyber warfare are important, to narrow the scope of our thesis, the remainder of the argu- ment...adversary decisions away from taking action against our will. Now, let us contrast IO doctrine with what we propose for cyber warfare . The focus of... cyber warfare is on using cyberspace (by operating within or through it) to attack personnel, facilities, or equipment with the intent of degrading

Fears of American Children Following Terrorism

ERIC Educational Resources Information Center

Burnham, Joy J.; Hooper, Lisa M.

2008-01-01

Two months after 9/11, the fears of children and adolescents in Grades 2-12 were examined utilizing the American Fear Survey Schedule for Children and Adolescents (FSSC-AM). Fear intensity scores and age and gender differences are reported. Terrorist-related content on the FSSC-AM (e.g., terrorist attacks, our country being invading by enemies)…

Psychosocial predictors of resilience after the September 11, 2001 terrorist attacks.

PubMed

Butler, Lisa D; Koopman, Cheryl; Azarow, Jay; Blasey, Christine M; Magdalene, Juliette C; DiMiceli, Sue; Seagraves, David A; Hastings, T Andrew; Chen, Xin-Hua; Garlan, Robert W; Kraemer, Helena C; Spiegel, David

2009-04-01

The terrorist attacks of September 11, 2001 inflicted distress beyond those directly exposed, thereby providing an opportunity to examine the contributions of a range of factors (cognitive, emotional, social support, coping) to psychological resilience for those indirectly exposed. In an Internet convenience sample of 1281, indices of resilience (higher well-being, lower distress) at baseline (2.5-12 weeks post-attack) were each associated with less emotional suppression, denial and self-blame, and fewer negative worldview changes. After controlling for initial outcomes, baseline negative worldview changes and aspects of social support and coping all remained significant predictors of 6-month outcomes, with worldview changes bearing the strongest relationship to each. These findings highlight the role of emotional, coping, social support, and particularly, cognitive variables in adjustment after terrorism.

Realizing situation awareness within a cyber environment

NASA Astrophysics Data System (ADS)

Tadda, George; Salerno, John J.; Boulware, Douglas; Hinman, Michael; Gorton, Samuel

2006-04-01

Situation Awareness (SA) problems all require an understanding of current activities, an ability to anticipate what may happen next, and techniques to analyze the threat or impact of current activities and predictions. These processes of SA are common regardless of the domain and can be applied to the detection of cyber attacks. This paper will describe the application of a SA framework to implementing Cyber SA, describe some metrics for measuring and evaluating systems implementing Cyber SA, and discuss ongoing work in this area. We conclude with some ideas for future activities.

Analysis of the Use of Unmanned Combat Aerial Vehicles in Conjunction with Manned Aircraft to Counter Active Terrorists in Rough Terrain

DTIC Science & Technology

2015-06-01

UCAVs) may enhance Turkey’s ability to counter active terrorists in that region. In this research, Map Aware Non-uniform Automata (MANA) is used to...Aerial Vehicles (UCAVs) may enhance Turkey’s ability to counter active terrorists in that region. In this research, Map Aware Non-uniform Automata (MANA...Attack Munition LOS Line-of-Sight MALE Medium-Altitude Long-Endurance MANA Map Aware Non-Uniform Automata MANA-V Map Aware Non-Uniform Automata

Internet Attack Traceback: Cross-Validation and Pebble-Trace

DTIC Science & Technology

2013-02-28

stolen-cyber-attack. [3] Hacked: Data breach costly for Ohio State, victims of compromised info http://www.thelantern.com/campus/hacked- data ... breach -costly-for-ohio-state-victims-of-compromised-info-1.1831311. [4] S. C. Lee and C. Shields, “Tracing the Source of Network Attack: A Technical

Dataset of anomalies and malicious acts in a cyber-physical subsystem.

PubMed

Laso, Pedro Merino; Brosset, David; Puentes, John

2017-10-01

This article presents a dataset produced to investigate how data and information quality estimations enable to detect aNomalies and malicious acts in cyber-physical systems. Data were acquired making use of a cyber-physical subsystem consisting of liquid containers for fuel or water, along with its automated control and data acquisition infrastructure. Described data consist of temporal series representing five operational scenarios - Normal, aNomalies, breakdown, sabotages, and cyber-attacks - corresponding to 15 different real situations. The dataset is publicly available in the .zip file published with the article, to investigate and compare faulty operation detection and characterization methods for cyber-physical systems.

Will electrical cyber-physical interdependent networks undergo first-order transition under random attacks?

NASA Astrophysics Data System (ADS)

Ji, Xingpei; Wang, Bo; Liu, Dichen; Dong, Zhaoyang; Chen, Guo; Zhu, Zhenshan; Zhu, Xuedong; Wang, Xunting

2016-10-01

Whether the realistic electrical cyber-physical interdependent networks will undergo first-order transition under random failures still remains a question. To reflect the reality of Chinese electrical cyber-physical system, the "partial one-to-one correspondence" interdependent networks model is proposed and the connectivity vulnerabilities of three realistic electrical cyber-physical interdependent networks are analyzed. The simulation results show that due to the service demands of power system the topologies of power grid and its cyber network are highly inter-similar which can effectively avoid the first-order transition. By comparing the vulnerability curves between electrical cyber-physical interdependent networks and its single-layer network, we find that complex network theory is still useful in the vulnerability analysis of electrical cyber-physical interdependent networks.

A cognitive and economic decision theory for examining cyber defense strategies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bier, Asmeret Brooke

Cyber attacks pose a major threat to modern organizations. Little is known about the social aspects of decision making among organizations that face cyber threats, nor do we have empirically-grounded models of the dynamics of cooperative behavior among vulnerable organizations. The effectiveness of cyber defense can likely be enhanced if information and resources are shared among organizations that face similar threats. Three models were created to begin to understand the cognitive and social aspects of cyber cooperation. The first simulated a cooperative cyber security program between two organizations. The second focused on a cyber security training program in which participantsmore » interact (and potentially cooperate) to solve problems. The third built upon the first two models and simulates cooperation between organizations in an information-sharing program.« less

Reality theory: A means to control the public`s fear of chemical weapons use. Research report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pate, B.E.

1997-04-01

On 20 March 1995 terrorists released the chemical nerve agent sarin into the Tokyo subway system, killing 10 commuters and changing the public`s attitude about the most basic aspect of their lives: the air they breathe and the daily ritual of their commute to work. This is the new threat the United States must face: terrorism and its attack on the will of the people forcing governments to yield to the terrorists` position. Yet there is a different public response in warfare compared with a peacetime terrorist attack. This paper examines the psychological response of people in wartime and appliesmore » this description to chemical weapons use in war and in peace. The public`s response can be predicted if one uses reality theory, a concept leaders can use to mitigate responses that would prevent the execution of national strategy.« less

Visualizing disaster attitudes resulting from terrorist activities.

PubMed

Khalid, Halimahtun M; Helander, Martin G; Hood, Nilwan A

2013-09-01

The purpose of this study was to analyze people's attitudes to disasters by investigating how people feel, behave and think during disasters. We focused on disasters induced by humans, such as terrorist attacks. Two types of textual information were collected - from Internet blogs and from research papers. The analysis enabled forecasting of attitudes for the design of proactive disaster advisory scheme. Text was analyzed using a text mining tool, Leximancer. The outcome of this analysis revealed core themes and concepts in the text concerning people's attitudes. The themes and concepts were sorted into three broad categories: Affect, Behaviour, and Cognition (ABC), and the data was visualized in semantic maps. The maps reveal several knowledge pathways of ABC for developing attitudinal ontologies, which describe the relations between affect, behaviour and cognition, and the sequence in which they develop. Clearly, terrorist attacks induced trauma and people became highly vulnerable. Copyright © 2012 Elsevier Ltd and The Ergonomics Society. All rights reserved.

Terrorism and dispelling the myth of a panic prone public.

PubMed

Sheppard, Ben; Rubin, G James; Wardman, Jamie K; Wessely, Simon

2006-01-01

Governments and commentators perceive the public to be prone to panic in response to terrorist attacks--conventional or involving chemical, biological or radiological weapons. Evidence from five such incidents suggests that the public is not prone to panic, although people can change their behaviours and attitudes to reduce the risk of themselves being exposed to a terrorist incident. Behavioural responses may be divided into acts of omission, such as not making unnecessary journeys, and acts of commission, such as taking prophylactic medication despite the inherent risk of side effects. Evidence suggests that the public are aware of these differences, and tend to adopt responses proportionate to the risk. Drawing upon the literature in the social and natural sciences, our discussion encompasses differing risk perceptions of terrorist threats and consequences of attacks. How do fear and anxiety interact with behavioural responses to amplify or attenuate perceptions that can be modified through risk communication undertaken by authorities?

Schools in the Shadow of Terrorism: Psychosocial Adjustment and Interest in Interventions following Terror Attacks

ERIC Educational Resources Information Center

Felix, Erika; Vernberg, Eric M.; Pfefferbaum, Rose L.; Gill, Dodie C.; Schorr, John; Boudreaux, Angela; Gurwitch, Robin H.; Galea, Sandro; Pfefferbaum, Betty

2010-01-01

Following terrorist events, teachers and nonteaching school personnel are important in helping children recover, yet little is known about their willingness to assist with this. We surveyed 399 employees from a Washington, D.C.-area school district following terror attacks (September 11, 2001, attacks; sniper shootings) about their exposure,…

Toward Cyber Omniscience: Deterring Cyber Attacks by Hostile Individuals in 2035

DTIC Science & Technology

2010-02-17

omniscience is a characteristic most often ascribed to God. Although omniscience is not considered humanly attainable, this essay has intentionally, but...New York, NY: Penguin Books, 2005. Library of Congress. ―Amazing Grace.‖ Lyrics and history of John Newton‘s Christian hymn. http

Cyber-Argus: Modeling C2 Impacts of Cyber Attacks

DTIC Science & Technology

2014-06-01

19th ICCRTS - # 096 Page 10 of 24 ( BPMN ). However, any process modeling language with the ability to capture the information described above could...AND TECHNOLOGY ORGANIZATION. RTO-TR-MSG-048 - Coalition Battle Management Language (C-BML). February 2012. [41] ALLWEYER, T. BPMN 2.0: Introduction

DOE Office of Scientific and Technical Information (OSTI.GOV)

None, None

Smart grids are susceptible to cyber-attack as a result of new communication, control and computation techniques employed in the grid. In this paper, we characterize and analyze the resiliency of smart grid communication architecture, specifically an RF mesh based architecture, under cyber attacks. We analyze the resiliency of the communication architecture by studying the performance of high-level smart grid functions such as metering, and demand response which depend on communication. Disrupting the operation of these functions impacts the operational resiliency of the smart grid. Our analysis shows that it takes an attacker only a small fraction of meters to compromisemore » the communication resiliency of the smart grid. We discuss the implications of our result to critical smart grid functions and to the overall security of the smart grid.« less

40 years of terrorist bombings - A meta-analysis of the casualty and injury profile.

PubMed

Edwards, D S; McMenemy, L; Stapley, S A; Patel, H D L; Clasper, J C

2016-03-01

Terrorists have used the explosive device successfully globally, with their effects extending beyond the resulting injuries. Suicide bombings, in particular, are being increasingly deployed due to the devastating effect of a combination of high lethality and target accuracy. The aim of this study was to identify trends and analyse the demographics and casualty figures of terrorist bombings worldwide. Analysis of the Global Terrorism Database (GTD) and a PubMed/Embase literature search (keywords "terrorist", and/or "suicide", and/or "bombing") from 1970 to 2014 was performed. 58,095 terrorist explosions worldwide were identified in the GTD. 5.08% were suicide bombings. Incidents per year are increasing (P<0.01). Mean casualty statistics per incidents was 1.14 deaths and 3.45 wounded from non-suicide incidents, and 10.16 and 24.16 from suicide bombings (p<0.05). The kill:wounded ratio was statistically higher in suicide attacks than non-suicide attacks, 1:1.3 and 1:1.24 respectively (p<0.05). The Middle East witnessed the most incidents (26.9%), with Europe (13.2%) ranked 4th. The literature search identified 41 publications reporting 167 incidents of which 3.9% detailed building collapse (BC), 60.8% confined space (CS), 23.5% open space (OS) and 11.8% semi-confined space (SC) attacks. 60.4% reported on suicide terrorist attacks. Overall 32 deaths and 180 injuries per incident were seen, however significantly more deaths occurred in explosions associated with a BC. Comparing OS and CS no difference in the deaths per incident was seen, 14.2(SD±17.828) and 15.63 (SD±10.071) respectively. However OS explosions resulted in significantly more injuries, 192.7 (SD±141.147), compared to CS, 79.20 (SD±59.8). Extremity related wounds were the commonest injuries seen (32%). Terrorist bombings continue to be a threat and are increasing particularly in the Middle East. Initial reports, generated immediately at the scene by experienced coordination, on the type of detonation (suicide versus non-suicide), the environment of detonation (confined, open, building collapse) and the number of fatalities, and utilising the Kill:Wounded ratios found in this meta-analysis, can be used to predict the number of casualties and their likely injury profile of survivors to guide the immediate response by the medical services and the workload in the coming days. Copyright © 2016 Elsevier Ltd. All rights reserved.

Gamification for Measuring Cyber Security Situational Awareness

DOE Office of Scientific and Technical Information (OSTI.GOV)

Fink, Glenn A.; Best, Daniel M.; Manz, David O.

Cyber defense competitions arising from U.S. service academy exercises, offer a platform for collecting data that can inform research that ranges from characterizing the ideal cyber warrior to describing behaviors during certain challenging cyber defense situations. This knowledge could lead to better preparation of cyber defenders in both military and civilian settings. This paper describes how one regional competition, the PRCCDC, a participant in the national CCDC program, conducted proof of concept experimentation to collect data during the annual competition for later analysis. The intent is to create an ongoing research agenda that expands on this current work and incorporatesmore » augmented cognition and gamification methods for measuring cybersecurity situational awareness under the stress of cyber attack.« less

Cyber-Threat Assessment for the Air Traffic Management System: A Network Controls Approach

NASA Technical Reports Server (NTRS)

Roy, Sandip; Sridhar, Banavar

2016-01-01

Air transportation networks are being disrupted with increasing frequency by failures in their cyber- (computing, communication, control) systems. Whether these cyber- failures arise due to deliberate attacks or incidental errors, they can have far-reaching impact on the performance of the air traffic control and management systems. For instance, a computer failure in the Washington DC Air Route Traffic Control Center (ZDC) on August 15, 2015, caused nearly complete closure of the Centers airspace for several hours. This closure had a propagative impact across the United States National Airspace System, causing changed congestion patterns and requiring placement of a suite of traffic management initiatives to address the capacity reduction and congestion. A snapshot of traffic on that day clearly shows the closure of the ZDC airspace and the resulting congestion at its boundary, which required augmented traffic management at multiple locations. Cyber- events also have important ramifications for private stakeholders, particularly the airlines. During the last few months, computer-system issues have caused several airlines fleets to be grounded for significant periods of time: these include United Airlines (twice), LOT Polish Airlines, and American Airlines. Delays and regional stoppages due to cyber- events are even more common, and may have myriad causes (e.g., failure of the Department of Homeland Security systems needed for security check of passengers, see [3]). The growing frequency of cyber- disruptions in the air transportation system reflects a much broader trend in the modern society: cyber- failures and threats are becoming increasingly pervasive, varied, and impactful. In consequence, an intense effort is underway to develop secure and resilient cyber- systems that can protect against, detect, and remove threats, see e.g. and its many citations. The outcomes of this wide effort on cyber- security are applicable to the air transportation infrastructure, and indeed security solutions are being implemented in the current system. While these security solutions are important, they only provide a piecemeal solution. Particular computers or communication channels are protected from particular attacks, without a holistic view of the air transportation infrastructure. On the other hand, the above-listed incidents highlight that a holistic approach is needed, for several reasons. First, the air transportation infrastructure is a large scale cyber-physical system with multiple stakeholders and diverse legacy assets. It is impractical to protect every cyber- asset from known and unknown disruptions, and instead a strategic view of security is needed. Second, disruptions to the cyber- system can incur complex propagative impacts across the air transportation network, including its physical and human assets. Also, these implications of cyber- events are exacerbated or modulated by other disruptions and operational specifics, e.g. severe weather, operator fatigue or error, etc. These characteristics motivate a holistic and strategic perspective on protecting the air transportation infrastructure from cyber- events. The analysis of cyber- threats to the air traffic system is also inextricably tied to the integration of new autonomy into the airspace. The replacement of human operators with cyber functions leaves the network open to new cyber threats, which must be modeled and managed. Paradoxically, the mitigation of cyber events in the airspace will also likely require additional autonomy, given the fast time scale and myriad pathways of cyber-attacks which must be managed. The assessment of new vulnerabilities upon integration of new autonomy is also a key motivation for a holistic perspective on cyber threats.

In Pursuit of an Aptitude Test for Potential Cyberspace Warriors

DTIC Science & Technology

2007-03-01

may well be training their soldiers in the art of cyber warfare to attack our infrastructure and defend their own. It seems like a no-brainer that...communications. Certainly this is an area that could be exploited in cyber warfare . Another subject with little reference was regarding linguistic...Journal, 40(3), 769-780. Parks, R. C., & duggan, D. P. (2001). Principles of cyber - warfare . Proceeding of the 2001 IEEE Workshop on Information

CyberTerrorism: Cyber Prevention vs Cyber Recovery

DTIC Science & Technology

2007-12-01

appropriate available security measures (i.e. appropriate level of spy ware, IDS, and antivirus protection software installed) are unaffected by worm attacks...a worm is a form of a virus designed to copy itself by utilizing e-mail or other software applications. The main goal of using this technique is...to permeate the network or portions of the Internet with malicious code that will affect the performance of certain software applications or will

Current and potential cyber attacks on medical journals; guidelines for improving security.

PubMed

Dadkhah, Mehdi; Seno, Seyed Amin Hosseini; Borchardt, Glenn

2017-03-01

At the moment, scholarly publishing is faced with much academic misconduct and threats such as predatory journals, hijacked journals, phishing, and other scams. In response, we have been discussing this misconduct and trying to increase the awareness of researchers, but it seems that there is a lack of research that presents guidelines for editors to help them protect themselves against these threats. It seems that information security is missing in some parts of scholarly publishing that particularly involves medical journals. In this paper, we explain different types of cyber-attacks that especially threaten editors and academic journals. We then explain the details involved in each type of attack. Finally, we present general guidelines for detection and prevention of the attacks. In some cases, we use small experiments to show that our claim is true. Finally, we conclude the paper with a prioritization of these attacks. Copyright © 2016 European Federation of Internal Medicine. Published by Elsevier B.V. All rights reserved.

Preventing Terrorism Using Information Sharing Networks

DTIC Science & Technology

2006-09-01

in fusing information and providing valuable intelligence that thwarted a terrorist attack at Disneyland . A videotape was received that contained a...creditable threat of a Sarin gas attack at Disneyland . The LA TEW conducted the initial analysis of the tape and the initial investigation that

The Terrorist War against Islam: Clarifying Academic Confusions

ERIC Educational Resources Information Center

Schwartz, Stephen

2011-01-01

Since the terrorist atrocities of September 11, 2001, Westerners have been challenged to understand the ideological and theological concepts, derived from Islam, that motivated the actions of Al-Qaida on that day and in other attacks before and since. Differences in taxonomy have proven to be a major issue. In the author's view, it is insufficient…

School Preparation to the Terrorist Threat. SVRC Fact Sheet

ERIC Educational Resources Information Center

School Violence Resource Center, 2004

2004-01-01

This fact sheet provides a list of "lessons learned" to assist schools in better preparing for a crisis event. The list was compiled by the Centers for Disease Control and Prevention and the U.S. Department of Education specifically to assist schools in preparing for a terrorist attack. The lessons can help schools better identify appropriate…

Strategic aspects of cyberattack, attribution, and blame.

PubMed

Edwards, Benjamin; Furnas, Alexander; Forrest, Stephanie; Axelrod, Robert

2017-03-14

Cyber conflict is now a common and potentially dangerous occurrence. The target typically faces a strategic choice based on its ability to attribute the attack to a specific perpetrator and whether it has a viable punishment at its disposal. We present a game-theoretic model, in which the best strategic choice for the victim depends on the vulnerability of the attacker, the knowledge level of the victim, payoffs for different outcomes, and the beliefs of each player about their opponent. The resulting blame game allows analysis of four policy-relevant questions: the conditions under which peace (i.e., no attacks) is stable, when attacks should be tolerated, the consequences of asymmetric technical attribution capabilities, and when a mischievous third party or an accident can undermine peace. Numerous historical examples illustrate how the theory applies to cases of cyber or kinetic conflict involving the United States, Russia, China, Japan, North Korea, Estonia, Israel, Iran, and Syria.

Strategic aspects of cyberattack, attribution, and blame

PubMed Central

Edwards, Benjamin; Furnas, Alexander; Forrest, Stephanie

2017-01-01

Cyber conflict is now a common and potentially dangerous occurrence. The target typically faces a strategic choice based on its ability to attribute the attack to a specific perpetrator and whether it has a viable punishment at its disposal. We present a game-theoretic model, in which the best strategic choice for the victim depends on the vulnerability of the attacker, the knowledge level of the victim, payoffs for different outcomes, and the beliefs of each player about their opponent. The resulting blame game allows analysis of four policy-relevant questions: the conditions under which peace (i.e., no attacks) is stable, when attacks should be tolerated, the consequences of asymmetric technical attribution capabilities, and when a mischievous third party or an accident can undermine peace. Numerous historical examples illustrate how the theory applies to cases of cyber or kinetic conflict involving the United States, Russia, China, Japan, North Korea, Estonia, Israel, Iran, and Syria. PMID:28242700

Protecting Accelerator Control Systems in the Face of Sophisticated Cyber Attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hartman, Steven M

2012-01-01

Cyber security for industrial control systems has received significant attention in the past two years. The news coverage of the Stuxnet attack, believed to be targeted at the control system for a uranium enrichment plant, brought the issue to the attention of news media and policy makers. This has led to increased scrutiny of control systems for critical infrastructure such as power generation and distribution, and industrial systems such as chemical plants and petroleum refineries. The past two years have also seen targeted network attacks aimed at corporate and government entities including US Department of Energy National Laboratories. Both ofmore » these developments have potential repercussions for the control systems of particle accelerators. The need to balance risks from potential attacks with the operational needs of an accelerator present a unique challenge for the system architecture and access model.« less

Operational advantages of using Cyber Electronic Warfare (CEW) in the battlefield

NASA Astrophysics Data System (ADS)

Yasar, Nurgul; Yasar, Fatih M.; Topcu, Yucel

2012-06-01

While cyberspace is emerging as a new battlefield, conventional Electronic Warfare (EW) methods and applications are likely to change. Cyber Electronic Warfare (CEW) concept which merges cyberspace capabilities with traditional EW methods, is a new and enhanced form of the electronic attack. In this study, cyberspace domain of the battlefield is emphazised and the feasibility of integrating Cyber Warfare (CW) concept into EW measures is researched. The SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis method is used to state the operational advantages of using CEW concept in the battlefield. The operational advantages of CEW are assessed by means of its effects on adversary air defense systems, communication networks and information systems. Outstanding technological and operational difficulties are pointed out as well. As a result, a comparison of CEW concept and conventional EW applications is presented. It is concluded that, utilization of CEW concept is feasible at the battlefield and it may yield important operational advantages. Even though the computers of developed military systems are less complex than normal computers, they are not subjected to cyber threats since they are closed systems. This concept intends to show that these closed systems are also open to the cyber threats. As a result of the SWOT analysis, CEW concept provides Air Forces to be used in cyber operations effectively. On the other hand, since its Collateral Damage Criteria (CDC) is low, the usage of cyber electronic attack systems seems to grow up.

Developing Health-Based Pre-Planning Clearance Goals for Airport Remediation Following a Chemical Terrorist Attack: Decision Criteria for Multipathway Exposure Routes

PubMed Central

Watson, Annetta; Dolislager, Fredrick; Hall, Linda; Raber, Ellen; Hauschild, Veronique D.; Love, Adam H.

2011-01-01

In the event of a chemical terrorist attack on a transportation hub, post-event remediation and restoration activities necessary to attain unrestricted facility re-use and re-entry could require hours to multiple days. While timeframes are dependent on numerous variables, a primary controlling factor is the level of pre-planning and decision-making completed prior to chemical release. What follows is the second of a two-part analysis identifying key considerations, critical information and decision criteria to facilitate post-attack and post-decontamination consequence management activities. Decision criteria analysis presented here provides first-time, open-literature documentation of multi-pathway, health-based remediation exposure guidelines for selected toxic industrial compounds, chemical warfare agents, and agent degradation products for pre-planning application in anticipation of a chemical terrorist attack. Guideline values are provided for inhalation and direct ocular vapor exposure routes as well as percutaneous vapor, surface contact, and ingestion. Target populations include various employees as well as transit passengers. This work has been performed as a national case study conducted in partnership with the Los Angeles International Airport and The Bradley International Terminal. All recommended guidelines have been selected for consistency with airport scenario release parameters of a one-time, short-duration, finite airborne release from a single source followed by compound-specific decontamination. PMID:21399674

Developing health-based pre-planning clearance goals for airport remediation following a chemical terrorist attack: Decision criteria for multipathway exposure routes

DOE Office of Scientific and Technical Information (OSTI.GOV)

Watson, Annetta Paule; Dolislager, Frederick; Hall, Dr. Linda

2011-01-01

In the event of a chemical terrorist attack on a transportation hub, post-event remediation and restoration activities necessary to attain unrestricted facility re-use and re-entry could require hours to multiple days. While timeframes are dependent on numerous variables, a primary controlling factor is the level of pre-planning and decision-making completed prior to chemical release. What follows is the second of a two-part analysis identifying key considerations, critical information and decision criteria to facilitate post-attack and post-decontamination consequence management activities. Decision criteria analysis presented here provides first-time, open-literature documentation of multi-pathway, health-based remediation exposure guidelines for selected toxic industrial compounds, chemicalmore » warfare agents, and agent degradation products for pre-planning application in anticipation of a chemical terrorist attack. Guideline values are provided for inhalation and direct ocular vapor exposure routes as well as percutaneous vapor, surface contact, and ingestion. Target populations include various employees as well as transit passengers. This work has been performed as a national case study conducted in partnership with the Los Angeles International Airport and The Bradley International Terminal. All recommended guidelines have been selected for consistency with airport scenario release parameters of a one-time, short-duration, finite airborne release from a single source followed by compound-specific decontamination.« less

Long-term effect of September 11 on the political behavior of victims’ families and neighbors

PubMed Central

Hersh, Eitan D.

2013-01-01

This article investigates the long-term effect of September 11, 2001 on the political behaviors of victims’ families and neighbors. Relative to comparable individuals, family members and residential neighbors of victims have become—and have stayed—significantly more active in politics in the last 12 years, and they have become more Republican on account of the terrorist attacks. The method used to demonstrate these findings leverages the random nature of the terrorist attack to estimate a causal effect and exploits new techniques to link multiple, individual-level, governmental databases to measure behavioral change without relying on surveys or aggregate analysis. PMID:24324145

Long-term effect of September 11 on the political behavior of victims' families and neighbors.

PubMed

Hersh, Eitan D

2013-12-24

This article investigates the long-term effect of September 11, 2001 on the political behaviors of victims' families and neighbors. Relative to comparable individuals, family members and residential neighbors of victims have become--and have stayed--significantly more active in politics in the last 12 years, and they have become more Republican on account of the terrorist attacks. The method used to demonstrate these findings leverages the random nature of the terrorist attack to estimate a causal effect and exploits new techniques to link multiple, individual-level, governmental databases to measure behavioral change without relying on surveys or aggregate analysis.

Emergency Mental Health Services for Children After the Terrorist Attacks of September 11, 2001.

PubMed

Bruckner, Tim A; Kim, Yonsu; Lubens, Pauline; Singh, Amrita; Snowden, Lonnie; Chakravarthy, Bharath

2016-01-01

Much literature documents elevated psychiatric symptoms among adults after the terrorist attacks of September 11, 2001 (9/11). We, however, know of no research in children that examines emergency mental health services following 9/11. We test whether children's emergency services for crisis mental health care rose above expected values in September 2001. We applied time-series methods to California Medicaid claims (1999-2003; N = 127,200 visits). Findings in California indicate an 8.7% increase of children's emergency mental health visits statistically attributable to 9/11. Non-Hispanic white more than African American children account for this acute rise in emergency services.

Minimizing Expected Maximum Risk from Cyber-Attacks with Probabilistic Attack Success

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bhuiyan, Tanveer H.; Nandi, Apurba; Medal, Hugh

The goal of our work is to enhance network security by generating partial cut-sets, which are a subset of edges that remove paths from initially vulnerable nodes (initial security conditions) to goal nodes (critical assets), on an attack graph given costs for cutting an edge and a limited overall budget.

Management of victims of urban chemical attack: the French approach.

PubMed

Laurent, J F; Richter, F; Michel, A

1999-10-01

Since the early 1980s several disasters involving mass release of toxic substances have focused the attention of different administrations and the fire services into producing protocols and guidelines for action in civilian situations. The bomb attack in the Tokyo subway, in March 1995, made it clear that a terrorist attack using highly toxic agents is now feasible. Management of disasters in the civil sector in France is based upon two interlinked plans: the Red Plan, which covers on-site organisation, and the White Plan, which concerns the interface with hospital services. Special procedures have been developed to adapt the Red and White Plans for use in the event of toxic attack and concern the deployment of emergency responding personnel, the provision of life support and antidotes in the contaminated zone, the prevention of secondary contamination and the transport and reception of victims at the hospital. Based on the established principle of pre-hospital resuscitation and well-tried assistance plans, this doctrine allows a safe and effective response to terrorist attacks as well as to other toxic release incidents.

The role of revenge, denial, and terrorism distress in restoring just world beliefs: the impact of the 2008 Mumbai attacks on British and Indian students.

PubMed

Ferguson, Neil; Kamble, Shanmukh V

2012-01-01

Just world beliefs for students (N = 413) from India and the United Kingdom were measured. The participants then read a scenario about the 2008 terrorist attacks on Mumbai. The participants were then assessed for terrorism distress and offered multiple strategies (revenge and denial) to restore their just world beliefs. The findings indicate that students resident in India along with those who hold strong just world beliefs felt more distress, held a greater desire for revenge, and demonstrated more denial than the British students and those who had weak beliefs in a just world. These results indicate the important role just world beliefs play in responding to the threat created by mass casualty terrorist attacks. The implications for just world theory are also discussed.

Ideologies of Violence: The Social Origins of Islamist and Leftist Transnational Terrorism

ERIC Educational Resources Information Center

Robison, Kristopher K.; Crenshaw, Edward M.; Jenkins, J. Craig,

2006-01-01

We evaluate the argument that Islamist terrorist attacks represent a distinctive "4th wave" of transnational terrorism that has supplanted Leftist terrorism. Drawing on ITERATE data for 1968-2003, the annual count of Leftist attacks has declined since the end of the Cold War while Islamist attacks have persisted and spiked upward in 2002-03.…

Congress Investigates: Pearl Harbor and 9/11 Congressional Hearing Exhibits

ERIC Educational Resources Information Center

Blackerby, Christine

2011-01-01

On the morning of December 7, 1941, Japanese bombers staged a surprise attack on U.S. military forces at Pearl Harbor in Hawaii. Sixty years after the attack on Pearl Harbor, the United States was attacked again. On the morning of September 11, 2001, four commercial airplanes hijacked by 19 terrorists killed nearly 3,000 people when they crashed…

Growing up in the Shadow of Terrorism: Youth in America after 9/11

ERIC Educational Resources Information Center

Eisenberg, Nancy; Silver, Roxane Cohen

2011-01-01

Research conducted in the aftermath of the September 11th terrorist attacks (9/11) suggests that, except for those who directly witnessed or suffered loss from the attacks, for most children the emotional impact was relatively transitory. We review this literature as well as consider other ways in which the attacks may have played a role in the…

Learning from history: The Glasgow Airport terrorist attack.

PubMed

Crichton, Gillies

Glasgow Airport was the target of a terrorist attack on 30th June, 2007. Many people within Scotland had come to believe that Scotland was immune from terrorism. This perception was in large part informed by Scotland's experience during the protracted Troubles in Northern Ireland, during which the Provisional Irish Republican Army's mainland bombing campaign focused on targets in England, sparing both Scotland and Wales. While Glasgow Airport did not expect such an attack to take place, meticulous planning, organising and testing of plans had taken place to mitigate the unlikely event of such an attack. The attack stands up as a shining example of robust business continuity management, where the airport reopened for business as usual in less than 24 hours from the time of the attack. Little is known about how the airport handled the situation in conjunction with other responding agencies as people tend to want to focus on high-profile disasters only. Yet countless such incidents are happening worldwide on a daily basis, in which there are excellent learning opportunities, and, taken in the spirit of converting hindsight into foresight, the likelihood of similar incidents could potentially be reduced in the future.

Defender-Attacker Decision Tree Analysis to Combat Terrorism.

PubMed

Garcia, Ryan J B; von Winterfeldt, Detlof

2016-12-01

We propose a methodology, called defender-attacker decision tree analysis, to evaluate defensive actions against terrorist attacks in a dynamic and hostile environment. Like most game-theoretic formulations of this problem, we assume that the defenders act rationally by maximizing their expected utility or minimizing their expected costs. However, we do not assume that attackers maximize their expected utilities. Instead, we encode the defender's limited knowledge about the attacker's motivations and capabilities as a conditional probability distribution over the attacker's decisions. We apply this methodology to the problem of defending against possible terrorist attacks on commercial airplanes, using one of three weapons: infrared-guided MANPADS (man-portable air defense systems), laser-guided MANPADS, or visually targeted RPGs (rocket propelled grenades). We also evaluate three countermeasures against these weapons: DIRCMs (directional infrared countermeasures), perimeter control around the airport, and hardening airplanes. The model includes deterrence effects, the effectiveness of the countermeasures, and the substitution of weapons and targets once a specific countermeasure is selected. It also includes a second stage of defensive decisions after an attack occurs. Key findings are: (1) due to the high cost of the countermeasures, not implementing countermeasures is the preferred defensive alternative for a large range of parameters; (2) if the probability of an attack and the associated consequences are large, a combination of DIRCMs and ground perimeter control are preferred over any single countermeasure. © 2016 Society for Risk Analysis.

A framework for developing and integrating effective routing strategies within the emergency management decision-support system : [research brief].

DOT National Transportation Integrated Search

2012-05-01

The terrorist attacks on September 11th, as well as other coordinated attacks on transit centers in Madrid and London, have underscored the importance of evacuation planning to : transportation professionals. With computer technology advancement, urb...

Do ICBMs Have a Future

DTIC Science & Technology

2015-06-01

21st century signaled the beginning of a cultural shift towards stopping terror organizations. The initial problem was how to stop the attacks from...hardly deter militias such as the Taliban, or terrorists such as those who attacked New York, Washington, London, Madrid, and Mumbai in recent

Cross-Layer Damage Assessment for Cyber Situational Awareness

NASA Astrophysics Data System (ADS)

Liu, Peng; Jia, Xiaoqi; Zhang, Shengzhi; Xiong, Xi; Jhi, Yoon-Chan; Bai, Kun; Li, Jason

Damage assessment plays a very important role in securing enterprise networks and systems. Gaining good awareness about the effects and impact of cyber attack actions would enable security officers to make the right cyber defense decisions and take the right cyber defense actions. A good number of damage assessment techniques have been proposed in the literature, but they typically focus on a single abstraction level (of the software system in concern). As a result, existing damage assessment techniques and tools are still very limited in satisfying the needs of comprehensive damage assessment which should not result in any “blind spots”.

PeerShield: determining control and resilience criticality of collaborative cyber assets in networks

NASA Astrophysics Data System (ADS)

Cam, Hasan

2012-06-01

As attackers get more coordinated and advanced in cyber attacks, cyber assets are required to have much more resilience, control effectiveness, and collaboration in networks. Such a requirement makes it essential to take a comprehensive and objective approach for measuring the individual and relative performances of cyber security assets in network nodes. To this end, this paper presents four techniques as to how the relative importance of cyber assets can be measured more comprehensively and objectively by considering together the main variables of risk assessment (e.g., threats, vulnerabilities), multiple attributes (e.g., resilience, control, and influence), network connectivity and controllability among collaborative cyber assets in networks. In the first technique, a Bayesian network is used to include the random variables for control, recovery, and resilience attributes of nodes, in addition to the random variables of threats, vulnerabilities, and risk. The second technique shows how graph matching and coloring can be utilized to form collaborative pairs of nodes to shield together against threats and vulnerabilities. The third technique ranks the security assets of nodes by incorporating multiple weights and thresholds of attributes into a decision-making algorithm. In the fourth technique, the hierarchically well-separated tree is enhanced to first identify critical nodes of a network with respect to their attributes and network connectivity, and then selecting some nodes as driver nodes for network controllability.

78 FR 50077 - Intent To Request Renewal From OMB of One Current Public Collection of Information: Pipeline...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-08-16

... maps, security plans, etc.); and Actual or suspected cyber-attacks that could impact pipeline... suspected attacks on pipeline systems, facilities, or assets; Bomb threats or weapons of mass destruction...

How Cyberattacks Terrorize: Cortisol and Personal Insecurity Jump in the Wake of Cyberattacks.

PubMed

Canetti, Daphna; Gross, Michael; Waismel-Manor, Israel; Levanon, Asaf; Cohen, Hagit

2017-02-01

Do cyberattacks fuel the politics of threat? By what mechanism does it do so? To address these questions, we employ a technological and physiological experiment (2 × 2) involving a simulated cyberattack. Participants were randomly assigned to "cyberattack" (treatment) or "no attack" (control) conditions. We find that cyber-attacks make people more likely to express threat perceptions; we suggest salivary cortisol, a measure of stress, as the mechanism bridging cyber and the politics of threat. Contrary to existing evidence, salivary cortisol is the mechanism that translates simulated exposure to cyberattacks into political threat perceptions.

Analyzing Resiliency of the Smart Grid Communication Architectures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Anas AlMajali, Anas; Viswanathan, Arun; Neuman, Clifford

Smart grids are susceptible to cyber-attack as a result of new communication, control and computation techniques employed in the grid. In this paper, we characterize and analyze the resiliency of smart grid communication architecture, specifically an RF mesh based architecture, under cyber attacks. We analyze the resiliency of the communication architecture by studying the performance of high-level smart grid functions such as metering, and demand response which depend on communication. Disrupting the operation of these functions impacts the operational resiliency of the smart grid. Our analysis shows that it takes an attacker only a small fraction of meters to compromisemore » the communication resiliency of the smart grid. We discuss the implications of our result to critical smart grid functions and to the overall security of the smart grid.« less

Media and Teaching about the Middle East

ERIC Educational Resources Information Center

Kaviani, Khodadad

2009-01-01

This qualitative study was conducted in 2006-2007 and found that teachers relied on a variety of readily available media to stay informed about the Middle East and used some of them in their teaching. Teachers tried to explain to their students that every Middle Eastern Muslim is not a terrorist and Iraq was not behind the 9/11 terrorist attacks.…

Adult Public Education for Nuclear Terrorism: An Analysis of Cold War and War on Terror Preparedness Discourses

ERIC Educational Resources Information Center

Fisher, Debra A.

2014-01-01

The nuclear terrorist threat is far greater today than ever before, but the United States is unprepared to respond to the aftermath of a nuclear attack, whether perpetrated by rogue nuclear countries or the terrorist groups they support. Following the detonation of an improvised nuclear device (IND), citizens, not government personnel, become the…

Combating Terrorism: Issues in Managing Counterterrorist Programs

DTIC Science & Technology

2000-04-06

major effort to develop a national strategy, to date the strategy does not include a clear desired outcome to be achieved. Resources to combat...Federal exercises, in contrast to earlier years, are now practicing crisis and consequence management simultaneously and including state and local...categories—crisis management and consequence management. Crisis management includes efforts to stop a terrorist attack, arrest terrorists, and gather

Radicalization, Linkage, and Diversity: Current Trends in Terrorism in Europe

DTIC Science & Technology

2011-01-01

Restaurant in Exeter Only the attacker was injured Independent June 2008 Nicholas Roddis United Kingdom Unknown Attacker arrested Independent August...is evolving into a sort of franchise organ- isation, which acts as a point of reference for independent terrorist groups or individuals.5 Sageman’s

CASE STUDY: DIELDRIN ATTACK IN DALYAN LAGOON

EPA Science Inventory

During the first two weeks of December 2005, NATO sponsored an Advanced Study Institute (ASI) in Istanbul, Turkey. Part of this ASI involved a case study of a terrorist attack, where a chemical was assumed to be dumped into Sulunger Lake in Turkey. This chapter documents the re...

NATO’s Preparedness for Cyberwar

DTIC Science & Technology

2016-09-01

ARTS IN SECURITY STUDIES EUROPE AND EURASIA from the NAVAL POSTGRADUATE SCHOOL September 2016 Approved by: David Yost, Ph.D...CYBER CASE STUDIES : CYBER ATTACKS AGAINST NATO ALLIES AND PARTNERS .................................................................................33...to thank Dr. Wade Huntley for first stimulating my interest in the academic study of NATO’s cyberwarfare capabilities and readiness. In addition, I

Defending against Browser Based Data Exfiltration Attacks

ERIC Educational Resources Information Center

Sood, Aditya

2013-01-01

The global nature of Internet has revolutionized cultural and commercial interactions while at the same time it has provided opportunities for cyber criminals. Crimeware services now exist that have transformed the nature of cyber crime by making it more automated and robust. Furthermore, these crimeware services are sold as a part of a growing…

Consequence-driven cyber-informed engineering (CCE)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Freeman, Sarah G.; St Michel, Curtis; Smith, Robert

The Idaho National Lab (INL) is leading a high-impact, national security-level initiative to reprioritize the way the nation looks at high-consequence risk within the industrial control systems (ICS) environment of the country’s most critical infrastructure and other national assets. The Consequence-driven Cyber-informed Engineering (CCE) effort provides both private and public organizations with the steps required to examine their own environments for high-impact events/risks; identify implementation of key devices and components that facilitate that risk; illuminate specific, plausible cyber attack paths to manipulate these devices; and develop concrete mitigations, protections, and tripwires to address the high-consequence risk. The ultimate goal ofmore » the CCE effort is to help organizations take the steps necessary to thwart cyber attacks from even top-tier, highly resourced adversaries that would result in a catastrophic physical effect. CCE participants are encouraged to work collaboratively with each other and with key U.S. Government (USG) contributors to establish a coalition, maximizing the positive effect of lessons-learned and further contributing to the protection of critical infrastructure and other national assets.« less

Multi-Gigabit Free-Space Optical Data Communication and Network System

DTIC Science & Technology

2016-04-01

IR), Ultraviolet ( UV ), Laser Transceiver, Adaptive Beam Tracking, Electronic Attack (EA), Cyber Attack, Multipoint-to-Multipoint Network, Adaptive...FileName.pptx Free Space Optical Datalink Timeline Phase 1 Point-to-point demonstration 2012 Future Adaptive optic & Quantum Cascade Laser

Cyber security issues in online games

NASA Astrophysics Data System (ADS)

Zhao, Chen

2018-04-01

With the rapid development of the Internet, online gaming has become a way of entertainment for many young people in the modern era. However, in recent years, cyber security issues in online games have emerged in an endless stream, which have also caused great attention of many game operators. Common cyber security problems in the game include information disclosure and cyber-attacks. These problems will directly or indirectly cause economic losses to gamers. Many gaming companies are enhancing the stability and security of their network or gaming systems in order to enhance the gaming user experience. This article has carried out the research of the cyber security issues in online games by introducing the background and some common cyber security threats, and by proposing the latent solution. Finally, it speculates the future research direction of the cyber security issues of online games in the hope of providing feasible solution and useful information for game operators.

Towards a Multiscale Approach to Cybersecurity Modeling

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hogan, Emilie A.; Hui, Peter SY; Choudhury, Sutanay

2013-11-12

We propose a multiscale approach to modeling cyber networks, with the goal of capturing a view of the network and overall situational awareness with respect to a few key properties--- connectivity, distance, and centrality--- for a system under an active attack. We focus on theoretical and algorithmic foundations of multiscale graphs, coming from an algorithmic perspective, with the goal of modeling cyber system defense as a specific use case scenario. We first define a notion of \\emph{multiscale} graphs, in contrast with their well-studied single-scale counterparts. We develop multiscale analogs of paths and distance metrics. As a simple, motivating example ofmore » a common metric, we present a multiscale analog of the all-pairs shortest-path problem, along with a multiscale analog of a well-known algorithm which solves it. From a cyber defense perspective, this metric might be used to model the distance from an attacker's position in the network to a sensitive machine. In addition, we investigate probabilistic models of connectivity. These models exploit the hierarchy to quantify the likelihood that sensitive targets might be reachable from compromised nodes. We believe that our novel multiscale approach to modeling cyber-physical systems will advance several aspects of cyber defense, specifically allowing for a more efficient and agile approach to defending these systems.« less

A Bayesian Belief Network of Threat Anticipation and Terrorist Motivations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Olama, Mohammed M; Allgood, Glenn O; Davenport, Kristen M

Recent events highlight the need for efficient tools for anticipating the threat posed by terrorists, whether individual or groups. Antiterrorism includes fostering awareness of potential threats, deterring aggressors, developing security measures, planning for future events, halting an event in process, and ultimately mitigating and managing the consequences of an event. To analyze such components, one must understand various aspects of threat elements like physical assets and their economic and social impacts. To this aim, we developed a three-layer Bayesian belief network (BBN) model that takes into consideration the relative threat of an attack against a particular asset (physical layer) asmore » well as the individual psychology and motivations that would induce a person to either act alone or join a terrorist group and commit terrorist acts (social and economic layers). After researching the many possible motivations to become a terrorist, the main factors are compiled and sorted into categories such as initial and personal indicators, exclusion factors, and predictive behaviors. Assessing such threats requires combining information from disparate data sources most of which involve uncertainties. BBN combines these data in a coherent, analytically defensible, and understandable manner. The developed BBN model takes into consideration the likelihood and consequence of a threat in order to draw inferences about the risk of a terrorist attack so that mitigation efforts can be optimally deployed. The model is constructed using a network engineering process that treats the probability distributions of all the BBN nodes within the broader context of the system development process.« less

IO Sphere: The Professional Journal of Joint Information Operations. Special Edition 2008

DTIC Science & Technology

2008-01-01

members, disseminate propaganda, videos , brochures, and training materials, as well as to coordinate terrorist acts in an anonymous and...collaboration among larger communities of cyber Porn versus Terror Years ago, authorities noticed that child pornography websites, though often...stepping foot on them. Moreover, video information can be analyzed by computer vision algorithms. Based on technology available today, it’s not

Emergency Preparedness: Are You Ready?

ERIC Educational Resources Information Center

Harley, Lorraine

2012-01-01

Most Americans who consider emergency preparedness think of someone or another country attacking the United States. Most newspaper and televised accounts involve community leaders and policymakers preparing for a terrorist attack. However, anyone who operates a child care center, family child care home, or has children of her own, knows that…

Terrorism: Online Resources for Helping Students Understand and Cope.

ERIC Educational Resources Information Center

Green, Tim; Ramirez, Fred

2002-01-01

Presents an annotated bibliography of Web sites that focus on the issue of terrorism. Aims to assist teachers in educating their students and helping them cope with terrorism since the September 11, 2001 attack on the United States. Offers sites on other terrorist attacks on the U.S. (CMK)

Psychosocial responses to biological and chemical terrorist threats and events. Implications for the workplace.

PubMed

Beaton, Randal; Murphy, Shirley

2002-04-01

1. Both biological and chemical weapons (BCW) could potentially be used in future terrorist attacks on U.S. workplaces and communities. 2. Threats of BCW terrorism may lead to anxiety, adverse health effects, and the exacerbation of psychiatric symptoms and syndromes in workers and managers. 3. Actual BCW attacks will likely cause both acute and chronic mental disorders in a significant number of surviving victims who may also be employees or employers. 4. Occupational health nurses can help prevent or remediate maladaptive psychological responses by educating themselves and their work forces, assisting in a risk assessment of the workplace, understanding disaster planning, and assisting management in policy formulation and psychosocial triage.

Techniques for Cyber Attack Attribution

DTIC Science & Technology

2003-10-01

Asaka, Midori, Shunji Okazawa, Atsushi Taguchi, and Shigeki Goto. June 1999. “A Method of Tracing Intruders by Use of Mobile Agents”, INET’99. http...Tsuchiya, Takefumi Onabuta, Shunji Okazawa, and Shigeki Goto. November 1999. “Local Attack Detection and Intrusion Route Tracing”, IEICE Transaction on

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment

PubMed Central

King, Zoe M.; Henshel, Diane S.; Flora, Liberty; Cains, Mariana G.; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual’s intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users. PMID:29459838

Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment.

PubMed

King, Zoe M; Henshel, Diane S; Flora, Liberty; Cains, Mariana G; Hoffman, Blaine; Sample, Char

2018-01-01

Cyber attacks have been increasingly detrimental to networks, systems, and users, and are increasing in number and severity globally. To better predict system vulnerabilities, cybersecurity researchers are developing new and more holistic approaches to characterizing cybersecurity system risk. The process must include characterizing the human factors that contribute to cyber security vulnerabilities and risk. Rationality, expertise, and maliciousness are key human characteristics influencing cyber risk within this context, yet maliciousness is poorly characterized in the literature. There is a clear absence of literature pertaining to human factor maliciousness as it relates to cybersecurity and only limited literature relating to aspects of maliciousness in other disciplinary literatures, such as psychology, sociology, and law. In an attempt to characterize human factors as a contribution to cybersecurity risk, the Cybersecurity Collaborative Research Alliance (CSec-CRA) has developed a Human Factors risk framework. This framework identifies the characteristics of an attacker, user, or defender, all of whom may be adding to or mitigating against cyber risk. The maliciousness literature and the proposed maliciousness assessment metrics are discussed within the context of the Human Factors Framework and Ontology. Maliciousness is defined as the intent to harm. Most maliciousness cyber research to date has focused on detecting malicious software but fails to analyze an individual's intent to do harm to others by deploying malware or performing malicious attacks. Recent efforts to identify malicious human behavior as it relates to cybersecurity, include analyzing motives driving insider threats as well as user profiling analyses. However, cyber-related maliciousness is neither well-studied nor is it well understood because individuals are not forced to expose their true selves to others while performing malicious attacks. Given the difficulty of interviewing malicious-behaving individuals and the potential untrustworthy nature of their responses, we aim to explore the maliciousness as a human factor through the observable behaviors and attributes of an individual from their actions and interactions with society and networks, but to do so we will need to develop a set of analyzable metrics. The purpose of this paper is twofold: (1) to review human maliciousness-related literature in diverse disciplines (sociology, economics, law, psychology, philosophy, informatics, terrorism, and cybersecurity); and (2) to identify an initial set of proposed assessment metrics and instruments that might be culled from in a future effort to characterize human maliciousness within the cyber realm. The future goal is to integrate these assessment metrics into holistic cybersecurity risk analyses to determine the risk an individual poses to themselves as well as other networks, systems, and/or users.

An evaluation of the potential use of Cryptosporidium species as agents for deliberate release.

PubMed

Hagen, Ralf Matthias; Loderstaedt, U; Frickmann, H

2014-12-01

We evaluated the potential of Cryptosporidium spp. for intentional transmission as a terrorist tactic in asymmetric conflicts in terms of the recognised optimum conditions for biological warfare. Published and widely accepted criteria regarding the optimum conditions for the success of biological warfare based on experience from passive biological warfare research were applied to hypothetical intentional Cryptosporidium spp. transmission. The feasibility of the use of Cryptosporidium spp. transmission for terrorist purposes was established. Particularly on tropical deployments with poor hygiene conditions, such attacks might have a good chance of remaining undetected as a deliberate terrorist attack. Intentional transmission should be suspected in cases of sudden outbreaks of cryptosporidiosis, particularly where adequate food and drinking water hygiene precautions are being enforced. Appropriate diagnostic procedures should be available so that the diagnosis is not missed. Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions.

Terrorism in Turkey.

PubMed

Rodoplu, Ulkumen; Arnold, Jeffrey; Ersoy, Gurkan

2003-01-01

Over the past two decades, terrorism has exacted an enormous toll on the Republic of Turkey, a secular democracy with a 99.8% Muslim population. From 1984 to 2000, an estimated 30,000 to 35,000 Turkish citizens were killed by a nearly continuous stream of terrorism-related events. During this period, the Partiya Karekerren Kurdistan (PKK), a Kurdish separatist group (re-named KADEK in 2002), was responsible for the vast majority of terrorism-related events (and casualties), which disproportionately affected the eastern and southeastern regions of Turkey, in which the PKK has focused its activities. Most terrorist attacks over the past two decades have been bombings or shootings that produced < 10 casualties per event. From 1984 to 2003, 15 terrorist attacks produced > or = 30 casualties (eight shootings, five bombings, and two arsons). The maximum number of casualties produced by any of these events was 93 in the Hotel Madimak arson attack by the Turkish Islamic Movement in 1993. This pattern suggests that terrorist attacks in Turkey rarely required more than local systems of emergency medical response, except in rural areas where Emergency Medical Services (EMS) are routinely provided by regional military resources. The last decade has seen the development of several key systems of local emergency response in Turkey, including the establishment of the medical specialty of Emergency Medicine, the establishment of training programs for EMS providers, the spread of a generic, Turkish hospital emergency plan based on the Hospital Emergency Incident Command System, and the spread of advanced training in trauma care modeled after Advanced Trauma Life Support.

Male fetal loss in the U.S. following the terrorist attacks of September 11, 2001.

PubMed

Bruckner, Tim A; Catalano, Ralph; Ahern, Jennifer

2010-05-25

The secondary sex ratio (i.e., the odds of a male birth) reportedly declines following natural disasters, pollution events, and economic collapse. It remains unclear whether this decline results from an excess of male fetal loss or reduced male conceptions. The literature also does not converge as to whether the terrorist attacks of September 11, 2001 induced "communal bereavement", or the widespread feeling of distress among persons who never met those directly involved in the attacks. We test the communal bereavement hypothesis among gravid women by examining whether male fetal deaths rose above expected levels in the US following September 11, 2001. We apply interrupted time-series methods to all fetal deaths at or greater than the 20th week of gestation in the US from 1996 to 2002. Time-series methods control for trends, seasonality, and other forms of autocorrelation that could induce spurious associations. Results support the hypothesis in that the fetal death sex ratio (i.e., the odds of a male fetal death) increased above its expected value in September 2001. Additional analysis of the secondary sex ratio indirectly supports that the terrorist attacks may have threatened the gestation of male more than female fetuses. Societal responses to events such as September 11, 2001 do not appear confined only to persons who have ever met the deceased. The fetal death sex ratio in the US population may serve as a sentinel indicator of the degree to which pregnant women react to population stressors.

Memory for the September 11, 2001, terrorist attacks one year later in patients with Alzheimer's disease, patients with mild cognitive impairment, and healthy older adults.

PubMed

Budson, Andrew E; Simons, Jon S; Waring, Jill D; Sullivan, Alison L; Hussoin, Trisha; Schacter, Daniel L

2007-10-01

Although there are many opportunities to study memory in patients with Alzheimer's disease (AD) in the laboratory, there are few opportunities to study memory for real world events in these patients. The September 11, 2001 terrorist attacks provided one such opportunity. Patients with AD, patients with mild cognitive impairment (MCI), and healthy older adults were given a telephone questionnaire in the initial weeks after the event, again three to four months later, and finally one year afterwards to evaluate their memory for the September 11, 2001 terrorist attacks. We were particularly interested in using the attacks as an opportunity to examine the decline of episodic memory in patients with AD, patients with MCI, and older adult controls over a period of months. We found that compared to healthy older adults, patients with AD and MCI showed impaired memory at the initial time point, more rapid forgetting from the initial to the three-month time point, and very similar changes in memory from the three-month to the one-year time point. We speculated that these findings were consistent with patients with AD and MCI showing initial impaired encoding and a more rapid rate of forgetting compared with healthy older adults, but that once the memories had been consolidated, their decay rate became similar to that of healthy older adults. Lastly, although memory distortions were common among all groups, they were greatest in the patients with AD.

Cyber-Physical System Security of Smart Grids

DOE Office of Scientific and Technical Information (OSTI.GOV)

Dagle, Jeffery E.

2012-01-31

Abstract—This panel presentation will provide perspectives of cyber-physical system security of smart grids. As smart grid technologies are deployed, the interconnected nature of these systems is becoming more prevalent and more complex, and the cyber component of this cyber-physical system is increasing in importance. Studying system behavior in the face of failures (e.g., cyber attacks) allows a characterization of the systems’ response to failure scenarios, loss of communications, and other changes in system environment (such as the need for emergent updates and rapid reconfiguration). The impact of such failures on the availability of the system can be assessed and mitigationmore » strategies considered. Scenarios associated with confidentiality, integrity, and availability are considered. The cyber security implications associated with the American Recovery and Reinvestment Act of 2009 in the United States are discussed.« less

Detection of complex cyber attacks

NASA Astrophysics Data System (ADS)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

Department of Justice Role in Countering WMD

DOE Office of Scientific and Technical Information (OSTI.GOV)

Prosnitz, D

2004-01-12

Stopping terrorist is most likely to be accomplished by state, local and federal law enforcement. With the creation of the Department of Homeland Security, the specific roles and responsibilities of the Department of Justice (DOJ) in preventing and responding to weapons of mass destruction (WMD) terrorist attacks are under reversion, but unquestionably the DOJ, as the chief federal law enforcement agency, will continue to have major responsibilities.

Secure Fusion Estimation for Bandwidth Constrained Cyber-Physical Systems Under Replay Attacks.

PubMed

Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li; Bo Chen; Ho, Daniel W C; Guoqiang Hu; Li Yu; Chen, Bo; Ho, Daniel W C; Hu, Guoqiang; Yu, Li

2018-06-01

State estimation plays an essential role in the monitoring and supervision of cyber-physical systems (CPSs), and its importance has made the security and estimation performance a major concern. In this case, multisensor information fusion estimation (MIFE) provides an attractive alternative to study secure estimation problems because MIFE can potentially improve estimation accuracy and enhance reliability and robustness against attacks. From the perspective of the defender, the secure distributed Kalman fusion estimation problem is investigated in this paper for a class of CPSs under replay attacks, where each local estimate obtained by the sink node is transmitted to a remote fusion center through bandwidth constrained communication channels. A new mathematical model with compensation strategy is proposed to characterize the replay attacks and bandwidth constrains, and then a recursive distributed Kalman fusion estimator (DKFE) is designed in the linear minimum variance sense. According to different communication frameworks, two classes of data compression and compensation algorithms are developed such that the DKFEs can achieve the desired performance. Several attack-dependent and bandwidth-dependent conditions are derived such that the DKFEs are secure under replay attacks. An illustrative example is given to demonstrate the effectiveness of the proposed methods.

Cyber Vigilance: The Human Factor

DTIC Science & Technology

2016-10-21

88ABW-2014-5661; American Intelligence Journal 14. Cyber-defenders face lengthy, repetitive work assignments with few critical signals and little...research is inadvisable. To understand this unique domain, we asked participants to perform a simulated cybersecurity task, searching for attack...detection. To avoid this, IDS detection algorithms are purposely liberal, broadly flagging any activity that resembles a known American Intelligence

Media participation and mental health in terrorist attack survivors.

PubMed

Thoresen, Siri; Jensen, Tine K; Dyb, Grete

2014-12-01

Terrorism and disasters receive massive media attention, and victims are often approached by reporters. Not much is known about how terror and disaster victims perceive the contact with media and whether such experiences influence mental health. In this study, we describe how positive and negative experiences with media relate to posttraumatic stress (PTS) reactions among survivors of the 2011 Utøya Island terrorist attack in Norway. Face-to-face interviews were conducted with 285 survivors (47.0% female and 53.0% male) 14-15 months after the terrorist attack. Most survivors were approached by reporters (94%), and participated in media interviews (88%). The majority of survivors evaluated their media contact and participation as positive, and media participation was unrelated to PTS reactions. Survivors who found media participation distressing had more PTS reactions (quite distressing: B = 0.440, extremely distressing: B = 0.611, p = .004 in adjusted model). Perceiving media participation as distressing was slightly associated with lower levels of social support (r = -.16, p = .013), and regretting media participation was slightly associated with feeling let down (r = .18, p = .004). Reporters should take care when interviewing victims, and clinicians should be aware of media exposure as a potential additional strain on victims. Copyright © 2014 International Society for Traumatic Stress Studies.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Silva, Consuelo Juanita

Recent amendments to the Safe Drinking Water Act emphasize efforts toward safeguarding our nation's water supplies against attack and contamination. Specifically, the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 established requirements for each community water system serving more than 3300 people to conduct an assessment of the vulnerability of its system to a terrorist attack or other intentional acts. Integral to evaluating system vulnerability is the threat assessment, which is the process by which the credibility of a threat is quantified. Unfortunately, full probabilistic assessment is generally not feasible, as there is insufficient experience and/or datamore » to quantify the associated probabilities. For this reason, an alternative approach is proposed based on Markov Latent Effects (MLE) modeling, which provides a framework for quantifying imprecise subjective metrics through possibilistic or fuzzy mathematics. Here, an MLE model for water systems is developed and demonstrated to determine threat assessments for different scenarios identified by the assailant, asset, and means. Scenario assailants include terrorists, insiders, and vandals. Assets include a water treatment plant, water storage tank, node, pipeline, well, and a pump station. Means used in attacks include contamination (onsite chemicals, biological and chemical), explosives and vandalism. Results demonstrated highest threats are vandalism events and least likely events are those performed by a terrorist.« less

Netwar

NASA Astrophysics Data System (ADS)

Keen, Arthur A.

2006-04-01

This paper describes technology being developed at 21st Century Technologies to automate Computer Network Operations (CNO). CNO refers to DoD activities related to Attacking and Defending Computer Networks (CNA & CND). Next generation cyber threats are emerging in the form of powerful Internet services and tools that automate intelligence gathering, planning, testing, and surveillance. We will focus on "Search-Engine Hacks", queries that can retrieve lists of router/switch/server passwords, control panels, accessible cameras, software keys, VPN connection files, and vulnerable web applications. Examples include "Titan Rain" attacks against DoD facilities and the Santy worm, which identifies vulnerable sites by searching Google for URLs containing application-specific strings. This trend will result in increasingly sophisticated and automated intelligence-driven cyber attacks coordinated across multiple domains that are difficult to defeat or even understand with current technology. One traditional method of CNO relies on surveillance detection as an attack predictor. Unfortunately, surveillance detection is difficult because attackers can perform search engine-driven surveillance such as with Google Hacks, and avoid touching the target site. Therefore, attack observables represent only about 5% of the attacker's total attack time, and are inadequate to provide warning. In order to predict attacks and defend against them, CNO must also employ more sophisticated techniques and work to understand the attacker's Motives, Means and Opportunities (MMO). CNO must use automated reconnaissance tools, such as Google, to identify information vulnerabilities, and then utilize Internet tools to observe the intelligence gathering, planning, testing, and collaboration activities that represent 95% of the attacker's effort.

A data-stream classification system for investigating terrorist threats

NASA Astrophysics Data System (ADS)

Schulz, Alexia; Dettman, Joshua; Gottschalk, Jeffrey; Kotson, Michael; Vuksani, Era; Yu, Tamara

2016-05-01

The role of cyber forensics in criminal investigations has greatly increased in recent years due to the wealth of data that is collected and available to investigators. Physical forensics has also experienced a data volume and fidelity revolution due to advances in methods for DNA and trace evidence analysis. Key to extracting insight is the ability to correlate across multi-modal data, which depends critically on identifying a touch-point connecting the separate data streams. Separate data sources may be connected because they refer to the same individual, entity or event. In this paper we present a data source classification system tailored to facilitate the investigation of potential terrorist activity. This taxonomy is structured to illuminate the defining characteristics of a particular terrorist effort and designed to guide reporting to decision makers that is complete, concise, and evidence-based. The classification system has been validated and empirically utilized in the forensic analysis of a simulated terrorist activity. Next-generation analysts can use this schema to label and correlate across existing data streams, assess which critical information may be missing from the data, and identify options for collecting additional data streams to fill information gaps.

Go Ahead of Malware’s Infections and Controls: Towards New Techniques for Proactive Cyber Defense

DTIC Science & Technology

2016-12-08

in SDN (such as topology poisoning attacks and data-to-control plan saturation attacks) and developed new defense for SDN (such as TopoGuard and... Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures As part of our research on discovering new vulnerabilities...future network- ing paradigm. We demonstrate that this new attacks can effectively poison the network topology information, then further successfully

Sandia National Laboratories: Malware Technical Exchange Meeting (MTEM)

Science.gov Websites

Cyber & Infrastructure Security Global Security Remote Sensing & Verification Research Research Against Malware Detection of Malware Malware Research Malware in Mobile Devices Malware Attack Trends Malware Malware Research Malware in Mobile Devices Malware Attack Trends Success Stories of COTS Products

Minimum State Awareness for Resilient Control Systems Under Cyber-Attack

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kisner, Roger; Fugate, David L; McIntyre, Timothy J

2012-01-01

State awareness for a control system is the accurate knowledge of the internal states of the system realization. To maintain stable operation, a controller requires a certain degree of state awareness. By definition, a cyber-attacker decreases the state awareness by modifying or removing the information available to the operator and control system. By doing so, the attacker can directly cause damage to the physical system through the control system, or indirectly by causing the operator to react in a damaging manner to the false information. In a number of recent papers, detection and mitigation strategies have been proposed that assumemore » state awareness. The goal of the attacker to reduce or remove state awareness makes this assumption invalid for most situations. One of the central problems of resilient control is developing methods to retain sufficient state awareness to continue operation during a cyberattack. In this paper, we will define state awareness, discuss the consequences of loss of state awareness, and some potential research directions for maintaining state awareness.« less

Effective traffic features selection algorithm for cyber-attacks samples

NASA Astrophysics Data System (ADS)

Li, Yihong; Liu, Fangzheng; Du, Zhenyu

2018-05-01

By studying the defense scheme of Network attacks, this paper propose an effective traffic features selection algorithm based on k-means++ clustering to deal with the problem of high dimensionality of traffic features which extracted from cyber-attacks samples. Firstly, this algorithm divide the original feature set into attack traffic feature set and background traffic feature set by the clustering. Then, we calculates the variation of clustering performance after removing a certain feature. Finally, evaluating the degree of distinctiveness of the feature vector according to the result. Among them, the effective feature vector is whose degree of distinctiveness exceeds the set threshold. The purpose of this paper is to select out the effective features from the extracted original feature set. In this way, it can reduce the dimensionality of the features so as to reduce the space-time overhead of subsequent detection. The experimental results show that the proposed algorithm is feasible and it has some advantages over other selection algorithms.

Is the Department of State Accountability Review Board Process adequate

DTIC Science & Technology

2017-05-25

of calculated terror campaigns, psychological conflict waged by nation or sub- group against nation, with an ever- broadening range of targets...the attack.11 However, the most politically significant attack occurred on November 4, when a large group of students and militants again stormed...the terrorist group Islamic Jihad carried out an attack against the US Embassy in Beirut, Lebanon. The bomb partially destroyed the U.S. Embassy and

NASA Involvement in National Priority Support for Disasters

NASA Technical Reports Server (NTRS)

McGregor, Lloyd

2002-01-01

This viewgraph presentation provides an overview of the role NASA remote sensing played in planning recovery operations in the aftermath of the September 11, 2001 terrorist attacks on the World Trade Center and the Pentagon. The presentation includes AVIRIS and satellite imagery of the attack sites, and photographs taken on the ground after the attacks. One page of the presentation addresses NASA's role in disaster management of the 2002 Winter Olympics.

Assessing the Effectiveness of Deradicalization Programs for Islamist Extremists

DTIC Science & Technology

2009-12-01

attacks had a significant impact on Indonesia’s economy and greatly damaged the tourism industry . Indonesia has been slow to recognize the problem...Yemen has experienced a significant number of terrorist attacks on its soil targeting both western interests and Yemen’s economic and tourism ...conducting attacks within Indonesia against Westerners. In 2002, JI members executed bombings in the popular tourist areas in Bali killing 202 people. JI

Relationship of self-reported asthma severity and urgent health care utilization to psychological sequelae of the September 11, 2001 terrorist attacks on the World Trade Center among New York City area residents.

PubMed

Fagan, Joanne; Galea, Sandro; Ahern, Jennifer; Bonner, Sebastian; Vlahov, David

2003-01-01

Posttraumatic psychological stress may be associated with increases in somatic illness, including asthma, but the impact of the psychological sequelae of the September 11, 2001 terrorist attacks on physical illness has not been well documented. The authors assessed the relationship between the psychological sequelae of the attacks and asthma symptom severity and the utilization of urgent health care services for asthma since September 11. The authors performed a random digit dial telephone survey of adults in the New York City (NYC) metropolitan area 6 to 9 months after September 11, 2001. Two thousand seven hundred fifty-five demographically representative adults including 364 asthmatics were recruited. The authors assessed self-reported asthma symptom severity, emergency room (ER) visits, and unscheduled physician office visits for asthma since September 11. After adjustment for asthma measures before September 11, demographics, and event exposure in multivariate models posttraumatic stress disorder (PTSD) were a significant predictor of self-reported moderate-to-severe asthma symptoms (OR = 3.4; CI = 1.2-9.4), seeking care for asthma at an ER since September 11 (OR = 6.6; CI = 1.6-28.0), and unscheduled physician visits for asthma since September 11 (OR = 3.6; CI = 1.1-11.5). The number of PTSD symptoms was also significantly related to moderate-to-severe asthma symptoms and unscheduled physician visits since September 11. Neither a panic attack on September 11 nor depression since September 11 was an independent predictor of asthma severity or utilization in multivariate models after September 11. PTSD related to the September 11 terrorist attacks contributed to symptom severity and the utilization of urgent health care services among asthmatics in the NYC metropolitan area.

Intelligence Constraints on Terrorist Network Plots

NASA Astrophysics Data System (ADS)

Woo, Gordon

Since 9/11, the western intelligence and law enforcement services have managed to interdict the great majority of planned attacks against their home countries. Network analysis shows that there are important intelligence constraints on the number and complexity of terrorist plots. If two many terrorists are involved in plots at a given time, a tipping point is reached whereby it becomes progressively easier for the dots to be joined and for the conspirators to be arrested, and for the aggregate evidence to secure convictions. Implications of this analysis are presented for the campaign to win hearts and minds.

A Mathematical Framework for the Analysis of Cyber-Resilient Control Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Melin, Alexander M; Ferragut, Erik M; Laska, Jason A

2013-01-01

The increasingly recognized vulnerability of industrial control systems to cyber-attacks has inspired a considerable amount of research into techniques for cyber-resilient control systems. The majority of this effort involves the application of well known information security (IT) techniques to control system networks. While these efforts are important to protect the control systems that operate critical infrastructure, they are never perfectly effective. Little research has focused on the design of closed-loop dynamics that are resilient to cyber-attack. The majority of control system protection measures are concerned with how to prevent unauthorized access and protect data integrity. We believe that the abilitymore » to analyze how an attacker can effect the closed loop dynamics of a control system configuration once they have access is just as important to the overall security of a control system. To begin to analyze this problem, consistent mathematical definitions of concepts within resilient control need to be established so that a mathematical analysis of the vulnerabilities and resiliencies of a particular control system design methodology and configuration can be made. In this paper, we propose rigorous definitions for state awareness, operational normalcy, and resiliency as they relate to control systems. We will also discuss some mathematical consequences that arise from the proposed definitions. The goal is to begin to develop a mathematical framework and testable conditions for resiliency that can be used to build a sound theoretical foundation for resilient control research.« less

Enhancing the cyber-security of smart grids with applications to synchrophasor data

NASA Astrophysics Data System (ADS)

Pal, Seemita

In the power grids, Supervisory Control and Data Acquisition (SCADA) systems are used as part of the Energy Management System (EMS) for enabling grid monitoring, control and protection. In recent times, with the ongoing installation of thousands of Phasor Measurement Units (PMUs), system operators are becoming increasingly reliant on PMU-generated synchrophasor measurements for executing wide-area monitoring and real-time control. The availability of PMU data facilitates dynamic state estimation of the system, thus improving the efficiency and resiliency of the grid. Since the SCADA and PMU data are used to make critical control decisions including actuation of physical systems, the timely availability and integrity of this networked data is of paramount importance. Absence or wrong control actions can potentially lead to disruption of operations, monetary loss, damage to equipments or surroundings or even blackout. This has posed new challenges to information security especially in this age of ever-increasing cyber-attacks. In this thesis, potential cyber-attacks on smart grids are presented and effective and implementable schemes are proposed for detecting them. The focus is mainly on three kinds of cyber-attacks and their detection: (i) gray-hole attacks on synchrophasor systems, (ii) PMU data manipulation attacks and (iii) data integrity attacks on SCADA systems. In the case of gray-hole attacks, also known as packet-drop attacks, the adversary may arbitrarily drop PMU data packets as they traverse the network, resulting in unavailability of time-sensitive data for the various critical power system applications. The fundamental challenge is to distinguish packets dropped by the adversary from those that occur naturally due to network congestion.The proposed gray-hole attack detection technique is based on exploiting the inherent timing information in the GPS time-stamped PMU data packets and using the temporal trends of the latencies to classify the cause of packet-drops and finally detect attacks, if any. In the case of PMU data manipulation attacks, the attacker may modify the data in the PMU packets in order to bias the system states and influence the control center into taking wrong decisions. The proposed detection technique is based on evaluating the equivalent impedances of the transmission lines and classifying the observed anomalies to determine the presence of attack and its location. The scheme for detecting data integrity attacks on SCADA systems is based on utilizing synchrophasor measurements from available PMUs in the grid. The proposed method uses a difference measure, developed in this thesis, to determine the relative divergence and mis-correlation between the datasets. Based on the estimated difference measure, tampered and genuine data can be distinguished. The proposed detection mechanisms have demonstrated high accuracy in real-time detection of attacks of various magnitudes, simulated on real PMU data obtained from the NY grid. By performing alarm clustering, the occurrence of false alarms has been reduced to almost zero. The solutions are computationally inexpensive, low on cost, do not add any overhead, and do not require any feedback from the network.

Nucleic Acid-Based Detection and Identification of Bacterial and Fungal Plant Pathogens - Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kingsley, Mark T.

2001-03-13

The threat to American interests from terrorists is not limited to attacks against humans. Terrorists might seek to inflict damage to the U.S. economy by attacking our agricultural sector. Infection of commodity crops by bacterial or fungal crop pathogens could adversely impact U.S. agriculture, either directly from damage to crops or indirectly from damage to our ability to export crops suspected of contamination. Recognizing a terrorist attack against U.S. agriculture, to be able to prosecute the terrorists, is among the responsibilities of the members of Hazardous Material Response Unit (HMRU) of the Federal Bureau of Investigation (FBI). Nucleic acid analysismore » of plant pathogen strains by the use of polymerase chain reaction (PCR) amplification techniques is a powerful method for determining the exact identity of pathogens, as well as their possible region of origin. This type of analysis, however, requires that PCR assays be developed specific to each particular pathogen strain, and analysis protocols developed that are specific to the particular instrument used for detection. The objectives of the work described here were threefold: 1) to assess the potential terrorist threat to U.S. agricultural crops, 2) to determine whether suitable assays exist to monitor that threat, and 3) where assays are needed for priority plant pathogen threats, to modify or develop those assays for use by specialists at the HMRU. The assessment of potential threat to U.S. commodity crops and the availability of assays for those threats were described in detail in the Technical Requirements Document (9) and will be summarized in this report. This report addresses development of specific assays identified in the Technical Requirements Document, and offers recommendations for future development to ensure that HMRU specialists will be prepared with the PCR assays they need to protect against the threat of economic terrorism.« less

Nucleic Acid-Based Detection and Identification of Bacterial and Fungal Plant Pathogens - Final Report

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kingsley, Mark T

2001-03-13

The threat to American interests from terrorists is not limited to attacks against humans. Terrorists might seek to inflict damage to the U.S. economy by attacking our agricultural sector. Infection of commodity crops by bacterial or fungal crop pathogens could adversely impact U.S. agriculture, either directly from damage to crops or indirectly from damage to our ability to export crops suspected of contamination. Recognizing a terrorist attack against U.S. agriculture, to be able to prosecute the terrorists, is among the responsibilities of the members of Hazardous Material Response Unit (HMRU) of the Federal Bureau of Investigation (FBI). Nucleic acid analysismore » of plant pathogen strains by the use of polymerase chain reaction (PCR) amplification techniques is a powerful method for determining the exact identity of pathogens, as well as their possible region of origin. This type of analysis, however, requires that PCR assays be developed specific to each particular pathogen strain, an d analysis protocols developed that are specific to the particular instrument used for detection. The objectives of the work described here were threefold: (1) to assess the potential terrorist threat to U.S. agricultural crops, (2) to determine whether suitable assays exist to monitor that threat, and (3) where assays are needed for priority plant pathogen threats, to modify or develop those assays for use by specialists at the HMRU. The assessment of potential threat to U.S. commodity crops and the availability of assays for those threats were described in detail in the Technical Requirements Document (9) and will be summarized in this report. This report addresses development of specific assays identified in the Technical Requirements Document, and offers recommendations for future development to ensure that HMRU specialists will be prepared with the PCR assays they need to protect against the threat of economic terrorism.« less

Chemical or biological terrorist attacks: an analysis of the preparedness of hospitals for managing victims affected by chemical or biological weapons of mass destruction.

PubMed

Bennett, Russell L

2006-03-01

The possibility of a terrorist attack employing the use of chemical or biological weapons of mass destruction (WMD) on American soil is no longer an empty threat, it has become a reality. A WMD is defined as any weapon with the capacity to inflict death and destruction on such a massive scale that its very presence in the hands of hostile forces is a grievous threat. Events of the past few years including the bombing of the World Trade Center in 1993, the Murrah Federal Building in Oklahoma City in 1995 and the use of planes as guided missiles directed into the Pentagon and New York's Twin Towers in 2001 (9/11) and the tragic incidents involving twentythree people who were infected and five who died as a result of contact with anthrax-laced mail in the Fall of 2001, have well established that the United States can be attacked by both domestic and international terrorists without warning or provocation. In light of these actions, hospitals have been working vigorously to ensure that they would be "ready" in the event of another terrorist attack to provide appropriate medical care to victims. However, according to a recent United States General Accounting Office (GAO) nationwide survey, our nation's hospitals still are not prepared to manage mass causalities resulting from chemical or biological WMD. Therefore, there is a clear need for information about current hospital preparedness in order to provide a foundation for systematic planning and broader discussions about relative cost, probable effectiveness, environmental impact and overall societal priorities. Hence, the aim of this research was to examine the current preparedness of hospitals in the State of Mississippi to manage victims of terrorist attacks involving chemical or biological WMD. All acute care hospitals in the State were selected for inclusion in this study. Both quantitative and qualitative methods were utilized for data collection and analysis. Six hypotheses were tested. Using a questionnaire survey, the availability of functional preparedness plans, specific preparedness education/training, decontamination facilities, surge capacity, pharmaceutical supplies, and laboratory diagnostic capabilities of hospitals were examined. The findings revealed that a majority (89.2%) of hospitals in the State of Mississippi have documented preparedness plans, provided specific preparedness education/training (89.2%), have dedicated facilities for decontamination (75.7%), and pharmaceutical plans and supplies (56.8%) for the treatment of victims in the event of a disaster involving chemical or biological WMD. However, over half (59.5%) of the hospitals could not increase surge capacity (supplies, equipment, staff, patient beds, etc.) and lack appropriate laboratory diagnostic services (91.9%) capable of analyzing and identifying WMD. In general, hospitals in the State of Mississippi, like a number of hospitals throughout the United States, are still not adequately prepared to manage victims of terrorist attacks involving chemical or biological WMD which consequently may result in the loss of hundreds or even thousands of lives. Therefore, hospitals continue to require substantial resources at the local, State, and national levels in order to be "truly" prepared.

Chemical or Biological Terrorist Attacks: An Analysis of the Preparedness of Hospitals for Managing Victims Affected by Chemical or Biological Weapons of Mass Destruction

PubMed Central

Bennett, Russell L.

2006-01-01

The possibility of a terrorist attack employing the use of chemical or biological weapons of mass destruction (WMD) on American soil is no longer an empty threat, it has become a reality. A WMD is defined as any weapon with the capacity to inflict death and destruction on such a massive scale that its very presence in the hands of hostile forces is a grievous threat. Events of the past few years including the bombing of the World Trade Center in 1993, the Murrah Federal Building in Oklahoma City in 1995 and the use of planes as guided missiles directed into the Pentagon and New York’s Twin Towers in 2001 (9/11) and the tragic incidents involving twenty-three people who were infected and five who died as a result of contact with anthrax-laced mail in the Fall of 2001, have well established that the United States can be attacked by both domestic and international terrorists without warning or provocation. In light of these actions, hospitals have been working vigorously to ensure that they would be “ready” in the event of another terrorist attack to provide appropriate medical care to victims. However, according to a recent United States General Accounting Office (GAO) nationwide survey, our nation’s hospitals still are not prepared to manage mass causalities resulting from chemical or biological WMD. Therefore, there is a clear need for information about current hospital preparedness in order to provide a foundation for systematic planning and broader discussions about relative cost, probable effectiveness, environmental impact and overall societal priorities. Hence, the aim of this research was to examine the current preparedness of hospitals in the State of Mississippi to manage victims of terrorist attacks involving chemical or biological WMD. All acute care hospitals in the State were selected for inclusion in this study. Both quantitative and qualitative methods were utilized for data collection and analysis. Six hypotheses were tested. Using a questionnaire survey, the availability of functional preparedness plans, specific preparedness education/training, decontamination facilities, surge capacity, pharmaceutical supplies, and laboratory diagnostic capabilities of hospitals were examined. The findings revealed that a majority (89.2%) of hospitals in the State of Mississippi have documented preparedness plans, provided specific preparedness education/training (89.2%), have dedicated facilities for decontamination (75.7%), and pharmaceutical plans and supplies (56.8%) for the treatment of victims in the event of a disaster involving chemical or biological WMD. However, over half (59.5%) of the hospitals could not increase surge capacity (supplies, equipment, staff, patient beds, etc.) and lack appropriate laboratory diagnostic services (91.9%) capable of analyzing and identifying WMD. In general, hospitals in the State of Mississippi, like a number of hospitals throughout the United States, are still not adequately prepared to manage victims of terrorist attacks involving chemical or biological WMD which consequently may result in the loss of hundreds or even thousands of lives. Therefore, hospitals continue to require substantial resources at the local, State, and national levels in order to be “truly” prepared. PMID:16823078

Revising School Attack Protections since 9/11

ERIC Educational Resources Information Center

Black, Susan

2004-01-01

The terrorist attacks of September 11, 2001, prompted federal officials to step up campaigns to make schools safe. After visiting Ground Zero at New York City's World Trade Center, Education Secretary Rodney Paige sent each chief state school officer suggestions for managing school crises. Many states also have school safety plans in place. New…

Hope, Meaning, and Growth Following the September 11, 2001, Terrorist Attacks

ERIC Educational Resources Information Center

Ai, Amy; Cascio, Toni; Santangelo, Linda K.; Evans-Campbell, Teresa

2005-01-01

Positive psychologists found the increase of seven character strengths that encompass the so-called theological virtues, including hope and spirituality, in Americans after the September 11, 2001, attacks. Little is known about how they may affect post-September 11, 2001, mental health. Using multivariate analysis, this study investigated the…

Towards Reliable Evaluation of Anomaly-Based Intrusion Detection Performance

NASA Technical Reports Server (NTRS)

Viswanathan, Arun

2012-01-01

This report describes the results of research into the effects of environment-induced noise on the evaluation process for anomaly detectors in the cyber security domain. This research was conducted during a 10-week summer internship program from the 19th of August, 2012 to the 23rd of August, 2012 at the Jet Propulsion Laboratory in Pasadena, California. The research performed lies within the larger context of the Los Angeles Department of Water and Power (LADWP) Smart Grid cyber security project, a Department of Energy (DoE) funded effort involving the Jet Propulsion Laboratory, California Institute of Technology and the University of Southern California/ Information Sciences Institute. The results of the present effort constitute an important contribution towards building more rigorous evaluation paradigms for anomaly-based intrusion detectors in complex cyber physical systems such as the Smart Grid. Anomaly detection is a key strategy for cyber intrusion detection and operates by identifying deviations from profiles of nominal behavior and are thus conceptually appealing for detecting "novel" attacks. Evaluating the performance of such a detector requires assessing: (a) how well it captures the model of nominal behavior, and (b) how well it detects attacks (deviations from normality). Current evaluation methods produce results that give insufficient insight into the operation of a detector, inevitably resulting in a significantly poor characterization of a detectors performance. In this work, we first describe a preliminary taxonomy of key evaluation constructs that are necessary for establishing rigor in the evaluation regime of an anomaly detector. We then focus on clarifying the impact of the operational environment on the manifestation of attacks in monitored data. We show how dynamic and evolving environments can introduce high variability into the data stream perturbing detector performance. Prior research has focused on understanding the impact of this variability in training data for anomaly detectors, but has ignored variability in the attack signal that will necessarily affect the evaluation results for such detectors. We posit that current evaluation strategies implicitly assume that attacks always manifest in a stable manner; we show that this assumption is wrong. We describe a simple experiment to demonstrate the effects of environmental noise on the manifestation of attacks in data and introduce the notion of attack manifestation stability. Finally, we argue that conclusions about detector performance will be unreliable and incomplete if the stability of attack manifestation is not accounted for in the evaluation strategy.

Deterrence Theory in the Contemporary Operating Environment

DTIC Science & Technology

2015-06-12

violent non-state actors like terrorist organizations will be covered. Drug cartels, cyber criminals , arms dealers, money launderers , and others will...example, a money launderer may be willing to risk minor criminal prosecution for working with a low-level drug dealer due to the benefits associated...go-betweens, financiers, money launderers , etcetera, may have immediate needs that are much more important that the cause of the group. This means

Cyber security: a critical examination of information sharing versus data sensitivity issues for organisations at risk of cyber attack.

PubMed

Mallinder, Jason; Drabwell, Peter

Cyber threats are growing and evolving at an unprecedented rate.Consequently, it is becoming vitally important that organisations share information internally and externally before, during and after incidents they encounter so that lessons can be learned, good practice identified and new cyber resilience capabilities developed. Many organisations are reluctant to share such information for fear of divulging sensitive information or because it may be vague or incomplete. This provides organisations with a complex dilemma: how to share information as openly as possibly about cyber incidents, while protecting their confidentiality and focusing on service recovery from such incidents. This paper explores the dilemma of information sharing versus sensitivity and provides a practical overview of considerations every business continuity plan should address to plan effectively for information sharing in the event of a cyber incident.

Emulytics for Cyber-Enabled Physical Attack Scenarios: Interim LDRD Report of Year One Results.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Clem, John; Urias, Vincent; Atkins, William Dee

Sandia National Laboratories has funded the research and development of a new capability to interactively explore the effects of cyber exploits on the performance of physical protection systems. This informal, interim report of progress summarizes the project’s basis and year one (of two) accomplishments. It includes descriptions of confirmed cyber exploits against a representative testbed protection system and details the development of an emulytics capability to support live, virtual, and constructive experiments. This work will support stakeholders to better engineer, operate, and maintain reliable protection systems.

Combating Terrorism: Additional Steps Needed to Enhance Foreign Partners’ Capacity to Prevent Terrorist Travel

DTIC Science & Technology

2011-06-01

identified enhancing the capacity of partner nations as one of two pillars supporting that strategy. The attempted attack on a Detroit-bound airliner on...not have reciprocal relationships to share such information or other travel-related information, such as airline passenger lists, with other...Bureau of European and Eurasian Affairs • Negotiations to share Passenger Name Records data to prescreen airline passengers against terrorist